Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS 125 DAY 9.

Published byNadine Falk Modified over 6 years ago

Similar presentations

Presentation on theme: "COS 125 DAY 9."— Presentation transcript:

1 COS 125 DAY 9

2 Agenda Capstone Projects Proposals (over) Due
Timing of deliverables is 10% of Grade Missing 6 proposals 1st progress report due March 7 Next week we will begin doing Web pages Next Quiz is Feb 26 (nest Tuesday) over the rest of HITW test 20 M/C, 4 Short essays, One extra Credit Today we will discuss Protecting Yourself on the Internet

3 Protecting yourself on the Internet
One of the most talked about subjects in the last few years Great demand for Internet Security Specialists Prompted the need for a new field of study Information Assurance New Program of Study at UMFK

4 Is the Internet SAFE? Dangers Questions Hackers Privacy Criminal
Worms, viruses, Trojans, DOS & DDOS Privacy Snooping Spy ware Criminal Phishers Internet fraud Con Men (Dot Con) Pedophiles and perverts Questions Do these things only happen on the Internet? Is online better or worse than offline?

5 How Firewalls Work Firewall check Packets in and out of Networks
Decide which packets go through and which don’t Work in both directions Only one part of Security

6 Attack Prevention System
Firewalls Attack Prevention System Attack Message Hardened Client PC Firewall Attack Message X Internet Another type of defense is the attack prevention system, which attempts to stop attack messages from reaching their targets, which usually are internal host computers. The chief tool in stopping such penetration attacks to is install a firewall at the border between the secure internal network and the unsecure external network, usually the Internet. Sometimes, there also are internal firewalls between highly sensitive subnets and the rest of a site’s network. These internal firewalls are designed to stop employee attacks. In addition, both client and server hosts can be “hardened” to make them more difficult to attack. Attacker Stops Most Attack Messages Hardened Server With Permissions Corporate Network

7 Packet Filter Firewall
Corporate Network The Internet IP-H TCP-H Application Message Permit IP-H UDP-H Application Message IP-H ICMP Message As just noted, firewalls sit between a trusted network (in this case the corporate network) and an untrusted network, typically the Internet. There are several types of firewall. The simplest type, packet filter firewalls only look at IP headers, TCP headers, UDP headers, and ICMP messages (really, only ICMP headers). They do not look at application messages a all. In addition, they examine each packet in isolation. This is bad because some attack packets may not appear dangerous by themselves but would be revealed as dangerous if the firewall looked at packets in context instead of in isolation. The good news is that packet filter firewalls are very fast. Arriving Packets Packet Filter Firewall Examines Packets in Isolation Fast but Misses Some Attacks Deny

8 How Personal Firewalls work
Software version of a standard Hardware firewall Controls packets in and out of one PC in much the same way as a Hardware Firewall does

9 Personal Firewalls Many available—some free
Not all work! Even if is a good firewall…a bad configuration makes it “leaky” My recommendation is Free Sygate Personal Firewall Not Free (around $60) Norton Internet Security

10 How Hackers Hack Many Techniques Social Engineering Cracking
Get someone to give you their password Cracking Guessing passwords A six letter password (no caps) > 300 million possibilities Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary. Buffer Overflows Getting code to run on other PCs Load a Trojan or BackDoor Snoop and Sniff Steal data Denial of Service (DOS) Crash or cripple a Computer from another computer Distributed Denial of Service (DDOS) Crash or cripple a Computer from multiple distributed computers

11 DOS attacks Kill the PC with one packet
Exploits problem in O/S Teardrop WinNuke Kill the PC with lots of packets Smurf Frag Tribal Flood Network

12 SMURF Attack Image from

13 Attacks Requiring Protection
Denial-of-Service (DoS) Attacks Make the system unavailable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability Single Message DOS Attack (Crashes the Victim) Denial-of-service or DoS attacks render a system unavailable to users by making it crash or making it run so slowly that it provides little or no service. There are some single-message DoS attacks that can cause a victim to crash by sending it a single message. <Typically, this message is malformed, meaning that it is not what the receiver was expecting. The receiver’s software will crash attempting to process the malformed message. For example, the Ping-of-Death attack worked by sending an Echo ICMP message larger than the maximum size of IP packets. Two other single-message DoS attacks that were potent in the past were Teardrop, and LAND.> Server Attacker

