Introduction to Computer Networks

1
Introduction to Computer Networks

• Home Computer Security
• Best Practices Advice

2
Configuration Dial Up
Phone Cable
Phone Jack
3
Configuration Cable/DSL
Phone
Or
Ethernet 10/100
TV Cable
Modem
4
Configuration - Router
Wired
Ethernet
Wireless
5
Attacks

• Threat must exist viruses, worms, Trojan
  horses, and hackers are real
• Your computer must be vulnerable all systems
  contain latent vulnerabilities
• There must be an exploit for a vulnerability -
  like an e-mail attachment that contains a virus
• An actual attack must be mounted like receiving
  an e-mail with an attachment containing a virus
  a matter of probability

6
Risk

• Risk exists whenever you are on-line to the
  Internet
• You are identified by your Internet IP address
• For dial-up, the address changes every time you
  log on to your ISP and is released when you hang
  up
• For always-on connections, the address is more
  persistent and as long as you leave the
  computer turned on it is on-line

7
Risk Reduction Good Practices

• Use anti-virus (av) software, run it in real-time
  mode so it scans every file that is opened before
  opening it.
• Update the av signature file every few days you
  can do this on-line
• Install and use a firewall most SOHO routers
  have NAT firewall capability XP has a built-in
  firewall there are free firewalls available
  (e.g., Zonealarm at www.zonelabs.com) for home
  users

8
Best Practices (contd)

• Practice safe e-mail and web surfing opening
  any e-mail attachment is a risk clicking on a
  web site sent over e-mail can take you to a
  malicious web site that can compromise your
  computer
• Regularly install update patches Microsoft
  offers on-line updates turn them on MAC/Linux
  users should visit their vendors site for patches

9
Best Practices (contd)

• Create and use passwords wisely
• Make password complex - difficult to guess/crack
  use passphrases (gt14 characters)
• If you must write them down, store them securely
  off-line do not store them on the computer
  unless you use a product like password safe
  (www.counterpane.com) its free
• Dont allow remote sites to remember your
  password they will often offer to do this

10
Best Practices (contd)

• Back up your system registry, operating system,
  your important data files CD or separate disk
  partition, 2nd disk drive, etc.
• Turn off features, defaults you do not need
  (e.g., file sharing, print sharing)
• Avoid inherently unsafe software it may be
  appealing and you may get added capability you
  dont want

11
Best Practices (contd)

• Dont store critical information on your computer
  passwords, encryption keys, credit card
  numbers, social security numbers, other private
  information
• If you store critical information on your
  computer, protect it by encryption
• Protect wireless connections to keep outsiders
  from hijacking you connection and compromising
  your system

12
Internet Shopping

• Providing a credit card number can be risky
  dont let a site remember it the risk of
  interception is much smaller that the risk of the
  site being compromised
• Enable your browser to check certificates
• Your browser checks the certificate for validity
  with a third party

13
Protecting Key Information

• If your computer is compromised, all information
  is available, so you need to protect any private
  information.
• Encrypt private files
• If you want to store passwords use a strong
  program, like Password Safe (see
  http//www.schneier.com/passsafe.html)

14
Phising (fishing) Scam

• Bad guy sends you an e-mail appearing to come
  from a legitimate source like you bank, AOL,
  PayPal, etc.
• The message uses social engineering to convince
  you to take an action that will ultimately reveal
  financial information for example, an upgrade
  at PayPal requires that we update your account
  information, please visit our web site by
  clicking on the link

15
Phishing (more)

• If you click, you will go to a site that looks
  official (e.g., a clone of the PayPal site, or
  your Bank, etc.)
• You will be asked to enter your password, then
  ssn, account , etc.
• Trouble is, it is a fake site that only serves
  the purpose of extracting your private
  information in order to ransack your real account
  or steal your identity

16
Phising (more)

• Do not ever respond to these requests
• Never reach you bank, credit union, etc. via a
  mail link. Enter the URL directly
• If you feel you do need to respond, then call
  your bank, etc. to see if the request is
  legitimate
• This is becoming big business for independent and
  organized crime if youve been had report it
  (see references at end for the Internet Fraud
  Center)

17
Web Surfing

• When you visit a web site, it is possible for the
  site to silently download malicious code to you
  computer
• Many pages have imbedded executable code (e.g.,
  to animate an image)
• Trouble is any executable can be bad.
• These sites can be malicious or they may be
  legitimate sites that have been compromised
  cant tell the difference
• Be careful when you pick sites to visit

18
Potentially Unsafe Software

• Freeware
• Peer-toPeer services
• Java and Active X controls
• Browser helper applications
• Spyware
• Adware

19
Freeware

• Offered without cost lots of it is out there
• It may come bundled with noxious code that tracks
  your behavior or compromises your system
• Not all freeware is bad, but a lot of it is
  especially games, wallpaper, utilities, toolbars,
  and others
• Practice some screening process reputable
  references, known companies, etc.

