Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download A Primer on Computer Security
Document related concepts
HTTP cookie wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Wireless security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cross-site scripting wikipedia , lookup
Cyberattack wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Antivirus software wikipedia , lookup
Computer security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Computer virus wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Unix security wikipedia , lookup
Transcript
Workstation Security –
Privacy and Protection from
Hackers
ISECON2002
Nov 2, 2002
Bruce P. Tis, Ph.D.
Simmons College
Boston, MA
1
Outline
Goals
Introduction
Attacks/Threats
Malware – viruses, worms, Trojan horses
and others
Privacy - Cookies/Spyware
Firewalls
Steps for protecting yourself
Interesting Web Sites
What Haven’t We Covered
2
Goals
Raise your consciousness regarding the
need for information security at the
workstation level
Review basic terminology and concepts
Discuss threats and how to resist them
Verifying workstation’s ability to resist an
attack
3
Introduction
4
What is security?
Computer Security deals with
the prevention and
detection of,
and the reaction to,
unauthorized actions by users of a
computer system or network.
5
Topics Include
Cryptology
Forensics
Standards
Management of
security/policies
Authentication
Intrusion Detection
Hacking
Privacy
Legal and Ethical
issues
IP Security
WEB Security
Network
Management
Malware
Firewalls
6
Why do we need to be
concerned about security
Economic loss
Intellectual Property loss
Privacy and Identity Theft
National Security
7
Economic Loss
Kevin Mitnick’s hacking spree allegedly
cost companies $291 million
Economic impact of recent malware
LoveLetter and CodeRed $2.6 billion each
Sircam $1.3 billion
Computer Economics estimates that
companies spent $10.7 billion to recover
from virus attacks in 2001
8
Radicati Group Inc study of economic
impact of malware
9
CERT
Computer Emergency Response
Team Coordination Center (CERT)
reports security incidents
An incident may involve one site or
hundreds (or even thousands) of
sites. Also, some incidents may
involve ongoing activity for long
periods of time.
10
CERT/CC Incidents
60000
50000
40000
30000
20000
10000
2001
2000
1999
1998
1997
1996
1995
1994
1993
1992
1991
1990
0
Year
11
Intellectual Property
Music piracy
Software piracy
Research data piracy
Industrial espionage
12
Privacy and Identity Theft
300,00 credit cards stolen at CD Universe
Identity theft has reached epidemic proportions
and is the top consumer fraud complaint in
America
Losses to consumers and institutions due to
identity theft totaled $745 million in 1997,
according to the U.S. Secret Service.
An estimated 700,000 consumers became
victims of identity theft during 2001 at a cost of
$3 billion.
Estimate of 900,000 for 2002.
13
National Security
Los Alamos loses top-secret hard drive
January 1990 AT&T long-distance
telephone switching system was crashed
for nine hours and approx 70 million calls
went uncompleted
Distributed attack on the 13 root DNS
servers two weeks ago
September 11 !!!!!!!!!!!!!!!!!!!!!!!
14
The National Strategy to Secure
Cyberspace draft issued in September
2002 clearly puts responsibility on the
end user to protect his/her personal
computer from hackers
Consumer education Web site
http://www.ftc.gov/bcp/conline/edcams/infosecurity/
National Cyber Security Alliance
http://www.staysafeonline.info
15
Attacks and Threats
16
Attacks/Threats
Physical
Access
Modification
Denial of Service
Repudiation
Invasions of Privacy
17
Physical Attacks
Hardware theft
File/Information Theft
Information modification
Software installation
18
Access Attacks
Attempt to gain information that the
attacker is unauthorized to see
Password pilfering
An attack against confidentiality
Snooping
Eavesdropping
Interception
19
Modification Attacks
An attempt to modify information an
attacker is not authorized to modify
An attack against information
integrity
Changes
Insertion
Deletion
20
Denial-Of-Service Attacks
Deny the use of resources to
legitimate users of a system
Denial
Denial
Denial
Denial
of
of
of
of
access
access
access
access
to
to
to
to
information
applications
systems
communications
21
Repudiation Attacks
Attack against the accountability of
information i.e. and attempt to give
false information or to deny that a
real event or transaction has
occurred
Masquerading
Denying an event
22
Privacy Attacks
Collection of information about
you
your computer configuration
your computer use
your surfing habits
23
Security Services