14 Attacks Requiring Protection
Denial-of-Service (DoS) Attacks Make the system unusable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability. Message Stream DOS Attack (Overloads the Victim) Most DoS attacks, however, require sending a long stream of attack messages to the target server. These messages overload the victim. <One example is the SYN flooding attack, in which the attacker sends a flood of TCP SYN segments. Each time a server receives a TCP SYN message, it needs to put aside RAM and reserve other resources to deal with the connection being opened. If many SYN messages arrive, the victim host may run out of RAM and other resources. It will slow down or even crash. Even if it continues operating, it will have to stop accepting new openings, which makes it useless to clients.> Server Attacker

15 Distributed Denial-of-Service Attacks
Distributed DOS (DDoS) Attack: Messages Come from Many Sources Attack Command DoS Attack Packets Computer with Zombie Attacker The newest trend in DoS attacks is the distributed denial of service or DDoS attack, in which the attacker installs attack programs called zombies on many other computers. One there is a large enough zombie army, the attacker tells the zombies to attack. All zombies begin sending DoS attack packets. <DDoS attacks are hard to stop because they come from many sources. They are also difficult to trace back to the attacker, who is on another machine. Often, the attacker uses another tier of computers between itself and the zombies. These intermediate computers run handler programs. This makes it even more difficult to trace the attacker.> <In 2000, major Internet sites such as eBay.com and Amazon.com were brought down for several hours apiece during a DDoS attack that went on for about two weeks, constantly shifting its focus to new targets. Experts thought that the attacker was an expert. He turned out to be a 15-year-old boy with limited skills but good attack tools and patience. He stopped because he got bored, not because he was stopped technically.> Attack Command Server DoS Attack Packets Computer with Zombie

16 Attacks Requiring Protection
Malicious Content Viruses Infect files propagate by executing infected program Payloads may be destructive Worms propagate by themselves Trojan horses appear to be one thing, such as a game, but actually are malicious Snakes: combine worm with virus, Trojan horses, and other attacks Sometimes, messages, webpages, instant messages, and other messages may contain malicious content designed to do damage to the victim. Viruses are the best-know type of malicious content. Viruses infect program files. When infected programs run, the virus code spreads the virus to other programs on the computer. In addition, when an infected program run, it may execute its payload, which may wipe the victim’s hard disk or do other damage. In contrast to viruses, worms do not attach themselves to programs. On their own, they find ways to spread from system to system. Once on a system, they can execute their destructive payloads. In turn, Trojan horses are programs that pretend to be something, such as a game, but really are attack programs. Sometimes users download Trojan horses themselves. Other times, payloads in viruses or worms install the Trojan. Then there are blended threats, which the book calls snakes. These combine worms with viruses, Trojan horses, and other attack tools. The Nimda attack of 2001 was such a blended threat.

17 Trojan’s and BackDoors
The trick is get the a backdoor (unauthorized entry) on a machine Easy way Get the user to load it himself Cracked Software (WAREZ) Free Software (KAZAA) Hard Way Get a password Create a buffer overflow Microsoft can teach you how Most Common Trojans and backdoors SubSeven ServU Netbus Back Orifice If have download cracked software (illegal) or have loaded KAZAA chances are that you have been hacked!

18 I get at least one of these a day.

19 SubSeven Control

20 Snoop and Sniff

21 Dangers of Wireless Networking
Wi-Fi was designed as an OPEN technology which provides EASE of ACCESS It’s the hacker’s dream environment See wireless_insecurity.pdf Also Common hacks Wardriving Evil twin Cloning Snooping

22 802.11 (in)Security Attackers can lurk outside your premises
In “war driving,” drive around sniffing out unprotected wireless LANs In “drive by hacking,” eavesdrop on conversations or mount active attacks. Doonesbury July 21, 2002 Outside Attacker wireless LANs are dangerous from a security viewpoint because WLAN signals reach past the walls of the customer premises. Attackers can lurk just outside the premises. In “war driving,” attackers drive around and listen for traffic from unprotected LANs. A common program to use for war driving is Netstumbler. They often find a lot of unprotected WLANs. In “drive by hacking,” the attacker listens in on conversations or attacks actively. Site with WLAN

