1

Anti Hacker Poetry in the Mac Anti Hacker Poetry in the Mac OS XOS X

Your karma check for today:Your karma check for today:

There once was a user that whined/There once was a user that whined/

his existing OS was so blind/his existing OS was so blind/

he'd do better to pirate/he'd do better to pirate/

an OS that ran great/an OS that ran great/

but found his hardware declined./but found his hardware declined./

Please don't steal Mac OS!/Please don't steal Mac OS!/

Really, that's way uncool./Really, that's way uncool./

(C) Apple Computer, Inc." (C) Apple Computer, Inc."

2

Multi-layered Network SecurityMulti-layered Network Security

Technology SolutionsDATADATA

Technology Solutions

Organizational Policies

Industry and Legal Standards

3

Automated Attack VectorsAutomated Attack Vectors

2012 Threat Assessment 2012 Threat Assessment ReportReport

Industrial Threats (Stuxnet)Industrial Threats (Stuxnet)

Embedded Hardware AttacksEmbedded Hardware Attacks

Hacktivism rises (Anonymous)Hacktivism rises (Anonymous)

Cyberwar (as in Georgia-Russia conflict)Cyberwar (as in Georgia-Russia conflict)

Spam goes legitSpam goes legit

Mobile threats (DroidKungFu)Mobile threats (DroidKungFu)

Mobile Banking threats (Zeus and SpyEye)Mobile Banking threats (Zeus and SpyEye)

Rogue CertificatesRogue Certificates4

5

Automated Attack VectorsAutomated Attack Vectors VirusesViruses

A computer program file capable of A computer program file capable of attaching to disks or other files attaching to disks or other files

Necessary characteristics of a virus:Necessary characteristics of a virus:It is able to replicateIt is able to replicate

It requires a host program as a carrierIt requires a host program as a carrier

It is activated by external actionIt is activated by external action

6

Automated Attack VectorsAutomated Attack Vectors WormsWorms

A self-replicating computer program, similar A self-replicating computer program, similar to a virusto a virusA virus attaches itself to, and becomes part A virus attaches itself to, and becomes part of, another executable programof, another executable programA worm is self-contained and does not need A worm is self-contained and does not need to be part of another program to propagate to be part of another program to propagate itselfitselfThe Robert Morris WormThe Robert Morris Worm

Written at CornellWritten at CornellReleased at MITReleased at MITFixed at HarvardFixed at Harvard

7

Automated Attack VectorsAutomated Attack Vectors BotsBots

Derived from the word RobotDerived from the word Robot

Program designed to search for Program designed to search for information Internet with little human information Internet with little human interventionintervention

Search engines typically use bots to Search engines typically use bots to gather information for their databasesgather information for their databases

8

Automated Attack VectorsAutomated Attack Vectors BotsBots

Thousands of highly configurable bot Thousands of highly configurable bot packages available on Internetpackages available on Internet

Usually between 10,000-100,000 machinesUsually between 10,000-100,000 machines

Some at 350,000Some at 350,000

Considered the No. 1 emerging online threatConsidered the No. 1 emerging online threat

9

Automated Attack VectorsAutomated Attack Vectors Bots: usesBots: uses

DDoS attacksDDoS attacks

Information theftInformation theftkeyboard logging, network monitoring, etckeyboard logging, network monitoring, etc

Trade Bandwidth between hacker Trade Bandwidth between hacker communitiescommunities

Host illegal dataHost illegal dataPirated software, movies, games, etc.Pirated software, movies, games, etc.

10

Automated Attack VectorsAutomated Attack Vectors Bots: prime targetsBots: prime targets

High bandwidth (“cable bots”)High bandwidth (“cable bots”)

High availability systemsHigh availability systems

Low user sophisticationLow user sophistication

System located in geography providing System located in geography providing low likelihood of law enforcement low likelihood of law enforcement effectivenesseffectiveness

11

Security Teams at MicrosoftSecurity Teams at Microsoft

PSS Security – Microsoft Services and Our Customers

Trustworthy Computing SecurityStrategy for Trustworthy Computing

Microsoft SecurityResponse Center

(MSRC)

Corporate SecurityOperations, Network Security

Security Business & Technology Unit(SBTU)

Microsoft ConsultingNational Practice TWC

Premier Support ServicesSecurity Solutions Architects

Secure Windows Initiative (SWI)

Security Center of Excellence(SCOE)

MSN, MS.com, etc.

