Download J. Dizon, Y. Takagi, and G. Megerian

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
Document related concepts

Wake-on-LAN wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Malware wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Chapter 6
SECURITY
Garbis Megerian
Jeff Dizon
Yuko Takagi
Topics
• Viruses, Worms, Trojan Horses
– How they all work
– Famous attacks
– Ethical Evaluation
• Phreaks & Hackers
• Denial of Service Attacks & Online Voting
Introduction
• Computers  getting faster & cheaper
• Today’s uses:
– E-mail
– Managing personal information
– Shopping
• Increase in computer usage =
Increase importance of security
Viruses
• What is a virus?
– piece of self-replicating code embedded
within another program (host)
• How are viruses spread?
– E-Mail
– CDs, floppy disks, etc.
– Downloaded files
Viruses
• How a virus works:
– A person executes a program P, infected by a virus
– The virus begins to execute its code
• It finds another executable file Q and infects it
– Returns control back to program P w/out user
suspecting a problem
Viruses
• Famous viruses
– Brain Virus [1986]
• 1st to move from one IBM PC to another
– Michelangelo Virus [1991]
• On Michelangelo’s birthday (March 6), overwrites critical records
– Melissa Virus [1999]
• Email attachment, sends itself to 1st 50 in address book, crashed
email servers, infected 100,000 computers in 1st weekend.
• Poster of original virus sentenced to 20 months in jail, fined $5,000 &
100 hours community service
– Love Bug [2000]
• Email attachment, sends itself to victim’s complete address book
• Deleted some media found on hard disk & collected passwords.
• Originated in Philippines by 23 year-old, but no laws=no prosecution.
Viruses
• Viruses today
– Antivirus software, must keep up-to-date
– People believe they are up-to-date but, really
aren’t
– 2003 study at Oberlin College:
• System administrators found viruses in 90% of the
computers running Windows.
– 2007 study by McAfee:
• 92% said they were up-to-date, but only 49% really
were.
Worms
• What is a worm?
– Self-contained program that spreads through
a computer network by exploiting security
holes.
• Famous Worms
Worms
– WANK [1989] (cyberterrorism)
• NASA infected by antinuclear protestors b/c of the
robot probe Galileo filled w/ radioactive plutonium.
– Code Red [2001]
• Exploited bug in Microsoft’s Information Services
software & spread among Windows Web servers to
359,000+ hosts in less than 14 hours.
– Sapphire [2003]
• Fastest spreading worm in history (# of hosts
doubled every 8.5 seconds)…ended up affecting
78,000 computers.
• No malicious risk, just overloaded networks and
made database servers inaccessible.
Worms
• Blaster [2003]
– Exploited bug in Windows 2000 and XP computers.
– Goal: to deny Microsoft customers access to
windowsupdate.com to fix the bug.
• Sasser [2004]
– Affected 18 million computers worldwide
– Damage: made millions of computers unusable &
disrupted some transportation operations.
– Creator was 17 years old, and he was sentenced to
one and a half years probation and 30 hours of
community service.
The Internet Worm
• Robert Tapping Morris, Jr. background
–
–
–
–
–
Learned Unix OS in junior high.
Father security researcher at Bell Labs
Discovered security holes in Unix
Broke into networked computers & read other people’s emails.
After freshman year at Harvard, started work at Bell Labs.
• Designing the worm
– Buffer overflow attack
– Wish List:
•
•
•
•
Infect 3 machines per LAN
Only consume CPU cycles if machines are idle
Avoid slow machines
Break passwords to spread to more machines
– Main Goal:
• infect as many computers as possible, but don’t destroy any data files.
The Internet Worm
• Launching the Worm [1988]
– Launched from an MIT lab,
– Quickly spread to thousands of computers at military
installations, medical research facilities & universities.
– Bugs in worm itself crashed computers
– System administrators worked very hard to stop spread
• Consequences of his Worm
– 1st person to receive a felony conv. under
U.S. Computer Fraud and Abuse Act.
– Sentenced to 3 years’ probation
– 400 hours community service
– Fined $10,000
The Internet Worm…Ethical?
