CSC 482/582: Computer Security

Slides:



Advertisements
Similar presentations
7 Effective Habits when using the Internet Philip O’Kane 1.
Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
IT security By Tilly Gerlack.
Viruses & Destructive Programs
Software Security Testing Vinay Srinivasan cell:
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Topic 5: Basic Security.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Changes in Computer Security Will You Be Better Off?
CIT 380: Securing Computer SystemsSlide #1 CIT 380 Securing Computer Systems Threats.
Cybersecurity Test Review Introduction to Digital Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Insecure PCs virus malware phishing spam spyware botnets DNS spoofing identity theft Trojan horse buffer overflow DoS attack worm keyloggers cross-site.
Network security Vlasov Illia
Mark Ryan Professor of Computer Security 25 November 2009
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Chapter 7: Identifying Advanced Attacks
Network Security Basics: Malware and Attacks
3.6 Fundamentals of cyber security
CYBER SECURITY...
IT Security  .
Instructor Materials Chapter 7 Network Security
Secure Software Confidentiality Integrity Data Security Authentication
Wireless Network Security
Network security threats
Security Fundamentals
Jon Peppler, Menlo Security Channels
Teaching Computing to GCSE
Security in Networking
Risk of the Internet At Home
– Communication Technology in a Changing World
Week 7 Securing Information Systems
ISNE101 Dr. Ken Cosh Week 13.
Malware CJ
HOW DO I KEEP MY COMPUTER SAFE?
King Saud University- College OF Applied Studies
Faculty of Science IT Department By Raz Dara MA.
CSC 482/582: Computer Security
CSC 482/582: Computer Security
How to keep the bad guys out and your data safe
King Saud University- College OF Applied Studies
Cyber security and Computer Misuse
Computer Security By: Muhammed Anwar.
Chapter # 3 COMPUTER AND INTERNET CRIME
Test 3 review FTP & Cybersecurity
Wireless Spoofing Attacks on Mobile Devices
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
6. Application Software Security
Presentation transcript:

CSC 482/582: Computer Security Threats, Attacks, and Vulnerabilities CSC 482/582: Computer Security

Topics Threats Cybercrimes Attacks, Attack Surface, and Exploits Malware Vulnerabilities Mitigations and Patches CSC 482/582: Computer Security

Definitions Threats are people who are able to take advantage of security vulnerabilities to attack systems. Vandals, hacktivists, criminals, spies, disgruntled employees, etc. Vulnerabilities are weaknesses in a system that allow a threat to obtain access to information assets in violation of a system’s security policy. Attacks are actions taken by threats to obtain assets from systems in violation of the security policy. (2719662) Vulnerabilities in Gadgets Could Allow Remote Code Execution CSC 482/582: Computer Security

Who are the Threats? Hacktivists Vandals Criminals Spies CSC 482/582: Computer Security

Hacktivists Hacktivists attack systems for political goals. Deface websites to spread their message (defacement of avg.com shown) Take down sites in retribution for actions. http://news.softpedia.com/newsImage/AVG-Website-Apparently-Hacked-by-Palestinian-Group-389307-2.png/ CSC 482/582: Computer Security

Vandals https://isc.sans.edu/forums/diary/google+com+my+DNS+hijack/16775

Cybercriminals Focus on monetizing information via: Identity theft (phishing) Credit card or bank account fraud (phishing) Extortion (via ransomware or DDoS) Clickjacking Fraud (auction fraud, 419 scams, etc.) Specialists who sell services to other criminals Distribute malware Rent botnet computing services CSC 482/582: Computer Security

Cyberspies Threats that work for a nation state or corp: Obtain classified information Install backdoors for later access Distract enemies from other operations Destroy physical devices (Stuxnet) Terms: Cyberespionage and cyberwarfare CSC 482/582: Computer Security

Insider Problem Insiders are threats who are members of the organization that they are attacking. Insiders are dangerous because they Are inside the security perimeter, so cannot be blocks by perimeter defenses like firewalls and locked doors. Have some level of legitimate access to systems. May have physical access to systems and information. CSC 482/582: Computer Security

Cybercrimes A cybercrime is a crime that uses a computer to commit a crime or that targets a computer in the commission of the crime. Examples of cybercrime include: Spam Phishing Fraud Harassment (cyberstalking, cyberbullying) CSC 482/582: Computer Security

Spam Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. Types: E-mail, IM, wiki, comment spam. Used to deliver other attacks Malware Phishing and other fraud enticements

Over 90% of e-mail is spam! CSC 482/582: Computer Security

Phishing E-mail Clues: Actual link goes to suspicious URL, but you don’t see that in e-mail.

Phishing Site Clues: suspicious URL, no lock icon.

