Title: UNDERSTANDING INFORMATION SECURITY
1UNDERSTANDING INFORMATION SECURITY
VIRUSES,
WORMS,
HOAXES,
And TROJAN HORSES
- Lee Ratzan, MCP, Ph.D.
- School of Communication, Information Library
Studies at Rutgers University Lratzan_at_scils.rutge
rs.edu
2 ITS A JUNGLE OUT THERE
Network Worms
Computer Viruses
Trojan Horses
Logic Bombs
Address Book theft
Hijacked Home Pages
DNS Poisoning
Denial of Service Attacks
Zombies, IP Spoofing
Buffer Overruns
Password Grabbers
Password Crackers
3AND THE EVER POPULAR
Hoaxes
Ploys
Pop-Ups
Scams
Spam
4In 1980 a computer cracked a 3-character password
within one minute.
DID YOU KNOW?
In 1999 a team of computers cracked a
56-character password within one day.
In 2004 a computer virus infected 1 million
computers within one hour.
5DEFINITIONS
- Tells a computer what to do and how to do it.
Computer viruses, network worms, Trojan
Horse
These are computer programs.
6SALIENT DIFFERENCES
1) Computer Virus
2) Network Worm
3) Trojan Horse
7TYPICAL SYMPTOMS
- File deletion
- File corruption
- Visual effects
- Pop-Ups
- Erratic (and unwanted) behavior
- Computer crashes
8BIOLOGICAL METAPHORS
1. Bacterial Infection Model
2. Virus Infected Model
A computer virus spreads similarly, hence the
name
9WHY DO WE HAVE THIS PROBLEM?
- Software companies rush products to the consumer
market (No program should go online before its
time)
- Recycling old code reduces development time, but
perpetuates old flaws.
10AND A FEW MORE REASONS
- Market share is more important than security
- Interface design is more important than security
- New feature designs are more important than
- security
- Ease of use is more
- important than security
11HACKER MOTIVATIONS
- Attack the Evil Empire
- (Microsoft)
Display of dominance
Showing off, revenge
Misdirected creativity
Embezzlement, greed
Who knows what evil lurks in the hearts of men?
12NETWORKED SYSTEMS VS SECURED SYSTEMS
Some platforms are more secure than others
NETWORKS
SECURITY
Open Communication
Closed Communication
Full Access
Full Lockdown
Managers must strike a balance
13POPULAR FALLACIES
- If I never log off then my computer can never get
a virus
- If I lock my office door then my computer can
never get a virus
- Companies create viruses so they can sell
anti-virus software
- Microsoft will protect me
My ISP will protect me?
14AND A FEW MORE.
- I got this disc from my (mother, boss, friend) so
it must be okay
- You cannot get a virus by opening an attachment
from someone you know
- But I only downloaded one file
- I am too smart to fall for a scam
- You can catch a cold from a computer virus
- My friend who knows a lot about computers
- showed me this really cool site
15THINGS THE LIBRARY CAN DO
ACTION PLAN
- Designate security support staff (and fund them)
- Make security awareness a corporate priority (and
educate your staff)
- Enable real-time protection
- Update all vendor security patches
- Subscribe to several security alert bulletins
16- Periodically reboot or re-load all computers
- Control, limit or block all downloads and installs
- Install anti-virus software on computers (keep it
current)
It takes a carpenter to build a house but one
jackass can knock it down
(Variously attributed to Mark Twain, Harry
Truman, Senator Sam Rayburn)
17WHAT CAN THE LIBRARIAN DO?
Set bookmarks to authoritative
- public free anti-virus removal tools
Provide patrons with up-to-date information
about viruses, etc.
Confirm that desktops have the latest anti-virus
updates
18BACK IT UP
- Offline copies Grandfather/father/son
(monthly/weekly/daily)
- Online copies Shared network drive
- Changes only Incremental/differential
- Do not back up a file on the same disc as the
- original!
- Assume every disc, CD, etc is suspect, no matter
- who gave it to you
Doveryay, No Proveryay (Trust but Verify)
19MACHINE INFECTED?
