topics in internet security a&d lunch & learn brown bag friday, august 19, 2011 brian allen,...
TRANSCRIPT
![Page 1: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/1.jpg)
Topics in Internet Security
A&D Lunch & Learn Brown BagFriday, August 19, 2011
Brian Allen, [email protected]
Network Security Analyst,Washington University in St. Louis
http://nso.wustl.edu/presentations/
![Page 2: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/2.jpg)
Let’s Talk About
• Facebook Privacy• Password Managers• Email Security• Phishing Examples• Top Ten Security Tips• Virus Example and Case Study
![Page 3: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/3.jpg)
NSS
NSO
Business School
Law School
Arts & Sciences
Medical School
Engineering School
Internet
Decentralized Campus NetworkNSS = Network Services and SupportNSO = Network Security Office
Library
Social Work
Art & Architecture
![Page 4: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/4.jpg)
Facebook/Social Networking:
![Page 5: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/5.jpg)
![Page 6: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/6.jpg)
![Page 7: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/7.jpg)
![Page 8: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/8.jpg)
![Page 9: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/9.jpg)
![Page 10: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/10.jpg)
![Page 11: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/11.jpg)
![Page 12: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/12.jpg)
![Page 13: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/13.jpg)
![Page 14: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/14.jpg)
Password Managers
![Page 15: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/15.jpg)
Parents’ Password Cracked On First Try The Onion News Feb 27, 2002
• REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password.
• “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account.
![Page 16: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/16.jpg)
Free Password Managers
1. KeePass – I use this one– Called KeePassX for the Mac
2. Password Safe3. I Use Dropbox.com to store my
KeePass file so I can always access it
![Page 17: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/17.jpg)
KeePass
![Page 18: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/18.jpg)
KeePass
![Page 19: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/19.jpg)
![Page 20: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/20.jpg)
Email Security
![Page 21: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/21.jpg)
Email Security Tip #1
• Do not click on links in emails
![Page 22: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/22.jpg)
Email Security Tip #2
• See Tip #1
![Page 23: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/23.jpg)
Spam Product Supplier
Seller 1 Seller 2 Seller 3
Accountant
Spammer3
Spammer2Spammer1
Spammer1
Spammer2
Spammer3
Spammer1
Spammer2
Spammer3
![Page 24: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/24.jpg)
Where Does Spam Originate?Why Do We Care?
• Spam = Bots (Large armies of infected machines sending out spam)
• Bots = Sophisticated Malware• Sophisticated Malware = Organized Crime• More than 89% of all email messages were
spam in 2010 - Symantec
![Page 25: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/25.jpg)
Spam is Big Business
• Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• 10,000 malware installations: $300–$800• Sending 100 million emails per day: $10,000
per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf
• Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010
• How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/
![Page 26: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/26.jpg)
CBL Breakdown By Country
Country Count %total %cumu Rank Infect %India 1253890 18.80 18.80 1 4.465%Vietnam 565839 8.48 27.28 2 3.306%Brazil 479491 7.19 34.47 3 0.857%Indonesia 392814 5.89 40.36 4 3.163%Pakistan 383319 5.75 46.10 5 7.688%Russia 358142 5.37 51.47 6 0.912%China 222761 3.34 54.81 7 0.075%
![Page 27: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/27.jpg)
One Cause Of This Problem
• Many machines in these countries are running pirated copies of Windows.
• They are not getting security updates.• They are vulnerable and get infected.• Also, it can take a long time to download
updates.
![Page 28: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/28.jpg)
Underground Economy
• Spammers also are involved in:– CAPTCHA solving– Email harvesting– Custom software– Bulletproof hosting– Proxys
![Page 29: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/29.jpg)
Spam Volume
• From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent
![Page 30: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/30.jpg)
Spam Content
• The Zeus/SpyEye Banking Trojan Typically Uses:– Greeting card– Resume– Invitation– Mail delivery failure– Receipt for a recent purchase
![Page 31: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/31.jpg)
Spam Volume on WUSTL Ironports -
Feb 2011
![Page 32: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/32.jpg)
Phishing Examples
![Page 33: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/33.jpg)
Phishing Email
![Page 34: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/34.jpg)
![Page 35: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/35.jpg)
Real or Phish?
<http://michaelkellett com/ez/wustl.html>
![Page 36: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/36.jpg)
Real or Phish?
![Page 37: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/37.jpg)
Real or Phishing Site?
![Page 38: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/38.jpg)
Emails, Like Postcards, Are Not Encrypted
Contact me to discuss encryption options for storing or sending
sensitive information
![Page 39: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/39.jpg)
![Page 40: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/40.jpg)
Social Security Number Email 1
From: BOB [[email protected]]Sent: Friday, April 01, 2011 12:54 PMTo: ALICE [[email protected]]Subject: Registration Request ALICE:Couldn't remember if I had already sent this request or not.Please register CHARLIE ( 111-11-1111 ) for the session Thank youBOB
![Page 41: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/41.jpg)
Social Security Number Email 2
From: BOB [[email protected]]Subject: FW: University talkTo: [email protected], [email protected]: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE,I sent this e-mail a couple of weeks, but I haven't heard back from you
yet, so I thought that I would send it again.Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave.St. Louis, MO 63130
![Page 42: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/42.jpg)
Top 10 Security Tips
![Page 43: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/43.jpg)
Top 10 Security Tips For Everyone I
1. Make sure the Windows Firewall is turned on2. Make sure all accounts on your computer have
good passwords3. Make sure Windows Automatic Updates is on4. Install an Anti-Virus software package.
Microsoft is now providing their Security Essentials anti-virus/anti-spyware for free to home users: http://www.microsoft.com/Security_Essentials
![Page 44: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/44.jpg)
Top 10 Security Tips For Everyone II
5. I use Firefox with AdBlock Plus6. Run Secunia Personal Software Inspector
(www.secunia.com). It is free, and it will tell you when you need to update your other software (Adobe, Java, Quicktime, RealPlayer, etc).
7. Educate yourself on Phishing and don’t become a victim (google phishing quiz)
![Page 45: Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst, Washington](https://reader034.vdocuments.site/reader034/viewer/2022042822/56649e2c5503460f94b1c145/html5/thumbnails/45.jpg)
Top 10 Security Tips For Everyone III
8. Don’t click on links in e-mail.9. Don’t give out your password to anyone, for
any reason, especially in an e-mail!10.Never enter your password into a site that is
not using HTTPS (look at the URL and make sure there is a lock in the lower right corner).