20
Peer-to-Peer Services

• Many are offered as music sharing services
• KaZaA,
• BearShare,
• Morpheus
• eDonkey

21
Peer-2-Peer Computing The Problem with
KaZaA Peer-2-Peer computing is a relatively
recent phenomena that distributes information
among the peer nodes instead of concentrating it
at a central location (at least in its purest
form). The allows the broad sharing of
information among peers. P-2-P has been widely
used to share music files. There are multiple
P-2-P Models from centralized (Napster) to fully
distributed (Gnutella). KaZaA is an
intermediate model and recent example of P-2-P
and was developed in Amsterdam by Fast track,
Inc. Others include Gnutella, Morpheus, Win MX,
BearShare, Edonkey2000, Direct Connect, Audio
Galaxy, and many, many more.
22
KaZaA How it works Has a centralized server
that maintains user registrations, logs
users into the systems to keep statistics,
provides downloads of client software, and
bootstraps the peer discovery process.
Requires a client to be installed on your
computer. Two client types are
supported Supernodes (fast cpus high
bandwidth connections) Nodes (slower cpus and/or
connections) Supernodes addresses are provided
in the initial download. They also maintain
searchable indexes and proxies search requests
for users.
23
KaZaA Client Software A graphical user
Interface (GUI) somewhat like Microsoft
Outlook. Supports an instant messaging feature
(P-2-P, not community chat) A database of
supernodes and/or peers. A search engine to
identify the location of desired files by name
and keyword (keyword descriptors are generated
and stored in file descriptors for each
file). A rudimentary web (file) server that
delivers files to peers on request. Security
User downloads a client no control over
functionality - client exposes files shares
to the external world
24
KaZaA Graphically
Search Request (Title, Keyword)
Central Server
Supernode
Initial Registration
Initial Download
Search Response (peer IP, File 3)
User
Peer 1
Peer n
Get File 3
File 1 File 2 File 3 . File n
File 1 File 2 File 3 . File n
File 1 File 2 File 3 . File n
25
KaZaA Some Details On initial registration,
the client may be provided with a list of
more than one supernode. Supernodes are
elected by the central server users can
decline. Supernodes can come and go so links may
fail over time. If a peer attempts a connection
and fails, it can request the supernode to refer
the request becomes important when a firewall
is used. File transfers use http protocol and
port 1214 (the KaZaA port).
26
KaZaA The Firewall Breach Part 1
Protected Network
Internet
Insider initiates SYN, SYN ACK, ACK, Search
Response Outbound any is OK
1
A
B
2
Insider initiates SYN, SYN ACK, ACK, Get File
Outbound any is OK
27
KaZaA The Firewall Breach Part 2
Protected Network
Internet
No activity, but connection is always ON
Outsider initiates SYN, SYN ACK, ACK, Search
Response Response Ids system behind the firewall
1
2
Outsider initiates SYN Firewall drops Inbound
not OK for this service
28
KaZaA The Firewall Breach Part 3
Protected Network
Internet
During on-going activity an Urgent Message is
sent to A to Connect to B
2
A
Outsider initiates SYN, SYN ACK, ACK, Message
Tell A to Connect to B
1
3
Insider initiates SYN, SYN ACK, ACK, Message
Several, but result is the file is transferred.
Tricky way to get past a firewall.
B
29
KaZaA Consequences Huge bandwidth Hog U of
Vermont (45 of Internet bandwidth) Potential
for original client download to be a Trojan it
is. Potential for files downloaded into the
protected network to be Trojans. On the other
side P-2-P is coming and many think is the next
internet KILLER APP. Where web centralizes
information access, P-2-P distributes. Next
generations will have security controls.
30
KaZaA The Trojan KaZaA clients come complete
with a Trojan from Brilliant Digital
Entertainment. 3D advertising technology node
software that can be controlled by Brilliant
Digital. Intent is to use the massed horsepower
to host and distribute content belonging to
other companies for a fee. With the users
permission of course opt out basis (not opt
in!). Content to include advertising, music,
video anything digital. Also have mentioned
tapping unused cycles to do compute work.
31
Java and Active X Controls

• Allows execution of active web content.
• Ideally should be turned off.
• Only turn on if needed for a specific site you
  trust, then off again.

32
Browser Helper Applications

• Some malware is downloaded as a browser helper
  application a feature of Internet Explorer.
• Some malware detectors can find an remove (see
  SpyWare later)

33
SpyWare/Adware What is it? Not precise, but
common usage says SpyWare refers to software
that gathers information about a computers use
and relays that information back to a third
party. This occurs with, but most often
without, the users consent (consent, when used,
is often contained in the license user
acknowledges before installing the software).
34
Classes of SpyWare Persistent cookies Track
users web habits. Web bugs A hidden image
embedded in a web page and saved by the SpyWare
as evidence that the page was visited. Browser
hijackers Changes to a browsers settings such
as the start page or search functionality.
35
Classes of Spyware

• Keyloggers Logs keystrokes and/or web sites
  visited, IM sessions, windows opened, programs
  executed.
• Tracks Captures information recorded by an OS or
  application such as recently visited web sites or
  recently opened files or programs.

