Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March."— Presentation transcript:

1 COS 125 DAY 9

2 Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March 7  Next week we will begin doing Web pages  Next Quiz is Feb 26 (nest Tuesday) over the rest of HITW test 20 M/C, 4 Short essays, One extra Credit  Today we will discuss Protecting Yourself on the Internet

3 Protecting yourself on the Internet  One of the most talked about subjects in the last few years  Great demand for Internet Security Specialists  Prompted the need for a new field of study Information Assurance New Program of Study at UMFKProgram of Study at UMFK

4 Is the Internet SAFE?  Dangers Hackers  Worms, viruses, Trojans, DOS & DDOS Privacy  Snooping  Spy ware Criminal  Phishers  Internet fraud  Con Men (Dot Con)  Pedophiles and perverts  Questions Do these things only happen on the Internet? Is online better or worse than offline?

5 How Firewalls Work  Firewall check Packets in and out of Networks Decide which packets go through and which don’t Work in both directions Only one part of Security

6 Firewalls Attack Prevention System Corporate Network Hardened Client PC Hardened Server With Permissions Internet Attacker Attack Message Attack Message Firewall X Stops Most Attack Messages

7 Packet Filter Firewall Packet Filter Firewall IP-H TCP-H UDP-HApplication Message IP-HICMP Message Arriving Packets Permit Deny Corporate NetworkThe Internet Examines Packets in Isolation Fast but Misses Some Attacks

8 How Personal Firewalls work  Software version of a standard Hardware firewall  Controls packets in and out of one PC in much the same way as a Hardware Firewall does

9 Personal Firewalls  Many available—some free Not all work!  Even if is a good firewall…a bad configuration makes it “leaky”  My recommendation is Free  Sygate Personal Firewall Sygate Personal Firewall Not Free (around $60)  Norton Internet Security Norton Internet Security

10 How Hackers Hack  Many Techniques Social Engineering  Get someone to give you their password Cracking  Guessing passwords  A six letter password (no caps) > 300 million possibilities  Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary. http://www.m-w.com/help/faq/words_in.htm Buffer Overflows  Getting code to run on other PCs Load a Trojan or BackDoor Snoop and Sniff  Steal data Denial of Service (DOS)  Crash or cripple a Computer from another computer Distributed Denial of Service (DDOS)  Crash or cripple a Computer from multiple distributed computers

11 DOS attacks  Kill the PC with one packet Exploits problem in O/S  Teardrop  WinNuke  Kill the PC with lots of packets Smurf Frag Tribal Flood Network

12 SMURF Attack Image from www.circlemudd.org

13 Attacks Requiring Protection  Denial-of-Service (DoS) Attacks Make the system unavailable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability Single Message DOS Attack (Crashes the Victim) ServerAttacker

14 Attacks Requiring Protection  Denial-of-Service (DoS) Attacks Make the system unusable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability. Message Stream DOS Attack (Overloads the Victim) ServerAttacker

15 Distributed Denial-of-Service Attacks Distributed DOS (DDoS) Attack: Messages Come from Many Sources Server DoS Attack Packets Computer with Zombie Computer with Zombie Attacker Attack Command Attack Command

16 Attacks Requiring Protection  Malicious Content Viruses  Infect files propagate by executing infected program  Payloads may be destructive Worms  propagate by themselves Trojan horses  appear to be one thing, such as a game, but actually are malicious Snakes:  combine worm with virus, Trojan horses, and other attacks

17 Trojan’s and BackDoors  The trick is get the a backdoor (unauthorized entry) on a machine Easy way  Get the user to load it himself  Cracked Software (WAREZ)  Free Software (KAZAA) Hard Way  Get a password  Create a buffer overflow Microsoft can teach you how  Most Common Trojans and backdoors SubSeven ServU Netbus Back Orifice  If have download cracked software (illegal) or have loaded KAZAA chances are that you have been hacked!

18 I get at least one of these a day.

19 SubSeven Control

20 Snoop and Sniff

21 Dangers of Wireless Networking  Wi-Fi was designed as an OPEN technology which provides EASE of ACCESS It’s the hacker’s dream environment See wireless_insecurity.pdfwireless_insecurity.pdf Also http://www.cs.wright.edu/~pmateti/InternetSecurit y/Lectures/WirelessHacks/Mateti- WirelessHacks.htm http://www.cs.wright.edu/~pmateti/InternetSecurit y/Lectures/WirelessHacks/Mateti- WirelessHacks.htm  Common hacks Wardriving Evil twin Cloning Snooping

22 802.11 (in)Security  Attackers can lurk outside your premises In “war driving,” drive around sniffing out unprotected wireless LANs In “drive by hacking,” eavesdrop on conversations or mount active attacks. Site with 802.11 WLAN Outside Attacker Doonesbury July 21, 2002

23 Evil twin hack  Masquerade as a legitimate WiFi access point  Classic man in the middle attack

24 WiFi (& Cell) Cloning  Since all wireless technologies require broadcasting of some sort all you need to do is listen in Scanner  For any device to “connect” it must Indentify, Validate, verify, provide a code or some mechanism Ex, MAC’s, EISN’s, SSN, WEP secrets, etc  Since you can “listen” you can also record Record the first part of any connection Replay it You have just “cloned” the original device

25 How Viruses Work

26 Getting Rid of Viruses  Get a good Virus Projection Software Free (not Recommended)  Anti-Vir Anti-Vir  Avast Avast  AVG AVG Not Free  Norton AntiVirus Norton AntiVirus  MacAfee MacAfee Free for UMFK students umfk  http://www.umfk.maine.edu/it/antivirus/default.cf m http://www.umfk.maine.edu/it/antivirus/default.cf m  Update definition files often

