Information Security Awareness
Download
Report
Transcript Information Security Awareness
HISTORY OF CYBER-SECURITY
Surveillance State
Information Warfare
Cyber Crime
Hacktivism
Vandalism
Experimentation
Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Malware package=$1K-2K
A virus attaches itself to a
program, file, or disk
When executed, the virus
activates, replicates
Malware Infection Rates:
○ Web: 1 in 532
Program
A
Extra Code
infects
○ E-mail: 1 in 291
○ 40% of data breaches
Program
B
Independent program sends copies of itself from computer to
computer across networks
To Joe
To Ann
To Bob
Email List:
[email protected]
[email protected]
[email protected]
Social engineering manipulates people into performing actions or divulging
confidential information.
29% of Breaches
Phone Call:
This is John,
the System
Admin. What
is your
password?
Transfer $ from
Nigeria
ABC Bank has a
problem with your
account
Watch this funny
video… see attached
You have a notice
from Facebook
The fake web page looks like the real thing
Extracts account information
An attacker pretends to be your final destination on the network.
The attacker may look like a strong WLAN access point.
1% of hacking attacks
After penetration, hacker
installs a rootkit
Eliminates evidence of
break-in
Modifies the operating
system
Rate of infection/malware
Rootkit: 39%
Backdoor: 66%
Keystroke logger: 75%
HISTORY OF CYBER-SECURITY
Surveillance State
Information Warfare
Cyber Crime
Hacktivism
Vandalism
Experimentation
Anonymous
Political causes, e.g.:
Middle East Democracy
WikiLeaks
Mexican Miner’s rights
Bad ways, e.g.:
Web defacement
DDOS attacks on Visa,
MasterCard, MPAA
Computer hacking
2% of external breaches
Cross international boundaries
Distributed Denial of Service: Attack web pages
$100 per 1000 infected computers
Command & Control: 51% of malware attacks
HISTORY OF CYBER-SECURITY
Surveillance State
Information Warfare
Cyber Crime
Hacktivism
Vandalism
Experimentation
Target: Finance, Retail, Food
55% of external breaches
Cost of Credit Card Numbers:
U.S.: $10
European: $50
Bulk: $1 or more
KEYSTROKE LOGGER
Silently tracks the
keys you enter
Sends credit card
info, password to the
criminal
You see unusual
charges on credit
card statement
75% of Malware
Trojan Horse: Masquerades as beneficial
program
The Zeus Trojan: Infected millions of computers
Mostly in the U.S. and often via Facebook
2007 - today: top 5 malware problems
Steals bank passwords and empties accounts
Can impersonate a bank website
WAR DRIVING & HACKING
Gonzalez cracked and exposed over
170 million credit card numbers
Stole from: Barnes & Noble, Boston Market,
OfficeMax, Sports Authority, TJ Maxx, Dave
& Buster’s, Marshall’s, Heartland Payment
Systems, 7-Eleven, and Hannaford Brothers
Sentenced to 20 years prison, 2009
Followed by 3 years supervised release
2003 arrested & released: became
informant to Secret Service
ATM - POINT OF SALE:
CREDIT CARD FRAUD
Skimmers used at ATMs, gas
stations, stores.
Skimmers make up 91% of
physical security attacks (35%)
Skimmers match color of bank
ATMs
Manufactured in bulk, by 3D
printers
Check for loose parts; hide PIN
Gonzalez encode PINs onto
debit card magnetic strips
RANSOMWARE
You are infected. Buy antivirus.
You’ve stored underage pornography.
Pay a fine or go to jail. -FBI
CryptoLocker: Your disk has been
encrypted. Pay to decrypt.
Pay in 72 hours or else…
Backup can be corrupted – MS Shadow
Swansea, Massachusetts Police paid $750
Pattern
Calculation
Result
Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives
20
Manual 5 minutes
Social Engineering
1
Manual 2 minutes
80,000
< 1 second
American Dictionary
4 chars: lower case alpha
264
5x105
8 chars: lower case alpha
268
2x1011
8 chars: alpha
528
5x1013
8 chars: alphanumeric
628
2x1014
3.4 min.
8 chars alphanumeric +10
728
7x1014
12 min.
8 chars: all keyboard
958
7x1015
2 hours
12 chars: alphanumeric
6212
3x1021
96 years
12 chars: alphanumeric + 10
7212
2x1022
500 years
12 chars: all keyboard
9512
5x1023
16 chars: alphanumeric
6216
5x1028
HISTORY OF CYBER-SECURITY
Surveillance State
Information Warfare
Cyber Crime
Hacktivism
Vandalism
Experimentation
2010 Stuxnet worm,
Developed by U.S.,
Israel
Hit Iranian nuclear
power plants
damaged nearly 1000
centrifuges
nearly 1/5 of those in
service
Iran attacked American
banks, oil companies
INFORMATION WARFARE
Next wars will be computer attacks to power,
water, financial systems, military systems, etc
Cyberweapons are MUCH cheaper than military
Causes as much damage
High priority: Protecting utilities, infrastructure
New black market in 0-day attacks.
