Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 382: Computer Security

Published byJob Morrison Modified over 6 years ago

Similar presentations

Presentation on theme: "CSC 382: Computer Security"— Presentation transcript:

1 CSC 382: Computer Security
Threats CSC 382: Computer Security

2 CSC 382: Computer Security
What are threats? What threats can you think of to your home? To your money (including bank accounts, checks, credit and debit cards)? To your home computer? CSC 382: Computer Security

3 Digital Threats: More of the Same
Theft Vandalism Extortion Con Games Fraud Stalking Voyeurism CSC 382: Computer Security

4 Digital Threats: What’s Different
Automation Salami Attack from Office Space. Action at a Distance Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA. Technique Propagation Criminals share techniques rapidly and globally. CSC 382: Computer Security

5 CSC 382: Computer Security

6 CSC 382: Computer Security
Survival Time From CSC 382: Computer Security

7 CSC 382: Computer Security
2007 Survival Time CSC 382: Computer Security

8 Current Threat Information
SANS Internet Storm Center Bugtraq CERT Packet Storm Risks Digest CSC 382: Computer Security

9 CSC 382: Computer Security
Who are the Attackers? Hackers vs Crackers Levels of attackers Developer Finds new security vulnerabilities Writes tools and exploits User Understands tools; modifies tools/exploits Script Kiddie CSC 382: Computer Security

10 CSC 382: Computer Security
Who are the Attackers? Criminals. 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs. Organized crime. 2000: Mafia-led organization members arrested for attempt to steal $680million from Bank of Sicily. Malicious insiders. 2001: Mike Ventimiglia deletes files of his employer, GTE. $200,000 damage. Industrial espionage. 2001: Verdicts in Cadence Design Systems vs. Avant against 7 employees incl CEO. 5 sentenced to jail. CSC 382: Computer Security

11 CSC 382: Computer Security
Who are the Attackers? Press. 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voic to expose illegal activities. Police. 1997: LAPD illegal wiretapping scandal. Terrorists. 1999: DOS attacks and web defacements against NATO country computers during Kosovo bombings. National Intelligence. 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts. CSC 382: Computer Security

12 CSC 382: Computer Security
What Are Our Defences? Firewalls Virus Scanners Spyware Scanners Patches Backups Prevent Detect Recover Respond CSC 382: Computer Security

13 CSC 382: Computer Security
What Are The Attacks? Phishing Malware Ransomware Spyware Botnets CSC 382: Computer Security

14 CSC 382: Computer Security
Phishing Clues: Actual link goes to suspicious URL, but you don’t see that in . CSC 382: Computer Security

15 CSC 382: Computer Security
Phishing Site Clues: suspicious URL, no lock icon. CSC 382: Computer Security

16 CSC 382: Computer Security
Malware Trojan Horses Viruses Worms CSC 382: Computer Security

17 CSC 382: Computer Security
Ransomware Gpcode, Cryzip CSC 382: Computer Security

18 CSC 382: Computer Security
Spyware and Adware Most Trojan Horses, some infect directly. Browser hijacking Pop-up advertisements Keystroke and network logging Steal confidential data from and files 80% of PCs are infected with spyware (Oct 2004 AOL/NCSA survey.) CSC 382: Computer Security

19 CSC 382: Computer Security
Rootkits Execution Redirection File Hiding Process Hiding Network Hiding User Program Rootkit OS CSC 382: Computer Security

20 CSC 382: Computer Security
Botnets Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include: Attempt to infect other PCs Send spam message Launch DOS attack Upgrade attack and control software Virus writers sell botnets to spammers for $0.10/compromised PC CSC 382: Computer Security

21 CSC 382: Computer Security
Future of Attacks VM Rootkits Mobile Malware Gone in 20 Minutes RFID Viruses Virtual Property Theft CSC 382: Computer Security

22 CSC 382: Computer Security
Key Points Computer crimes same as pre-computer crimes. Differences in digital threats Automation Action at a distance Technique propagation Digital threats Phishing Malware Ransomware Spyware Botnets CSC 382: Computer Security

23 CSC 382: Computer Security
References Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List, April 12, 2006. The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. John Leyden, "The illicit trade in compromised PCs," The Register, Apr Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005. Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005. SANS Internet Storm Center, Schneier, Bruce, Beyond Fear, Copernicus Books, 2003. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp ( CSC 382: Computer Security

24 CSC 382: Computer Security
Extra Slides CSC 382: Computer Security

25 CSC 382: Computer Security
Classes of Threats Disclosure unauthorized access to data Examples copyright infringement unauthorized CC use Deception acceptance of false data Anti-spam filter techniques “Social engineering” CSC 382: Computer Security

26 CSC 382: Computer Security
Classes of Threats Disruption interruption of correct system operation Examples: DDOS attacks Usurpation unauthorized control of system component Example: Nicholas Jacobsen Controlled T-mobile’s systems in 2004 Monitored , downloaded web-cam photos Sold customer records (incl SSN, voic pw, etc) CSC 382: Computer Security

27 CSC 382: Computer Security
Types of Threats Snooping interception of data Examples: Reading , or intercepting cleartext passwords. ECHELON. Modification Changing student grades in War Games. Web site defacing (>1500/month recorded at attrition.org in 2001) Spoofing impersonation Spam s almost always spoof source address. The many Citibank phishing scams. CSC 382: Computer Security

28 CSC 382: Computer Security
Types of Threats Repudiation of Origin Deny ordering goods. Denial of Receipt Deny receipt of payment or goods. Examples eBay Credit card payments. Denial of Service Examples: 2000: “Mafiaboy” DDOS takes down Amazon, eBay, Yahoo. Filling up disk with spam, unauthorized copies of files. CSC 382: Computer Security

29 CSC 382: Computer Security
What are threats? Home: Burglary Fire Vandalism Money (cash/credit): Theft. Counterfeiting. Signature forgery. Identity theft. Computer: Viral/worm infection. Adware/spyware. Denial of service. Data destruction. Physical destruction (overheat, flash “ROM” overwriting) Use of computer for felonious purposes. CSC 382: Computer Security

Download ppt "CSC 382: Computer Security"

Similar presentations

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Chapter 11 Security and Privacy: Computers and the Internet.

Chapter 11 Security and Privacy: Computers and the Internet.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Cyber Crimes.

Cyber Crimes.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Similar presentations

Ads by Google