* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download University of Arizona
Cyberwarfare wikipedia , lookup
Computer virus wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wireless security wikipedia , lookup
Unix security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Mobile security wikipedia , lookup
Cyberattack wikipedia , lookup
Social engineering (security) wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer security wikipedia , lookup
The University of Arizona Beginners Guide to Computer Security Security Awareness Brown Bag Series Sponsored by the Information Security Office Beginners Guide to Computer Security Threats and Countermeasures Objectives Provide an overview of the most common threats and how to build layered protection. Importance Of Security Threats to Data Viruses Trojan Horse Programs Vandals Attacks Data Interception Scams Spam Security Tools Anti-Virus Software Security Policies Passwords Firewalls Encryption Summary Good News – Bad News • Internet transforms and greatly improves our lives • Opened the door to an increasing number of security threats from which individuals, families and business must protect themselves • Consequences of attacks can range from the mildly inconvenient to the completely debilitating – Important data can be lost – Privacy can be violated – Computer can even used by an outside attacker to attack other computers on the Internet. Threats to Data • Come from a very small minority • A car thief can steal only one car at a time • Single hacker working from a single computer can generate damage to a large number of computer networks • A general knowledge of security threats and how to protect yourself is essential Viruses • Most widely known security threat due to extensive press coverage. • What is a virus? – Computer programs that are written by devious programmers and are designed to replicate themselves and infect computers when triggered by a specific event. • Example - Macro viruses attach themselves to files that contain macro instructions (routines that can be repeated automatically, such as sending email) and are then activated every time the macro runs. Effects • Benign - cause annoying interruptions such as displaying a comical message when striking a certain letter on the keyboard • More destructive - cause such problems as deleting files from a hard drive or slowing down a system How to “catch” it • A computer can be infected with a virus only if the virus enters through an outside source – an attachment to an email – a file downloaded from the Internet. When one computer on a network becomes infected, the other computers on the network – or for that matter other computers on the Internet – are highly susceptible to contracting the virus. Trojan Horse Programs • Delivery vehicles for destructive computer code • Appear to be harmless or useful software programs, such as computer games, but are actually enemies in disguise Trojan Horse Programs • Can delete data, mail copies of themselves to e-mail address lists and open up computers to additional attacks • Can be contracted only by – copying the Trojan horse program to a computer – downloading from the internet or – opening an email attachment Vandals • Web sites have come alive through the development of such software applications as ActiveX and Java Applets – enable animation and other special effects to run, making web sites more attractive and interactive Caution • However, the ease with which these applications can be downloaded and run has provided a new vehicle for inflicting damage • Vandals can take on the form of a software application or applet that causes destruction of various degrees • A vandal can destroy a single file or a major portion of a computer system Attacks • Innumerable types of network attacks have been documented, and they are commonly classified in three general categories: – reconnaissance attacks – access attacks, and – denial of service (DoS) attacks. Reconnaissance Attacks • Reconnaissance - information gathering activities by which hackers collect data that is used to later compromise networks • Software tools, such as sniffers and scanners, are used to map out and exploit potential weaknesses in home computers, web servers and applications – Example – password cracking software Access Attacks • Access attacks are conducted to gain entry to e-mail accounts, databases and other confidential information Dos Attacks • DoS attacks prevent access to all or part of a computer system. • Usually achieved by sending large amounts of jumbled or other unmanageable data to a machine that is connected to the Internet, blocking legitimate traffic from getting through. • Even more malicious is a Distributed Denial of Service attack (DdoS) in which the attacker compromises multiple machines or hosts. Data Interception • The intercepting perpetrators might eavesdrop on communications or even alter the data packets being transmitted • Various methods to intercept data – IP spoofing, for example, entails posing as an unauthorized party in the data transmission by using the internet protocol (IP) address of one of the data recipients Scams • Stakes are higher as they've got easy access to millions of people on the internet • Email – May contain a hyperlink to a web site that asks you for personal information, including your password – May contain a solicitation for your credit card information in the guise of a billing request Protect Yourself • Never give out your password, billing information or other personal information to strangers online • Be mindful of who you're talking with before you give out personal information Protect Yourself • Don't click on hyperlinks or download attachments from people/web sites you don't know • Be skeptical of any company that doesn't clearly state its name, physical address and telephone numbe • Great Home Computer Security Webpage http://www.cert.org/homeusers/HomeCompu terSecurity/ Spam • Unsolicited e-mail or the