Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 303 Essential Computer Security Winter 2014 Lecture 2 - Security Overview Reading: Chapter 1.

Published byAileen Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "CSCD 303 Essential Computer Security Winter 2014 Lecture 2 - Security Overview Reading: Chapter 1."— Presentation transcript:

1 CSCD 303 Essential Computer Security Winter 2014 Lecture 2 - Security Overview Reading: Chapter 1

2 Overview Topics – Threats – Look at popular statistics – Overview of threats – Difficulty of computer security – Security definitions – Questions for you

3 Motivation for Computer Security Most people … – Concerned about computer security … but do not actively practice it http://blogs.mcafee.com/consumer/online- safety-survey2012 So, what can happen as a result of computer security breach?

4 Motivation for Computer Security Consequences of Security breach – Threats are real! – Identity theft, malware, stolen resources for botnets, credit card theft (lots) – Privacy... Corporate and government threats You need to know how to protect your privacy!!! – Look at a few statistics to motivate the need for computer security

5 http://www.symantec.com/threatreport/topic.jsp?id=threat_activity_trends&ai d=malicious_activity_by_source Symantec Threat Report 2010-2011

6 Symantec Threat Report Browser Vulnerabilities

7 Symantec Threat Report Summary Symantec blocked over 5.5 billion malware attacks in 2011 – 81% increase over 2010 Web based attacks increased by 36% with over 4,500 new attacks / day 403 million new variants of malware were created in 2011 – 41% increase of 2010 50% of targeted attacks were aimed at companies with less than 2500 employees Overall number of vulnerabilities discovered in 2011 dropped 20%

8 TrendMicro Report 2012 Dangerous applications targeting users of Google's Android platform Increased from nearly 30,000 in June to almost 175,000 in September 2012 Third quarter of 2012 released today by global cloud security leader Trend Micro My comment: This is a natural progression as importance of Smart phones continues to increase

9 Android Risk Predicted vs Actual TrendMicro Statistics

10 Final Word from TrendMicro At the end of the day... all mobile apps are essentially web clients... are as insecure as a browser Fake versions of legitimate Android apps are most prevalent type of Android malware Report discusses data stealers like Solar Charge and service abusers like Live Wallpapers in China and fake versions of best-selling apps from Russia raise concerns about open nature of Android ecosystem http://www.infosecisland.com/blogview/22607-TrendMicro-Q3-Security- Report.html

11 Symantec Malware Signatures Symantec concluded 2011 with approximately 15.5M signatures green – New Signatures blue - cumulative

12 More Symantec Stats Phishing Incentive is largely financial ISP's

13 More Symantec Stats Once attackers have obtained financial information or other personal details – Names, addresses,and government identification numbers – Frequently sell data on underground economy – Most popular item for sale What would you guess? Credit card numbers – Organized groups figured out ways to use those cards to obtain and use those funds

14 More Symantec Stats Some groups in underground economy specialize in manufacturing blank plastic cards with magnetic stripes – Can be encoded with stolen credit card and bankcard data – Requires highly organized level of sophistication, cards often produced in one country, imprinted, and then shipped to countries from where stolen data originated

15 More Symantec Stats Popularity of items for sale on underground economy

16 Trojan Named Gozi In 2007, SecureWorks Security Research Group discovered Trojan captured credentials of Internet banking and e- commerce websites http://www.secureworks.com/research/threats/gozi/ – Trojan, Gozi, forwarded captured credentials to online database - were being sold to the highest bidder SecureWorks Security Research Group uncovered a cache of stolen information – Over 10,000 records containing Online banking user credentials Patient healthcare information Employee login information for confidential government and law enforcement applications Further investigation data offered for sale by Russian hackers for amount totaling over $2 million

17 Conficker Worm In 2009, new threat, a new worm! Also known as Downup, Downandup, Conflicker, and Kido – SRI researcher reported in March 2009, – “Cumulative census of Conficker.A indicates it affected more than 4.7 million IP addresses, while Conficker.B, has affected 6.7 million IP addresses” Exploit used by Conficker known in September/2008 Chinese hackers were reportedly first to produce a commercial package to sell this exploit (for $37.80)

18 Conficker Worm Exploit causes Windows 2000, XP, 2003 servers, and Vista to execute arbitrary code segment without authentication Spreads itself primarily through buffer overflow vulnerability in Server Service on Windows computers. Worm uses a specially crafted RPC request to execute code on target computer – Affects systems with firewalls enabled, but which operate with print and file sharing enabled Patch for this exploit was released by Microsoft on October 23 2008