• Kantian - NO
– Morris’s will was selfish: seeking thrill
– Used others’ machines without permission
– Took measures to hide his identity
• Social Contract – NO
– Violated property rights
– Took advantage of security holes to gain access to computers
– Denied access to legitimate users.
• Utilitarian – NO
– Benefit: discovery of 2 significant security holes, and patch.
– Waste of time to fix by system administrators.
– Less productivity b/c unavailable computers.
• Final Answer – NOT ETHICAL
– Not malicious, but selfish
– Could’ve tried on a LAN, not entire internet
Trojan Horses
• What is a Trojan Horse?
– Program that performs malicious activity in
disguise.
– Program may look harmless, but isnt.
• Remote Access Trojan (RAT)
– Program that gives hacker access to victim’s
computer
• Famous examples: Back Orifice and SubSeven
– Attacker must trick victim into downloading
RAT server.
Defensive Measures
• Need dedicated system administrators
• Set up reasonable authorization/authentication
– Authorization: determining user’s permissions
– Authentication: determining that a person is who he
says he is (password, smart card, fingerprint)
• Choose smart passwords to foil a dictionary attack
• Firewall
– Monitors packets flowing in/out
• Update OS regularly
• Email filters
Compare & Contrast
• Virus
– Self-reproducing
– Embedded within another program
• Worm
– Self-contained
– Spread across network
– Causes harm through security holes
• Trojan Horse
– Harmless appearance, harmful purpose
Phreaks and Hackers
• Definition of Hacker:
– A person who accesses a computer without
authorization.
• Modern use of the word "hacker" includes
computer break-ins accompanied by
malicious behavior.
• Original Definition of Hacker:
– An explorer, a risk-taker, someone who tries to make
a system do something it has never done before.
• The word "hacker" abounded at MIT's Tech
Railroad Club in 1950s-1960s.
• To them, hacking was a way of demonstrating
creator's technical virtuosity.
• Calling someone a hacker was a sign of respect.
• The will of the hackers is to make an
improvement.
• A hacker is not malicious.
Hacking on the PDP-1
• The PDP-1 is a product made by Digital
Equipment Corporation (DEC)
• DEC donated it to MIT in 1961
• PDP-1 came with very little software, so the
hackers at MIT improved it
– They converted an assembler for MIT's TX-0
computer to PDP-1 machine language
– Created Spacewar, the first video game, which was
distributed for free
– Wrote a program that produces the sounds needed to
activate telephone switching equipment
(Simply for exploration, not for defrauding AT & T )
Stewart Nelson
• Was one of the MIT hackers
• He thought adding a new hardware
instruction to the PDP-1 would make it
better
• Decided not to ask for permission to avoid
waiting
• Sneaked in one night, and did some
rewiring which caused another instruction
to malfunction
Ethical Evaluation:
Was Stewart Nelson wrong to modify the PDP-1 hardware without
permission?
• Kantian Evaluation
– His will was to improve the PDP-1? --> No, because
this characterization allows an expected result to
provide the motivation for an action.
– He disregarded the instructions to access to the
machine.
– He disregarded the needs of the PDP-1 users whose
work depended upon the reliability of the computer.
– He treated other human beings as means to an end.
– Hence his action was WRONG.
Ethical Evaluation:
Was Stewart Nelson wrong to modify the PDP-1 hardware without
permission?
• Social Contract Theory
– By modifying a system he did not own, he
violated the rights of the legitimate owners
and users.
– Hence his action was WRONG.
Ethical Evaluation:
Was Stewart Nelson wrong to modify the PDP-1 hardware without
permission?
• Rule Utilitarian Evaluation
– If everyone engaged in such behavior, people
make unauthorized changes. This results in
less reliability and lowering productivity.
– Hence his action was WRONG.
Ethical Evaluation:
Was Stewart Nelson wrong to modify the PDP-1 hardware without
permission?
• Act Utilitarian Evaluation
– Benefit: He learned more about the computer.
– Negative effects: Cost of fixing the machine.
People are unable to do things because of the
malfunction he caused.
– Hence his action was WRONG.