12

Vulnerability ReportedVulnerability Reported

Is the reported problem really a Is the reported problem really a vulnerabilityvulnerability??

A security vulnerability is a flaw in a product A security vulnerability is a flaw in a product that makes it infeasible – even when using that makes it infeasible – even when using the product properly – to prevent an the product properly – to prevent an attacker from usurping privileges on the attacker from usurping privileges on the user's system, regulating its operation, user's system, regulating its operation, compromising data on it, or assuming compromising data on it, or assuming ungranted trust.ungranted trust.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp

13

Vulnerability ReportedVulnerability Reported

14

Biometrics 101 (cont)Biometrics 101 (cont)

Required System ComponentsRequired System Components

A biometric authentication device is made A biometric authentication device is made up of three components: up of three components:

A database of biometric data. A database of biometric data.

Input procedures and devices. Input procedures and devices.

Output and graphical interfaces. Output and graphical interfaces.

15

Identification Vs. VerificationIdentification Vs. Verification

In identification, the system then attempts to find In identification, the system then attempts to find out who the sample belongs to, by comparing the out who the sample belongs to, by comparing the sample with a database of samples in the hope of sample with a database of samples in the hope of finding a match (this is known as a finding a match (this is known as a one-to-many one-to-many comparisoncomparison). ). "Who is this?""Who is this?"

Verification is a Verification is a one-to-one comparisonone-to-one comparison in which in which the biometric system attempts to verify an the biometric system attempts to verify an individual's identity. individual's identity. "Is this person who he/she "Is this person who he/she claims to be?"claims to be?"

16

Security Measures for the Security Measures for the Internet Age Internet Age

17

EncryptionEncryption

Encryption Decryption

PlaintextPlaintextCiphertextCiphertext PlaintextPlaintext

•CryptographyCryptography: art and science of keeping messages secure•CryptanalysisCryptanalysis: art and science of breaking ciphertext•CryptologyCryptology: area of mathematics that covers both

18

Encryption continuedEncryption continued

If If M=the plaintext messageM=the plaintext message

C=the encrypted ciphertextC=the encrypted ciphertext

E=encryption algorithmE=encryption algorithm

D=decryption algorithmD=decryption algorithm

ThenThenE(M)=CE(M)=C

D(C)=MD(C)=M

D(E(M))=MD(E(M))=M

19

Algorithms and KeyspacesAlgorithms and Keyspaces

The cryptographic algorithm (cipher) is a The cryptographic algorithm (cipher) is a mathematical function used for encryption and mathematical function used for encryption and decryptiondecryption

Security based on restriction to internals of Security based on restriction to internals of algorithmalgorithm

ButButIf someone leaves groupIf someone leaves group

Someone buys algorithmSomeone buys algorithm

Problems of restricted algos solved with using Problems of restricted algos solved with using keyskeys

20

KeysKeys

Any one of a large number of valuesAny one of a large number of valuesThe total possible set of keys is called the The total possible set of keys is called the keyspacekeyspaceThe encryption and decryption is dependent on The encryption and decryption is dependent on keykeySoSo

EEKK(M)=C(M)=CDDKK(C)=M(C)=MDDKK(E(EKK(M))=M(M))=MWhat does this mean?What does this mean?

DDK2K2(E(EK1K1(M))=M(M))=M

21

Private vs. Public Key Private vs. Public Key EncryptionEncryption

symmetric

asymmetric

22

Symmetric vs. Asymmetric Symmetric vs. Asymmetric algorithmsalgorithms

SymmetricSymmetricTypically use the same key for encryption and Typically use the same key for encryption and decryptiondecryptionSender and receiver must agree to secret key before Sender and receiver must agree to secret key before sending messagesending message

AsymmetricAsymmetricKey for encryption is different from one for decryptionKey for encryption is different from one for decryptionEncryption key can be made publicEncryption key can be made publicDecryption key is privateDecryption key is privateSometimes called public key encryptionSometimes called public key encryption

23

Cryptanalysis Cryptanalysis

Recovering the plaintext without the key (an Recovering the plaintext without the key (an attack)attack)All secrecy resides in the keyAll secrecy resides in the keyTypes of attackTypes of attack

Ciphertext-only attackCiphertext-only attackKnown-plaintext attack Known-plaintext attack Chosen-plaintext attackChosen-plaintext attackAdaptive-chosen-plaintext attackAdaptive-chosen-plaintext attackRubber-hose attackRubber-hose attackPurchase-key attackPurchase-key attack