Malpractice 2 Protecting the data

1
Malpractice 2Protecting the data
2
What do need to protect

• We need to protect
• The programs files
• The data files
• The operating system files

3
Why

• All of these can be
• corrupted
• deleted
• altered
• accidentally or maliciously

4
What can happen

• Scenario 1
• Accidental damage
• An employee working on a computer database,
  switches off the computer as the hard drive is
  writing the data -
• data is corrupted and the database file becomes
  unusable

5
What can happen 2

• Scenario 2
• Deliberate damage
• An employee is sacked by a company. Before they
  leave, they put a program on the network which
  will run at a pre-set time and wipe all of the
  data files - a logic bomb

6
What can happen 3

• Scenario 3
• Deliberate damage
• During the Gulf war USA military hacked into the
  power supply control systems in Iraq in order to
  disrupt the electrical supplies - Information
  Warfare

7
What can happen 4

• Scenario 4
• Deliberate damage
• Political activists hack into the web server for
  a political party/government and daub electronic
  graffiti on web site

8
How do we stop this happening

• Clerical procedures and guidelines
• Standard security measures
• Passwords
• Biometric access
• ID cards and Tags
• Encrypted files

9
Clerical Procedures

• The most basic defence against data loss
• Basic training on systems operations
• Codes of practice - simple rules to help
  safeguard machines and data.
• Log out after use
• Dont leave portables in cars
• Put backups in safe
• etc. etc.

10
Standard Security Measures

• Again basic
• Locks, alarms, video, guards in computers areas
• Machines secured to benches - cabinets,
  wire-loops
• All portables have special socket to attach
  anti-theft devices

11
Passwords something you know

• Most common method - includes PINs
• Need to be short - so people can remember them
• But this creates security hazard easy to guess/
  work out
• Most common password is password
• People use family names, pop groups, etc.
• Hackers use Dictionary attack to crack these

12
Biometrics something you are

• Relies on some unique physical characteristic
• Fingerprints
• Retinal pattern
• Facial characteristics
• DNA patterns
• All methods currently being tried out
• Retinal scan seems most successful

13
Cards and Tagssomething you carry

• Widely used for access to both computer areas and
  machines
• Often simple magnetic stripe cards
• Smart Cards now being used
• Some organisations moving to radio id cards (RFID)

14
Encrypted files

• Data files need a password to decode the files so
  that they can be used
• Widely used for transmitted data e.g. credit card
  details, personal data
• Most systems use public key encryption
• PGP (Pretty Good Privacy) commonly used in e-mails

15
Hierarchical Access

• Most systems have a hierarchy of users
• Example
• Low level users can only read data
• Intermediate level users can add data
• High level users can add/ alter /delete data
• All access systems will have this built in
• High level access (passwords etc.) need very good
  security - difficult to guess/crack changed often

16
Who are we keeping out

• Major risk is internal
• employees, contractors etc.
• Increasing external risk
• basic theft
• fraud etc. carried out by gaining physical access
  to computer area
• Internet has allowed large increase in remote
  entry - Hacking

17
Hackers Hacking
18
Hackers -Who are they 1

• Originally techies who tried to make programs
  work better, go faster, do other things
• Probably urban myth but-
• 1964 IBM Xmas party - entertainment provided by
  hacked 4 million computer playing Christmas
  carols

19
Hackers - Who are they 2

• In modern times
• People who enter systems to alter files
• Often young males
• Increasingly more organised - hacker groups
• Links to organised crime, government hackers,
  military hackers.
• Lone hacker still v. dangerous - Melissa virus
  created by lone coder

20
What do they do

• Basic level
• Enter system to alter data
• Fraud, malicious damage.
• More sophisticated
• create programs to replicate and cause damage
• Viruses

21
Viruses
22
What is a Virus

• Essentially, a program which
• Self replicates
• Moves from one system to another
• Can alter or destroy data
• Currently over 10,000 strains active
• Have become increasingly sophisticated in their
  methods of attack

23
Who creates them

• Mostly lone hackers
• Many modern viruses originate in Eastern Europe
  and Russia
• Pacific Rim countries now major source
• Most created just to show hackers coding prowess
• Very few malicious - code destroying strains

24
Types 1 - Boot Sector

• The oldest type
• Reside in the boot sectors of discs
• Computer infected when disc read
• Many types - very easy to write
• Most harmless - just put up on screen message
• Increasingly used for political propaganda

25
Types 2 - Trojan Horse

• Program which appears to carry out one task while
  doing something else usually malicious.
• Example -
• USA high school 1998 - screensaver program
  downloaded from the net deleted 666 random files
  each time it was run.
• School network stopped working after 3 days
• Took 6 weeks to repair - all student files lost

26
Types 3 - Logic Bomb

• Loaded onto machine and set to go off
• after a certain time
• on a set date
• when a particular series of actions is taken (or
  not taken).
• Normally destructive
• Often used by employees to destroy firms data
  when they leave

27
Types 4 - Macro Virus

• Modern virus - exploits security loophole in
  word-processors, spreadsheets etc.
• Attaches to file (in macro area) and replicates
  quickly.
• Not usually destructive
• Can slow down system , take up memory

28
Types 5 - E-mail virus

• Modern virus
• Spreads as an attachment to an e-mail file
• Runs when attachment is downloaded/run or e-mail
  is viewed
• Some very destructive
• Some log keystrokes e.g. passwords, credit card
  details to send to hacker
• Spread very quickly by reading e-mail address
  book and re-sending themselves

29
Types 6 - Worms

• Do not need to attach to file
• Exploit security loopholes to enter systems and
  networks esp. trapdoors
• Replicate throughout system then move on to other
  systems
• Spread very quickly
• Often malicious

30
Types 7 - Phantom Virus

• Virus does not exist
• Problems caused by people e-mailing warnings -
  slows network traffic.
• New variant tells people that a particular system
  file is a virus and gets them to delete it,
  causing system failure.

31
How do we stop viruses

• Basic rules
• Use Anti-virus software keep it updated and use
  it !
• Back up all data regularly
• Do not download software from unknown sources-
  shareware particular problem
• Do not open attachments in e-mails
• Use Firewall system to protect network
• Use Footbath machine to scan any discs brought
  into organisation
• Do not connect machines with very sensitive data
  to Internet/network - air gap

32
Anything Else ?

• Lots of other attacks
• Denial of Service - Hackers send millions of
  requests to ISP - stops others using service
• Mail Bomb - Program which send 10s thousands of
  e-mails to single address
• Mail Dam - Program sends very large file to
  e-mail address, prevents access to other mail
• Snooper Mail - E-mail attachment looks for files
  e.g. pornography on machine and e-mails details
  to all in address book and police
• Piggy back user - Uses wireless link in nearby
  company to access internet/ company information

33
The Future ?

• Spread of Internet and increased use of networks
  means that virus spread and hacking will increase
• Security measures will always be reactive, very
  difficult to make systems secure
• Some analysts predict that Internet may be
  brought down by concerted attack within 2 years

34
Is there a law ?

• No world wide legislation
• In U.K. Computer Misuse Act 1990 is anti -hacking
  legislation
• Prosecutions across borders very difficult
• Hacking, viruses etc. will continue to be a major
  problem
• Growth area, however, is Software Piracy

35
The End