Embed Size (px)
Citation preview
COS 125
DAY 9
Agenda
Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1st progress report due March 7
Next week we will begin doing Web pages Next Quiz is Feb 26 (nest Tuesday) over
the rest of HITW test 20 M/C, 4 Short essays, One extra Credit
Today we will discuss Protecting Yourself on the Internet
Protecting yourself on the Internet
One of the most talked about subjects in the last few years
Great demand for Internet Security Specialists
Prompted the need for a new field of study Information Assurance New Program of Study at UMFK
Is the Internet SAFE?
Dangers Hackers
Worms, viruses, Trojans, DOS & DDOS Privacy
Snooping Spy ware
Criminal Phishers Internet fraud Con Men (Dot Con) Pedophiles and perverts
Questions Do these things only happen on the Internet? Is online better or worse than offline?
How Firewalls Work
Firewall check Packets in and out of Networks Decide which packets go through and
which don’t Work in both directions Only one part of Security
Firewalls
Attack Prevention System
Corporate Network
HardenedClient PC
Hardened ServerWith Permissions
Internet
Attacker
AttackMessage
AttackMessage
Firewall
XStops MostAttack Messages
Packet Filter Firewall
PacketFilter
Firewall
IP-H
IP-H
TCP-H
UDP-H Application Message
Application Message
IP-H ICMP Message
Arriving Packets
Permit
Deny
Corporate Network The Internet
Examines Packets in IsolationFast but Misses Some Attacks
How Personal Firewalls work
Software version of a standard Hardware firewall
Controls packets in and out of one PC in much the same way as a Hardware Firewall does
Personal Firewalls
Many available—some free Not all work!
Even if is a good firewall…a bad configuration makes it “leaky”
My recommendation is Free
Sygate Personal Firewall Not Free (around $60)
Norton Internet Security
How Hackers Hack
Many Techniques Social Engineering
Get someone to give you their password Cracking
Guessing passwords A six letter password (no caps)
> 300 million possibilities Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7
million examples of words used in context and cover all aspects of the English vocabulary.
http://www.m-w.com/help/faq/words_in.htm Buffer Overflows
Getting code to run on other PCs Load a Trojan or BackDoor
Snoop and Sniff Steal data
Denial of Service (DOS) Crash or cripple a Computer from another computer
Distributed Denial of Service (DDOS) Crash or cripple a Computer from multiple distributed computers
DOS attacks
Kill the PC with one packet Exploits problem in O/S
Teardrop WinNuke
Kill the PC with lots of packets Smurf Frag Tribal Flood Network
SMURF Attack
Image from www.circlemudd.org
Attacks Requiring Protection
Denial-of-Service (DoS) Attacks Make the system unavailable (crash it or make
it run very slowly) by sending one message or a stream of messages. Loss of availability
Single Message DOS Attack(Crashes the Victim)
Server Attacker
Attacks Requiring Protection
Denial-of-Service (DoS) Attacks Make the system unusable (crash it or make it
run very slowly) by sending one message or a stream of messages. Loss of availability.
Message Stream DOS Attack(Overloads the Victim)
Server Attacker
Distributed Denial-of-Service Attacks
Distributed DOS (DDoS) Attack:Messages Come from Many Sources
Server
DoS Attack Packets
DoS Attack PacketsComputer with
Zombie
Computer withZombie
Attacker
AttackCommand
AttackCommand
Attacks Requiring Protection Malicious Content
Viruses Infect files
propagate by executing infected program Payloads may be destructive
Worms propagate by themselves
Trojan horses appear to be one thing, such as a game, but
actually are malicious Snakes:
combine worm with virus, Trojan horses, and other attacks
Trojan’s and BackDoors
The trick is get the a backdoor (unauthorized entry) on a machine
Easy way Get the user to load it himself Cracked Software (WAREZ) Free Software (KAZAA)
Hard Way Get a password Create a buffer overflow
Microsoft can teach you how Most Common Trojans and backdoors
SubSeven ServU Netbus Back Orifice
If have download cracked software (illegal) or have loaded KAZAA chances are that you have been hacked!
I get at least one of these a day.
SubSeven Control
Snoop and Sniff
Dangers of Wireless Networking
Wi-Fi was designed as an OPEN technology which provides EASE of ACCESS It’s the hacker’s dream environment See wireless_insecurity.pdf Also
http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm
Common hacks Wardriving Evil twin Cloning Snooping
802.11 (in)Security Attackers can lurk outside your
premises In “war driving,” drive around sniffing out
unprotected wireless LANs In “drive by hacking,” eavesdrop on
conversations or mount active attacks.