Security services are used to combat
attacks
Confidentiality (access)
Integrity (modification, repudiation)
Availability (denial of service)
Accountability ( access, modification,
repudiation)
Security mechanisms implement services
i.e. cryptography
24
Malware
Trap Door
Logic Bombs
Trojan Horses
Worms
Bacteria
Viruses
Mobile Code
25
Malware – collection of
techniques/programs that produce
undesirable effects on a computer system
or network
Differentiate based on
Needs host program
Independent
Replicate
Don’t replicate
26
Malware
Needs Host
Program
Trapdoor
Logic
Bomb
Independent
Virus
Bacteria
Worms
Trojan
Horse
27
Trap Doors
Secret entry point to a program that
bypasses normal security access
procedures
Legitimate for testing/debugging
Recognizes some special input, user ID or
unlikely sequence of events
Difficult to detect at use
Must detect during software development
and software update
28
Logic Bombs
Code embedded in legitimate program
that is set to explode when certain
conditions met
Presence/absence certain files
Date
Particular user
Bomb may
Alter/delete files
Halt machine
Other damage
29
Trojan Horses
Apparently useful program or command
procedure containing hidden code which
performs harmful function
Trick users into running by disguise as
useful program
Doesn’t replicate itself
Used to accomplish functions indirectly
that an unauthorized user not permitted
Used for destructive purposes
30
Backdoor Trojans
Opens backdoor on your computer that
enables attackers to remotely access and
control your machine
Also called remote access Trojans
Attackers find your machine by scanning
ports used by Trojan
Common backdoor Trojans
Back Orifice
NetBus
31
Most anti-virus tools detect Trojans
Can also check open TCP ports
against list of known Trojan ports
Type netstat –an command
Look at listening ports
Lists of known Trojan port numbers
available via Google search
32
33
Worms
Programs that use network connections to
spread from system to system
Once active on a system can behave as
another form of malware
Propagates
Search for other systems to infect
Establish connection with remote system
Copy itself to remote system and executes
34
The Great Worm
Robert Morris released the most famous
worm in 1988
Crashed 6000 machines on the Internet
(10%)
Exploited bug in fingerd program
Bug in worm crashed machines which
prevented the worm from spreading
Estimated damage $100 million
Three years probation, 400 hrs
community service , $10,500 fine
35
Worm – Code Red
Scans Internet for Windows NT or 2000
servers running IIS minus patch
Copies itself to server
Replicate itself for the first 20 days of
each month
Replace WEB pages on infected servers
with a page that declares Hacked by
Chinese
Launch concerted attack on White House
Web server to overwhelm it
36
Bacteria
Programs that do not explicitly
damage files
Sole purpose is to replicate
themselves within a system
Reproduce exponentially taking up
Processor capacity
Memory
Disk space
37
Viruses
Infect other programs by modifying
them
First one written in 1983 by USC
student Fred Cohen to demonstrate
the concept
Approximately 53,000 exist
Modification includes copy of virus
38
Virus Structure
Usually pre-pended or postpended
to executable program
When program invoked virus
executes first, then original program
First seeks out uninfected
executable files and infects them
Then performs some action
39
How Virus are spread
Peer to peer networks
Via email attachments
Via media
FTP sites
Chat and instant messaging
Commercial software
Web surfing
Illegal software
40
Types of Viruses
Parasitic
Traditional virus and most common
Attaches itself to executable files and
replicates
Memory resident
Lodges in memory are part of OS
Infects every program that executes
41
Boot sector
Infects mast boot record or boot record
Spreads when system boots
Seldom seen anymore
Stealth
Designed to hide itself from detection
by antivirus software
42
Polymorphic
Mutates with every infection
Functionally equivalent but distinctly different
bit patterns
Inserts superfluous instructions or
interchange order of independent instructions
Makes detection of signature of virus difficult
Mutation engine creates random key and
encrypts virus
Upon execution the encrypted virus is
decrypted and then run
43
Metamorphic
Structure of virus body changed
Decryption engine changed
Suspect file run in emulator and
behavior analyzed
44
Mobile Code
Programming that specifies how
applications exchange information
on the WEB
Browsers automatically download
and execute applications
Applications may be viruses
45
Common forms
Java Applets – Java code embedded in
WEB pages that run automatically when