27 How Worms work  Worms are pieces of software that self replicate over networks  “Choke” networks  Famous Worms Morris worm – the first worm Code Red – went after IIS servers Melissa – e-mail worm Slammer - SQL worm Blaster – Windows RPC worm MyDoom – another e-mail worm that creates a BackDoor on your computer

28 Privacy Issues  Cookie Problems  WebTracking  Web BUGs Clear Gifs technology  Passports  Spyware

29 Cookie Invasion  Cookie can be used to monitor your web behavior Tracking cookies Used by Internet Marketing agencies like Doubleclick  Why --- Consumer Profiling You go to yahoo and search for “stereo” All of a sudden you see a pop-up ad for Crutchfield.com

30 Web Tracking  Web tracking is used to for the same reasons –Profiling  Instead on monitoring on the User Side all Monitoring is done on the server side Monitors packets Read web logs

31 Web Tracking report

32 Web Logs

33 Web Bugs  Web Bugs are used to gather information about a users From “bugging” a room  Down by embedding a piece of code monitoring software in a image link Works on WebPages and HTML e-mail Often called Clear gifs  Small 1X1 pixels  Transparent  Made so that uses don’t see them  Every Time the Web Bugs is loaded it gathers info about the user that activated the web bug and sends it off to a remote server

34 DoubleClick Clear GIFs

35 Passports  Internet Passports are a user allowed Authentication and data collection tool Used to prove identity Sued to collect data  Tied to a specific browser on a specific PC not the user If someone uses your PC it can make believe he is you  Can be used on Multiple web sites  Not widely used

36 Spyware  Software that sits on your computer Monitors everything that you do and sends out reports to Marketing agencies Usually ties to a POP-UP server  Top Spyware I-Look Up CoolWebSearch N-CASE GATOR DoubleClick  If you have ever loaded up ICQ Loaded on your PC you have Spyware  If you have ever had KAZAA loaded on your PC you have Spyware  If you have loaded Quicken or TurboTax you have Spyware C-Dilla

37 How Phishing Works  Phishing is “fishing for suckers!”  Send a e-mail that mimics the real thing and get the recipient to give their password

38

39 Getting Rid of it all!  Keeping Your PC Spyware Free Michael P. Matis © 2004 UMM Information Technology Instructions Software

40 Crypto, Digital Signature and Digital Certificates  Cryptography provides security by using encryption Ensures privacy  Digital Signatures are just like a real signature DCMA makes them just as legally binding as a signed paper document  Digital Certificates uses Cryptographic techniques to prove Identity

41 Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

42 Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature

43 Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext plus Digital Signature Encrypted with Symmetric Session Key DSPlaintext Transmission

44 Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

45 Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

46 Digital Certificates  Digital certificates are electronic documents that give the true party’s name and public key  Applicants claiming to be the true party have their authentication methods tested by this public key  If they are not the true party, they cannot use the true party’s private key and so will not be authenticated  Digital certificates follow the X.509 Standard

47 Digital Signatures and Digital Certificates  Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature DSPlaintext Applicant Verifier Certificate Authority Digital Certificate: True Party’s Public Key

48 Government Invasions of Privacy?  NSA Echelon (no warrants required)  Internet Wire Taps  FBI has the ability to tap into your Internet Traffic  FBI has DragonWare which contains three parts: Carnivore - A Windows NT/2000-based system that captures the information Packeteer - No official information released, but presumably an application for reassembling packets into cohesive messages or Web pagespackets Coolminer - No official information released, but presumably an application for extrapolating and analyzing data found in the messages  FBI’s Carnivore http://www.epic.org/privacy/carnivore/foia_documents.ht ml http://www.epic.org/privacy/carnivore/foia_documents.ht ml  More on Carnivore http://computer.howstuffworks.com/carnivore.htm

49 Echelon  Global Electronic Spy network  http://www.hermetic.ch/crypto/echelon/echelon.ht m http://www.hermetic.ch/crypto/echelon/echelon.ht m  It exists but little is known on exactly how it works  The basics Collect all electronic conversations Crack all encrypted stuff Search all conversations for “key words”  Find the “speakers”

50 Carnivore

51 Work Place Snooping  Workplaces have similar Techniques available to them Often ties to an “acceptable Use policy” you had to sign when you went to work Generally, if the the e-mail account and Internet access was made available to you by your employer in order to do you work, they have a legal right to monitor your use of it

52 Parental Controls  How do you prevent Children from wandering into the “seedy” side of the Internet?  By Creating Laws? The Communication Decency Act was ruled unconstitutional by the US Supreme Court on “Freedom of Speech issues” Jurisdiction Problems

53 Parental Controls Software  Many Companies make Internet filtering Software that doesn’t allow access to “bad” sites How do you tell if a site is “Bad”?  Known bad Sites  Bad words in URL or Content  Keeping Kids Safe http://www.kiks.org/  Free Software http://www.we-blocker.com / http://www.we-blocker.com /

Download ppt "COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
COS 125 DAY 10. Agenda  Capstone Projects Proposals Over Due Timing of deliverables is 10% of Grade Missing 9 out of 17  Quiz two covering the rest.

COS 125 DAY 10. Agenda  Capstone Projects Proposals Over Due Timing of deliverables is 10% of Grade Missing 9 out of 17  Quiz two covering the rest.
1 The Information School of the University of Washington Nov 17fit100-21-spyware © 2006 University of Washington The Dark Side of the Internet INFO/CSE.

1 The Information School of the University of Washington Nov 17fit spyware © 2006 University of Washington The Dark Side of the Internet INFO/CSE.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through.

COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through.
Issues Raised by ICT.

Issues Raised by ICT.

Similar presentations

Ads by Google