UNDERSTANDING INFORMATION SECURITY

1
UNDERSTANDING INFORMATION SECURITY
VIRUSES,
WORMS,
HOAXES,
And TROJAN HORSES

• Lee Ratzan, MCP, Ph.D.
• School of Communication, Information Library
  Studies at Rutgers University Lratzan_at_scils.rutge
  rs.edu

2
ITS A JUNGLE OUT THERE
Network Worms
Computer Viruses
Trojan Horses
Logic Bombs
Address Book theft
Hijacked Home Pages
DNS Poisoning
Denial of Service Attacks
Zombies, IP Spoofing
Buffer Overruns
Password Grabbers
Password Crackers
3
AND THE EVER POPULAR
Hoaxes
Ploys
Pop-Ups
Scams
Spam
4
In 1980 a computer cracked a 3-character password
within one minute.
DID YOU KNOW?
In 1999 a team of computers cracked a
56-character password within one day.
In 2004 a computer virus infected 1 million
computers within one hour.
5
DEFINITIONS

• A computer program

• Tells a computer what to do and how to do it.

Computer viruses, network worms, Trojan
Horse
These are computer programs.
6
SALIENT DIFFERENCES
1) Computer Virus

• Needs a host file

• Copies itself

• Executable

2) Network Worm

• No host (self-contained)

• Copies itself

• Executable

3) Trojan Horse

• No host (self-contained)

• Does not copy itself

• Imposter Program

7
TYPICAL SYMPTOMS

• File deletion
• File corruption
• Visual effects
• Pop-Ups
• Erratic (and unwanted) behavior
• Computer crashes

8
BIOLOGICAL METAPHORS
1. Bacterial Infection Model

• Single bacterium

• Replication

• Dispersal

2. Virus Infected Model

• Viral DNA Fragment

• Infected Cells

• Replication

• Dispersal

A computer virus spreads similarly, hence the
name
9
WHY DO WE HAVE THIS PROBLEM?

• Software companies rush products to the consumer
  market (No program should go online before its
  time)

• Recycling old code reduces development time, but
  perpetuates old flaws.

10
AND A FEW MORE REASONS

• Market share is more important than security

• Interface design is more important than security

• New feature designs are more important than
• security

• Ease of use is more
• important than security

11
HACKER MOTIVATIONS

• Attack the Evil Empire
• (Microsoft)

Display of dominance
Showing off, revenge
Misdirected creativity
Embezzlement, greed
Who knows what evil lurks in the hearts of men?
12
NETWORKED SYSTEMS VS SECURED SYSTEMS
Some platforms are more secure than others
NETWORKS
SECURITY
Open Communication
Closed Communication

Full Access
Full Lockdown
Managers must strike a balance
13
POPULAR FALLACIES

• If I never log off then my computer can never get
  a virus

• If I lock my office door then my computer can
  never get a virus

• Companies create viruses so they can sell
  anti-virus software

• Microsoft will protect me

My ISP will protect me?
14
AND A FEW MORE.

• I got this disc from my (mother, boss, friend) so
  it must be okay

• You cannot get a virus by opening an attachment
  from someone you know

• But I only downloaded one file

• I am too smart to fall for a scam

• You can catch a cold from a computer virus

• My friend who knows a lot about computers
• showed me this really cool site

15
THINGS THE LIBRARY CAN DO
ACTION PLAN

• Designate security support staff (and fund them)

• Make security awareness a corporate priority (and
  educate your staff)

• Enable real-time protection

• Update all vendor security patches

• Subscribe to several security alert bulletins

16

• Periodically reboot or re-load all computers

• Control, limit or block all downloads and installs

• Install anti-virus software on computers (keep it
  current)

It takes a carpenter to build a house but one
jackass can knock it down
(Variously attributed to Mark Twain, Harry
Truman, Senator Sam Rayburn)
17
WHAT CAN THE LIBRARIAN DO?
Set bookmarks to authoritative

• virus hoax Web pages

• anti-virus Web pages

• public free anti-virus removal tools

Provide patrons with up-to-date information
about viruses, etc.
Confirm that desktops have the latest anti-virus
updates
18
BACK IT UP

• Offline copies Grandfather/father/son
  (monthly/weekly/daily)

• Online copies Shared network drive

• Changes only Incremental/differential

• Do not back up a file on the same disc as the
• original!