23 Evil twin hack Masquerade as a legitimate WiFi access point
Classic man in the middle attack

24 WiFi (& Cell) Cloning Since all wireless technologies require broadcasting of some sort all you need to do is listen in Scanner For any device to “connect” it must Indentify, Validate, verify, provide a code or some mechanism Ex, MAC’s, EISN’s, SSN, WEP secrets, etc Since you can “listen” you can also record Record the first part of any connection Replay it You have just “cloned” the original device

25 How Viruses Work

26 Getting Rid of Viruses Get a good Virus Projection Software
Free (not Recommended) Anti-Vir Avast AVG Not Free Norton AntiVirus MacAfee Free for UMFK students umfk Update definition files often

27 How Worms work Worms are pieces of software that self replicate over networks “Choke” networks Famous Worms Morris worm – the first worm Code Red – went after IIS servers Melissa – worm Slammer - SQL worm Blaster – Windows RPC worm MyDoom – another worm that creates a BackDoor on your computer

28 Privacy Issues Cookie Problems WebTracking Web BUGs Passports Spyware
Clear Gifs technology Passports Spyware

29 Cookie Invasion Cookie can be used to monitor your web behavior
Tracking cookies Used by Internet Marketing agencies like Doubleclick Why --- Consumer Profiling You go to yahoo and search for “stereo” All of a sudden you see a pop-up ad for Crutchfield.com

30 Web Tracking Web tracking is used to for the same reasons –Profiling
Instead on monitoring on the User Side all Monitoring is done on the server side Monitors packets Read web logs

31 Web Tracking report

32 Web Logs

33 Web Bugs Web Bugs are used to gather information about a users
From “bugging” a room Down by embedding a piece of code monitoring software in a image link Works on WebPages and HTML Often called Clear gifs Small 1X1 pixels Transparent Made so that uses don’t see them Every Time the Web Bugs is loaded it gathers info about the user that activated the web bug and sends it off to a remote server

34 DoubleClick Clear GIFs

35 Passports Internet Passports are a user allowed Authentication and data collection tool Used to prove identity Sued to collect data Tied to a specific browser on a specific PC not the user If someone uses your PC it can make believe he is you Can be used on Multiple web sites Not widely used

36 Spyware Software that sits on your computer Top Spyware
Monitors everything that you do and sends out reports to Marketing agencies Usually ties to a POP-UP server Top Spyware I-Look Up CoolWebSearch N-CASE GATOR DoubleClick If you have ever loaded up ICQ Loaded on your PC you have Spyware If you have ever had KAZAA loaded on your PC you have Spyware If you have loaded Quicken or TurboTax you have Spyware C-Dilla

37 How Phishing Works Phishing is “fishing for suckers!”
Send a that mimics the real thing and get the recipient to give their password

38

39 Getting Rid of it all! Keeping Your PC Spyware Free Michael P. Matis
© 2004 UMM Information Technology Instructions Software

40 Crypto, Digital Signature and Digital Certificates
Cryptography provides security by using encryption Ensures privacy Digital Signatures are just like a real signature DCMA makes them just as legally binding as a signed paper document Digital Certificates uses Cryptographic techniques to prove Identity

41 Digital Signature DS Plaintext Sender Receiver
Encrypted for Confidentiality DS Plaintext Sender Receiver Initial authentication is fine, but an attacker may slip a message in after a sender is initially authenticated. We would like message-by-message authentication so that we can authenticate every message as coming from the true party. To do this, a digital signature is added to the plaintext message before encryption for confidentiality. Add Digital Signature to Each Message Provides Message-by-Message Authentication

42 Digital Signature: Sender
To Create the Digital Signature: Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature Plaintext Hash MD Sign (Encrypt) MD with Sender’s Private Key The sender begins by hashing the plaintext message to be sent. The resultant hash is called the message digest. The message digest it not the digital signature. It is a step along the way to creating the digital signature. Next, the applicant encrypts the message digest with his or her private key, which only he or she should know. The ciphertext that results is called the digital signature. Encrypting something with one’s private key is called signing it. So the applicant signs the message digest with his or her private key. DS