Cybercrime Organization Sponsors Governments, corporations, activist groups, organized crime, individuals. Cybercrime Boss Works for sponsor or may be sponsor himself. Plans crime, recruits tech providers and money mules. Technology Providers Deployment providers Malware authors Botnet masters Money Mules CSC 482/582: Computer Security

Threat Model A threat model describes which threats exist to a system, their capabilities, resources, motivations, and risk tolerance. Also known as an adversary model. Four quadrant model: skill and targeting. Resources and capabilities. Do you keep enough data about historical incidents to know capabilities and motivations? CSC 482/582: Computer Security

Four Quadrant Threat Modeling IBM X-Force 2012 Trend and Risk Report CSC 482/582: Computer Security

Resources Skilled personnel Money Computational power Technology Infrastructure CSC 482/582: Computer Security

Capabilities Computational Informational Access Can try X keys/second or X passwords/second. Informational Has access to {past, current, future} encrypted data. Has access to X GB of data. Access Physical access. User access: none, authenticated, admin. Can read network data. Can inject packets into network. Class IV Class III Class II Class I CSC 482/582: Computer Security

Advanced Persistent Threat Advanced persistent threat (APT) refers to a group that has the ability to maintain a constant presence inside a target’s network. Sophisticated Targeted. Skilled personnel. May be backed with considerable budget. https://en.wikipedia.org/wiki/Advanced_Persistent_Threat CSC 482/582: Computer Security

Threat Information Sources Computer Emergency Response Team (CERT) Krebs On Security SANS Internet Storm Center (ISC) Symantec Internet Threat Reports ThreatPost See resources page on class site for more. CSC 482/582: Computer Security

Attacks An attack is an action taken by a threat to gain unauthorized access to information or resources or to make unauthorized modifications to information or computing systems. Spoofing (pretending to be another entity) Packet sniffing (intercepting network traffic) Man in the middle (active interception of traffic) Injection Attacks (buffer overflows, sql injection, etc.) Denial of Service (resource depletion) Defacement (vandalism) Social Engineering, etc. See https://www.zone-h.org/archive for images of defaced sites. CSC 482/582: Computer Security

How are Digital Attacks Different? Automation Salami Attack from Office Space. Action at a Distance Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. Technique Propagation Criminals share attacks rapidly and globally. CSC 482/582: Computer Security

Spoofing A spoofing attack is when a threat masquerades as another entity on a telecommunications network. Examples of spoofing include: E-mail spoofing ARP spoofing (MAC to IP address map spoofing) IP address spoofing Caller ID spoofing GPS spoofing CSC 482/582: Computer Security

Sniffing Packet sniffing is when a program records wired or wireless network packets destined for other hosts. Wireless traffic is available to everyone nearby. Antennas can extend range to miles. Wired traffic is accessible depending on network location. If network location unsatisfactory, ARP spoofing can redirect traffic to sniffing machine. Sniffing used to Obtain passwords (ftp, imap, etc.) Obtain other confidential information CSC 482/582: Computer Security

Man in the Middle A man-in-the-middle attack is an active eaves-dropping attack, in which the attacker connects to both parties and relays messages between them. CSC 482/582: Computer Security

Injection Attacks Injection attacks send code to a program instead of the data it was expected, then exploit a vulnerability in the software to execute the code. Buffer overflows inject machine code into a process. Cross-site scripting injects JavaScript code into a web page seen by another user. SQL injection injects SQL code into a database query run by an application. CSC 482/582: Computer Security

Denial of Service A denial of service (DoS) attack attempts to make computer or network resources unavailable to its intended users. http://reelwebdesign.com/blog/2013/08/27/denial-of-service-attacks-growing-in-size-and-frequency/

Social Engineering Social engineering is the psychological manipulation of people to reveal confidential information or perform actions to violate security policy. http://magazine.thehackernews.com/article-1.html CSC 482/582: Computer Security

Attack Surface Attack surface: the set of ways an application can be attacked. Used to measure attackability of app. The larger the attack surface of a system, the more likely an attacker is to exploit its vulnerabilities and the more damage is likely to result from attack. Compare to measuring vulnerability by counting number of reported security bugs. Both are useful measures of security, but have very different meanings. CSC 482/582: Computer Security

Exploits An exploit is a technique or tool that takes advantage of a vulnerability to violate an implicit or explicit security policy. Exploits can be categorized by The type of vulnerability they exploit. Local (runs on vulnerable host) or remote. Result of exploit (elevation of privilege, DoS, spoofing, remote access, etc.) CSC 482/582: Computer Security

Exploitation Frameworks CSC 482/582: Computer Security

Malware Malware, short for malicious software, is software designed to gain access to confidential information, disrupt computer operations, and/or gain access to private computer systems. Malware can be classified by how it infects systems: Trojan Horses Viruses Worms Or by what assets it targets: Ransomware Spyware and adware Backdoors Rootkits Botnets https://en.wikipedia.org/wiki/File:Malware_statics_2011-03-16-en.svg CSC 482/582: Computer Security

How much malware is out there? CSC 482/582: Computer Security

Trojan Horses https://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg CSC 482/582: Computer Security

Trojan Horse Examples CSC 482/582: Computer Security

Viruses A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other files. This process is called infecting. https://en.wikipedia.org/wiki/File:Stoned-virus-screenshot.jpg CSC 482/582: Computer Security

