View
214
Download
0
Category
Preview:
Citation preview
How You Can Protect Yourself from Cyber-Attacks
Ian G. Harris
Department of Computer ScienceUniversity of California Irvine
Irvine, CA 92697 USAharris@ics.uci.edu
About the Class
Schedule: Mondays, 10:00 - 10:50 in DBH 1420
Website: Look at http://www.ics.uci.edu/~harris
Readings: The Symantec Guide to Home Internet Security, Andrew Conry-Murray and Vincent Weafer, Addison- Wesley, 2006
Topics: Computer security risks (i.e. phishing, spam, malware, etc) and how to protect against them (i.e. firewalls, anti-virus, patching software, etc.)
• This course is meant to be practical, not too technical.
• I can give pointers to more technical information.
Social Engineering
Exploiting vulnerabilities in the user, not the network or device
Traditional scams using the computer (and/or the phone) as a vehicle
People trust official looking emails and websites
Not primarily technical attacks
Often used to gain information for larger attacks
Social Engineering Examples
Examples:•“Dear Honorable Sir, I need to transfer $10,000,000,000 to your account”
Required to pay a “small” transfer fee
•“You need to update your Paypal account …”Directed to send personal information
•Call computer support and masquerade as a technician
“Where is that TFTP server located again?”
Spoofing
• Making a fake version of something in order to trick a user
• Often used as part of a social engineering scam
Example:
1. You get an email saying something is wrong with your ebay account.
2. It provides a link to a website www.ebayaccounts.com
3. The website is fake but can look completely real
• Can be done with email addresses and calling trees
Preventing Social Engineering
Don’t trust anyone or any information that you can’t verify
1. Don’t give critical info to unverified websites/phone numbers2. Don’t accept anything (i.e. programs) from unverified sources
This may be inconvenient
1. If Citibank calls, you should call them back at a known Number2. Can’t purchase online from unknown vendors3. Be careful about freeware/shareware
“Technical” Threats
Exploiting vulnerabilities in the computational device or in the network
•Require some technical abilityUnderstand network protocols and componentsWrite code (at least execute scripts)Deeply understand networked applications
•May be directed at your machineYou can defend against these
•May impact you but be directed against other machinesYou can’t really stop these
Typical Technical Threats
Denial of Service - A service provided by the device is caused to fail
•Cellphone cannot receive calls, desktop reboots
Quality of Service - Quality is degraded, not destroyed
•Noise added to a phone call, anti-lock brakes slow
Data Theft - Important data is taken from the device
•Passwords, name, usage patterns, location
Botnet Zombie - Complete ownership of the device to use in the future for other attacks.
Threats Against Other Machines
•Your machine’s operations are impacted by an attack on another machine
Usually part of the network infrastructure
Examples:
Your Domain Name Server (DNS) is attacked so you can no longer resolve domain names
Your university’s computers are attacked and your personal data is stolen
•You can’t do much about these attacks, except complain/sue
Threats Against Your Machine
•Most such threats require executing malicious code on •your machine
Malware - General term for “Malicious code”
Common types of malware:
Spyware - Record information inside your deviceBrowsing habits, keystrokes, etc.Also change behavior (web page redirects …)
Adware - Record information and display ads catered to you
How Does Malware Work?
• Need to know this in order to defend against it
1. Gets into the memory of your computer
2. Tricks your computer into executing it
3. Hides itself
4. Spreads itself to other machines
Getting Into Your Computer
User-driven - User allows the malware in
•Read your email
•Click on an attachment
•Click on a website link
•File transfer (ftp)
Background traffic - Many programs communicate on the network in the background
•IM, skype, automatic updates, etc.
Executing on Your Machine
How can foreign programs run on my computer?
User Gives Permission
•“Do you want to enable this macro?”
•Bad default settings, (ex. Automatically enable all macros)
•These vulnerabilities can be fixed fairly easily
Software Vulnerability
•A networked application has a coding flaw which allows unauthorized code execution
Rootkits
•A rootkit is a program that uses stealth- Sneaks onto your machine without you knowing- Hides itself on your machine so that is can’t be removed
•Rootkits change components of the operating system to hide their •presence
Example of stealth- A rootkit may attach itself to a good executable- Detected by examining properties of the executable (i.e. size)- Checking properties is a call to an OS program- Rootkit may change the “check properties” program to print the
original size
•Most malware is fundamentally a specialized rootkit
Malware Propagation/Spread
Trojan Horse - Malware which is part of another program which the user believes is safe
•Spread occurs when the user installs the “safe” program•Social engineering may be involved
Virus - Malware which is part of a larger program or file
•Ex. Macro in an .xls spreadsheet•Self-replicates by inserting itself into new programs/files
Worm - Malware which is not attached to another program/file
•Self-replicates over the network
Recommended