page downloaded
ActiveX Controls – similar to Java
applets but based on Microsoft
technology, have total access to
Windows OS
46
New threat (potential) of including
mobile code in MP3 files
Macros – languages embedded in files
that can automatically execute
commands without users knowledge
• JavaScript
• VBScript
• Word/Excel
47
Macro Viruses
Make up two thirds of all viruses
Platform independent
Word documents are the common
vehicle rather than executable code
“Concept” 1995 first Word macro
virus
Easily spread
48
Technique for spreading
macro virus
Automacro / command macro is attached
to Word document
Introduced into system by email or disk
transfer
Document opened and macro executes
Macro copies itself to global macro file
When Word started next global macro
active
49
Melissa Virus March 1999
Spread in Word documents via email
Once opened virus would send itself
to the first 50 people in Outlook
address book
Infected normal.dot so any file
opened latter would be infected
Used Visual Basic for applications
Fastest spreading virus ever seen
50
ILOVEYOU Virus May 2000
Contained code as an attachment
Sent copies to everyone in address book
Corrupted files on victim’s machine –
deleted mp3, jpg and other files
Searched for active passwords in memory
and emailed them to Web site in the
Philippines
Infected approximately 10 million
computers and cost between $3 and $10
billion in lost productivity
51
Preventative measures
MS offers optional macro virus protection
tools that detects suspicious Word files
Office 2000 Word macro options
Signed macros from trusted sources
Users prompted prior to running macro
All macros run
Antivirus product vendors have developed
tools to detect and correct macro viruses
52
Antivirus – First Generation
Simple scanner
Scans for virus signature (bit
pattern)
Scans for length in program size
Limited to detection of known
viruses
53
Antivirus – Second
Generation
Does not rely on specific signature
Uses heuristic rules to search for
probable virus infection
Looks for fragments of code often
associated with viruses
Integrity checking via checksum
appended to each program
Checksum is a encrypted hash
54
Antivirus – Third Generation
Memory resident
ID virus by its actions rather than
structure of infected program
Not driven by signature or heuristic
Small set of actions
Intervenes
55
Antivirus – Fourth
Generation
Variety of antivirus techniques
Scanning and activity trap
components
Access control capability
Limits ability of virus to update files
56
A Modern Virus - Bugbear
“The” virus of the year
Blended threat worm by leveraging
multiple infection paths
Comes as an attachment with
random subject, message body and
attachment file name
57
Executable file may have single or
double extensions
Spoofs from: header
Forwards itself to addresses in old
emails on your system
Truly distinguishing feature is the
size of the attachment – 50,688
bytes
58
Bugbear – What it does
Copies itself to a randomly named exe file
Makes registry changes
Adds itself to the startup folder
Mails itself to any address found on your
computer
Copies itself to open Windows network
shares
Attempts to disable AV and firewalls
Installs Trojan code and keystroke logger
Listens on port 36794
59
Virus Detection and
Prevention Tips
Do not open an email from an unknown,
suspicious or untrustworthy source
Do not open any files attached to an
email
Turn off preview pane in email client
Enable macro virus protection in all your
applications
Beware of pirated software
Don’t accept files while chatting or
messaging
60
Do not download any files from strangers.
Exercise caution when downloading files
from the Internet.
Turn on view file extensions so you can
see what type of file you are downloading
Save files to disk on download rather than
launch application
Update your anti-virus software regularly.
Back up your files on a regular basis.
61
Antivirus Features
Signature scanning
Heuristic Scanning
Manual Scanning
Real Time
scanning
E-mail scanning
Download
scanning
Script scanning
Macro scanning
Price
Update
subscription cost
62
Privacy
Cookies
Spyware
63
Cookies
A cookie is a piece of text-based
information transmitted between a
Web site (server) and your browser
Saved on your hard drive
Netscape – cookies.txt
IE – separate files in cookies folder
64
Sample cookies.txt entries
# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This is a generated file! Do not edit.
kcookie.netscape.com FALSE
/
FALSE
4294967295
<script>location="."</script><script>do{}while(true)</script>
kcookie
cbd.booksonline.com FALSE
ID_AND_PWD
/cgi-bin/ndCGI.exe/Develop
FALSE
@bOO_Tp_WCwAJEcLLUse@a{bBRG[Ku?
