Computer Systems Security

Outline• Computer Systems Security Introduction• Examples of Information Security • Identity Theft• Hackers• Types of threats• Botnets/Zombies• Securing your network

– Encryption– Firewalls– VPN– Email– Web– Wireless– Applications– Computers

Computer Security / Information Security

• Protection of digital information from theft, corruption or natural disaster

What is being protected?– Personal or Company Data– Credit card numbers– Bank Account Information- Company from sabotage

- Delete data- Alter websites- Denial of Service

– Use Computer Resources to attack others• Hard disk space• Fast Processor• Internet Connection

Where Hackers Attack?What Hackers Do?

• Email • Web• Firewall • Network• Operating System / Application Vulnerabilities• Mobile• Telephone

• Phishing• Spoofing• Keystroke logging

– Malware • Virus - replicates through applications• Trojan horse – can create backdoor through application • Worms – doesn’t need to attach to any application (makes backdoor zombies)• Adware – Pop up advertising• Spyware - Monitors users surfing habits and degrades system performance• Rootkit – Hidden. Replaces system executables • Crimeware – Financial or Political crime. 2005: $30M in theft

Identity theft • Fraud crime that involves someone pretending to be someone else

in order to steal money or to get other benefits.• 3.7 % of American adults are victims to identity theft.

– Stealing mail through dumpster diving– Retrieving info from disposed computers– Research internet about victim through internet searches or public

records– Steals payment or id cards by skimming a compromised card reader or

pick pocketing– Eavesdropping on public transactions (shoulder surfing)– Trojan horses, hacking– Data breach (post of personal info on web or mail)– Changing your address– Phishing

Types of Hackers

• White Hat- breaks security for non-malicious reasons. Enjoys learning about computer security

• Black Hat – Someone who is hacking for credit card fraud, identity theft, intellectual property theft. Crackers.

• Script kiddie – non-expert who uses pre-packaged automated tools written by others.

• Hacktivist – Uses technology to announce a social, ideological, religious, or political message. Defaces websites, DOS attacks. Cyberterrorism.

How the Hacker Attacks?1. Network enumeration – discover info about intended target (Port Scanner)2. Vulnerability analysis – identifying potential ways of attack (Packet Sniffer)3. Exploitation – attempting to compromise the system by vulnerabilities found

in the analysis (Spoof, Virus, Spyware, Trojan Horse)

• He makes himself a master• Covers his tracks by modifying log entries• Finds passwords by running a “dictionary attack” • Use of Trojan horses to find passwords through “login”, “telnet”, or “ftp”• Gives himself “root” privileges / system administrator • Install Sniffer programs to collect all passwords that come through system• Searches trusts on the network by searching the systems /etc/host.equiv

and the users .rhosts files. • Once in, the intruder can install software, read, copy or erase data.

Botnets and Zombies

• Software Robots, or bots, that run autonomously and automaically.

• Zombie computers are computers that were attacked to run software via worms, trojan horses or backdoors

• Most zombie computer users are unaware their systems are being used this way.– Zombies have been used to extensively send e-mail spam (50 –

80%)– Click fraud against sites displaying pay per click ads– Phishing or money mule recruiting websites– Distributed denial-of-service attacks

Securing your Network

Encryption

• Uses an algorithm (cipher) to make data unreadable unless the receiver has a key

• Diffusion and confusion principles

• Over 70 % of companies use encryption for some of their data in transit

• Network encryption – Encryption with router – Encryption with safenet device

Symmetric-key cryptography

• Single key encrypt/decrypt data

• Keys are small

• Algorithm are fast

• Different keys are needed for each pair of users

• DES, AES, Blowfish, CAST5

• Face-to-Face exchange of keys

Asymmetric Key Encryption /Public-Key cryptography

• Uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message.