Governments pay more > $150,000/bug
Govts. include Israel, Britain, India, Russia, Brazil,
North Korea, Middle Eastern countries, U.S.
New hacking firms openly publicize products
HISTORY OF CYBER-SECURITY
Surveillance State
Information Warfare
Cyber Crime
Hacktivism
Vandalism
Experimentation
21% external breaches:
State affiliated
96% from China
CHINA – IPR THEFT
People’s Liberation Army targets
manufacturing, research, military aircraft
NY Times fought off China for 4 months
Who gave info on P.M. Wen Jiabo?
45 mostly-new malware
Attacked from 8 AM-midnight China time
Stole all passwords; hacked 53 PCs
Discussed repeatedly at Pres. Level
China says U.S. guilty (Snowden)
SNOWDEN RELEASES…
NSA has requested/manipulated:
Water down encryption
Install backdoors in software
Collect communication data
Verizon, Google, Yahoo, Microsoft and
Facebook were coerced into …?
Gag orders prevent companies from speaking
Yahoo/Google: nearly 200 million records, Dec
2012
Includes email metadata (headers) and content
LAVABIT
Provided secure email services…
including to Edgar Snowden
FBI wanted Software, Private Key and
Passwords for ALL clients
Ladar Levison: “I would strongly
recommend against anyone trusting
their private data to a company with
physical ties to the United States.”
Effect: Buyers wary of products from
surveillance-state/info warfare countries
Yes
No
Yes
No
“The confidence that people have
in security is inversely proportional
to how much they know about it.”
-Roger Johnston
Symptoms:
Antivirus software detects a problem
Pop-ups suddenly appear (may sell security
software)
Disk space disappears
Files or transactions appear that should not be
there
System slows down to a crawl
Stolen laptop (1 in 10 stolen in laptop lifetime)
Often not recognized
(Additional) Spyware symptoms:
Change to your browser homepage/start page
Searches end up on a strange site
Firewall turns off automatically
Lots of network activity while not particularly active
New icons, programs, favorites which you did not
add
Frequent firewall alerts about unknown programs
trying to access the Internet
Often not recognized
Anti-virus software detects malware and can
remove it before damage is done
Install, keep anti-virus software updated
Anti-virus is important but limited in capability
Do not open email attachments unless
you expect the email with attachment
you trust the sender
Do not click on links in emails unless
you are absolutely sure of their validity
Only visit and/or download software
from web pages you trust
USE A FIREWALL
Web Response
Illegal Dest IP Address
Web Request
Email
Response
SSH Connect Request
DNS Request
Ping Request
Illegal Source IP Address
Email Response
FTP request
Microsoft NetBIOS Name Service
Email Connect Request
Telnet Request
Web
Response
Microsoft regularly issues updates to fix security problems
Windows Update should automatically install updates.
Avoid logging in as administrator
Merry Christmas
Bad
Password
(Lengthen)
Merry Xmas
MerryChrisToYou
(Synonym)
(Intertwine
Letters)
(convert vowels
to numeric)
MerryJul
(Abbreviate)
MaryJul
MerChr2You
(Keypad shift
Right …. Up)
MXemrarsy
Good
Password
Glad*Jes*Birth
,rttuc,sd
M5rryXm1s
J3446sjqw
Mary*Jul
mErcHr2yOu
Combine 2 unrelated Mail + phone = m@!lf0n3
words
Abbreviate a phrase
My favorite color is blue=
Mfciblue
Music lyric
Deck the halls with boughs
of holly,
Fa la la la la la la la la la
Dthwboh,F9xl
Access
Control
File 1
File 2
Proc. A
J_Doe
Matrix C
J_Arn
Owner:
RWX
R
Wakeup
stop
Owner
Control:
Grant /delete
Owner
Control:
Grant/delete
J_oe
R
Owner:
RWX
Access Control:
Login
Role
Mandatory vs. Role-Based
J_Arn
Sys Admin, Mgmt
J_Doe
Engineering
Role-based
AC
File 1
File 2
Proc. A
Engineering
Matrix C
Sys Admin
RWX
R
Wakeup
stop
Owner
Control:
Grant /delete
Owner
Control:
Grant/delete
Engineering
R
Owner:
RWX
Security Access Token
Security ID (SID): 211
Associated with John Smith
Group SIDs: 311, 315
Roles or Groups John is in
Privileges:
Create Token
Default Owner: 211
When John creates files, he is the owner.
Default ACL: rwx r r
Each created file has the following
permissions:
John: rwx
Groups: r
Others: r
Always use secure browser to do online purchasing
Never use a Debit card on-line.
Frequently delete temp files, cookies, history, saved passwords etc.
https://
Symbol showing
enhanced security
Disappearing info: Malware,
ransomware, disk failure, …
What information is important to you?
Is your back-up:
Recent?
Off-site & Secure?
Process Documented?
Tested?
Encrypted?
Restricted data includes:
Social Security Number
Driver’s license # or state ID #
Financial account number (credit/debit) and
access code/password
DNA profile (Statute 939.74)
Biometric data
In US, HIPAA protects:
Health status, treatment, or payment
Thanks to:
UW Parkside: Sabbatical
Keep Safe!