19 Techrepublic Predictions 2013 http://www.techrepublic.com/blog/security/cybersecurity-challenges-in- 2013/9038 The major cyber-security challenges to businesses through 2013 will come from 1. Increase in Exploit Kits We expect to see exploit kits targeting Windows 8, MAC OS X and mobile devices, particularly Android based, in 2013 2. Increase in mobile device cyber-security threats Threats threaten targeted mobile devices at the point of commerce 3. Increase in sophistication of threats Ransomware attacks lock down a computer, device, or service and holds all the data hostage, DDoS will grow

20 Return from the Dead Exploits that come back Links to exploits that return again and again – Gozi – 2007 and ongoing http://www.trustdefender.com/blog/2010/02/2 8/gozi-a-perfect-example-of-an-older-trojan- re-inventing-itself/ – Storm Worm http://community.ca.com/blogs/securityadvisor/arc hive/2010/04/26/the-come-back-of-storm- worm.aspx Conficker – 2009 and ongoing http://www.zdnet.com/blog/hardware/making- sense-of-the-latest-conficker-update/4131

21 Difficulty of Computer Security

22 General Comments Online security mirrors offline Motivation and psychology similar for “online and offline” world “Where there is money, there is crime...” Difference between online and offline is – Harder to track, capture and convict online criminals – Plus, several aspects of online attacks magnify their effects

23 “Computer Security is Difficult” Why do you think this is true or is it?

24 Computer Security Difficult? Has computer security gotten more difficult than 19 years ago? Since 1995. http://www.computerhope.com/history/1995.htm

25 Computer Security is Difficult Why is this so? 1. Automation of attacks Tools enable attackers to access thousands of computers quickly Slammer worm, 2003, infected 75,000 computers in 11 minutes, continued to scan 55 million computers / sec Blaster worm, 2003, infected 138,000 in first 4 hours, and over 1.4 million computers

26 Computer Security is Difficult 2. Sophistication of attacks – Convergence of threats by sophisticated tools MPack and other Trojans exhibit traits – Once installed, they can be used to view confidential information that can then be used in identity theft or fraud – They can also be used to launch phishing attacks or to host phishing Web sites – Finally, they can be used as spam zombies

27 Computer Security is Difficult 3. Software vulnerabilities high – Hard for software vendors to keep up with vulnerabilities discovered, less than 6 days from discovery of vulnerability to creation of exploit CMU/CERT Software Vulnerabilities http://www.cert.org /stats/ Years Vulnerabilities 1995 – 171 2005 – 5990

28 Computer Security is Difficult 4. Zero Day attacks – A vulnerability discovered by attacker, not developer. So you have a zero day grace period. Must scramble to find vulnerability and patch it – Example: Hacker released attack code that exploited an unpatched vulnerability in Apple' Quicktime week after company updated media player to plug nine other serious vulnerabilities, September 18, 2008 Apple updated player five times since beginning 2008, and fixed more than 30 flaws!!

29 Computer Security is Difficult 5. No Borders, No Boundaries – Attackers can be distant from targets – Instead of worrying about criminals in your home town, worry about all criminals in world – And, how do you prosecute people across country borders? – Think this is easy?

30 Computer Security is Difficult 5. No Borders, No Boundaries – Example: In 1995, 29 year old hacker from Russia made $12,000,000 breaking into Citibank computers – Most of the Money was later recovered but expediting hacker from Russia to stand trial was difficult – He was later apprehended in London and extradited to the US to stand trial – Got three years... see link at end of lecture

31 Computer Security is Difficult 6. Technique Propagation – Publish attacks so everyone can use them – Damage can grow exponentially – Only need a few skilled people, many use their exploits and this amplifies the damage of attacks – So, search in Google for string, “How to write a virus?” – Comes back with 68,800,000 hits! – Some good advice on writing viruses

32 Computer Security is Difficult 7. Badly Designed Security Controls, users are required to make security decisions – Most users do not have enough knowledge to make the kind of decisions they are required to make – How many will click Cancel?