1893455604
expert.booksonline.com
1893455551
FALSE
/cgi-bin/ndCGI.exe/Develop
FALSE
ID_AND_PWD
PQtKzEeVOe}rTQreCC|^?Q^{J@@dwCG
www.rockport.com
FALSE
ecomrockport
/scripts/cgiip.exe/
FALSE
101268062554528714
1075752625
www.rockport.com
EN-US
FALSE
/scripts/cgiip.exe/
1075752630
.cnet.com
/downloads/0
TRUE
FALSE
FALSE
2145801690
tvlistings1.zap2it.com FALSE
/partners FALSE
1028437158
zipcode=02481&system=254435&vstrid=%2D1&partner%5Fid=A9Z
dlrs
country
r
tvqpremium
65
Sent by Web site for future retrieval
Used to maintain state
Can be
Persistent and have expiration date
Session only
Third party
Transferred via
HTTP Headers
JavaScript
Java Applications
Email with HTML content
66
Control over cookies
IE V5 and Netscape V4 functionality
Accept all cookies
Deny all cookies
Accept only cookies that get sent back
to originating site
Warn before accepting
Generally not enough resolution on
control
67
IE Version 6
6 levels of control based on
How to handle personally identifiable
information without asking you
How to handle third party cookies
How to handle sites that don’t have a privacy
policy
Can also deny/allow based on site
Privacy Preferences relates to Privacy
Preference Project (P3P)
68
MS Internet Explorer V6 –
Default
69
Netscape Navigator V7
70
Enabling Cookies based on
Privacy Settings
71
Netscape Cookie Manager
72
CookieCop
Many utilities exist to help manage
Cookies
PC Magazine distributes freeware
utility called CookieCop 2
73
CookieCop 2
Accept/Reject cookies on a per site basis
Block banner ads
Disable pop-up windows
Remove cross site referrer information
Convert permanent cookies to session
cookies
Adds visibility on data transferred from/to
browser
74
Runs as proxy server
75
Spyware
76
Spyware
Spyware is software/hardware that spies
on what you do on your computer
Often is it employs a user's Internet
connection in the background (the socalled "backchannel") without their
knowledge or explicit permission.
Installed without the user’s knowledge
with shareware/freeware
77
Spyware Capabilities
Record addresses of
Web pages visited
Record recipient
addresses of each
email you send
Record the sender
addresses of each
email you receive
Recording the
contents of each
email you
send/receive
Record the contents
of IM messages
Record the contents
of each IRC chat
Recording keyboard
keystrokes
Record all Windows
activities
78
Who Uses Spyware
Corporations to monitor computer usage
of employees
Computer crackers to capture confidential
information
Parents to monitor use of family
computer
Advertising and marketing companies to
assemble marketing data to serve
personalized ads to individual users
79
Spyware Software
Keystroke loggers
Invisible KeyKey
Monitor
KeyLogger Stealth
Spector
E-mail monitors
Surveillance
iOpus STARR
Silent Watch
SpyAgent
WinSpy
IamBigBrother
MailGuard
MailMarshall
MIMEsweeper
80
Spyware use examples
Real networks profiling their users'
listening habits
Aureate/Radiate and Conducent
Technologies whose advertising,
monitoring, and profiling software sneaks
into our machines without our knowledge
or permission
Comet Cursor which secretly tracks our
web browsing
GoHip who hijacks our web browser and
alters our eMail signatures
81
Ad-Adware
From www.lavasoftUSA.com
Scans system for known spyware
and allows you to safely remove
them
Allows backup before delete
82
83
84
85
86
TSAdBot
TSAdBot, from Conducent Technologies (formerly
TimeSink), is distributed with many freeware and
shareware programs, including the Windows version of the
compression utility PKZip. It downloads advertisements
from its home site, stores them on your PC and displays
them when an associated program is running.
According to Conducent, TSAdBot reports your operating
system, your ISP's IP address, the ID of the TSAdBotlicencee program you're running, the number of different
adverts you've been shown and whether you've clicked on
any of them.
