Cyber Security Primer Lecture 04 PDF
Document Details
Uploaded by IntuitiveGlockenspiel
Gibson School System
Tags
Related
Summary
This lecture provides an introduction to cybersecurity, covering key concepts and challenges in protecting computer systems. It discusses different types of threats and the importance of security measures.
Full Transcript
CYBER SECURITY PRIMER CSIT040 – modern computing skills Instructor: Dr. May El Barachi News ! Gulf News Fake Website Victim tricked...
CYBER SECURITY PRIMER CSIT040 – modern computing skills Instructor: Dr. May El Barachi News ! Gulf News Fake Website Victim tricked (educated person) Cyber Crime section – Dubai Police e-mail forensics E-mail Security Awareness, 3rd Edition header analysis 2 What comes to your mind when you think about cyber security? 3 Why should I care? 4 Why should I care? What about the UAE ? 6 Importance of Cybersecurity The internet allows an attacker to work from anywhere on the planet. The more connected we are, the more exposed and vulnerable we become to cyber attacks. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: Web Browser IM Clients Web Applications Excessive User Rights Cybersecurity is Safety Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. 8 Challenges of Securing Information Security is one of the most important topic in the computer world Volume and diversity of attacks make it hard to defend against attacks No single simple solution to protecting computers and securing information Different types of attacks Difficulties in defending against these attacks 9 Difficulties in Defending Against Attacks Table 1-2 Difficulties in defending against attacks 10 Difficulties in Defending Against Attackers Speed of attacks With modern tools attackers can quickly scan systems to find weaknesses and launch attacks, Slammer 75,000 computers in first 11 mins Greater sophistication of attacks Hackers can use common internet tools (e-mail, HTTP) to send data or commands to attack computers, making it tricky to distinguish an attack from legitimate traffic Attackers detect weaknesses faster and can quickly exploit these vulnerabilities Even in 2004, there was only 5.8 days between the disclosure of a vulnerability and the release of an attack 11 Difficulties in Defending Against Attackers Increasing number of Zero Day attacks Occurs when an attacker discovers and exploits a previously unknown flaw. Attack can run rampant during the time spent to identify the vulnerability and issue a fix. Average time was 56.07 hrs in 2022 Distributed attacks Attackers can use thousands of computers (zombies, botnets) in an attack against a single computer or network. Denial of Service attack 12 Difficulties in Defending Against Attackers User confusion (most difficult to defend against) Users often have to make difficult security decisions regarding their computer systems, often with little or no information; e.g. Is it ok to open this port? (to unauthorized users!, what is a port?) Is it safe to quarantine this attachment? Do I want to permit my bank to install this add-in? The delay in applying software patches is another example of user confusion A patch is software used to repair security flaws or other problems in existing software, and is one of the primary defenses against attacks Many attacks have been successful due to users not installing patches long after they were available Vendors are also overwhelmed by the number of patches that need to be produced, to keep up with the rapidly produced malware. 13 Difficulties in Defending Against Attacks (simplicity of attack tools) Figure 1-1 Increased sophistication of attack tools 14 Difficulties in Defending Against Attacks (simplicity of attack tools) Figure 1-2 Menu of attack tools 15 Defining Information Security? 1. Describes task of guarding information that is in a digital format This information has high value to people and organizations. Examples ? There are some important security properties of the information that should be protected. 2. Ensures that protective measures are properly implemented creates a defense that attempts to ward off attacks and prevents the collapse of the system when an attack occurs, ie. Information Security is Protection ** What are the characteristics/properties of information that should be protected? 16 The C.I.A. Triangle Principles of Information Security, 2nd Edition Confidentiality: prevent unauthorized disclosure of sensitive information for data at rest, in transit or during transformation. Integrity: prevent unauthorized modification, replacement, corruption or destruction of systems or information. Availability: prevent disruption of service and productivity, addressing threats that could Integrity render systems inaccessible. Integrity 17 Other critical characteristics of information Integrity Availability Authenticity: Information is Utility: genuine and original/ data Information has value for some Information origin can be identified purpose accurately Possession: Confidentiality Ownership and control of information Accuracy: Info is free from mistakes and errors Examples - Availability Example violation: After you log in to the ZU network, you find that the library’s electronic catalog is not working (i.e., the resources you have access to are not available to you) 19 Examples - Accuracy Example violation: You have attended a class, but your teacher has marked you absent 20 Examples - Authenticity Example violation: You receive an SMS from your friend’s phone, but the content of the SMS does not seem to come from your friend. Is the SMS truly from your friend? Or has your friend just lost her phone and this message actually comes from a stranger? 