Threats.ppt 1358KB Jun 23 2011 10:20:44 AM
CIT 380
Securing Computer Systems
Threats
CIT 380: Securing Computer Systems
Slide #1
Vocabulary
• CIA Triad
– Confidentiality
– Integrity
– Availability
• States of Information
– Storage
– Processing
– Transmission
CIT 380: Securing Computer Systems
Slide #2
Vocabulary
• Security Measures
– Technology
– Policies and practices
– Education, Training, and awareness
• Threats, Attacks, Assets
• Prevention, Detection, Recovery,
Survivability
CIT 380: Securing Computer Systems
Slide #3
Vocabulary
•
•
•
•
•
•
•
Risk
Security trade-offs
Cost-Benefit Analysis
Script Kiddies
Security Researchers
Hacker , Cracker, Attacker
Black Hat, White Hat
CIT 380: Securing Computer Systems
Slide #4
What are threats?
• What threats can you think of to your home?
• To your money (including bank accounts,
checks, credit and debit cards)?
• To your home computer?
CIT 380: Securing Computer Systems
Slide #5
Digital Threats:
More of the Same
•
•
•
•
•
•
Theft
Vandalism
Extortion
Con Games
Fraud
Stalking
CIT 380: Securing Computer Systems
Slide #6
Digital Threats:
What’s Different
Automation
– Salami Attack from Office Space.
Action at a Distance
– Volodya Levin, from St. Petersburg, Russia, stole
over $10million from US Citibank. Arrested in
London.
– Operators of CA BBS tried and convicted in TN
court because TN had d/led pornography f/ CA.
CIT 380: Securing Computer Systems
Slide #7
Digital Threats:
What’s Different
Technique Propagation
– Criminals share techniques rapidly and globally.
CIT 380: Securing Computer Systems
Slide #8
Next Slide
• The percentage of respondents answering
that their organization experienced
unauthorized use of computer systems in the
last 12 months
CIT 380: Securing Computer Systems
Slide #9
CIT 380: Securing Computer Systems
Slide #10
Survival Time
CIT 380: Securing Computer Systems
Slide #11
Survival Time
• The main issue here is of course that the time
to download critical patches will exceed this
survival time.
CIT 380: Securing Computer Systems
Slide #12
Current Threat Information
• SANS Internet Storm Center
– http://isc.sans.edu/index.html
• Bugtraq
– http://www.securityfocus.com/
– http://www.securityfocus.com/archive/1
• CERT
– http://www.cert.org/
CIT 380: Securing Computer Systems
Slide #13
Current Threat Information
• Packet Storm
– http://packetstormsecurity.org/
CIT 380: Securing Computer Systems
Slide #14
Who are the Attackers?
• Hackers vs Crackers
• Levels of attackers
– Developer
• Finds new security vulnerabilities
• Writes tools and exploits
– User
• Understands tools; modifies tools/exploits
– Script Kiddie
CIT 380: Securing Computer Systems
Slide #15
Who are the Attackers?
Criminals.
– 1993: Thieves installed bogus ATM at Manchester Mall.
Saved account#s + PINs.
Organized crime.
– 2000: Mafia-led organization members arrested for
attempt to steal $680million from Bank of Sicily.
Malicious insiders.
– 2001: Mike Ventimiglia deletes files of his employer,
GTE. $200,000 damage.
Industrial espionage.
– 2001: Verdicts in Cadence Design Systems vs. Avant
against 7 employees incl CEO. 5 sentenced to jail.
CIT 380: Securing Computer Systems
Slide #16
Who are the Attackers?
Press.
– 1998: Cincinnati Enquirer reporter Michael Gallagher
breaks into Chiquita Fruits voicemail to expose illegal
activities.
Police.
– 1997: LAPD illegal wiretapping scandal.
Terrorists.
– 1999: DOS attacks and web defacements against NATO
country computers during Kosovo bombings.
National Intelligence.
– 2000: Former CIA Directory Woolsey admitted to using
ECHELON information to help US companies win
foreign contracts.
