A Basic Introduction to A Basic Introduction to Computer SecurityComputer Security

John H. Porter John H. Porter University of VirginiaUniversity of Virginia

Department of Environmental SciencesDepartment of Environmental Sciences

Achieving Absolute Computer Achieving Absolute Computer

SecuritySecurity

There is only one method that can assure There is only one method that can assure absolute security for the data and programs absolute security for the data and programs on your computeron your computer

Unplug it from the Unplug it from the power outlet!!!power outlet!!!

The Bad GuysThe Bad Guys

Trojan HorsesTrojan Horses• Software that does other things than it says Software that does other things than it says

it does – often maliciousit does – often malicious WormsWorms

• Attempt to circumvent controls on network Attempt to circumvent controls on network accessaccess

VirusesViruses• Attempt to modify programs on your Attempt to modify programs on your

computer to add malicious codecomputer to add malicious code

The Bad GuysThe Bad Guys

SniffersSniffers• Tap network lines to capture data and Tap network lines to capture data and

passwordspasswords ThievesThieves

• Stolen computersStolen computers Bad LuckBad Luck

• Floods, fire, lightning, power surgesFloods, fire, lightning, power surges

Achieving Relative SecurityAchieving Relative Security

BackupsBackups Boundary DefenseBoundary Defense Defense on the homefrontDefense on the homefront

BackupsBackups

All computers will, at some point, All computers will, at some point, experience a security breachexperience a security breach• Backups let you recover lost data Backups let you recover lost data

Off-site backups protects you Off-site backups protects you against data loss due to violations against data loss due to violations of physical securityof physical security• Try getting your data back off a stolen Try getting your data back off a stolen

or burned hard drive!or burned hard drive!

Boundary DefenseBoundary Defense

Boundary defenses focus on Boundary defenses focus on keeping malicious users or keeping malicious users or programs from having access to programs from having access to files on your computerfiles on your computer• PasswordsPasswords• Control of Internet PortsControl of Internet Ports• Restricting ways files may be stored Restricting ways files may be stored

on your computeron your computer

PasswordsPasswords

Not all passwords are created Not all passwords are created equal – some are easier to crackequal – some are easier to crack• Ones based on publically available Ones based on publically available

information about you (e.g., your information about you (e.g., your name)name)

• Passwords based on dictionary rulesPasswords based on dictionary rules• Passwords that are too short or use Passwords that are too short or use

repeating charactersrepeating characters

Strong PasswordsStrong Passwords

One easy way to create strong One easy way to create strong passwords is to take the first letter off passwords is to take the first letter off each word in a sentence and add some each word in a sentence and add some punctuationpunctuation• E.g., Iwtbot, - “It was the best of times,”E.g., Iwtbot, - “It was the best of times,”• 2b,ON2b – “To Be, or Not to be”2b,ON2b – “To Be, or Not to be”

Also, varying capitalization can helpAlso, varying capitalization can help• JHwaPDM!JHwaPDM!

Protecting PasswordsProtecting Passwords

Even the most “secure” password Even the most “secure” password is vulnerable if communication lines is vulnerable if communication lines are compromisedare compromised• E.g., “sniffers”E.g., “sniffers”

Use of encrypted connections (ssl, Use of encrypted connections (ssl, https) can eliminate or greatly https) can eliminate or greatly reduce this riskreduce this risk

Know What You are SharingKnow What You are Sharing

Your computer provides a number of Your computer provides a number of Internet PortsInternet Ports• You want to eliminate access to ports that You want to eliminate access to ports that

are not serving a legitimate purposeare not serving a legitimate purpose You can test at sites like ShieldsUp:You can test at sites like ShieldsUp:

https://grc.com/x/ne.dll?bh0bkyd2https://grc.com/x/ne.dll?bh0bkyd2Not all access is bad, but you want to Not all access is bad, but you want to

KNOW what is exposed!KNOW what is exposed!

Limit the Places that can Limit the Places that can Access your ComputerAccess your Computer

Most SQL databases support Most SQL databases support restricting access to particular restricting access to particular network domains, or even network domains, or even individual machinesindividual machines• If your web and database servers are If your web and database servers are

on the same host, you may be able to on the same host, you may be able to eliminate ALL network access to the eliminate ALL network access to the database, since all interactions are database, since all interactions are mediated by your web servermediated by your web server

Keep your Eyes Open!Keep your Eyes Open!

Just as you would not walk down a Just as you would not walk down a darkened alley without paying attention darkened alley without paying attention to your surroundings, you need to be to your surroundings, you need to be alert to strange computer behaviors that alert to strange computer behaviors that may indicate a security problemmay indicate a security problem

Check your software support pages Check your software support pages frequently for news about vulnerabilities frequently for news about vulnerabilities and fixes and fixes

Defense on the HomefrontDefense on the Homefront

Limit access of your computer to trusted Limit access of your computer to trusted individualsindividuals• Usually not too much trouble at field Usually not too much trouble at field

stationsstations• Is especially an issue for web pages that Is especially an issue for web pages that

contain DBMS login information in free textcontain DBMS login information in free text Get a good virus checker and update it Get a good virus checker and update it

frequently frequently (daily if possible, at least (daily if possible, at least weekly)weekly)

Defense on the HomefrontDefense on the Homefront

Keep updates to Windows currentKeep updates to Windows current• As security holes are detected, fixes will As security holes are detected, fixes will

become availablebecome available• Windows provides for automatic updatesWindows provides for automatic updates• Recent worms (e.g., Blaster) utilized a flaw Recent worms (e.g., Blaster) utilized a flaw

in the RPC module of Windows to infect in the RPC module of Windows to infect large numbers of otherwise protected large numbers of otherwise protected computers before a fix was availablecomputers before a fix was available

Protecting the HomefrontProtecting the Homefront

Monitor your logs to detect attempts to Monitor your logs to detect attempts to attack your systemattack your system• Window’s Events logsWindow’s Events logs• Web server logsWeb server logs

Exercise good judgment on Exercise good judgment on downloading filesdownloading files• Every file downloaded is a potential Every file downloaded is a potential

security intrusionsecurity intrusion

Security is RelativeSecurity is Relative

Security is always relative, but it is Security is always relative, but it is possible to create a reasonable level of possible to create a reasonable level of securitysecurity

The more obscure a resource is, either The more obscure a resource is, either because it uses “unusual” software or is because it uses “unusual” software or is inconspicuous on the web, the less inconspicuous on the web, the less likely someone is to try to break into itlikely someone is to try to break into it

Useful Places to LookUseful Places to Look

http://www.cert.org/http://www.cert.org/ - Computer - Computer Emergency Response TeamEmergency Response Team

http://grc.com/default.htmhttp://grc.com/default.htm - home of - home of ShieldsUp and othersShieldsUp and others

http://www.sarc.com/http://www.sarc.com/ - Symantec anti- - Symantec anti-virus sitevirus site

http://guide.vsnl.net.in/tcpip/columns/http://guide.vsnl.net.in/tcpip/columns/security_internet/index.html - a general security_internet/index.html - a general guide to Internet Security issuesguide to Internet Security issues