Transcript CYBER SECURITY 101 - New Jersey State Library

CYBER SECURITY 101
[email protected]
TOPICS
• Past Present and Future
• Vulnerability, Attack, Defense
– Network
– Password
– Social Engineering
– Design
• Resources
The First Virus
In 1969 the first message was sent on the precursor to the ARPANET a precursor to the
modern internet.
In 1971 the creeper virus was created. It replicated
itself across the ARPANET and installed on the local
system displaying the message. “IM THE CREEPER.
CATCH ME IF YOU CAN”. Another programmer wrote a
program “REAPER” to seek out and destroy the
CREEPER virus.
In December 2013 Microsoft moved to take
down the ZeroAccess botnet comprised of ~ 3
million infected computers.
CYBER THREATS
SCALE
Hard Drive Size: 500 GB
GB = Giga Byte
Giga = 1.0 E 9 = Billion = 1000 million
Byte = 8 bits = Memory to store ~ 1
character “a”
Bit = Binary digit = 1 or 0
Nibble = 4 bits or half a byte 
MP3 Size: 3.5 MB
MB = Mega Byte
Mega = 1.0 E 6 = Million =
1000 thousand
Trojan: 100 KB
KB = Kilo Byte = 1.0 E 3 = thousand
VIRUS
• A self replicating program
• installs itself in another program.
• not necessarily malicious
• Harm may result due to its method
of infection
• Memory in a computer is a
approximate thing.
• Viruses exploit this to infect a program.
• empty space in memory blocks
• Compress a program to make
room
• Delete parts of program and insert
its code
• Dispersal amongst many files using
multiple methods.
MUTATION
• Viruses, Trojans and worms can infect
each other
• May be accidental or intentional
• Popular viruses may be exploited by
other virus writers.
• May work in tandem or conflict.
• Exploit the same flaw
• Exploit resultant flaws
• Delete and replace existing
infection
Ex. Cholera/CTX is the cholera virus
infected with the CTX mass mailing
worm. Mutations are rarely viable, but
still a threat. Doubly so since they
present an additional challenge of
detection, and malfunction.
• non replicating
• uses subterfuge to infect
• Usually not destructive in and
of themselves,
• Tend to open backdoors for
• more malicious programs
• monitoring
• Remote control
• Stealing personal
information
• Key logging
• Vectors
• attachment in a email
• free program to
download movies
• Fake AV pop up
• May perform as advertised or
appear to fail to do anything
TROJAN HORSE
ZEUS / SPYEYE
There was a crackdown on
ZEUS/SPYEYE in 2010. It was
used to steal information
from NASA, Bank of America,
CISCO, Amazon.
• Easy to install
• User friendly
• Difficult to attribute
Worms
• Self replicating
• propagate by exploiting vulnerabilities
• open network ports,
• flaws in software design.
• Incidental cost due to transmission
method
• consumes excessive bandwidth
while searching for new targets
• This suspicious traffic makes it
easier to spot
There’s some overlap in the definition of different
types of malware. The distinction doesn’t really
matter since the goal is to prevent infection and keep
your system secure.
No system is perfect but there’s a great deal the
average user can do to thwart attackers and protect
themselves.
Social engineering is a big part of malware. If you
encounter a fake AV program, or PHISHING attempt it
is intentionally alarmist. It covers most your screen
with a flashing dire warning and counters racking the
total number of infections found.
Spear phishing is becoming more common too. It’s
hard to avoid putting information out there as a public
institution. Encountering a Cyber threat is inevitable,
but most attempts are fairly transparent.
grey
area
Vitek Boden :
Machony shire, Australia In 2001 millions of tons of
sewage were dumped into natural parks by the
Queensland waste management system. At first they
thought it was a malfunction but after the problem
persisted they realized they were subject to an cyber
attack.
The stations had remotely controllable nodes and they
noticed a pattern of the attacks and setup a sting
capturing 49 year old Vitek Boden in his car with a laptop
and some propriety hardware for the accessing sewage
systems controls.
Lulsec:
Was a group of hackers who gained notoriety in
2011 for a series of high profile attacks against
corporations. Most members were caught after
their leader outted himself to an FBI informant
and assisted in there capture.
AV : Antivirus
They operate by scanning your system
against there database of malware
signatures. There’s no reason not to
have one.
They can be bothersome due to system
resource consumption and permission
conflicts but their settings can be
tweaked to reduce their resource usage
and when installing programs from a
trusted source they can be disabled.
Still they should be installed. Scans
should be run at least weekly and virus
definitions updated daily.
Firewall
Controls network traffic flow. What programs can
communicate on which ports, and filters incoming traffic.
Stand alone equipment, and most O/S have one built in.
