Computer Security

1
Computer Security

• Dorian Miller

2
Announcements

• Program 5 graded by Wed (hopefully)
• Next Java class assignments
• Homework 5, Thu after Thanksgiving
• Program 6, one week after Thanksgiving

3
Big picture

• Computing related to your life
• Computer security
• What is a program?
• Program executes commands to control computer
• Control of computer for any purpose
• good or bad

4
Computer users

• Millions of users
• Useful computer applications connected to the
  internet

Web browsing
Internet connection
Email
5
Security hazards

• Hacker tricks user into
• Revealing information
• Accessing computer
• Protect yourself!

6
Motivation for hackers creating malicious
software

• Destroy your computer
• Hacker gets to brag about devastation
• Serve advertising
• Source gets paid when user clicks ad
• Spy on personal information
• Identity theft of Social security, accounts,
• Use your computer
• Send more spam
• Start denial of service attacks
• News video overview of security problems
• http//www.youtube.com/watch?v3x7Lj5sdWPk

7
Spam

• Security problem
• Trick user to reveal personal information

ATM pin, social security, bank account
information, passwords
8
spam

• Spam is unsolicited messages
• Term believed to originate from Monty Python skit
  
• Spam incarnations, always a problem
• First spam by telegraph (1904)
• Spam messages on early discussion boards, chat
  rooms, and by fax
• Spam by email most common

Source http//en.wikipedia.org/wiki/E-mail_spam V
ideo http//www.youtube.com/watch?vwZ7YedEopp4
9
spam topics

• Advertising, intention get users attention
• Sell software
• Sell medicine
• Snake oil remedies
• Hoax stock picks
• Cost of spam not on Spammer
• ISP pays for sending email
• User receiving and sifting useless email

10
Phishing spam

• Phishing impersonate legitimate organization to
  redirect user to hackers site
• More serious
• Trick users to reveal personal information
• Hacker impersonates user to steal
• Examples
• Spam about verifying security information at
  Paypal or bank

11
Protection from spam

• Do not reply to spam in any way
• Do not reveal personal information
• Like ATM pin, social security, bank account
  information, passwords
• Do not open attachments
• When available
• Spam filter

12
Take control of computer

• Hacker tricks user into
• Revealing information
• Accessing computer

Malicious programs
Sneak into computer
Spam
13
Malicious programs

• Malicious program takes control of computer
• Danger Destroy computer files
• Inconvenient for user
• Easiest for hacker to implement
• Danger Ad serving
• Randomly show relevant ads (appears
  inconspicuous)
• Source paid for clicked ads
• Danger Spy on personal information
• Capture key stokes
• Filter personal information
• Use information for identity theft
• Most dangerous when undetected

14
Downloaded software

• Requires software being run on users computer
• Weekly users install legitimate software
• User fooled into installing malicious software
• How many browser toolbars do you have?
• Do you know where they came from?
• Do you know what they do?
• System tray icons

Browser Toolbars
15
Exaggerated case15 toolbars, 20 system tray icns
Source http//www.windows-noob.com/review/ie7/
16
Protecting from unauthorized programs

• Windows certificate indicates the author of the
  application
• User must verify source is trusted
• How does the user know?
• Mac ad about Vista security
• http//www.youtube.com/watch?vVuqZ8AqmLPY

17
Trojan

• Malicious program masquerades as a legitimate
  program
• User fooled into executing malicious program

Computer game
18
Where does malicious software come from?

• Malicious program more malicious when infecting
  millions of computers
• Malicious program needs effective mechanism to
  propagate quickly

19
Virus

• Virus spreads malicious program on one computer
• Virus attaches itself to all executable programs
• When one program is executed, virus executes too
• Virus threat when programs exchanged on floppy
  disk

20
Worm

• Similar to virus, worm spreads malicious program
• Spreads malicious program through network
• Copies itself from one network to another
• Finds technique to access from one network to
  another

UNC Duke NCSU
Video http//youtube.com/watch?vv6GnX3ZhuAg Spre
ad of the Code Red version 2 internet worm
21
Hackers abusing your computer

• Send more spam
• Start denial of service attacks (DOS)
• Your computer hides hackers tracks and identity
  
• In the news
• Estonia's government computers disabled by DOS
  attack

22
Protection from malicious software

• Reduce exposure to questionable sites
• Difficult Even legitimate sites are infected
• Antivirus software
• Searches computer for known viruses
• Update Antivirus software
• Malicious software evolving weekly
• http//www.symantec.com/norton/security_response/t
  hreatexplorer/index.jsp
• Expensive software
• Available free to UNC community
• https//shareware.unc.edu/

23
Exploiting existing vulnerabilities
Malicious programs
Sneak into computer
Spam
24
Hackers access computer

• Hackers exploit vulnerabilities in existing
  programs
• Vulnerability caused by mistake
• Error in the program
• Unhandled situation
• Oversight in design

25
Computer connection

• Port is network connection to the internet
• Email, files, web (telnet, ftp, http)
• Vulnerability hacker accesses computer through
  port
• Remote desktop demo
• VNC example of remote desktop software
• Overcome authentication to access computer

26
Protecting ports

• Firewall
• Restricts network connections
• User can confirm valid connection
• Connect to a safe internet connection
• Safer UNC
• Less safe public space at coffee shop, airport

27
Exploiting existing vulnerabilities
Malicious programs
Sneak into computer
Spam
28
Other computer systems

• Enough trouble keeping your computer safe
• Your information exists on many computer systems
• Example Security breach on hotels.com
• http//youtube.com/watch?vdytZBBlDMJs

29
How a program works

• Program executes on computer
• Operting syestm
• Common OS Windows, Mac, Linux, UNIX
• Accesses computer resources
• Files
• Network
• Settings
• Program must be trusted touse resources

Computer (operating system)
Program
30
Security and encapsulation

• Hacker tries to circumvent operating system

Operating system
Secrets
files
Program
Allowed Open data file ok
31
Security and encapsulation

• Encapsulation of operating system
• Hides secret information
• Abstraction controls programs access to
  operating system

Operating system
Public abstraction
Private Implementation
Secrets
files
Program
Allowed Open data file ok
32
Program security

• Sandbox
• Computer restricts the access of program to
  computer recourses
• JavaScript program runs insandbox
• Restricts file access
• Network access

Computer (operating system)
Program
33
Summary Protect yourself

• Delete spam
• Minimize access to dubious sites
• Install and update antivirus software
• Update Windows and Mac security
• Enable computer Firewall