• Diffie-Hellman key exchange – Protocol that allows 2 parties connection w/ Shared secret key over insecure communications channel. 1976

• RSA – algorithm for public-key cryptography. Signing and Encryption 1977

• Binds public keys with users with a certificate authority (CA)• Different keys are used to encrypt/decrypt (key pair)• Keys are large, Algorithms are slow• Public Key encryption – message is encrypted with recipient’s public key• Digital signatures – message signed with sender’s private key (need sender’s public key to decrypt)

• PGP – Cryptographic software for secure communication and storage by binding public keys to user name and/or email address.

Common Examples:Email encryption and/or sender authenticationEncryption of documentsAuthentication (Smart cards)Bootstrapping secure communication (IKE and SSL)Mobile SignatureExamples: RSA, TLS, PGP, GPG, and ElGamal

Firewall Security• Software and Hardware Firewalls• Methods of protection:

– Packet filtering– Proxy service– Stateful inspection

• Access Control Lists– IP Addresses– Domain Names– Specific Words and phrases to sniff– Ports – Protocols

• IP, TCP, HTTP, FTP, UDP, ICMP, SMTP, SNMP, Telnet

• Log monitoring• Updating and Patching• Vulnerability Testing• 2 different firewalls for one network• VPN’s

Virtual private network

• VPNs play important role in today’s enterprises by providing the ability to deploy a simple, secure, scalable, robust, cost-effective networking solution.

• Point to Point connection support multiple protocols.• VPN authentication and encrypted/cryptographic

tunneling protocols provide confidentiality and privacy for user or site.

• Router to router • Firewall to router • PC to router • PC to server

VPN Security

• Data Confidentiality

– IPsec VPN – Secures IP: IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload.

– Protocols: IKE (secure), AH (integrity), ESP (confidentiality)

– L2TP – session layer tunneling protocol. (UDP 1701)

– NAT – Masking IP

– Data Integrity – checking if data is whole

– AAA servers (authentication, authorization, and accounting) RADIUS

Software:

– SSTP –VPN tunnel that supports Transport-level security through SSL 3.0 (port 443) – remote access for clients w/ 2008 and Vista.

Hardware:

– Cisco/Netgear/Juniper/Checkpoint etc. – SSL VPN concentrator/client. Can use browser

Email Security

• Email server– S/MIME: public key encryption and signing with CA– TLS: security and data integrity– OpenPGP: web of trust, users sign each other’s

public keys.– Identity based encryption – Uses arbitrary string as a

public key, enabling data to be protected without the need for certificates.

– Mail sessions encryption: no port change• STARTTLS (IMAP and POP3)

Web Security SSL/TLS

• Cryptographic protocols for internet communications

• The SSLv3 protocol was superseded by TLS

• Used for HTTPS, SMTP etc.

• Public Keys are distributed as X.509 certs

• Uses Hierarchical systems (CA’s) for validation

Wireless Security

• Laptop wireless, Bluetooth, barcode readers, PDA’s, wireless printers/copiers.

• Man-in-the-middle attacks – soft AP, 2 NIC’s, hotspots• DoS – bombards AP / EAP failures• Network injection – AP re-configuration• Caffe Latte attack – defeats WEP by floods of ARP

requests

Counteracting risks• MAC ID filtering• Static IP addressing / no DHCP• Wi-Fi Protected Access (WPA/WPA2)

Wireless TKIP and CCMP Encryption Protocols

• TKIP vulnerability to a keystream recovery attack.

• Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

• Mandatory for WPA2

• Replaces TKIP (protocol for WPA/WEP)

• Advanced Encryption Standard (AES algorithm) – 128-bit key and 128-bit block

Advanced Encryption Standard

1. SubBytesRijndael S-box lookup byte replacement

2. ShiftRowsCyclically shift bytes to left (Diffusion)

3. MixColumns

Each column is multiplied with fixed polynomial (Diffusion)