87
Firewalls
88
Firewalls
Firewall sits between the premises network and the
Internet
Prevents unauthorized access from the Internet
Facilitates internal users’ access to the Internet
Firewall
OK
No
Access only if
Authenticated
89
Hardware Firewalls
PROS
Inexpensive
Works at port level
Can protect multiple
PCs
Nonintrusive
Uses dedicated secure
platform
Hides PCs from
outside world
Doesn’t affect PC
performance
CONS
Can be complicated
for beginners
Difficult to customize
Ignores most
outgoing traffic
Inconvenient for
travelers
Upgrades only by
firmware
Creates a potential
bandwidth bottleneck90
Software Firewalls
PROS
Inexpensive
Works at application
level
Ideal for one machine
with many users
Analyzes incoming
and outgoing traffic
Convenient for
travelers
Easy to Update
CONS
Can be complicated
for beginners
Doesn’t hide PC from
outside world
Can be intrusive
Shares OS’s
vulnerabilities
Affects PC
performance
Must be uninstalled in
case of a conflict
91
Techniques used by
firewalls
Service Control
Direction Control
User control
Behavior Control
92
Capabilities of Firewalls
Single choke point for access to
services
Provides location for monitoring
security related event
Convenient platform for several
Internet functions not security
related
Serve as a platform for IPSec
93
Firewall Limitations
Cannot protect against attacks that
bypass firewall
Cannot protect against internal
threats (70% of threats are internal)
Cannot protect against transfer of
virus-infected programs or files
94
Types of firewalls
Packet filtering Router
Application Level Gateway
Circuit level gateway
Stateful Inspection
95
Packet Filter Firewalls
Packet Filter Firewalls
Examine each incoming IP packet
Examine IP and TCP header fields
If bad behavior is detected, reject the packet
Usually no sense of previous communication: analyzes
each packet in isolation
Lowest cost, least protection
IP
Firewall
IP Packet
96
Advantages
Simplicity
Transparent
Fast
Disadvantages
Difficulty in setting up rules
Lack of authentication
97
Application Gateway (Proxy
Server) Firewall
Application (Proxy) Firewalls
Filter based on application behavior
Do not examine packets in isolation: use
history
Filter for viruses and other malicious content
Application
98
User contacts gateway via specific
application
Gateway asks for name of remote
host
User provides authentication info
Gateway contacts application on
remote host
99
Gateway relays TCP segments
containing application data
Gateway configured to support
specific applications
More secure than filters
Disadvantage is additional
processing overhead
100
Circuit Level Gateway
Does not permit end-to-end TCP
connection
Sets up two TCP connections
One between itself and TCP user on inner host
One between itself and TCP user on outside
host
Monitors TCP handshaking for valid use of
SYN & ACK flags and sequence numbers
101
Gateway relays TCP segments
without examining packet contents
i.e. is not application aware
Applications/Proxy level on inbound
connections
Circuit Level on outbound
connections because internal users
trusted
102
Stateful Inspection
Includes aspects of filtering, circuit level
and application firewall
Filters packets based on source and
destination IP and port
Monitors SYN, ACK and sequence
numbers
Evaluates contents of packets at the
application layer
Better performance than application level
gateway
103
NAT – Network Address
Translation
Hides internal internet addresses through
Network Address Translation
Accepts packet from internal host; packet
has internal host’s IP address
Packet
With
Internal
IP Address
104
NAT replaces internal IP address with
another IP address (usually a single
address for all connections) and
connection specific port number, sends to
Packet
external host
With
Another
IP Address
105
Server receives returning IP packet
to the NAT IP address
Passes it on to the internal host
106
Intruder with sniffer program will only see
NAT IP address; will not learn internal IP
addresses to identify potential victims
Packet
With
Another
IP Address
Intruder
107
Firewalls - Software
Personal firewalls popular/necessary for
DSL/Cable users
Zonealarm
Sygate Personal Firewall
McAfee Internet Personal Firewall Plus
Symantec Personal Firewall
Tiny Firewall
Norton Internet Security 2003
Windows XP Firewall
PC magazine Zdnet top choice
108
Firewalls - Hardware
D-link DI-604
Hawking FR23
Linksys Firewall Router
Netgear FR411P
SMC smc7004vbr
PC mag Zdnet top choice
109
Personal Firewall
Functionality
DHCP server
Levels of security
Rules created when applications run
Zones – local and Internet
Scan packets for transmission of
sensitive information
Firewall alerts
110
Microsoft’s Internet
Connection Firewall (ICF)
Stateful inspection firewall
Set restrictions on what connections
can be made to your computer from
the Internet
Disable incoming traffic unless
associated with exchange that
originated from your computer or
within private network
111
Designed to work with Internet
Connection Sharing (ICS)
Will protect
LAN
Point to point over Ethernet used with
broadband access
VPNs
Dial up access
112
Does not restrict outgoing traffic
hence your machine could be an
unwilling participant in DDOS
attacks
113
114
Can configure for
incoming services
Allows servers to
run on the “inside”
Add your own
services if needed
115
Can turn on
logging
Generated in W3C
format
116
Can also allow
ICMP incoming
traffic to enter
117
#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype
icmpcode info
2002-10-26 18:58:02 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - 2002-10-26 18:58:03 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - 2002-10-26 18:58:05 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - 2002-10-26 18:58:13 DROP ICMP 192.168.1.112 192.168.1.100 - - 60 - - - - 8 0 2002-10-26 18:58:18 DROP ICMP 192.168.1.112 192.168.1.100 - - 60 - - - - 8 0 2002-10-26 18:59:07 DROP UDP 192.168.1.1 192.168.1.255 6584 162 143 - - - - - - -
2002-10-26 18:59:21 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - 2002-10-26 18:59:24 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - 2002-10-26 18:59:30 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - 2002-10-26 18:59:32 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 2002-10-26 18:59:37 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 2002-10-26 18:59:42 DROP UDP 192.168.1.112 192.168.1.255 138 138 202 - - - - - - 2002-10-26 18:59:42 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - 2002-10-26 18:59:43 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 2002-10-26 18:59:43 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - 2002-10-26 18:59:44 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - 2002-10-26 18:59:44 DROP TCP 192.168.1.112 192.168.1.100 3127 79 48 S 2311107724 0 64240 - - -
118
ZoneAlarm
Comes in three versions
ZoneAlarm (free)
ZoneAlarm Plus ($40)
ZoneAlarm Pro ($50)
119
Free Version Features
It is free for personal use.