21 Examples - Confidentiality Example violation: I left my phone banking personal identity number (PIN) on my desk. You call my bank and use my PIN to check my bank account balance. (You are not supposed to be authorized to access my banking information) 22 PIN issued by a bank 23 Examples - Integrity Example violation: (1) Noise in the transmission media cause data to lose its integrity; (2) You hack into my account and change your attendance record Closely related to and overlap with the concept of accuracy 24 Utility Example violation: You search for information about robotics on a search engine, but it returns you web pages in Japanese (and you don’t know Japanese) Another example? 25 Possession Example violation: I save the mid-term exam questions in a memory key and you steal it from me Closely related to the concept of confidentially. But the violation of possession does not necessarily mean violation of confidentiality… e.g., I may have already encrypted my memory key. Even if you now possess my memory key, you can’t read the files that contain the exam questions. 26 What critical characteristic(s) of information have been compromised? Question 1 A competitor steals Coca Cola’s secret formula. 28 Question 2 An on-line payment system alters an electronic check to read $10,000 instead of ¥10,000 29 Question 3 In 2020, a 15-year old Canadian boy launched denial-of-service attacks against websites belonging to several companies, including Amazon, Dell and eBay. The sites were bombarded with thousands of simultaneous messages, which prevented users from accessing them for up to five hours. 30 User Awareness System Administrators Some scripts appear useful to manage networks… Cracker: Computer-savvy Posts to programmer creates Hacker Bulletin Board attack software SQL Injection Buffer overflow Script Kiddies: Password Crackers Unsophisticated Password Dictionaries computer users who know how to execute programs Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Malware package earns $1K-2K Sell credit card numbers, 1 M Email addresses earn $8 etc… 10,000 PCs info earn $1000 31 Leading Threats & attack tools Viruses Worms Trojan Horses / Logic Bombs Social Engineering Rootkits Botnets / Zombies What is the difference between all these malware anyway? Viruses A virus attaches itself to a program, file, or disk. Program When the program is executed, the virus activates and A replicates itself. Extra Code The virus may be benign or malignant but executes its payload at some point (often upon contact). Viruses can cause computer crashes and loss of data. infects In order to recover or prevent virus attacks: Avoid potentially unreliable websites/emails. Program System Restore. B Re-install operating system. Use and maintain anti-virus software. Viruses Worms Independent program that replicates itself and sends copies from computer to computer across network connections. Upon arrival, the worm may be activated to replicate. Logic Bombs and Trojan Horses Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons. Examples: Software which malfunctions if maintenance fee is not paid. Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system. Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. Logic Bombs and Trojan Horses Social Engineering Social engineering is using psychology and social interactions to manipulate people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: Email: This is John, ABC Bank has the System In Person: noticed a Administrator. What ethnicity problem with What is your are you? Your your account… password? mother’s maiden name? I have come to repair your and have machine… some lovely software patches! Social Engineering Phishing: Counterfeit Email A seemingly trustworthy entity asks for sensitive information such as EID, credit card numbers, login IDs or passwords via e-mail. Pharming: Counterfeit Web Pages Wiping over, but not clicking the link may reveal a different Misspelled address. With whom? Copyright date is old The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner. The counterfeit web page looks like the real thing Extracts account information 42 Botnet A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack. The compromised computers are called zombies. Botnet in action Man In The Middle Attack An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server. Man In The Middle Attack – can you show me an example? Password Cracking Dictionary Attack and Brute Force Pattern Calculation Result Time to Guess (2.6x1018 tries/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028 47 Identifying Security Compromises Symptoms: Antivirus software detects a problem. Disk space disappears unexpectedly. Pop-ups suddenly appear, sometimes selling security software. Files or transactions appear that should not be there. The computer slows down to a crawl. Unusual messages, sounds, or displays on your monitor. Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. The mouse pointer moves by itself. The computer spontaneously shuts down or reboots. Often unrecognized or ignored problems. 48 Malware detection Spyware symptoms Changes to your browser homepage/start page. Ending up on a strange site when conducting a search. System-based firewall is turned off automatically. Lots of network activity while not particularly active. Excessive pop-up windows. New icons, programs, favorites which you did not add. Frequent firewall alerts about unknown programs when trying to access the Internet. Poor system performance. 49 Best Practices to avoid these threats uses multiple layers of defense to address technical, personnel and operational issues. User Account Controls Anti-virus and Anti-spyware Software Anti-virus software detects certain types of malware and can destroy it before any damage is done. Install and maintain anti-virus and anti-spyware software. Be sure to keep anti-virus software updated. Many free and commercial options exist. Contact your Technology Support Professional for assistance. Host-based Firewalls A firewall acts as a barrier between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents many hacker connections to your computer. Firewalls filter network packets that enter or leave your computer Protect your Operating System Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. The Windows Update feature built into Windows can be set up to automatically download and install updates. Avoid logging in as administrator Apple provides regular updates to its operating system and software applications. Apply Apple updates using the App Store application. Use Strong Passwords Make passwords easy to remember but hard to guess: USG standards: Be at least ten characters in length Must contain characters from at least two of the following four types of characters: English upper case (A-Z) English lower case (a-z) Numbers (0-9) Non-alphanumeric special characters ($, !, %, ^, …) Must not contain the user’s name or part of the user’s name Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. Creating Strong Passwords A familiar quote can be a good start: “LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare Using the organization standard as a guide, choose the first character of each word: LIASMWTFOS Now add complexity the standard requires: L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4 types). Or be more creative! Password Guidelines Never use admin, root, administrator, or a default account or password for administrative access. A good password is: Private: Used by only one person. Secret: It is not stored in clear text anywhere, including on Post-It® notes! Easily Remembered: No need to write it down. Contains the complexity required by your organization. Not easy to guess by a person or a program in a reasonable time, such as several weeks. Changed regularly: Follow organization standards. Avoid shoulder surfers and enter your credentials carefully! If a password is entered in the username field, those attempts usually appear in system logs. Avoid Social Engineering and Malicious Software Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust. 57 Avoid Stupid Hacker Tricks Be sure to have a good firewall or pop-up blocker installed. Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner. Never click “yes,” “accept” or even “cancel.” Infected USB drives are often left unattended by hackers in public places. 58 Secure Business Transactions Always use secure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol indicating enhanced security Backup Important Information No security measure is 100% reliable. Even the best hardware fails. What information is important to you? Is your backup: Recent? Off-site & Secure? Process Documented? Encrypted? Tested? Cyber Incident Reporting If you suspect a cybersecurity incident, notify your organization’s help desk or the UOWD ITS help desk immediately. Be prepared to supply the details you know and contact information. 1. Do not attempt to investigate or remediate the incident on your own. 2. Inform other users of the system and instruct them to stop work immediately. 3. Unless instructed, do not power down the machine. 4. Unless instructed, do not remove the system from the network. The cybersecurity incident response team will contact you as soon as possible to gather additional information. Each UOWGE organization is required to have a specific plan to handle cybersecurity incidents. Refer to local policies, standards and guidelines for specific information.