Security Awareness:Security Tips for Protecting Ourselves Online

Friday, May 20, 2011

Brian Allen, CISSPbrianallen@wustl.edu

Network Security AnalystWashington University in St. Louis

http://nso.wustl.edu/presentations/

Let’s Talk About…• Facebook/Social Networking• Password Security• AV Products• Home Wireless Router Security• Laptop Security• Safe Web Browsing• Phishing Examples• Online Banking• Virus Example and Case Study

Facebook/Social Networking:

Password Security

Parents’ Password Cracked On First Try The Onion News Feb 27, 2002

• REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password.

• “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account.

Free Password Managers

1. KeePass – I use this one2. Password Safe

– Bruce Schneier’s Project3. PassPack

– An online password manager

Commercial Password Manager:4. 1Password

-”Works great on iPhone and OS X”

Free Antivirus Tools

Antivirus

• I look for:– the fastest– update themselves automatically– have an easy to use interface

• AVG = http://free.avg.com• AntiVir = http://www.free-av.com• Avast = http://www.avast.com

From CNET.com Editor ReviewsAVG Popularity: * Total downloads 227,792,675 Avira AntiVir Popularity: * Total downloads 61,994,231 Avast Popularity: * Total downloads 60,978,532

AVG Interface

AVG Will Check Every Email

Avira AntiVir Interface

AVAST Interface

Home Wireless Router Tips

Home Wireless Router Tips

• Change Default Password• Firewall is on by Default• WPA2, not WPA or WEP• MAC Address Filtering• Leave SSID on• No personal info in SSID like Smith_Family

Change The Default Password

Firewall Is On By Default

WPA2

MAC Address Filtering

Home Wireless Router Tips

• Change Default Password• Firewall is on by Default• WPA2, not WPA or WEP• MAC Address Filtering• Leave SSID on• No personal info in SSID like Smith_Family

Laptop Tracking Software

Key Questions to Consider

• How hard is it to disable or remove the software?• Who will have access to the collected data?• How many laptops are lost or stolen every year?

LoJack Pros

• Very difficult to disable• The company, only with the user’s permission,

can log in to:– Take pictures– Erase the hard drive

• Will work with police to recover the laptop

LoJack Bios Compatibility

AsusDellGammatechGetacGatewayGeneral

Dynamics

HPFujitsuLenovo (IBM

Thinkpad)Motion ComputingPanasonicToshiba

LoJack Cons

• Bios compatibility does not include Macintosh– 40% student machines are Macs

• Most Expensive - $49 per laptop• The company can get access into laptops,

although it is only to be initiated by the owner after it is reported stolen

Laptop/USB Encryption

• USB Hardware Encryption – IronKey $$$

• Laptop/USB Encryption – TrueCrypt (Free!)

Safe Web Browsing

Four OS Security Tips

• Make sure the operating system has:– Update automatically– Firewall turned on– All accounts have strong passwords– Up-to-date Anti-virus tool

Link Security Tips

• Don’t click links or open attachments in emails.• If you have any doubt, get confirmation directly

from the sender.• Be wary of messages that include attractive

offers or urgent requests.• Watch out for links that require you to

immediately provide a login and password.• Type the URL directly into Google.

Browser Security Tips

• I use Firefox as my regular browser.• Firefox will automatically update itself.• Firefox 3 and 4 have Phishing and Malware

Protection on by default. • Use the Add Block Plus Firefox Addon.

The Top Firefox Addon (By Far)

Without AdBlock Plus

With AdBlock Plus

Phishing Examples

Phishing Email

Spear Phishing Example

<http://michaelkellett com/ez/wustl.html>

Online Banking

Important Online Banking Tip

• Never type your bank url into a browserOr click on a url that looks like your bank

• Always let Google find it for you– Should be the first link

Virus Example and Case Study:

First: Different Types of Infections

• Viruses – Rely on users to spread: email attachments, links in an email

• Worms – can spread on their own• Trojans – A malicious file that appears to be

legitimate• Bots – A worm that phones home to a

Command & Controller so the attacker can give it instructions

What Do The Infections Do?

• Send Spam• Attack other machines• Set up a Phishing site• Act as a proxy for other malicious traffic• Download spyware/adware to the machine• Run a keylogger

Koobface Botnet

• Koobface made an estimated $2m since July 2009• It makes money by selling scareware (fake anti-

virus), doing click fraud and other scams.• Koobface targets Facebook and other sites.• 400,000+ bots; 20,000+ fake Facebook accounts• Tricks users to execute malware disguised as Flash

updates needed to view shocking content.• The malware turns PCs into zombie drones under

the control of hackers.• http://www.theregister.co.uk/2010/11/15/koobface_take_down/

Fake Anti-Virus Screen Shot

KoobFace Botnet

• How it works in one example:• Koobface is a Russian based botnet• The threat arrives as a Facebook private

message that contains a supposed link to a youtube video

Don’t Click the LINK!

Koobface Example Continued

• Users who are tricked into clicking the link are redirected to other pages until they finally end up at a spoofed YouTube site called YuoTube

Don’t Trust the “Adobe Flash Update”!

How KoobFace works

• It navigates through users’ FB pages to search for their friends.

• It phones home to get the actual message that the worm will then spread to your friends.

• McAfee says it is not unusual to see 10,000 Koobface variants in one month.

• http://blogs.mcafee.com/mcafee-labs/malware-at-midyear-a-summary

• TrendLabs considers Zeus and Koobface to be the most prolific malware families

• http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/tm101hthreat_report.pdf

Koobface Targets MacOSX

• A new version of Koobface attacks Mac OSX spreads through Facebook.

• Security company Intego says this version uses a malicious Java applet to attack users.

• http://krebsonsecurity.com/2010/10/koobface-worm-targets-java-on-mac-os-x/

Thank You!

Brian Allen, CISSPbrianallen@wustl.eduhttp://nso.wustl.edu

Password Managers:KeePass: http://keepass.infoPassword Safe: http://schneier.com/passsafe.htmlPassPack: http://www.passpack.com1Password ($): http://agilebits.com/onepassword Antivirus:AVG: http://free.avg.comAntiVir: http://www.free-av.comAvast : http://www.avast.com Laptop Tracking:LoJack($): http://www.absolute.com/en/lojackforlaptops/home.aspx USB/Laptop Encryption:Ironkey($): https://www.ironkey.comTrueCrypt: http://www.truecrypt.org Firefox Ad Blocker:AdBlock Plus https://addons.mozilla.org/en-US/firefox/addon/adblock-plus

Brian Allen brianallen@wustl.edu