Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Malicious Programs

Similar presentations


Presentation on theme: "Information Security and Malicious Programs"— Presentation transcript:

1 Information Security and Malicious Programs
BSAD 141 Dave Novak BDIS 4.2

2 Topics Covered Information security Virus versus worm
Incidental, intentional or accidental loss of data, data integrity or data confidentiality Intellectual property Virus versus worm How does encryption work? What is a digital signature?

3 Protecting Intellectual Assets
Organizational information is a form of capital - it must be protected Information security – protection of information from accidental loss of access, intentional misuse of or lost confidence in the integrity of data and information systems Downtime – Refers to a period of time when a system is unavailable

4 The Cost of Computer Viruses
16 M - estimated number of U.S. households with a “serious” computer virus in last 2 years 8 M – estimated number of U.S. households with a spyware problem in last 2 years $4.5 B - estimated total cost to households in lost money, time, or computing hardware and software in last 2 years

5 The Cost of Computer Viruses
$55 B - estimated annual cost to businesses in U.S. stemming from computer viruses $8 B - estimated annual cost to businesses to provide protection $525 / per employee per year

6 https://www. webpagefx

7 Threats Caused by Hackers and Viruses
Virus - Software / code written to replicate and may have malicious intent Polymorphic virus Trojan-horse virus Worm Denial-of-service attack (DoS) – floods a computer or site with requests Worm—a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers. Denial-of-service attack (DoS)—floods a website with so many requests for service that it slows down or crashes the site Distributed denial-of-service attack (DDoS)—attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down. Trojan-horse virus—hides inside other software, usually as an attachment or a downloadable file Backdoor programs—viruses that open a way into the network for future attacks Polymorphic viruses and worms—change their form as they propagate

8 How Viruses Spread

9 Primary Difference Between Viruses and Worms?
Worm a type of virus that spreads itself, not only from file to file, but also from computer to computer The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers

10 Tunneling in Networking
Port Forwarding or Tunneling A tunnel is a network communication channel between two networks – works with disparate protocols Tunneling is essential in modern networking All remote Virtual Private Networking (VPN) connections use tunnels

11 Tunneling in Networking
TCP/IP system addresses traffic to another system using combination of: 1) IP address 2) Port number (16-bit) unsigned integer ranging from 0 to 65,535 Combination of IP address and port number is called a socket Sending socket – :4532 Receiving socket – :80

12 TCP – Sockets Don’t specify port number when typing URL because applications “assume” the specific service you are using is using established port numbers that support the service Your Web browser generally addresses all URLs to TCP port 80 – default HTTP port A worm that “port hops” will basically move from one port to the next until it gains access to your computer

13 Threats Caused by Hackers and Viruses
Terms to be familiar with: Elevation of privilege - process by which a user misleads a system into granting unauthorized rights For example, an attacker might log on to a network by using a guest account, and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges

14 Threats Caused by Hackers and Viruses
Terms to be familiar with: Spoofing - forging the return address on an so that the message appears to come from someone other than the actual sender Sniffer - program or device that can monitor data traveling over a network Can show all the data being transmitted over a network, including passwords and sensitive information

15 Threats Caused by Hackers and Viruses
Terms to be familiar with: Packet tampering - altering the contents of packets as they travel over the network

16 Types of Malware Viruses Worms Spyware Adware
Intention is to capture activity or keystrokes unbeknownst to users or systems Adware Nuisance software that redirects web traffic or generates targeted advertisements using system resources without regard for user experience.

17 Anti-Virus and Anti-Spy Ware Software
An easy and effective way to protect yourself (to some degree) is to install anti-virus and anti-spy ware software There is no reason not to do this… Use common sense

18 People: 1st Line of Defense
To function, organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a people issue Insiders Social engineering Dumpster diving

19 Technology: 2nd Line of Defense
There are three primary information technology security areas 1) Authentication and authorization 2) Prevention and resistance 3) Detection and response

20 1) Authentication and Authorization
Authentication –Confirming users’ identities Authorization – The process of giving someone permission to do or have something The most secure type of authentication involves Something the user knows Something the user has Something that is part of the user

21 Something the User Knows:
Username and password is the most common way to identify individual users Also the most ineffective form of authentication Over 50 percent of help-desk calls are password related

22 Something the User Has:
Smart cards and tokens are more effective than a user ID and a password Tokens – Small electronic devices that change user passwords automatically Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

23 Something That is Part of the User:
Biometrics – using physical characteristics such as a fingerprint, iris, face, voice, or handwriting to obtain access Unfortunately, this method can be costly and intrusive If your fingerprint is compromised, how do you change it?

24 Securing Data Communications
Encryption involves the conversion of plain text into code Both sender and receiver would have to translate the code to read the message Encryption Public key encryption (PKE) Certificate authority Digital certificate

25 Securing Data Communications
Encryption – two basic forms Symmetric or Private key encryption Asymmetric or Public key encryption (PKE) Encryption – scrambles information into an alternative form that requires a key or password to decrypt the information Public key encryption (PKE) – an encryption system that uses two keys: a public key for everyone and a private key for the recipient

26 Public Key Encryption An unpredictable (typically large and random) number is used to begin generation of a pair of keys suitable for use by an asymmetric key algorithm Source: Public-key cryptography [online] downloaded on 11/29/2010

27 Public key encryption In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt the message Security depends on the secrecy of that private key Source: Public-key cryptography [online] downloaded on 11/29/2010

28 Transit vs. Client Side Communications
Encryption protects data packets in transit it is virtually impossible to deduce the private key if you know the public key Clients can (and often are) compromised

29 Public key encryption In some related signature schemes, the private key is used to sign a message (using a digital signature); but anyone can check the signature using the public key Validity depends on private key security Source: Public-key cryptography [online] downloaded on 11/29/2010

30 Digital Signature Used to ensure that an electronic document is authentic (i.e. an is actually from the person you think it is from) A verifiable “stamp” of authenticity

31 Digital Signature Requires the ability to obtain a public key from a reputable and known 3rd party You need to be certain that the public key used for decryption actually belongs to the entity you think it belongs to Certificate Authority

32 Digital Signature 1) Hashing – transform message into shorter, fixed length value that represents the original message Highly unlikely that hashing other messages produces the same value 2) Message Digest – the output from hashing a message 3) Encrypting message digest with private key yields a digital signature

33 Digital Signature Plaintext Message Digest Digital Signature
Figure recreated from Kroenke (2008), Experiencing MIS Figure CE23-2, page 587 Hash plaintext, creating a message digest – this is not digital signature 2. Encrypt message digest with sender’s private key  creates digital signature 3. Combine plaintext and digital signature to create signed message and transmit both VERIFY DIGITAL SIGNATURE 5. Hash received plaintext msg with same hashing algorithm sender used  gives message digest 6. Decrypt digital signature with sender’s public key  gives message digest 7. Compare the two message digests Message Digest Digital Signature Digital Signature Plaintext Digital Signature Plaintext Plaintext Digital Signature = ? Message Digest Message Digest

34 Certificate Authority
VeriSign, Inc. provides authentication and verification of businesses worldwide

35 Detection and Response
Intrusion detection software – Network monitoring tools that search for patterns and anomalies in network traffic to identify possible security problems Numerous incorrect login attempts on a computer Unexplained shutdowns and reboots Incoming traffic from an unidentified source Attempted access to specific ports

36 Summary Viruses and worms Tunneling
Details of 1st and 2nd Lines of Defense People Technology Focus on public key encryption and digital signature


Download ppt "Information Security and Malicious Programs"

Similar presentations


Ads by Google