43 Digital Signature Send Plaintext plus Digital Signature
Encrypted with Symmetric Session Key DS Plaintext Sender Encrypts Now the sender/applicant adds the digital signature to the plaintext. The applicant/sender then encrypts the combined message with the symmetric session key it shares with the receiver/verifier. This provides confidentiality during the transmission. Receiver Decrypts Transmission

44 Digital Signature: Receiver
1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key Received Plaintext DS 2. Decrypt with True Party’s Public Key 1. Hash MD MD The receiver first decrypts the arriving message with the symmetric session key. This gives back the received plaintext and the digital signature. The receiver/verifier hashes the received plaintext with the same hashing algorithm the sender used. This creates the message digest again. (Again, hashing is repeatable: it always gives the same result every time it is applied o the same bit string.) Next, the receiver/verifier decrypts the digital signature with the true party’s known public key. This should also give the message digest—if the applicant signed the message digest with the true party’s private key, which only the true party should know. The applicant has now proven that they are the true party. 3. Are they Equal?

45 “Here is TP’s public key.” (Sends Impostor’s public key)
Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception For digital signatures to work, the verifier must know the true party’s public key. Although this is obvious, getting the true party’s public key is surprisingly difficult to do and is the Achilles’ heel of public key encryption. However, where will they get the true party’s public key? In public key deception, an impostor sends the verifier the impostor’s own public key, claiming that it is the public key of the true party. If the verifier is gullible and accepts this public key as being that of the true party, then it will “authenticate” all of the impostor’s digital signatures as legitimate. The bottom line is that digital signatures will only work if the verifier can get the true party’s public key from a trusted party.

46 Digital Certificates Digital certificates are electronic documents that give the true party’s name and public key Applicants claiming to be the true party have their authentication methods tested by this public key If they are not the true party, they cannot use the true party’s private key and so will not be authenticated Digital certificates follow the X.509 Standard <This figure is very important.> To be confident that they know the true party’s public key, the verifier should get the true party’s digital certificate. A digital signature is an electronic document that has a number of fields. Most importantly, two fields in the digital certificate give the name of the party to whom the certificate was issued and their public key. This is exactly what the verifier must know to verify digital signatures. <Read the second and third points.>

47 Digital Signatures and Digital Certificates
Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature Digital Certificate: True Party’s Public Key Certificate Authority Applicant <This is really important. Read it and make sure students understand why both a digital signature and a digital certificate are both needed for certification.> DS Plaintext Verifier

48 Government Invasions of Privacy?
NSA Echelon (no warrants required) Internet Wire Taps FBI has the ability to tap into your Internet Traffic FBI has DragonWare which contains three parts: Carnivore - A Windows NT/2000-based system that captures the information Packeteer - No official information released, but presumably an application for reassembling packets into cohesive messages or Web pages Coolminer - No official information released, but presumably an application for extrapolating and analyzing data found in the messages FBI’s Carnivore More on Carnivore

49 Echelon Global Electronic Spy network
It exists but little is known on exactly how it works The basics Collect all electronic conversations Crack all encrypted stuff Search all conversations for “key words” Find the “speakers”

50 Carnivore

51 Work Place Snooping Workplaces have similar Techniques available to them Often ties to an “acceptable Use policy” you had to sign when you went to work Generally, if the the account and Internet access was made available to you by your employer in order to do you work, they have a legal right to monitor your use of it

52 Parental Controls How do you prevent Children from wandering into the “seedy” side of the Internet? By Creating Laws? The Communication Decency Act was ruled unconstitutional by the US Supreme Court on “Freedom of Speech issues” Jurisdiction Problems

53 Parental Controls Software
Many Companies make Internet filtering Software that doesn’t allow access to “bad” sites How do you tell if a site is “Bad”? Known bad Sites Bad words in URL or Content Keeping Kids Safe Free Software

Download ppt "COS 125 DAY 9."

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Threats To A Computer Network

Threats To A Computer Network
COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March.

COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
COS 125 DAY 10. Agenda  Capstone Projects Proposals Over Due Timing of deliverables is 10% of Grade Missing 9 out of 17  Quiz two covering the rest.

COS 125 DAY 10. Agenda  Capstone Projects Proposals Over Due Timing of deliverables is 10% of Grade Missing 9 out of 17  Quiz two covering the rest.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through.

COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Types of Electronic Infection

Types of Electronic Infection

Similar presentations

Ads by Google