33 Computer Security Defined

34 Definitions Information Security – How would you define it? – Information security - protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction – Terms information security, computer security and information assurance are frequently used interchangeably http://en.wikipedia.org/wiki/Information_security

35 Definitions Three common attributes of computer security – What are they?

36 Definitions Three common attributes of computer security 1. Confidentiality Example? Confidentiality is preventing disclosure of information to unauthorized individuals or systems Example, credit card transaction on the Internet System enforces confidentiality by encrypting the card number during transmission or limiting the places where it might appear

37 Definitions 2. Integrity – Integrity means that data cannot be modified without authorization – Example? – Integrity is violated When an employee (accidentally or with malicious intent) deletes important data files, When a computer virus infects a computer, When an employee is able to modify his own salary in a payroll database, When an unauthorized user vandalizes web site

38 Definitions 3. Availability – Information must be available when needed – Highly available systems, remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades – Example of violation? – Ensuring availability also involves preventing DoS attacks denial-of-service attacks – See following slides...

39 DDoS Attack Example Availability Denial July 21, 2008, Web site for president of Georgia was knocked offline by distributed denial-of-service (DDOS) attack Georgia's presidential Web site was down for about a day, starting early Saturday until Sunday Network experts said attack was executed by a botnet Definition of Botnet A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie

40 Another DDoS Attack February 16th, 2007 Anti-phishing group, CastleCops.com was knocked out by massive DDoS, – Volunteer-driven site, run by husband and wife team had been coping with on-and-off attacks since February 13 – An intense wave completely crippled the server capacity CastleCops.com just celebrated its fifth anniversary as a high-profile anti-malware community Comment: This site ceased operation Dec. 2008

41 More Definitions Vulnerability How would you define it? A security exposure in an operating system or other system software or application software component Databases of vulnerabilities based on version number of the software - If exploited, each vulnerability can potentially compromise system or network - Government maintains database of common vulnerabilities and exposures http://icat.nist.gov/icat.cfm

42 More Definitions Assets In business and accounting, assets are everything owned by person or company that can be converted into cash Personally, anything that has value Assets typically need to be protected Part of the problem is Information is not considered assets!

43 More Definitions Exploit An exploit is piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability Purpose is to cause unintended or unanticipated behavior to occur on computer software or hardware – Gaining control of a computer system or allowing privilege escalation or a denial of service attack

44 Exploit Examples Examples of Exploits for specific platforms: http://www.f-secure.com/v-descs/exploit.shtml * Exploit: Java/Blackhole * Exploit: JS/Pidief * Exploit: W32/Ani.C * Exploit: HTML/IESlice.BK * Exploit: SymbOS/SMSCurse.A

45  Web bugs  Small images or HTML code hidden within an e-mail message  When a user opens the message information is sent back to the source of the bug  Computer monitoring software  Invasive and dangerous  Record activities and keystrokes  Also known as keystroke loggers  Anti-Spyware programs

46  Malware” is short for “malicious software” - computer programs designed to infiltrate and damage computers without the users consent  Viruses  Worms  Trojan horse  Zombie software  Denial of Service  (DoS) attack Malware – Malicious Programs

47 Sum up Definitions Attackers look for vulnerabilities in systems – Typically in software, but others exist – Once they find vulnerability, use an exploit of some kind to gain access to the system – Looking for assets that have value Information assets are things like SSN’s, credit card information or information that leads to identity theft Other assets are use of computers to create botnets

48 Introduction Summary Computer Security is challenging Many exploits, vulnerabilities in software, complexity of systems and uneducated users A lot to learn but not impossible Just like protecting ourselves in the physical world, people can protect themselves in the cyber world Part of this class will be to learn how to protect ourselves and all those around us !!!

49 References Wiki page on Russian Hacker http://en.wikipedia.org/wiki/Vladimir_Levin Symantec Security Threat Report http://www.symantec.com/business/theme.jsp?themeid=threatreport Law Firm IT Manager Shows Gozi Video to Backdoor Service http://lawfirmit.blogspot.com/2009/04/video-gozi-trojan.html Trend Micro Reports and Information http://www.trendmicro.com/us/security-intelligence/research- and-analysis/

50 References Continued Zues trojan – Nasty exploit http://itknowledgeexchange.techtarget.com/security- bytes/zeus-trojan-evades-antivirus-software-trusteer-says/ BackDoor-DTN – Trojan http://www.esecurityplanet.com/alerts/article.php/3808996/36- BackDoor-DTN-Trojan-Exploits-Microsoft-Flaw-to-Give- Attacker-Admin-Privileges.htm Kapersky Site http://www.securelist.com/en/

51 The End Next Time: Attackers – Book, Chapters 1, 2 and 7

Download ppt "CSCD 303 Essential Computer Security Winter 2014 Lecture 2 - Security Overview Reading: Chapter 1."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Breaking Trust On The Internet

Breaking Trust On The Internet
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Computer Viruses.

Computer Viruses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.

Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google