Module F

1
(No Transcript)
2
Securing your computerGADGET GURUS

• Dr. Wayne Summers
• TSYS Department of Computer Science
• Columbus State University
• Summers_wayne_at_colstate.edu
• http//csc.colstate.edu/summers

3
(No Transcript)
4
SQL Slammer

• It only took 10 minutes for the SQL Slammer worm
  to race across the globe and wreak havoc on the
  Internet.
• The worm, shut down some U.S. bank teller
  machines, doubled the number of computers it
  infected every 8.5 seconds.

5
BLASTER

• At least 500,000 computers worldwide infected
• In eight days, the estimated cost of damages
  neared 2 billion.

6
SOBIG.F

• One of every 17 e-mails scanned was infected (AOL
  detected 23.2 million attachments infected with
  SoBig.F)
• Worldwide, 15 of large companies and 30 of
  small companies were affected by SoBig -
  estimated damage of 2 billion.

7
(No Transcript)
8
Goals

• confidentiality (privacy) - limiting who can
  access assets of a computer system.
• integrity - limiting who can modify assets of a
  computer system.
• availability - allowing authorized users access
  to assets.

9
Definitions

• vulnerability - weakness in the security system
  that might be exploited to cause a loss or harm.
• threats - circumstances that have the potential
  to cause loss or harm. Threats typically exploit
  vulnerabilities.
• control - protective measure that reduces a
  vulnerability or minimize the threat.

10
Vulnerabilities

• Todays complex Internet networks cannot be made
  watertight. A system administrator has to get
  everything right all the time a hacker only has
  to find one small hole.
• Robert Graham, lead architect of Internet
  Security Systems

11
Recent News

• New Trojan horses threaten cell phones
• Keyloggers Jump 65 As Info Theft Goes Mainstream
  
• Computers around the world are systematically
  being victimized by rampant hacking. This hacking
  is not only widespread, but is being executed so
  flawlessly that the attackers compromise a
  system, steal everything of value and completely
  erase their tracks within 20 minutes.

12
Recent News

• IM Worms could spread in seconds Symantec has
  done some simulations and has found that half a
  million systems could be infected in as little as
  30 to 40 seconds.
• Fraudulent e-mails designed to dupe Internet
  users out of their credit card details or bank
  information topped the three billion mark last
  month.

13
(No Transcript)
14
E-mail from Microsoft security_at_microsoft.com

• Virus? Use this patch immediately !
• Dear friend , use this Internet Explorer patch
  now!
• There are dangerous virus in the Internet now!
• More than 500.000 already infected!

15
(No Transcript)
16
Malware and other Threats

• Viruses / Worms (over 180,000 viruses 4/2007)
• 1987-1995 boot program infectors
• 1995-1999 Macro viruses (Concept)
• 1999-2003 self/mass-mailing worms (Melissa-Klez)
• 2001-??? Megaworms blended attacks (Code Red,
  Nimda, SQL Slammer, Slapper)
• Trojan Horses

17
(No Transcript)
18
Solutions

• Apply defense in-depth
• Don't open email from strangers or attachments
  you weren't expectingespecially attachments with
  .exe extensions
• Use good passwords
• Back up important files
• Run and maintain an antivirus product
• Do not run programs of unknown origin
• Deploy a firewall
• Keep your patches up-to-date

19
(No Transcript)
20
Password Management

• Passwords should be at least 6-8 characters
• Passwords should be alphanumeric with special
  characters like punctuation marks
• Never use common words from the dictionary
• Never tell anyone your password, not even to
  security personnel or to your best friend
• Never send passwords through e-mails, as
  passwords are sensitive items
• Never write a password down on scratch paper
  where someone might discover it
• Never throw a password in the trash. A Dumpster
  Diver may discover it

21
(No Transcript)
22
Password Management

• Potential passwords which are good?
• 11042007
• abc
• Fido
• Wayne
• WayneSummers
• Password
• Password1996
• QuePasa?
• W_at_yn3Summ3r

23
(No Transcript)
24

• The most potent tool in any security arsenal
  isnt a powerful firewall or a sophisticated
  intrusion detection system. When it comes to
  security, knowledge is the most effective tool
• Douglas Schweizer The State of Network
  Security, Processor.com, August 22, 2003.

25
Caesar cipher (key 3)
a b c d e f g h i j k l m n o p q r s t u v w x y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• The message
• caesar is a roman
• becomes
• FDHVD ULVDU RPDQ

26
Caesar cipher (key DOG)
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• The message
• caesar is a roman
• becomes
• FOKVO XLGGU CSDB

27
Popular Cryptography

• Jules Verne's - decipherment of a parchment
  filled with runic characters in the Journey to
  the Center of the Earth.
• Sir Arthur Conan Doyle's detective, Sherlock
  Holmes, was an expert in cryptography. The
  Adventure of the Dancing Men, involves a cipher
  consisting of stick men, each representing a
  distinct letter.
• Edgar Allan Poe issued a challenge to the readers
  of Philadelphia's Alexander Weekly Messenger,
  claiming that he could decipher any
  mono-alphabetic substitution cipher. He
  successfully deciphered all of the hundreds of
  submissions. In 1843, he wrote a short story,
  "The Gold Bug

28
COMPUTER SECURITY AWARENESS WEEK(http//cins.cols
tate.edu/awareness/)April 16-20, 2007
ACCENTUATE THE POSITIVE
29
QUESTIONS?