action of broadcasting unsolicited advertising messages via e-mail • Takes up time and storage space on their computer • Report it to ISP. Check your ISP help areas to find out how to report spam Security Tools • First, understand the threats • Second, put proper safeguards in place • Extensive choice of technologies – Anti-virus software packages – Firewalls for providing protection – Implement proper computer security without compromising the need for quick and easy access to information Anti-virus Software • Relies on early warnings of new viruses, so that antidotes can be developed and distributed quickly • 1,000’s of new viruses being generated every month – Essential virus database be kept up to date – Record held by the anti-virus package that helps identify known viruses when they attempt to strike – Can prompt users to periodically collect new data Security Policies • Rules and written or verbal regulations by which all staff, students and faculty operate • Often preempt security breaches • Customers or suppliers with access to certain parts of the network need to be adequately regulated Passwords • Simplest and most common way to ensure that only those that have permission can enter your computer or certain parts of your computer network • Virtually ineffective if people do not protect their passwords. • The golden rules, or policies for passwords are: • • • Make passwords as meaningless as possible Change passwords regularly Never divulge passwords to anyone Firewalls • A hardware or software solution to enforce security policies • Built-in filters that can disallow unauthorized or potentially dangerous material from entering the system • Logs attempted intrusions Firewall Basics What They Do and How They Work What Does a Firewall Do? • In general, firewalls try to keep people from remotely accessing your computer in bad ways when you are connected to the internet How Do Firewalls Work? • Most firewalls are designed to allow or block specific types of data going to and from your computer to the internet • Allow "good" data traffic and block all "bad" data traffic How Do Firewalls Work? • "Good" traffic is the kind you need to do things like: surf the web, download files, chat, share files, etc • "Bad" traffic is what hackers might do like: steal files on your computer, use a Trojan to control your computer, disrupt your connection or network, etc Computer – a House With Many Doors • Doors (ports) are points where a person (hacker) can get in • Think of a firewall as a security guard who is watching each door and who is going in and out of the doors Computer – a House With Many Doors • The firewall makes sure only the right doors get opened and that only the right people (data) have access to your house • Some firewalls can also hide your house (computer) so casual hackers can't see it (also called "stealth mode“) What Traffic Is Good/What's Bad? • Experience • Reading • Learning • The easiest way is to start with a simple firewall program, see how it works and then graduate to more sophisticated solutions as you gain knowledge Do Firewalls Prevent Viruses and Trojans? • NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine • 95% of all viruses and trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program • Firewalls can't prevent this -- only a good anti-virus software program can Do Firewalls Prevent Viruses and Trojans? • However, once installed on your PC, many viruses and trojans "call home" using the internet to the hacker that designed it • This lets the hacker activate the trojan and he/she can now use your PC for his/her own purposes • A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system What Is "Stealth" Mode? • In theory, stealth mode hides all the ports on your computer from being visible to others on the internet. – Some think this makes them less vulnerable to a malicious attack and consider it the "holy grail" of firewall configurations. • While true that your ports are "invisible", a "stealthed" computer really looks like a black hole to a hacker. – Data goes in but it never comes out. Stealth Mode • A good hacker can spot this behavior may actually consider it a challenge to try to break in as he/she wonders what's there – Sometimes, staying in plain sight makes you less attractive as a target • Achieving "stealth" mode with some network configurations (such as Microsoft internet connection sharing or ICS) can be very difficult • Stealth mode can make it difficult for the networked computers to "see" and interact with the gateway computer • Computers don't stay "stealthed". The moment you do something that accesses the internet from your end, you're "unstealthed" because data is coming out • Any hacker with a packet sniffer who knows where to look can tell that something's there Encryption • Ensures that messages cannot be intercepted/read by anyone other than the authorized recipient • Deployed to protect data transported over a public network (internet) • Uses advance mathematical algorithms to ‘scramble’ messages and their attachments Encryption • Provides the security necessary to sustain the increasingly popular virtual private network (VPN) technology – VPNs are private connections, or tunnels, over public networks – Deployed to protect telecommuters, mobile workers, branch offices and business partners to corporate networks or each other Summary • Common sense, some simple rules and a few pieces of technology can help protect your computer systems from unauthorized use • Important to remember that by protecting your own computer system, you're also doing your part to protect computers throughout the university Resources at the University of Arizona • Kerio firewall https://sitelicense.arizona.edu/kerio/kerio.shtml • Sophos anti virus https://sitelicense.arizona.edu/sophos/sophos.html • Policies, procedures and guidelines http://security.arizona.edu/pandp.htm http://w3.arizona.edu/~policy • Security awareness http://w3.arizona.edu/~security/awareness.htm