- Write down the error or alert message
- verbatim
- inform your tech support team
- quarantine the machine
2) Look up the message in an authoritative
anti-virus site (demo)
- diagnose the problem
- take recommended remedial action
20- Download, install, run the anti-virus
- removal tool (demo)
- Apply all missing critical security patches
- (demo)
3) Reboot the machine
- Run a full system scan before placing the machine
back in service
21THE HOAX STOPS HERE
IF THE MESSAGE
- tells you to do something
- tells you to take immediate action
- cites a recognizable source to give itself
- credibility (Microsoft has warned that)
- does not originate from a valid computer vendor
22AND
- lacks specific verifiable contact information
IF IN DOUBT, CHECK IT OUT
Confirm the hoax by checking it against
authoritative hoax sites
Inform other staff so the hoax does not propagate
23POPULAR HOAXES INCLUDE
Tricks users into deleting a file
- JDBGMGR (teddy-bear icon)
Pyramid scheme
24STOPPING THE TROJAN HORSE
- The Horse must be invited in .
How does it get in?
By
Downloading a file
Installing a program
Opening an attachment
Opening bogus Web pages
Copying a file from someone else
25MORE ON THE HORSE.
A Trojan Horse exploits computer ports letting
its friends enter, and
once a thief gets into your house he opens a
rear window for his partners
Security patches often close computer ports and
vulnerabilities
26NOTE 1
- Search engines are NOT reliable sources of virus
information
- Information may be inaccurate, incomplete or
- out of date
- Search engines generate huge numbers of
- indiscriminate hits
- Some anti-virus Web sites are scams
- (or contain trojan Horses)
- Go directly to authoritative anti-virus sites
27NOTE 2
- Computer companies are NOT reliable sources of
virus information
Computer companies
- Usually refer you to an anti-virus vendor
- are not in the anti-virus business
28ONLINE RESOURCES
- Authoritative Hoax Information
- securityresponse.symantec.com/avcenter/hoax.html
- vil.mcafeesecurity.com/vil/hoaxes.asp
- Authoritative Anti-Virus Vendor Information
- securityresponse.symantec.com/avcenter/vinf
odb.html - www.mcafeesecurity.com/us/security/vil.htm
29REFERENCES
- Authoritative Security Alert Information
- securityresponse.symantec.com/ (Symantec)
- www.microsoft.com/security
- (Microsoft)
-
- www.apple.com/support/security/
- (Apple)
30- Authoritative Anti-Virus Organizations
- www.cert.org
- (Computer Emergency Response Team-CMU)
- www.ciac.org/ciac
- (CIAC-Department of Energy)
- www.sans.org/aboutsans.php
- (Server and Network Security)
- www.first.org
- (Forum of Incident Response and Security
Teams) - www.cirt.rutgers.edu
- (Computing Incident Response Team-Rutgers)
31- Authoritative Free Public Anti-Virus Removal Tool
Information - securityresponse.symantec.com/avcenter/tools.list.
html - vil.nai.com/vil/averttools.asp
- mssg.rutgers.edu/documentation/viruses (Rutgers)
- some professional library sites have pointers to
reliable anti-virus information
32PRINT RESOURCES
- Allen, Julia, (2001) The CERT Guide to
- System and Network Security Practices,
- Addison-Wesley, New York
- Crume, Jeff, (2000) Inside Internet Security,
- Addison-Wesley, New York
- Ratzan, Lee, (January 2005) A new role for
- libraries, SC Magazine (Secure Computing
- Magazine), page 26
33- Ratzan, Lee, (2004) Understanding Information
Systems, American Library Association, Chicago
34A NEW ROLE FOR LIBRARIES?
35THE AUTHOR ACKNOWLEDGES
- The cooperation of InfoLink (www.infolink.org)
for promoting library professional development
programs - The Monroe Public Library for the use of its
facilities - SC Magazine for publishing an essay on libraries
being at the forefront of information security - Lisa DeBilio for her production of the PowerPoint
slides.
THANK YOU ALL