• Assume every disc, CD, etc is suspect, no matter
  
• who gave it to you

Doveryay, No Proveryay (Trust but Verify)
19
MACHINE INFECTED?

• ACTION PLAN

• Write down the error or alert message
• verbatim

• inform your tech support team
• quarantine the machine

2) Look up the message in an authoritative
anti-virus site (demo)

• diagnose the problem
• take recommended remedial action

20

• If appropriate

• Download, install, run the anti-virus
• removal tool (demo)

• Apply all missing critical security patches
• (demo)

3) Reboot the machine

• Run a full system scan before placing the machine
  back in service

21
THE HOAX STOPS HERE
IF THE MESSAGE

• tells you to do something

• tells you to take immediate action

• cites a recognizable source to give itself
• credibility (Microsoft has warned that)

• does not originate from a valid computer vendor

22
AND

• lacks specific verifiable contact information

IF IN DOUBT, CHECK IT OUT
Confirm the hoax by checking it against
authoritative hoax sites
Inform other staff so the hoax does not propagate
23
POPULAR HOAXES INCLUDE
Tricks users into deleting a file

• JDBGMGR (teddy-bear icon)

• Money scam

• NIGERIA

Pyramid scheme

• 800 FROM MICROSOFT

24
STOPPING THE TROJAN HORSE

• The Horse must be invited in .

How does it get in?
By
Downloading a file
Installing a program
Opening an attachment
Opening bogus Web pages
Copying a file from someone else
25
MORE ON THE HORSE.
A Trojan Horse exploits computer ports letting
its friends enter, and
once a thief gets into your house he opens a
rear window for his partners
Security patches often close computer ports and
vulnerabilities
26
NOTE 1

• Search engines are NOT reliable sources of virus
  information

• Information may be inaccurate, incomplete or
• out of date

• Search engines generate huge numbers of
• indiscriminate hits

• Some anti-virus Web sites are scams
• (or contain trojan Horses)

• Go directly to authoritative anti-virus sites

27
NOTE 2

• Computer companies are NOT reliable sources of
  virus information

Computer companies

• Usually refer you to an anti-virus vendor

• are not in the anti-virus business

• themselves are victims!

28
ONLINE RESOURCES

• Authoritative Hoax Information
• securityresponse.symantec.com/avcenter/hoax.html
• vil.mcafeesecurity.com/vil/hoaxes.asp
• Authoritative Anti-Virus Vendor Information
• securityresponse.symantec.com/avcenter/vinf
  odb.html
• www.mcafeesecurity.com/us/security/vil.htm

29
REFERENCES

• Authoritative Security Alert Information
• securityresponse.symantec.com/ (Symantec)
• www.microsoft.com/security
• (Microsoft)
• www.apple.com/support/security/
• (Apple)

30

• Authoritative Anti-Virus Organizations
• www.cert.org
• (Computer Emergency Response Team-CMU)
• www.ciac.org/ciac
• (CIAC-Department of Energy)
• www.sans.org/aboutsans.php
• (Server and Network Security)
• www.first.org
• (Forum of Incident Response and Security
  Teams)
• www.cirt.rutgers.edu
• (Computing Incident Response Team-Rutgers)

31

• Authoritative Free Public Anti-Virus Removal Tool
  Information
• securityresponse.symantec.com/avcenter/tools.list.
  html
• vil.nai.com/vil/averttools.asp
• mssg.rutgers.edu/documentation/viruses (Rutgers)
• some professional library sites have pointers to
  reliable anti-virus information

32
PRINT RESOURCES

• Allen, Julia, (2001) The CERT Guide to
• System and Network Security Practices,
• Addison-Wesley, New York
• Crume, Jeff, (2000) Inside Internet Security,
• Addison-Wesley, New York
• Ratzan, Lee, (January 2005) A new role for
• libraries, SC Magazine (Secure Computing
• Magazine), page 26

33

• Ratzan, Lee, (2004) Understanding Information
  Systems, American Library Association, Chicago

34
A NEW ROLE FOR LIBRARIES?
35
THE AUTHOR ACKNOWLEDGES

• The cooperation of InfoLink (www.infolink.org)
  for promoting library professional development
  programs
• The Monroe Public Library for the use of its
  facilities
• SC Magazine for publishing an essay on libraries
  being at the forefront of information security
• Lisa DeBilio for her production of the PowerPoint
  slides.

THANK YOU ALL