CIT 380: Securing Computer Systems
Slide #17
Scary Internet Stuff: Underground
• http://www.youtube.com/watch?v=AYWYvJ
__Dxk&feature=related
CIT 380: Securing Computer Systems
Slide #18
What Are Our Defenses?
•
•
•
•
Firewalls
Virus Scanners
Spyware Scanners
Intrusion Detection
Systems (IDS/IPS)
• Patches
• Backups
CIT 380: Securing Computer Systems
Prevent
Detect
Recover
Respond
Slide #19
What Are The Attacks?
•
•
•
•
•
Phishing
Malware
Ransomware
Spyware
Botnets
CIT 380: Securing Computer Systems
Slide #20
Phishing E-mail
CIT 380: Securing Computer Systems
Slide #21
Phishing Site
CIT 380: Securing Computer Systems
Slide #22
Scary Internet Stuff: Phishing
• http://www.youtube.com/watch?
v=Ao20tAS3x3I&feature=related
CIT 380: Securing Computer Systems
Slide #23
Amazon.com - Your Cancellation (516-203578-8141423)
[email protected]
Dear Customer,
Your order has been successfully canceled. For your reference, here`s a summary of your order:
You just canceled order #991-86824-273919
Status: CANCELED
_____________________________________________________________________
ORDER DETAILS
Sold by: Amazon.com, LLC
_____________________________________________________________________
Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.
Thank you for visiting Amazon.com!
--------------------------------------------------------------------Amazon.com
Earth`s Biggest Selection
http://www.amazon.com
---------------------------------------------------------------------
CIT 380: Securing Computer Systems
Slide #24
Malware
• Trojan Horses
• Viruses
• Worms
CIT 380: Securing Computer Systems
Slide #25
Ransomware
CIT 380: Securing Computer Systems
Slide #26
Spyware and Adware
Most Trojan Horses, some infect directly.
–
–
–
–
Browser hijacking
Pop-up advertisements
Keystroke and network logging
Steal confidential data from email and files
CIT 380: Securing Computer Systems
Slide #27
Spyware and Adware
89% of PCs are infected with spyware
(2006Q2 Webroot .)
– http://www.webroot.com/resources/stateofspywa
re/excerpt.html
CIT 380: Securing Computer Systems
Slide #28
Rootkits
•
•
•
•
Execution Redirection
File Hiding
Process Hiding
Network Hiding
User Program
Rootkit
OS
CIT 380: Securing Computer Systems
Slide #29
Rootkits Video
• http://www.youtube.com/watch?v=PcqnG4NkZ4
CIT 380: Securing Computer Systems
Slide #30
Botnets
Worm or direct attack usurps control of PC, then
installs control software to listen for instructions.
Instructions can include:
•
•
•
•
•
Attempt to infect other PCs
Send spam message
Launch DOS attack
Upgrade attack and control software
Virus writers sell botnets to spammers for
$0.10/compromised PC
CIT 380: Securing Computer Systems
Slide #31
Scary Internet Stuff: Botnets
• http://www.youtube.com/watch?
v=BRhauoXpNSs
CIT 380: Securing Computer Systems
Slide #32
Wikipedia: Botnet
• http://en.wikipedia.org/wiki/Botnet
– Historical list of botnets
• Kraken botnet
– http://en.wikipedia.org/wiki/Kraken_botnet
CIT 380: Securing Computer Systems
Slide #33
Key Points
• Computer crimes same as pre-computer crimes.
• Differences in digital threats
– Automation
– Action at a distance
– Technique propagation
• Digital threats
–
–
–
–
–
Phishing
Malware
Ransomware
Spyware
Botnets
CIT 380: Securing Computer Systems
Slide #34
References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List,
http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.
The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004.
John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004.
Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition,
McGraw-Hill, 2005.
Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security
Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July
2005.
SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php
Schneier, Bruce, Beyond Fear, Copernicus Books, 2003.
Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006
Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your
Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.
Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26
2005.
Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol.
