We are at War

• Computers on the internet are under constant attack. Literally millions are "0wned" by darkside hackers
• The motivation for the attacks has changed from bragging rights for darkside hackers to commercial gain
• Compromising computers has become a commercial criminal activity:
  • identity theft
  • exploitation of controlled systems for illegal activities such as spamming. See honeynet.org for details.
  • Attacks by foreign governments
  • Terrorism

We are losing

1. Rising number of attacks
2. Increasing size of botnets
3. Increases in Spam
4. Google estimates ten percent of web sites host malware
5. Continuously patching systems

Types of Malware

Virus

A virus is executable code that can incorporate itself stealthily into other executable objects. When a program that has been infected by a virus runs the virus code searches out other executables and embeds itself in them.

Worm

Worm (short for tapeworm) is a program that can propagate itself over a network

Trojan

A Trojan, or trojan horse, is a malicious program that masquerades as something else.

Rootkit

A rootkit is software designed to conceal itself from the operating system thereby rendering it extremely difficult to detect and eliminate. (see Sony rootkit)

Backdoor

A hole in the security of a system left in place by designers/maintainers or introduced by other malware. A backdoor provides a secret entrance into the system. Computers with backdoors installed are often referred to as bots or zombies.

Types of Malware (cont)

Spyware

Spyware is any software that secretly runs in the background, collects information about user activity and transmits the information in the background.

Adware

Software package designed to make a computer display advertising without the owner's consent. Examples are programs that hijack a web browser's homepage

Blended Threats

A blended threat combines several of the above types of malware. For example:

• The malware is distributed as a Trojan, perhaps as an email attachment.
• When the malware runs it installs a backdoor turning the system into a zombie.
• The malware infects the system software.
• The malware redistributes itself by sending emails with itself attached.

Social Engineering

Classical Social Engineering

Classical Social Engineering involves an intruder fooling a user to obtain or bypass security credentials. This may be as simple as putting on a uniform.

Phishing

is the practice of sending email masquerading as an established institution (typically a bank) and directing the victim to a website masquerading as that institution to capture login or personal information. Phishing can usually be detected by paying close attention to the url being presented.

Scams

There are no Nigerians, Liberians, or Iraqis trying to transfer millions of dollars to the U.S. They wouldn't pick you if they did. There are people who would like to transfer thousands of dollars from your bank account to theirs. Be very careful about giving out information on the net.

Contributory Negligence: OS issues

Not all computer security problems are the fault of users. Many issues are due to poor decisions or low quality work on the part of software producers.

Overprivileged users

Windows 9x in particular and XP in entirely too many cases. Any user can infect the system itself. In other OS's normal users cannot infect executable files in the OS. XP is capable of separation of privileges but many systems are set up with users as administrators.

Running unneeded services

This is common to both Microsoft and Linux (although recent versions of both are more cautious).

Lack of convenient upgrade

Software upgrades should be simple and (nearly) automatic and include all packages on the system.

Hiding Extensions

Microsoft's default behavior is to hide extensions for known file types. See iloveyou.txt.vbs

Contributory Negligence: Application issues

Generally badly written and insecure applications

Try to avoid using applications with a history of poor security

Executable Documents

The unfortunate blurring of the line between document and program has lead to enormous problems.

Automatic or Trivial execution of programs

Email readers which automatically execute content lead to major problem.

Protecting Yourself

Abstinence

Why do you run software that gets viruses?

Virus protection software

Get it, keep it up to date. A number of commercial anti-virus software products are available. Anti-virus software from Avast, www.freeav.com or Free AVG Anti-Virus are free for personal use.

Be aware that anti-virus software only detects known (older) viruses

Personal Firewalls

I also recommend a personal firewall. Most wireless routers contain a firewall. For software firewalls seehttp://www.snapfiles.com/freeware/security/fwfirewall.html for a list.

Keep up to date

Subscribe to vendor (& other) bulletins. Apply updates religiously.

Common Sense

Be skeptical, don't open unsolicited attachments. Don't trust random email.

Special considerations for servers

• Brute force penetration attacks
• Denial of Service attacks
• Traffic interception

Securing a server

• Choose server software with security in mind
• Do not run unecessary services
• Do keep up to date on security alerts and keep the server patched
• Be extra cautious with remote access
• Know what the server is doing -- logs are there for a reason

Conclusion

• We are losing the war but we have not yet lost it.
• We need to spend more time on security when we train computer professionals