Techniques to obtain valid
login name / password
• Guessing
– Effective when system administrators allow users to
have short passwords
• Dumpster driving
– Looking through garbage for a piece of information
• Social Engineering
– Manipulation of a person inside the organization to
gain access to confidential information
– Easier in large organization where people don't know
each other.
Phone Phreaking
• Definition of Phreak:
– A person who manipulates the phone system
in order to make free calls.
Historical methods phreaks used to access
long-distance service:
• Stealing long-distance telephone access codes
– Easiest way is shoulder-surfing
• Guessing long-distance telephone access codes
– By programming a computer to try different codes.
– Running computer all night typically gives about a
dozen hit.
• Using a "blue-box" to get free access to longdistance lines
– "Blue-box" mimics the telephone system's own
access signal (a high-pitch tone)
Penalties for Hacking
• The computer Fraud and Abuse Act stated the following
as illegal:
– Transmitting code that causes damage to a computer system
(i.e. Virus, worm)
– Accessing any computer connected to the Internet w/o
authorization, even if no files are modified, changed or copied
– Transmitting classified government information
– Trafficking in computer passwords
– Computer Fraud
– Computer extortion
Denial-of-Service Attacks
• intentional action design to prevent legitimate
users from making use of a computer
• goal is not to steal information, but to disrupt a
computer server’s ability to respond to its clients
• an example of an “asymmetric” attack; a single
person can harm a huge organization such as a
corporation or even a government
29
DoS Attacks
• In February 2000, a 15-year-old known as “Mafiaboy”
initiated a DoS attack that disabled huge Web sites such
as Amazon, Ebay, Yahoo, CNN, and Dell.
• Recently, many DoS attacks have focused on blacklist
services, used by ISPs to shield customers from spam.
• 4,000 Web sites suffer from DoS attacks each week.
• Attackers use other computers to launch their attacks
30
Three major types of DoS Attacks
1. SYN flood attack
2. Consumes all bandwidth on the target’s
network by generating large number of
messages to the network.
•
Smurf attack
3. Fill all available space on the target
computer’s disk.
31
SYN flood attack
normal
SYN flood attack
1. Attacker sends many spoofed SYN messages to target computer
2. Target sets aside part of its connection for each message and replies with a
SYN-ACK and waits for a reply from the attacker
3. Since the attacker used a phony client, it cannot respond to the target’s
SYN-ACK messages and the connections stay half-open
4. Target can only handle so many clients at one time; turns away legitimate
users from connecting
32
Consumes all bandwidth on the target’s network by
generating large number of messages to the network.
• Smurf attack
1.
2.
3.
4.
Attacker finds routers/amplifiers which multiply messages, and sends “ping”
messages to the routers.
A computer receiving a “ping” is supposed to echo back to the sender.
The attacker spoofed the IP address making it look like it came from the target
computer.
All the computers that received a “ping” echo back to the “spoofed” IP
address/target, and floods the target’s network.
33
Fill up target’s computer disk
• Three ways to fill a target’s computer disk:
1. Email bombing
o
o
attacker sends target a flood of long email messages
usually combined with email spoofing to hide attacker’s identity
2. Attacker creates a worm that intentionally generates
very long stream of errors; target computer logs
errors in a data file which eventually fills disk up.
3. Attacker breaks into target computer and copies
over files from another site.
34
Defensive Measures
1.
2.
3.
4.
5.
6.
Ensuring physical security of a server.
System administrators should benchmark the performance of their
computer systems to establish baselines. Once baselines are
known, it is easier to detect abnormal behavior that may indicate
breach of security.
Disk quota systems: limit amount of disk space a single user can
use; prevents an intruder from using up all the disk space.
Disabling unused network services; reduces attackers options.
Turning off amplifier network capabilities of routers; limits an
attacker if used for a smurf attack.
Pattern-recognition software to detect DoS attacks; software
discards requests for service from “clients” proven unreliable
(blacklist, soft of.)