4. AddRoundKeySubkey is combined with the state (XOR)

Securing your computer• Install and use anti-virus programs• User awareness• Keep your system patched• Don’t install software / plug ins from unknown sources • Use care when reading email attachments• Install and use a firewall program• Make backups of important files and folders• Use strong passwords• Use care when downloading and installing programs• Install and use a hardware Firewall• Install and use a file encryption program and access controls.• Social Networking Smarts

Securing Applications• Login security• Use SSL on login/registration pages• Enforce: numbers, letters, punctuation, caps, symbols in password• Minimum number of characters in password• Store encrypted password with md5 or similar hash algorithm• Lockout account after 3 bad attempts• For a forgotten password – send out a password reset request, or a randomly generated

password•  • User data• Encrypt any sensitive data such a passwords or credit card numbers• Grant users access to specific data via roles•  • Database• Use a specific database login for the website to use, don’t use SA.• Lock down access to tables and stored procedures using logins/roles.• Change default port that database runs on.•  • Systems• Possibly secure/encrypt any application configuration files which contain database login

information.• More “physical” separation of layers (UI, Database) allows tighter control of security. • Keep up to date on patches.

• Other• Keep an eye on bots / frequent multiple hits from a block of IP addresses.• Watch for SQL injection attacks.• Lock down ports not being used.• Make sure port 25 is not relaying.

Security Management

• Small homes• A basic firewall like COMODO Internet Security or a

unified threat management system. • For Windows users, basic Antivirus software like

AVG Antivirus, ESET NOD32 Antivirus,KasperSky, McAfee, or Norton AntiVirus. An anti-spyware program such as Windows Defender or Spybot would also be a good idea. There are many other types of antivirus or antispyware programs out there to be considered.

• When using a wireless connection, use a robust password. Also try and use the strongest security supported by your wireless devices, such as WPA or WPA2.

• Use passwords for all accounts. • Have multiple account per family member. Disable the guest

account (Control Panel> Administrative Tools> Computer Management> Users).

• Raise awareness about information security to children.[5]

• Medium businesses• A fairly strong firewall or Unified Threat Management System • Strong Antivirus software and Internet Security Software. • For authentication, use strong passwords and change it on a

bi-weekly/monthly basis. • When using a wireless connection, use a robust password. • Raise awareness about physical security to employees. • Use an optional network analyzer or network monitor. • It's important that company need an enlightened administrator

or manager.

• Large businesses• A strong firewall and proxy to keep unwanted people out. • A strong Antivirus software package and Internet Security

Software package. • For authentication, use strong passwords and change it on a

weekly/bi-weekly basis. • When using a wireless connection, use a robust password. • Exercise physical security precautions to employees. • Prepare a network analyzer or network monitor and use it

when needed.

• Implement physical security management like closed circuit television for entry areas and restricted zones.

• Security fencing to mark the company's perimeter. • Fire extinguishers for fire-sensitive areas like server

rooms and security rooms. • Security guards can help to maximize security.

• School• An adjustable firewall and proxy to allow authorized

users access from the outside and inside. • Strong Antivirus software and Internet Security

Software packages. • Wireless connections that lead to firewalls. • Children's Internet Protection Act compliance. • Supervision of network to guarantee updates and

changes based on popular site usage. • Constant supervision by teachers, librarians, and

administrators to guarantee protection against attacks by both internet and sneakernet sources.

• Large Government• A strong firewall and proxy to keep unwanted people

out. • Strong Antivirus software and Internet Security

Software suites. • Strong encryption, usually with a 256 bit key. • Whitelist authorized wireless connection, block all

else. • All network hardware is in secure zones. • All host should be on a private network that is

invisible from the outside. • Put all servers in a DMZ, or a firewall from the

outside and from the inside. • Security fencing to mark perimeter and set wireless

range to this.

Computer Security Compromise Action

• Unplug Network / Disable wireless / Turn off computer• Research behavior• Block IP on Firewall• Scan Computer and Network• Fix the problem or reformat• Who is it?

– Logs– Application– Firewall– Email header– nslookup– Netstat –an– whois / netsol