36
Classes of SpyWare Malware Viruses, worms,
Trojans, logic bombs, phone dialers, etc.
Spybots Monitor users behavior fields typed
in web Forms, e-mail/contact address lists, URLs
visited. May be used to generate spam address
lists. Adware Displays ads, reports browsing
behavior (most often benign, but can hog
resources slow system to a crawl).
37
New Classes of SpyWare The preceding classes
are recognized in the literature. There is at
least one additional classes not
reported. DataLoggers Establishes a man-in-the
middle proxy between the users browser and any
web site. All web pages pass through the proxy
where they can be logged. This exists in at
least one Chinese browser required to access
Chinese web sites.
38
SpyWare Other Characteristics Many instances
have automated update capability that can add
new functionality. Have been demonstrated to
have vulnerabilities that can be exploited.
Actual exploits have not been reported, but are
expected to follow announcements of
weaknesses. Are present on a high percentage of
systems (as high as 80 in some corporate cases)
in all environments where the Internet is
commonly used (i.e., homes, corporations,
universities, etc.).
39
SpyWare Number of Programs Growth industry. As
of January, 2004 the SpyBot database listed 790
SpyWare instances(1). Cookies/Web Bugs
34 Browser hijackers 153 Keyloggers
62 Tracks 231 Malware 168 Spybots 142 (1
) All software including COTS (e.g., keyloggers).
40
SpyWare Risk Profile Compromises a users
privacy. Can detract from the usability and
stability of a system. Can introduce
vulnerabilities. Can contain malware. Some
spyware (e.g., cookies, adware) is relatively
benign and some is malicious. It is hard to tell
the difference and delivery mechanisms can be the
same for both.
41
SpyWare Threats Primary threats are malware
and keystroke loggers. Remote access users are
at highest risk because of lack Of physical
protection, intrusion detection,
firewall filtering, multiple users (e.g., family
use at home), etc. However, internal corporate
users are also at risk based on existing
experience.
42
SpyWare Detection/Eradication Anti-Virus
vendors have not yet addressed the issue,
but appear to be moving in this direction. There
are products available that specifically detect,
Block, and/or remove spyware. Include SpyBot
freeware http//security.kolla.de Adaware
freeware http//www.lavasoftusa.com Pest Patrol
COTS http//www.pestpatrol.com
43
Pest Patrol VPN Connection
2. Firewall (Checkpoint) asks if client is free
of spyware. 4. If answer is yes VPN
connection is allowed if no connection is
denied.
1. User requests VPN Connection. 3. Client
invokes Pest Patrol to scan remote system.
44
Pest Patrol More Characteristics Operates with
Checkpoint VPN-1 policy server. Clients can be
installed from a central server. Scan logs are
centrally stored. Supports e-mail notification
of events.
45
SpyWare Industry Comments CIAC Because of
their unknown nature and the high potential for
abuse, parasite programs of the active adware, 
spyware, and stealth networks types should not
be allowed on systems within companies or the
government. LANL Prohibits SpyWare,
peer-to-peer, etc. in visitor network. U of
Washington the potential for spyware to cause
substantial security problems is real.
46
Wireless Protection

• A wireless setup includes a wireless access point
  (DLink, Linksys) which often functions as a
  router and firewall
• It also includes a wireless PC card
• Both devices must be configured to protect your
  connection

47
Wireless Protection

• Enable the access point (AP) firewall
• Change the administator password for the access
  point/router
• Change the default name of your wireless
  connection the Service Set Identifier (SSID)
  (in AP and each PC)
• Disable SSID broadcast so you dont announce your
  network to neighbors
• Change SSID, key values, passwords on a regular
  basis in AP and PCs

48
Wireless Protection

• Enable MAC address filtering this means you
  must discover the MAC address for each machine
  you connect and enter it in the AP MAC list
• Enable the strongest encryption your AP and PC
  will support in strength order this is WEP,
  WPA, WPA2 both ends must be capable all are
  WEP, most are WEP WPA, a few are WPA2

49
Wireless Equivalent Privacy (WEP)

• WEP is oldest, weakest and has known problems
  that are easy to hack use if the only option
  use 128 bit encryption
• WPA provides Temporal Key Integrity Protocol
  (TKIP), uses changing session keys, adds
  cryptographic integrity check is stronger, but
  still breakable
• WPA2 provides Advanced Encryption Standard (AES)
  with no known defects at present time - best

50
References

• Home security tips www.cert.org/tech_tips/home_ne
  tworks.html
• Cable/DSL Tuning cable-dsl.home.att.net/security
  
• Mac security www.securemac.com
• Microsoft www.microsoft.com/security

51
References

• Symantec Antivirus www.symantec.com/
• McAffee Antivirus www.mcaffee.com/
• Ad-aware http//www.lavasoftusa.com/
• SpyBot http//security.kolla.de/
• Zone Alarm http//www.zonelabs.com/
• BlackIce http//www.blackice.iss.net/
• Internet Fraud Complaint Center
  http//www1.ifccfbi.gov/