Site with 802.11 WLAN
OutsideAttacker
DoonesburyJuly 21, 2002
Evil twin hack
Masquerade as a legitimate WiFi access point
Classic man in the middle attack
WiFi (& Cell) Cloning
Since all wireless technologies require broadcasting of some sort all you need to do is listen in Scanner
For any device to “connect” it must Indentify, Validate, verify, provide a code or
some mechanism Ex, MAC’s, EISN’s, SSN, WEP secrets, etc
Since you can “listen” you can also record Record the first part of any connection Replay it You have just “cloned” the original device
How Viruses Work
Getting Rid of Viruses
Get a good Virus Projection Software Free (not Recommended)
Anti-Vir Avast AVG
Not Free Norton AntiVirus MacAfee
Free for UMFK students umfk http://www.umfk.maine.edu/it/antivirus/default.cfm
Update definition files often
How Worms work
Worms are pieces of software that self replicate over networks
“Choke” networks Famous Worms
Morris worm – the first worm Code Red – went after IIS servers Melissa – e-mail worm Slammer - SQL worm Blaster – Windows RPC worm MyDoom – another e-mail worm that creates a
BackDoor on your computer
Privacy Issues
Cookie Problems WebTracking Web BUGs
Clear Gifs technology Passports Spyware
Cookie Invasion
Cookie can be used to monitor your web behavior Tracking cookies Used by Internet Marketing agencies
like Doubleclick Why --- Consumer Profiling
You go to yahoo and search for “stereo”
All of a sudden you see a pop-up ad for Crutchfield.com
Web Tracking
Web tracking is used to for the same reasons –Profiling
Instead on monitoring on the User Side all Monitoring is done on the server side Monitors packets Read web logs
Web Tracking report
Web Logs
Web Bugs
Web Bugs are used to gather information about a users From “bugging” a room
Down by embedding a piece of code monitoring software in a image link Works on WebPages and HTML e-mail Often called Clear gifs
Small 1X1 pixels Transparent Made so that uses don’t see them
Every Time the Web Bugs is loaded it gathers info about the user that activated the web bug and sends it off to a remote server
DoubleClick Clear GIFs
Passports
Internet Passports are a user allowed Authentication and data collection tool Used to prove identity Sued to collect data
Tied to a specific browser on a specific PC not the user If someone uses your PC it can make believe
he is you Can be used on Multiple web sites Not widely used
Spyware
Software that sits on your computer Monitors everything that you do and sends out reports to
Marketing agencies Usually ties to a POP-UP server
Top Spyware I-Look Up CoolWebSearch N-CASE GATOR DoubleClick
If you have ever loaded up ICQ Loaded on your PC you have Spyware
If you have ever had KAZAA loaded on your PC you have Spyware
If you have loaded Quicken or TurboTax you have Spyware C-Dilla
How Phishing Works
Phishing is “fishing for suckers!” Send a e-mail that mimics the real
thing and get the recipient to give their password
Getting Rid of it all!
Keeping Your PC Spyware Free Michael P. Matis © 2004 UMM Information Technology Instructions Software
Crypto, Digital Signature and Digital Certificates
Cryptography provides security by using encryption Ensures privacy
Digital Signatures are just like a real signature DCMA makes them just as legally binding as a
signed paper document Digital Certificates uses Cryptographic
techniques to prove Identity
Digital Signature
SenderReceiver
DS Plaintext
Add Digital Signature to Each MessageProvides Message-by-Message Authentication
Encrypted for Confidentiality
Digital Signature: Sender
DS
Plaintext
MD
Hash
Sign (Encrypt) MD withSender’s Private Key
To Create the Digital Signature:
1. Hash the plaintext to create
a brief message digest; This is
NOT the digital signature
2. Sign (encrypt) the message
digest with the sender’s private
key to create the digital
Signature
Digital Signature
SenderEncrypts Receiver
Decrypts
Send Plaintext plus Digital SignatureEncrypted with Symmetric Session Key
DS Plaintext
Transmission
Digital Signature: Receiver
DSReceived Plaintext
MDMD
1.Hash
2.Decrypt withTrue Party’sPublic Key
3.Are they Equal?
1. Hash the receivedplaintext with the samehashing algorithm the
sender used. This givesthe message digest
2. Decrypt the digitalsignature with the sender’spublic key. This also should
give the message digest.
3. If the two match, the message is authenticated;The sender has the true
Party’s private key
Public Key Deception Impostor
“I am the True Person.”
“Here is TP’s public key.” (Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”
(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Impostor’s public key,
so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now has TP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
Digital Certificates Digital certificates are electronic documents
that give the true party’s name and public key
Applicants claiming to be the true party have their authentication methods tested by this public key
If they are not the true party, they cannot use the true party’s private key and so will not be authenticated
Digital certificates follow the X.509 Standard
Digital Signatures and Digital Certificates
Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature
DS Plaintext
Applicant
Verifier
Certificate Authority
DigitalCertificate:True Party’sPublic Key
Government Invasions of Privacy?
NSA Echelon (no warrants required) Internet Wire Taps FBI has the ability to tap into your Internet Traffic FBI has DragonWare which contains three parts:
Carnivore - A Windows NT/2000-based system that captures the information
Packeteer - No official information released, but presumably an application for reassembling packets into cohesive messages or Web pages
Coolminer - No official information released, but presumably an application for extrapolating and analyzing data found in the messages
FBI’s Carnivore http://www.epic.org/privacy/carnivore/foia_documents.htm
l More on Carnivore
http://computer.howstuffworks.com/carnivore.htm
Echelon
Global Electronic Spy network http://www.hermetic.ch/crypto/echelon/
echelon.htm It exists but little is known on exactly how it works
The basics Collect all electronic conversations Crack all encrypted stuff Search all conversations for “key words”
Find the “speakers”
Carnivore
Work Place Snooping
Workplaces have similar Techniques available to them Often ties to an “acceptable Use policy”
you had to sign when you went to work Generally, if the the e-mail account and
Internet access was made available to you by your employer in order to do you work, they have a legal right to monitor your use of it
Parental Controls
How do you prevent Children from wandering into the “seedy” side of the Internet?
By Creating Laws? The Communication Decency Act was
ruled unconstitutional by the US Supreme Court on “Freedom of Speech issues”
Jurisdiction Problems
Parental Controls Software
Many Companies make Internet filtering Software that doesn’t allow access to “bad” sites How do you tell if a site is “Bad”?
Known bad Sites Bad words in URL or Content
Keeping Kids Safe http://www.kiks.org/
Free Software http://www.we-blocker.com/