27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)
CIT 380: Securing Computer Systems
Slide #35
Securing Computer Systems
Threats
CIT 380: Securing Computer Systems
Slide #1
Vocabulary
• CIA Triad
– Confidentiality
– Integrity
– Availability
• States of Information
– Storage
– Processing
– Transmission
CIT 380: Securing Computer Systems
Slide #2
Vocabulary
• Security Measures
– Technology
– Policies and practices
– Education, Training, and awareness
• Threats, Attacks, Assets
• Prevention, Detection, Recovery,
Survivability
CIT 380: Securing Computer Systems
Slide #3
Vocabulary
•
•
•
•
•
•
•
Risk
Security trade-offs
Cost-Benefit Analysis
Script Kiddies
Security Researchers
Hacker , Cracker, Attacker
Black Hat, White Hat
CIT 380: Securing Computer Systems
Slide #4
What are threats?
• What threats can you think of to your home?
• To your money (including bank accounts,
checks, credit and debit cards)?
• To your home computer?
CIT 380: Securing Computer Systems
Slide #5
Digital Threats:
More of the Same
•
•
•
•
•
•
Theft
Vandalism
Extortion
Con Games
Fraud
Stalking
CIT 380: Securing Computer Systems
Slide #6
Digital Threats:
What’s Different
Automation
– Salami Attack from Office Space.
Action at a Distance
– Volodya Levin, from St. Petersburg, Russia, stole
over $10million from US Citibank. Arrested in
London.
– Operators of CA BBS tried and convicted in TN
court because TN had d/led pornography f/ CA.
CIT 380: Securing Computer Systems
Slide #7
Digital Threats:
What’s Different
Technique Propagation
– Criminals share techniques rapidly and globally.
CIT 380: Securing Computer Systems
Slide #8
Next Slide
• The percentage of respondents answering
that their organization experienced
unauthorized use of computer systems in the
last 12 months
CIT 380: Securing Computer Systems
Slide #9
CIT 380: Securing Computer Systems
Slide #10
Survival Time
CIT 380: Securing Computer Systems
Slide #11
Survival Time
• The main issue here is of course that the time
to download critical patches will exceed this
survival time.
CIT 380: Securing Computer Systems
Slide #12
Current Threat Information
• SANS Internet Storm Center
– http://isc.sans.edu/index.html
• Bugtraq
– http://www.securityfocus.com/
– http://www.securityfocus.com/archive/1
• CERT
– http://www.cert.org/
CIT 380: Securing Computer Systems
Slide #13
Current Threat Information
• Packet Storm
– http://packetstormsecurity.org/
CIT 380: Securing Computer Systems
Slide #14
Who are the Attackers?
• Hackers vs Crackers
• Levels of attackers
– Developer
• Finds new security vulnerabilities
• Writes tools and exploits
– User
• Understands tools; modifies tools/exploits
– Script Kiddie
CIT 380: Securing Computer Systems
Slide #15
Who are the Attackers?
Criminals.
– 1993: Thieves installed bogus ATM at Manchester Mall.
Saved account#s + PINs.
Organized crime.
– 2000: Mafia-led organization members arrested for
attempt to steal $680million from Bank of Sicily.
Malicious insiders.
– 2001: Mike Ventimiglia deletes files of his employer,
GTE. $200,000 damage.
Industrial espionage.
– 2001: Verdicts in Cadence Design Systems vs. Avant
against 7 employees incl CEO. 5 sentenced to jail.
CIT 380: Securing Computer Systems
Slide #16
Who are the Attackers?
Press.
– 1998: Cincinnati Enquirer reporter Michael Gallagher
breaks into Chiquita Fruits voicemail to expose illegal
activities.
Police.
– 1997: LAPD illegal wiretapping scandal.
Terrorists.
– 1999: DOS attacks and web defacements against NATO
country computers during Kosovo bombings.
National Intelligence.
– 2000: Former CIA Directory Woolsey admitted to using
ECHELON information to help US companies win
foreign contracts.