Spam Filters
SPAM is such a problem that this is a de-facto feature of most
mail clients and AV applications, but it’s worth noting. They can
operate intelligently parsing mail based on algorithms ranging
from strong to weak or in conjunction with whitelist/blacklist.
Whitelisting is inclusive, you designate what domains, or
addresses can pass through to your mailbox.
Blacklist are exclusive, designating what domains or addresses
cannot send mail to your mailbox.
System Permissions
Operate using the lowest permission level possible.
• An infection operates with the same permissions it is running under.
• It’s possible to limit the scope of infections by using an account with standard
permissions
• If your system is infected as an admin, your whole system is now
vulnerable
• As a standard user it may be limited to that profile
• The default account created usually is an Administrator regardless of its name
Phishing is an attempt to gain access to credentials,
account information, or funds directly. Usually
they’re SPAMMed in bulk.
Spear PHISHING is a target phishing attempt. The
message will be tailored towards a specific group of
users. In either case the same principles of
avoidance apply.
Spotting Spam
•
•
•
•
Grammar
Check the sender address.
Mouse-over links
If you get an email from a vendor
and you thinks it’s illegitimate.
Just go to the site.
Mobile Devices
Increasingly targeted by cyber attackers
• They face the same threats as computers
(viruses, worms, trojans, etc)
• Unsecure Apps
• Gather personal information
• Create security holes
• Embedded malware
• Anti Virus Apps
SpyGold.A
•
•
•
•
•
•
•
Trojan
Targets Android OS
Forwards copies of txt messages and phone calls onto a
remote server.
Installs/Uninstalls apps
Makes phone calls
Sends TXTs
Can operate at a bot
Cyber Security Tips
•
•
•
•
Passwords
Updates
Trusted Sources
Constant Vigilance
Cracking Passwords
•
•
•
3 General Methods
Brute force: every possible password
Dictionary: common passwords and iterations
Capture:
•
•
deciphering the encrypted password
Spoofing an active session
(also some combination of the three)
•
•
•
•
•
Don’t use a common phrases or
words
Don’t use the same password in
multiple places
Make it Complex
Change it occasionally
Make it Easy to remember
Password
Policy
http://www.huffingtonpost.com/2014/01/22/most-common-passwords-2013_n_4646352.html
Password Re-use
•
Cascade
– Attackers won’t stop at exploiting one account
– Using different passwords prevents limits the scope of successful attacks
•
Varying levels of encryption
– Not every site stores passwords with the same level of security
– Not every site needs a strong password
•
•
•
•
Online Banking: Yes
Candy Crush : No
Candy Crush with saved credit card: Yes
Open Sessions
– After logging into a website a session is created
– Attackers can bypass authentication by capturing this session information
•
•
•
•
Don’t keep multiple tabs or windows open when accessing secure sites
Logout when you’re finished working on a site
Routinely clear internet history
Avoid storing passwords in the browser
Creating a strong, easy to
remember password
•
•
•
•
•
•
Simple phrase: what day is it again?
Remove spaces: whatdayisitagain?
Capitol Letters: wHatdayisitagain?
Numbers: wHatd7ayisitag4ain?
Special Characters: wHatd7!ayisitag4ain?
Extra letters wHatd7!ayisihtag4ain?
Final Word
•
•
•
•
•
•
•
•
Explore your computer while it’s working so you’ll know when it’s not
What accounts are on the machine?
• What permission levels do they have?
What programs and services are running ?
• Start automatically ?
What files (pictures, documents, etc) are important ?
• When was the last time you backed them up ?
• Are they backed up online and offline ?
• Is the online backup secure ?
Antivirus program
• How up to date is the program ?
• Up to date Virus definitions ?
• Routine Scan schedule ?
Firewall is running
• What programs are allowed through
What internet browser(s) do you use ?
• Are they up to date ?
• What Plugins, Toolbars, Add-Ons does it have ?
• Are they from a trusted source ?
• Are they up to date ?
• Do they collect personal information and what ?
What version of
• Adobe Reader
• Adobe Flash
• ActiveX or Plugin
• Java
Resources
Free AV Applications
http://www.malwarebytes.org/mwb-download/
http://www.kaspersky.com/virus-scanner
http://www.avg.com/us-en/free-antivirus-download
Wild list
http://www.virusbtn.com/vb100/latest_comparative/index
National Institute of Standard and Technology
http://csrc.nist.gov/
Department of Homeland Security
https://www.us-cert.gov/ncas/tips
https://www.dhs.gov/cybersecurity-tips
http://www.us-cert.gov/publications/securing-your-web-browser
Password Strength Checker
https://www.microsoft.com/en-gb/security/pc-security/passwordchecker.aspx
Sophos A-Z Threats
http://www.sophos.com/en-us/security-news-trends/securitytrends/threatsaurus.aspx
CYBER SECURITY 101
[email protected]