Personal Security

Security Tips for Home Internet Users

Securing your home computer

• Accessing the Internet from home– Convenient– Abundance of information– Exposes your computer– Can be costly or damaging

Overview• Internet access

• Why Should I be concerned with Security

• What are the most common vulnerabilities

• What security tools are available

• Where can I find more information

Internet• Complex system of attached networks

• Designed to distribute data geographically at high speeds in a short period of time

• Data is distributed in a variety of formats– Examples: PDF, JPEG, MOV, MP3, Text

• Information is stored or viewed locally on your computer

Broadband• High speed access to the home user

• Types– DSL– Cable Modem

DSL• Digital Subscriber Line• Typically ADSL

– Asymmetric Digital Subscriber Line

• Offers dedicated bandwidth• Speed

– 384 kbps downstream– 128 kbps upstream– Up to 1.5 Mbps down 800 kbps up– Varies depending on service level and distance from CO

(Central Office)– Maximum distance varies 14000 – 17500 ft

DSL Configuration

• DSL Modem

• DSL Splitter and Filters

• DSLAM– Digital Subscriber Line

Access Multiplexer

• ISP– Internet Service Provider

Cable Modem

• Shared bandwidth• Speed per channel

– 27 Mbps shared download– 10 Mbps Upload

• Connects to CMTS (Cable Modem Transmission System) at cable company– Provides packet filtering,

and traffic shaping

What about security?• Why should I be concerned?

• What are the vulnerabilities?

• What can I do to protect myself?

• How do I recover from an attack?

Why should I be Concerned

• You lose crucial data

• You spend time and money on recovery

• You feel violated, helpless and foolish

• You risk propagating the attack to your peers and others

• Your peers and others know how foolish you are

Vulnerabilities• Viruses

• Hacks

• Data Capturing

• Lack of contingency planning

Virus• 60,000 Variations in circulation

• Types of Viruses

• Antivirus Software

• Best Practices

Types of Viruses• Viruses are Segments of code or complete

programs that can damage your system or degrade system performance.– Trojan Horse– Worm– Hoax

Trojan Horses• A program disguised as having a desired purpose

while subversively performing an unwanted action on your system.

• Often open backdoor access to your system• Notorious Trojan Horses

– Simpson's– Backdoor– Sub7– BackOrafice– NetBus

Worm• Self Propagating independent program that

adversely affects your computer performance or damages your computer

• Hall of fame– Melissa– Nimda– LoveLetter– Anna Kournikova– CodeRed– SirCam

Hoax• An unsubstantiated virus alert intended to cause

panic• Typically warning of the most damaging or

dangerous virus• Examples

– BudweiserFrogs– A virtual card for you– !0000 – Stop mass mailings– Wobbler– Win a holiday

Best Practice: Virus prevention

• Always verify your antivirus software is running and Update your antivirus software

Best Practice: Virus prevention 2

• When receiving email do not open attachments unless you are expecting them

• Take virus alerts seriously

• Sources of alerts– Institutional Notification– News Media alerts– Word of mouth

Virus recovery• Use antivirus software and tools to clean

system– http://www.mcafee.com– http://www.symantec.com

• Find manual steps for virus removal

• Reinstall your system from scratch

Hacks• Hacking

– What is hacking– How does hacking happen

• Types of attacks

• Prevention methods

Hacking• Gaining unauthorized access to computer

systems for malicious purposes

How Hacking Happens• System information is collected

– Footprinting– Scanning– Probing– Enumeration

• Software vulnerabilities are exploited• System passwords are guessed or not

employed

Types of Attacks• Interference

• Interception

• Impersonation

Interference• Attacks that render objects or services

unusable– Denial of service– Distributed Denial of service– System alteration

Interception• Captures Data through monitoring or

redirection– Monitoring

• Wire taps

• Network Monitoring

– Redirection• Alteration of DNS servers

• Man in the middle

Impersonation• When the attacker assumes the identity of a

trusted source– Spoof attacks

• Using the IP source address of a trusted source computer

– Password attacks• Password enumeration

Prevention Methods• Know your system

• Tools to help protect your system

• Watch for and apply security patches

• Contingency planning

Know your system• Inventory your system

• Baseline system and network performance

• Identify vulnerabilities

Inventory your system• Software Inventory

– Running Software– File and printer sharing– Startup Software– Installed Software– Software Keys– Software Licensing

• Hardware– Installed components– Vendor specific device drivers

Inventory Tools

• Microsoft– System Information 98– Manage Computer System summary– Windows NT Diagnostics