CIT 380: Securing Computer Systems
Slide #17
Scary Internet Stuff: Underground
• http://www.youtube.com/watch?v=AYWYvJ
__Dxk&feature=related
CIT 380: Securing Computer Systems
Slide #18
What Are Our Defenses?
•
•
•
•
Firewalls
Virus Scanners
Spyware Scanners
Intrusion Detection
Systems (IDS/IPS)
• Patches
• Backups
CIT 380: Securing Computer Systems
Prevent
Detect
Recover
Respond
Slide #19
What Are The Attacks?
•
•
•
•
•
Phishing
Malware
Ransomware
Spyware
Botnets
CIT 380: Securing Computer Systems
Slide #20
Phishing E-mail
CIT 380: Securing Computer Systems
Slide #21
Phishing Site
CIT 380: Securing Computer Systems
Slide #22
Scary Internet Stuff: Phishing
• http://www.youtube.com/watch?
v=Ao20tAS3x3I&feature=related
CIT 380: Securing Computer Systems
Slide #23
Amazon.com - Your Cancellation (516-203578-8141423)
[email protected]
Dear Customer,
Your order has been successfully canceled. For your reference, here`s a summary of your order:
You just canceled order #991-86824-273919
Status: CANCELED
_____________________________________________________________________
ORDER DETAILS
Sold by: Amazon.com, LLC
_____________________________________________________________________
Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.
Thank you for visiting Amazon.com!
--------------------------------------------------------------------Amazon.com
Earth`s Biggest Selection
http://www.amazon.com
---------------------------------------------------------------------
CIT 380: Securing Computer Systems
Slide #24
Malware
• Trojan Horses
• Viruses
• Worms
CIT 380: Securing Computer Systems
Slide #25
Ransomware
CIT 380: Securing Computer Systems
Slide #26
Spyware and Adware
Most Trojan Horses, some infect directly.
–
–
–
–
Browser hijacking
Pop-up advertisements
Keystroke and network logging
Steal confidential data from email and files
CIT 380: Securing Computer Systems
Slide #27
Spyware and Adware
89% of PCs are infected with spyware
(2006Q2 Webroot .)
– http://www.webroot.com/resources/stateofspywa
re/excerpt.html
CIT 380: Securing Computer Systems
Slide #28
Rootkits
•
•
•
•
Execution Redirection
File Hiding
Process Hiding
Network Hiding
User Program
Rootkit
OS
CIT 380: Securing Computer Systems
Slide #29
Rootkits Video
• http://www.youtube.com/watch?v=PcqnG4NkZ4
CIT 380: Securing Computer Systems
Slide #30
Botnets
Worm or direct attack usurps control of PC, then
installs control software to listen for instructions.
Instructions can include:
•
•
•
•
•
Attempt to infect other PCs
Send spam message
Launch DOS attack
Upgrade attack and control software
Virus writers sell botnets to spammers for
$0.10/compromised PC
CIT 380: Securing Computer Systems
Slide #31
Scary Internet Stuff: Botnets
• http://www.youtube.com/watch?
v=BRhauoXpNSs
CIT 380: Securing Computer Systems
Slide #32
Wikipedia: Botnet
• http://en.wikipedia.org/wiki/Botnet
– Historical list of botnets
• Kraken botnet
– http://en.wikipedia.org/wiki/Kraken_botnet
CIT 380: Securing Computer Systems
Slide #33
Key Points
• Computer crimes same as pre-computer crimes.
• Differences in digital threats
– Automation
– Action at a distance
– Technique propagation
• Digital threats
–
–
–
–
–
Phishing
Malware
Ransomware
Spyware
Botnets
CIT 380: Securing Computer Systems
Slide #34
References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List,
http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.
The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004.
John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004.
Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition,
McGraw-Hill, 2005.
Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security
Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July
2005.
SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php
Schneier, Bruce, Beyond Fear, Copernicus Books, 2003.
Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006
Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your
Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.
Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26
2005.
Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol.
27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)
CIT 380: Securing Computer Systems
Slide #35