Download quinn_2e_ppt06

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Hacker wikipedia , lookup

Transcript 
Chapter 6
Computer and Network Security
Chapter Overview





Introduction
Viruses, worms, and Trojan horses
Phreaks and hackers
Denial-of-service attacks
Online voting
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 2
Introduction



Computers getting faster and less expensive
Utility of computers increasing
 Email
 Web surfing
 Shopping
 Managing personal information
Increasing use of computers  growing
importance of computer security
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 3
Viruses, Worms, and Trojan Horses





Viruses
Worms
The Internet worm
Trojan horses
Defensive measures
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 4
Viruses (1/2)



Virus: piece of self-replicating code embedded
within another program (host)
Viruses associated with program files
 Hard disks, floppy disks, CD-ROMS
 Email attachments
How viruses spread
 Diskettes or CDs
 Email
 Files downloaded from Internet
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 5
Viruses (2/2)


Well-known viruses
 Brain
 Michelangelo
 Melissa
 Love Bug
Viruses today
 Commercial antivirus software
 Few people keep up-to-date
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 6
Worms


Worm
 Self-contained program
 Spreads through a computer network
 Exploits security holes in networked computers
Famous worms
 WANK
 Code Red
 Sapphire (Slammer)
 Blaster
 Sasser
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 7
The Internet Worm



Robert Tappan Morris, Jr.
 Graduate student at Cornell
 Released worm onto Internet from MIT computer
Effect of worm
 Spread to 6,000 Unix computers
 Infected computers kept crashing or became
unresponsive
 Took a day for fixes to be published
Impact on Morris
 Suspended from Cornell
 3 years’ probation + 400 hours community service
 $150,000 in legal fees and fines
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 8
Ethical Evaluation




Kantian evaluation
 Morris used others by gaining access to their
computers without permission
Social contract theory evaluation
 Morris violated property rights of organizations
Utilitarian evaluation
 Benefits: Organizations learned of security flaws
 Harms: Time spent by those fighting worm, unavailable
computers, disrupted network traffic, Morris’s
punishments
Morris was wrong to have released the Internet worm
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 9
Trojan Horses



Trojan horse: program with benign capability that
masks a sinister purpose
Remote access Trojan: Trojan horse that gives
attack access to victim’s computer
 Back Orifice
 SubSeven
RAT servers often found within files downloaded
from erotica/porn Usenet sites
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 10
Defensive Measures




System administrators play key role
Authorization: determining that a user has
permission to perform a particular action
Authentication: determining that people are who
they claim to be
Firewall: a computer monitoring packets entering
and leaving a local area network
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 11
Phreaks and Hackers








Hackers
Phone Phreaking
The Cuckoo’s Egg
Legion of Doom
U.S. v. Riggs
Steve Jackson Games
Retrospective
Penalties for Hacking
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 12
Hackers (1/2)


Original meaning
 Explorer
 Risk-taker
 Technical virtuoso
Hacker ethic
 Hands-on imperative
 Free exchange of information
 Mistrust of authority
 Value skill above all else
 Optimistic view of technology
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 13
Hackers (2/2)

Meaning of “hacker” changed
 Movie WarGames
 Teenagers accessing corporate or government
computers



Dumpster diving
Social engineering
Malicious acts


Destroying databases
Stealing confidential personal information
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 14
Phone Phreaking



Phone phreak: someone who manipulates phone
system to make free calls
Most popular methods
 Steal long-distance telephone access codes
 Guess long-distance telephone access codes
 Use a “blue box” to get free access to longdistance lines
Access codes posted on “pirate boards”
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 15
The Cuckoo’s Egg





Clifford Stoll: system administrator at Lawrence
Berkeley Laboratory
Tracked accounting error, discovered
unauthorized user
Hacker was accessing military computers
FBI, CIA, NSA, AFOSI, DIA joined search
Trail led to group of West German hackers
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 16
Legion of Doom



Elite group of hackers/phreaks recruited by “Lex
Luthor”
LOD member Robert Riggs copied E911
Document from a Bell South Computer
Craig Neidorf published edited E911 Document in
his BBS magazine, Phrack
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 17
U.S. v. Riggs



Riggs and Neidorf arrested
 Charged with wire fraud
 Interstate transportation of stolen property valued at
$79,449
 Computer fraud
Riggs pleaded guilty to wire fraud; went to federal prison
Neidorf pleaded not guilty
 Defense showed similar info being sold for < $25
 Prosecution moved to dismiss charges
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 18
Steve Jackson Games