Inventory Tools 2

• Belarc Advisor

System Baseline• Task manager

– Memory Utilization

– Process Utilization

• Performance monitor– Log low use system state

– Log high use system state

Network Baseline• Check Internet

Bandwidth speed– McAfee

Speedometer• http://promos.mcafee

.com/speedometer/test_0150.asp

– Ftp Large Files• Hash

• Download Statistics

Network Baseline 2

• Use traceroute– Check TTL stats

• Use performance monitor to check utilization– Network

Utilization

Identify Vulnerablilities

• Filesharing– Opens access to your files remotely– Should be turned off if not used– Protected with security device and used with complex

passwords

• Web Browsing– Personal information is accessible via cookie files– ActiveX components can launch Visual Basic

Application components included in Microsoft Office– Disable ActiveX components unless necessary

Security Boundries

• Personal Computer

• Local Network Security

• Internet Security

Internet Protocol (IP)• Address your computer on the network and where

your computer can be reached• 32 Bit numeric device address.• Dotted Decimal Notation

– Ex: 192.168.99.32

• Consists of network and host address.• Determined by subnet mask

– 255.255.255.0– Network 192.168.99.0– Host 0.0.0.32

Network Security• Dynamic Addressing

– IP address changes over scheduled time

• Private Addressing– Reserved address range by IANA– 10.0.0.0– 192.168.0.0 – 172.16.0.0

• Encryption

Encryption• Method of repackaging data into cyphertext in order to keep

observers from viewing data and preserve data integrity• SSL – Secure Sockets Layer

– Encrypts Communication between web browsers and web servers over the internet

– Uses Public and private key exchange

• VPN – Virtual Private Networking– Secure Tunnel– Key Encryption

• Symmetric• Asymmetric

– Encryption Algorithms• SHA – Secure Hashing Algorithm• DES – Data Encryption Standard

What your ISP does for you

• Private addressing

• Dynamic addressing

• Email virus scanning

• Abuse@isp.com

Security Tools• Routers

• Proxy Servers

• Firewalls– Application– Circuit Switching

• Scanners

Routers• ACL Filter packets

– Deny or Allow– Destination or Source

• Separate Networks– Gateway– Private Network

Proxy Server• Resides between web sites and web browser

• Takes Request from client

• Issues request to web server

• Caches web content locally– Improves network performance

Firewalls• Separates untrusted external network with

trusted internal network.

• Types of Firewalling

• Personal Firewall

• Network Firewall

Types of Firewalling• ACL – Access Control Lists

– Filters Packets

• Application Firewalling– Verifies command legitimacy– Can be performance intensive

• Proxying• Circuit Switching

– Allows data sessions by request

Personal Firewall• Installed on local Computer• Rules Based• Alerts to system intrusion• Accounting Logs events for network forensics• Risky can affect stability of your computer

– Personal firewalls replace operating system kernel components and can conflict with other applications

• Vendors– Sygate Personal Firewall – http://www.sygate.com– Black Ice Defender – http://www.networkice.com– McAfee Personal Firewall – http://www.mcafee.com– Norton Personal Firewall – http://www.symantec.com– Zone Alarm – http://www.zonelabs.com

Network Firewalls• DSL Cable Routers

– Filter Packets– Separates Network

• Uses Private Addressing

• Vendors• Linksys DSL/Cable Router

– http://www.linksys.com

• Dlink Home Gateway Internet Sharing and Firewall– http://www.dlink.com

• Proxim – Netline Gateway– http://www.proxim.com

• SMC Barricade– http://www.smc.com

Port Scanners• Scans IP Port numbers for

available services

• Gibson Research Center– http://www.grc.com

Contingency• Backup your data

• Often

• Use Rotation schedule

• Store software, license and key information in a safe convenient place.

• Software includes device drivers, application software, and operating system

Who can I turn to?• Abuse@yourisp.com• System Administration Networking Security

– http://www.sans.org

• Carnegie Mellon - Computer Emergency Response Center– http://www.cert.org

• FBI – Internet Fraud Complaint Center– http://www.fbi.gov/interagency/ifcc/

filingcomplaint.htm

Links• Broadband

– http://www.cable-modem.net/gc/questions.html– http://www.dslreports.com/

• Antivirus– http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/defau

lt.asp– http://www.symantec.com/avcenter/index.html

• System Inventory– http://www.belarc.comPersonal Firewalls– http://www.zonelabs.com– http://www.symantec.com– http://www.mcafee.com– http://www.networkice.com– http://www.sygate.com

Links 2• Network Firewalls/Routers

– http://www.linksys.com– http://www.dlink.com– http://www.proxim.com– http://www.smc.com

• System and Port Scanners– http://www.grc.com– http://security1.norton.com/us/home.asp– http://www.mcafee.com/support/system_req/browser_test.asp– http://www.microsoft.com/technet/mpsa/start.asp

• Agencies– http://www.ciac.org/ciac/– http://www.sans.org– http://www.fbi.gov/interagency/ifcc/filingcomplaint.htm– Report abuse to any ISP. Ex abuse@yourisp.com

• This Presentation– http://homepage.smc.edu/rojas_dan