Transcript WEEK 11-12 - State University of Zanzibar

WEEK 11-12
Email Security and Web Components
Malicious Code
• Malicious code is the term used to describe
any code in any part of a software system or
script that is intended to cause undesired
effects, security breaches or damage to a
system.
cont
•
•
•
•
•
•
Malicious Code can take the form of:
Java Applets
ActiveX Controls
Scripting languages
Browser plug-ins
Pushed content
cont
• Once inside your environment Malicious Code
can enter network drives and propagate.
• Malicious Code can also cause network and
mail server overload by sending email
messages, stealing data and passwords,
deleting document files, email files or
passwords, and even re-formatting hard
drives.
cont
• Viruses and worms are related classes of malicious
code; as a result they are often confused.
• Both share the primary objective of replication.
• However, they are distinctly different with respect to
the techniques they use and their host system
requirements.
• This distinction is due to the disjoint sets of host
systems they attack.
• Viruses have been almost exclusively restricted to
personal computers, while worms have attacked only
multi-user systems.
Definitions
• Trojan Horse - a program which performs a useful
function, but also performs an unexpected action
as well.
• Virus - a code segment which replicates by
attaching copies to existing executables.
• Worm - a program which replicates itself and
causes execution of the new copy.
• Network Worm - a worm which copies itself to
another system by using common network
facilities, and causes execution of the copy on
that system.
Backdoor
• Backdoor is malicious code for hidden access
to resources
• Evasion of authentication and access control
mechanisms
• Different variants, e.g. code backdoor,
network backdoor
Example of Backdoor code
• Famous examples
– Script kiddie tools: Netbus, Sub7, Back Orifice
– Ken Thompson’s compiler backdoor
•
•
•
•
Replication: possible
Parasitism: no
Communication: yes
Appearance: ~1960
Logic Bomb
• Logic bomb is malicious code triggered at a
certain event
• Trigger usually temporal, e.g. Friday the 13th »
Main purpose automatic damage and sabotage
• Famous examples
– Logic bomb of R. Duronio took down 2,000 UBS
servers
– Michelangelo virus: Wiping of disk sectors on 6th
March
cont
•
•
•
•
Replication: possible
Parasitism: no
Communication: no
Appearance: ~1960
How to Avoid Malicious Code
• One way to avoid Malicious Code in your
applications is to add static analysis (also
called “white-box” testing) to your software
development lifecycle.
• Review your code for the presence of
Malicious Code. Veracode’s static code
analysis looks at applications in non-runtime
environment.
cont
• This method of security testing has distinct
advantages in that it can evaluate both web
and non-web applications and through
advanced modeling, can detect Malicious
Code in the software’s inputs and outputs that
cannot be seen through other testing
methodologies.
Hoax Email
• What is a hoax email?
• Hoax emails are also knows as 'spoof' emails, meaning
'falsified'.
• A hoaxed/spoofed email is when the sender purposely
alters parts of the email to masquerade as though it
was authored by someone else.
• Commonly, the sender’s name/address and the body of
the message are formatted to appear from a legitimate
source, as though the email came from a bank or a
newspaper or legitimate company on the Web.
Why Would Someone Fraudulently
'Spoof' an Email?
• Purpose 1: the email spoofer is trying to
“phish” your passwords and login names.
• Purpose 2: the email spoofer is a spammer
trying to hide his true identity, while still filling
your mailbox with advertising.
How to Protect from Spooked Email?
• If you don’t believe that the email is truthful,
or that the sender is legitimate, then simply
don’t click on the link and type your email
address.
• If there is a file attachment, simply don’t open
it, lest it contain a virus payload.
• If the email seems too good to be true, then it
probably is, and your skepticism will save you
from divulging your banking information.
Spamming
• Email spam, also known as unsolicited bulk
email (UBE), junk mail, or unsolicited
commercial email (UCE), is the practice of
sending unwanted email messages, frequently
with commercial content, in large quantities
to an indiscriminate set of recipients.
cont
• Pressure to make email spam illegal has been
successful in some jurisdictions, but less so in others.
• Increasingly, e-mail spam today is sent via "zombie
networks", networks of virus- or worm-infected
personal computers in homes and offices around the
globe.
• Many modern worms install a backdoor that allows the
spammer to access the computer and use it for
malicious purposes.
• This complicates attempts to control the spread of
spam, as in many cases the spam does not obviously
originate from the spammer.
Other Types of Spamming
• Mobile phone spam
• Messaging spam
• Social network spam
Mail Encryption Protocols
• Email encryption is encryption of email
messages to protect the content from being
read by other entities than the intended
recipients.
• Email encryption may also include
authentication.
cont
• Email is prone to disclosure of information.
Most emails are currently transmitted in the
clear (not encrypted).
• By means of some available tools, persons
other than the designated recipients can read
the email contents.
• Email encryption has been used by journalists
and regular users to protect privacy.
Email Encryption Protocols
• Protocols for email encryption include:
– Bitmessage
– OpenPGP
– S/MIME
– TLS
Bitmessage
• Bitmessage is a decentralized, encrypted, peer-to-peer,
trustless communications protocol that can be used by one
person to send encrypted messages to another person, or
to multiple subscribers.
• Bitmessage encrypts each users' message inbox using
public-key cryptography and replicates it inside its P2P
network, mixing it with inboxes of other users in order to
conceal user's identity, prevent eavesdropping and allow
the network to operate in a decentralized manner.
• The Bitmessage communications protocol avoids senderspoofing through authentication, and hides metadata from
wiretapping systems.
OpenPGP
• Pretty Good Privacy (PGP) is a data encryption and
decryption computer program that provides
cryptographic privacy and authentication for data
communication.
• PGP is often used for signing, encrypting, and
decrypting texts, e-mails, files, directories, and whole
disk partitions and to increase the security of e-mail
communications. It was created by Phil Zimmermann in
1991.
• PGP and similar software follow the OpenPGP standard
(RFC 4880) for encrypting and decrypting data.
S/MIME
• S/MIME (Secure/Multipurpose Internet Mail
Extensions) is a standard for public key
encryption and signing of MIME data.
• S/MIME provides the following cryptographic
security services for electronic messaging
applications: authentication, message
integrity, non-repudiation of origin (using
digital signatures), privacy and data security
(using encryption).
TLS
• Transport Layer Security (TLS) and its
predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols designed to provide
communications security over a computer
network.
• They use X.509 certificates and hence asymmetric
cryptography to authenticate the counterparty
with whom they are communicating, and to
negotiate a symmetric key.
• This session key is then used to encrypt data
flowing between the parties.
Code-based Vulnerabilities
• These are weaknesses in the code due to error
during its development.
• Cross-Site Scripting is a good example of this
vulnerability.