Worms A worm is a type of malware that spreads itself to other computers. CSC 482/582: Computer Security

Ransomware Gpcode, Cryzip CSC 482/582: Computer Security

Information Stealers Information stealers target specific types of information, such as passwords, financial credentials, private information, etc. Keyloggers (can be hardware too) Desktop recorders Memory scrapers https://krebsonsecurity.com/2013/10/nordstrom-finds-cash-register-skimmers/ CSC 482/582: Computer Security

Spyware and Adware

Backdoors http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/

Backdoor Example: Dark Comet http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/ CSC 482/582: Computer Security

Rootkits Execution Redirection File Hiding Process Hiding Network Hiding Backdoor User Program Rootkit Operating System CSC 482/582: Computer Security

Covert Channels Covert channels enable communication using techniques not meant for information exchange. Malware could increase CPU usage to 100% to communicate a 1, regular usage is a 0. Malware could fill a storage device to 100% to communicate a 1, non-full device is a 0. Malware could send 2 packets/second to indicate a 1, 1 packet/second to indicate a 0. CSC 482/582: Computer Security

Botnets https://upload.wikimedia.org/wikipedia/commons/thumb/c/c6/Botnet.svg/1000px-Botnet.svg.png

Vulnerabilities Vulnerabilities can be found in any software: PC: Office, Adobe Reader, web browsers Server: Databases, DNS, mail server software, web servers, web applications, etc. Mobile: Mobile phone OS, mobile applications Embedded: printers, routers, switches, VoIP phones, cars, medical devices, TVs, etc. Third party software: Web browser plugins, Ad affiliate network JavaScript include files, Mobile ad libraries CSC 482/582: Computer Security

Document Format Vulnerabilities IBM X-Force 2012 Trend and Risk Report CSC 482/582: Computer Security

Web Browser Vulnerabilities IBM X-Force 2012 Trend and Risk Report CSC 482/582: Computer Security

Embedded Vulnerabilities CSC 482/582: Computer Security

Mitigations A mitigation is a process, technique, tool, or software modification that can prevent or limit exploits against vulnerabilities. A password length policy is a process mitigation to protect against password guessing attacks. A firewall is a tool mitigation that limits exploits by blocking certain types of network traffic. Checking for the lock icon in the location bar of your browser is a technique mitigation for verifying that web connections are encrypted. CSC 482/582: Computer Security

Security Patches A security patch is a software modification designed to prevent or limit a vulnerability. A patch is a type of mitigation. Administrator may have to apply manually. Some vendors specify certain days to patch, such as “Patch Tuesday,” the 2nd Tuesday of the month when MS releases updates. Increasingly software auto updates itself with current patches. CSC 482/582: Computer Security

Vulnerability Timeline http://securityaffairs.co/wordpress/wp-content/uploads/2012/10/TimeLineZeroDay.jpg CSC 482/582: Computer Security

Zero Day A zero day vulnerability, attack, or exploit is a newly discovered one for which no patch currently exists. Once a patch is released, the vulnerability, attack, or exploit is no longer a zero day. Google’s Project Zero focuses on finding zero day vulnerabilities in open source and commercial software before attackers do. CSC 482/582: Computer Security

Vulnerability Markets http://csmres.co.uk/cs.public.upd/article-images/P18_rev.jpg CSC 482/582: Computer Security

Vulnerability Databases CSC 482/582: Computer Security

Time to Attack after Deployment https://isc.sans.edu/survivaltime.html Jan 1 2005 – Jan 1 2014 CSC 482/582: Computer Security https://isc.sans.edu/survivaltime.html

Key Points Definitions Four Quadrant Threat Model threat, threat model, APT, attack, attack surface, exploit, vulnerability, mitigation, patch, zero day, malware Four Quadrant Threat Model Expertise: off-the-shelf tool users up to sophisticated built your own Focus: broad attack anyone to targeted attacks on high value victims Attack types: spam, phish, spoof, sniff, MITM, DoS Malware types: Trojan, virus, worm Vulnerability lifecycle Introduction, zero-day, patch, window of exposure You can improve the security of a system by Mitigating vulnerabilities Reducing attack surface CSC 482/582: Computer Security

References Arbaugh, William A., William L. Fithen, and John McHugh. "Windows of vulnerability: A case study analysis." Computer 33.12 (2000): 52-59. Nate Anderson, Meet the men who spy on women through their webcams: The Remote Administration Tool is the revolver of the Internet's Wild West. Ars Technica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/, 2013. Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. IBM, X-Force 2012 Risk and Trends Report, 2013. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 7th edition, McGraw-Hill, 2012. Norton, Fake Antivirus, http://www.nortonantiviruscenter.com/security-resource-center/fake-antivirus.html Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. CSC 482/582: Computer Security

Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share — to copy and redistribute the material in any medium to Adapt— to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution — You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/ CSC 482/582: Computer Security