Steve Jackson Games (SJG) published role-playing
games and operated BBS
Loyd Blankenship
 Key SJG employee
 LOD member
 Published E911 document on his own BBS
Secret Service raided SJG and seized computers,
looking for copy of E911 Document
Led to creation of Electronic Frontier Foundation
EFF backed successful SJG lawsuit of Secret Service
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 19
Retrospective


Parallels between hackers and those who download MP3
files
 Establishment overvalues intellectual property
 Use of technology as a “joy ride”
 Breaking certain laws that not that big a deal
Parallels between response of Secret Service and
response of RIAA
 Cyberspace is real
 Those who break the law can be identified
 Illegal actions can have severe consequences
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 20
Penalties for Hacking


Examples of illegal activities
 Accessing without authorization any Internet
computer
 Transmitting a virus or worm
 Trafficking in computer passwords
 Intercepting a telephone conversation, email, or
any other data transmission
 Accessing stored email messages without
authorization
 Adopting another identity to carry out an illegal
activity
Maximum penalty: 20 years in prison + $250,000 fine
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 21
Denial-of-Service Attacks





Definition
Attacks that consume scarce resources
Defensive measures
Distributed denial-of-service attacks
SATAN
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 22
Definition




Denial-of-service attack: an intentional action
designed to prevent legitimate users from making
use of a computer service
Goal of attack: disrupt a server’s ability to
respond to its clients
About 4,000 Web sites attacked each week
Asymmetrical attack that may prove popular with
terrorists
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 23
Attacks that Consume Scarce Resources



SYN flood attack
Smurf attack
Fill target computer’s hard disk
 Email bombing
 Worm
 Break-in followed by file copying
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 24
Defensive Measures





Physical security of server
Benchmarking
Disk quota systems
Disabling unused network services
Turning off routers’ amplifier network capability
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 25
Distributed Denial-of-Service Attacks



Attacker gains access to thousands of computers
Launches simultaneous attack on target servers
Defensive measures
 Secure computers to prevent hijackings
 Check for forged IP addresses
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 26
SATAN





Security Administrator Tool for Analyzing
Networks (SATAN)
Allows administrators to test their systems
Could be used to probe other computers
Critics worried SATAN would turn unskilled
teenagers into hackers
That never happened
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 27
Online Voting



Motivation for online voting
Proposals
Ethical evaluation
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 28
Motivation for Online Voting




2000 U.S. Presidential election closely contested
Florida pivotal state
Most Florida counties used keypunch voting
machines
Two voting irregularities traced to these machines
 Hanging chad
 “Butterfly ballot” in Palm Beach County
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 29
Benefits of Online Voting







More people would vote
Votes would be counted more quickly
No ambiguity with electronic votes
Cost less money
Eliminate ballot box tampering
Software can prevent accidental over-voting
Software can prevent under-voting
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 30
Risks of Online Voting








Gives unfair advantage to those with home computers
More difficult to preserve voter privacy
More opportunities for vote selling
Obvious target for a DDoS attack
Security of election depends on security of home
computers
Susceptible to vote-changing virus
Susceptible to phony vote servers
No paper copies of ballots for auditing or recounts
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 31
Utilitarian Analysis



Suppose online voting replaced traditional voting
Benefit: Time savings
 Assume 50% of adults actually vote
 Suppose voter saves 1 hour by voting online
 Average pay in U.S. is $18.00 / hour
 Time savings worth $9 per adult American
Harm of DDoS attack difficult to determine
 What is probability of a DDoS attack?
 What is the probability an attack would succeed?
 What is the probability a successful attack would
change the outcome of the election?
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 32
Kantian Analysis





The will of each voter should be reflected in that
voter’s ballot
The integrity of each ballot is paramount
Ability to do a recount necessary to guarantee
integrity of each ballot
There should be a paper record of every vote
Eliminating paper records to save time and/or
money is wrong
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 33
Conclusions






Existing systems are highly localized
Widespread tainting more possible with online
system
No paper records with online system
Evidence of tampering with online elections
Relying on security of home computers means
system vulnerable to fraud
Strong case for not allowing online voting
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 34
Questions & Discussion
Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Slide 4- 35
Related documents
Slide 1 - Fullfrontalanatomy.com
Slide 1 - Fullfrontalanatomy.com
Chapter 7
Chapter 7
Chapter 5
Chapter 5
Chapter 2
Chapter 2
Nerve activates contraction
Nerve activates contraction
Elementary and Intermediate Algebra 6e
Elementary and Intermediate Algebra 6e
activity sheet
activity sheet
Chapter 3
Chapter 3
CHAPTER 2 Power Politics
CHAPTER 2 Power Politics
Notes - Calculating Biodiversity
Notes - Calculating Biodiversity
x - Cloudfront.net
x - Cloudfront.net
Chpt 1
Chpt 1