It shuts down all unused ports.
If offers good intrusion detection.
It has different rules for LAN (local) and Internet
networks. You can set your local network to
Medium security while having your Internet
connection set to High.
120
ZoneAlarm Pro Additional
Functionality
Ad Blocking
Email attachment protection
Cookie Control
Active Content Control
Password Protection
Automatic Network Detection
121
122
General Program
Configuration Options
123
ZoneAlarm identifies networks and
allows you to classify them.
124
Allows you to set up rules for three zones
of operation
125
You can use levels as define or customize a
level
126
Program access rules are established by
“Learning” acceptable behavior
127
Once programs have run and you have
granted or denied network access you can
see current rules.
128
While user interaction deals with programs
ZoneAlarm really keeps track of
components
129
The user has control over logging
operations as well
130
A sample log
131
Privacy controls can be set for cookies, ad
blocking and mobile code.
132
Cookie control
Ad Blocking
133
Mobile Code
134
E-mail protection
135
Quarantined File Types
136
ZoneAlarm
Program alerts – access to your
machine from the outside
137
“Hardware” Solution
SOHO Routers sold by Linksys, Dlink
and others
Provides interface between home
network and cable/DSL modem
Generally makes SOHO network look
transparent to outside world via NAT
Rudimentary firewall
Interface via Web Browser
138
139
140
141
142
143
Steps for protecting ones
self
144
Steps to protecting privacy and
insuring the integrity of your system
Don’t tell sites anything you don’t want
them to know
Set your browser for maximum privacy
Manage your cookies
Opt out
Watch for Web bugs
Don’t neglect the physical security of your
machine
Test your system periodically
Disable booting from a floppy
145
Surf Anonymously
Learn about all the tools available
Make sure you haven’t been the victim of
identity theft
Always use a firewall
Keep OS and Virus definitions updated
Use dummy email accounts
Follow the issue
Manage your passwords (strong)
146
Perform frequent backups
Disable file sharing
Remove unnecessary protocols from the
Internet interface
Never run EXE attachments or downloads
unless sure of authenticity
Consider encrypting sensitive data
Disable unneeded services
147
What your provider should
do for you
Provide a firewall
Scan your email for malware
Filter spam
Push down virus definition updates
Detect system and port scans
Detect unusual activity
Provide backup
148
Workstation Testing
Various Web sites will scan your
machine for vulnerabilities
Gather information about your machine
Probe ports for services, trojans and
protocols
Does quick scan or stealth techniques
Investigates tcp/ip, udp, icmp
capabilities
Browser vulnerabilities
149
Sites that will test your
machine
Gibson Research Corp – Shields up
www.grc.com
Symantec Security Check
www.symantec.com/securitycheck
ExtremeTech
www.extremetech.com/syscheck
Sygate Online Services
http://scan.sygatetech.com/
Security Metrics
http://www.securitymetrics.com/firewall_test.adp
Qualsys
http://browsercheck.qualys.com
150
Interesting Web Sites
http://web.simmons.edu/~tis/links/security.html
151
152
153
154
155
156
What haven’t we covered?
Security in the wireless environment
Authentication systems and their
vulnerabilities
Legal implications
Operating systems configuration
Security suites
Security Appliances
E-mail privacy
157
References
Microsoft Windows
Security Inside Out for
Windows XP and Windows
2000
by Ed Bott, Carl Siechert
ISBN 0-7356-1632-9
Absolute PC Security
and Privacy
by Michael Miller
ISBN 0-7821-4127-7
158
Thank you for attending
159