35
Distributed Denial-of-Service
• DDoS attack
– Attacker gains access to thousand of computers
– Installs software that enables him/her to launch a
simultaneous attack
– Attacker sends a command to the “hijacked”
computers and they launch their attack
– Typically a smurf attack but on a much larger scale
with thousands of computers involved in the attack
36
SATAN
• Security Administrator Tool for Analyzing
Networks (SATAN)
– created by Dan Farmer
– probes system computers for security weaknesses
– critics thought that it might turn relatively unskilled
teenagers into computer hackers
– no SATAN exploits materialized
– Served its purpose by helping system admins identify
and fix security problems within their networks
37
Online Voting
• Motivation for Online Voting
–
–
–
–
2000 Presidential Election
Closest contests in U.S. history
Florida was the pivotal state
Manual recount of votes stated that Bush received 2,912,790
while Gore received 2,912,253.
– Two problems with the keypunch voting:
• Stylus doesn’t punch through hole cleanly, which are not counted by
automatic vote tabulators
• “butterfly ballot” – people mistakenly punched the hole for Pat
Buchanan thinking it was for Al Gore.
– may have cost Al Gore the presidency
38
Butterfly Ballot
39
Proposals
• Many suggested voting via the Internet to cast absentee
ballots
• Online voting already a reality
– Used in 200 Alaska Republican Presidential preference
– 2000 Arizona Democratic Presidential primary
– Local elections in United Kingdom
• 100,000 Americans in military and living overseas were
going to have the opportunity to vote over the Internet in
2004 until government cancelled the experiment at the
last minute
40
Utilitarian Evaluation
• Benefits of Online Voting:
– People who cannot go to the polls can vote from home
– Votes over the internet can be counted much faster
– Electronic votes will not have the ambiguity associated with
physical votes such as hanging chad, erasures, etc.
– Elections online will cost less money
– Online voting will eliminate the risk of someone tampering with a
ballot box containing physical votes
– Allows people to vote for multiple candidates if necessary
– Can easily prevent overvoting—choosing too many candidates
– Can reduce undervoting by separating each office in separate
pages
41
Utilitarian Evaluation
• Risks of Online Voting:
– Unfair because it gives an advantage those who are financially better off
– Makes it more difficult to preserve the privacy of the voter (same system
authenticates voter also records ballot)
– Increases the opportunities for vote solicitation and vote selling
– A Web site hosting an election is an obvious target for a DDoS attack
– Voting is done from home computers—security of the election depends
on the security of these home computers
– A virus can change a person’s vote without the person’s knowledge
– A Trojan in a voter’s computer could allow a person’s vote be obserrved
by an outsider
– Attack can fool a user into thinking he was connected to the vote server
and steals information/credentials, which he can then use to
“legitimately” vote
42
Utilitarian Analysis
• A utilitarian analysis must add up positive and negative
outcomes
• Not all outcomes have equal weight
• Must consider probability of the outcome, value of the
outcome in each person, and the number of people
affected
• It is difficult to come up with reasonable weights for each
outcome
• Experts could have different estimates for each,
therefore, it is very difficult to come up with a proper
utilitarian evaluation
43
Kantian Analysis
• Focus on the principle that the will of each voter
be reflected in that voter’s ballot
• The integrity of each ballot is vital
• Therefore, every vote should leave a paper
record, so a recount can be done in the event of
a controversy
• Eliminating paper records to achieve the ends of
saving time and money or boosting voter turnout
is WRONG from a Kantian perspective.
44
Related documents
Viruses - StantonAPBiology
Viruses - StantonAPBiology
Deardorff COBRE seminar 082913 (PDF)
Deardorff COBRE seminar 082913 (PDF)
Chapter 24- Viruses, section review answers
Chapter 24- Viruses, section review answers
Characteristics of Life Wkst
Characteristics of Life Wkst
Understanding viruses classwork
Understanding viruses classwork
Computer Virus Could Become Biological
Computer Virus Could Become Biological
Communications Course Test 1
Communications Course Test 1
20.1 viruses - OG
20.1 viruses - OG
Viruses - Mr. Enns
Viruses - Mr. Enns
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
Virus Notes - Lake Stevens School District
Virus Notes - Lake Stevens School District
Understanding Viruses Video Questions
Understanding Viruses Video Questions
Remote Domain Security Awareness Training
Remote Domain Security Awareness Training
投影片 1
投影片 1
Bacteria & viruses
Bacteria & viruses