Cal Poly Pomona Foundation

Security Awareness Brown Bag Series

Sponsored by Foundation MIS

Beginners Guide to Computer Security

Beginners Guide to Computer Security

Threats and Countermeasures

ObjectivesProvide an overview of the mostcommon threats and how to buildlayered protection.

Spam Security Tools Anti-Virus Software Security Policies Passwords Firewalls Encryption Summary

Importance Of Security Threats to Data Viruses Trojan Horse Programs Vandals Attacks Data Interception Scams

Good News – Bad News

• Internet transforms and greatly improves our lives• Opened the door to an increasing number of

security threats from which individuals, families and business must protect themselves

• Consequences of attacks can range from the mildly inconvenient to the completely debilitating– Important data can be lost– Privacy can be violated – Computer can even used by an outside attacker

to attack other computers on the Internet.

Threats to Data

• Come from a very small minority• A car thief can steal only one car at a

time• Single hacker working from a single

computer can generate damage to a large number of computer networks

• A general knowledge of security threats and how to protect yourself is essential

Viruses

• Most widely known security threat due to extensive press coverage.

• What is a virus? – Computer programs that are written by

devious programmers and are designed to replicate themselves and infect computers when triggered by a specific event.

• Example - Macro viruses attach themselves to files that contain macro instructions (routines that can be repeated automatically, such as sending email) and are then activated every time the macro runs.

Effects

• Benign - cause annoying interruptions such as displaying a comical message when striking a certain letter on the keyboard

• More destructive - cause such problems as deleting files from a hard drive or slowing down a system

How to “catch” it

• A computer can be infected with a virus only if the virus enters through an outside source– an attachment to an email– a file downloaded from the Internet.

When one computer on a network becomes infected, the other computers on the network – or for that matter other computers on the

Internet – are highly susceptible to contracting the virus.

Trojan Horse Programs • Delivery vehicles for destructive

computer code• Appear to be harmless or useful

software programs, such as computer games, but are actually enemies in disguise

Trojan Horse Programs

• Can delete data, mail copies of themselves to e-mail address lists and open up computers to additional attacks

• Can be contracted only by – copying the Trojan horse program to a

computer– downloading from the internet or – opening an email attachment

Vandals

• Web sites have come alive through the development of such software applications as ActiveX and Java Applets – enable animation and other special

effects to run, making web sites more attractive and interactive

Caution

• However, the ease with which these applications can be downloaded and run has provided a new vehicle for inflicting damage

• Vandals can take on the form of a software application or applet that causes destruction of various degrees

• A vandal can destroy a single file or a major portion of a computer system

Attacks

• Innumerable types of network attacks have been documented, and they are commonly classified in three general categories: – reconnaissance attacks– access attacks, and – denial of service (DoS) attacks.

Reconnaissance Attacks

• Reconnaissance - information gathering activities by which hackers collect data that is used to later compromise networks

• Software tools, such as sniffers and scanners, are used to map out and exploit potential weaknesses in home computers, web servers and applications – Example – password cracking software

Access Attacks

• Access attacks are conducted to gain entry to e-mail accounts, databases and other confidential information

Dos Attacks

• DoS attacks prevent access to all or part of a computer system.

• Usually achieved by sending large amounts of jumbled or other unmanageable data to a machine that is connected to the Internet, blocking legitimate traffic from getting through.

• Even more malicious is a Distributed Denial of Service attack (DdoS) in which the attacker compromises multiple machines or hosts.

Data Interception

• The intercepting perpetrators might eavesdrop on communications or even alter the data packets being transmitted

• Various methods to intercept data– IP spoofing, for example, entails posing as

an unauthorized party in the data transmission by using the internet protocol (IP) address of one of the data recipients

Scams

• Stakes are higher as they've got easy access to millions of people on the internet

• Email– May contain a hyperlink to a web site that asks

you for personal information, including your password

– May contain a solicitation for your credit card information in the guise of a billing request

Protect Yourself

• Never give out your password, billing information or other personal information to strangers online

• Be mindful of who you're talking with before you give out personal information

Protect Yourself• Don't click on hyperlinks or download

attachments from people/web sites you don't know

• Be skeptical of any company that doesn't clearly state its name, physical address and telephone numbe

• Great Home Computer Security Webpagehttp://www.cert.org/homeusers/HomeComputerSecurity/

Spam

• Unsolicited e-mail or the action of broadcasting unsolicited advertising messages via e-mail

• Takes up time and storage space on their computer

• Report it to ISP. Check your ISP help areas to find out how to report spam

Security Tools

• First, understand the threats• Second, put proper safeguards in place• Extensive choice of technologies

– Anti-virus software packages– Firewalls for providing protection– Implement proper computer security

without compromising the need for quick and easy access to information

Anti-virus Software• Relies on early warnings of new viruses, so

that antidotes can be developed and distributed quickly

• 1,000’s of new viruses being generated every month– Essential virus database be kept up to date– Record held by the anti-virus package that helps

identify known viruses when they attempt to strike

– Can prompt users to periodically collect new data

Security Policies

• Rules and written or verbal regulations by which all staff, students and faculty operate

• Often preempt security breaches • Customers or suppliers with access

to certain parts of the network need to be adequately regulated

Passwords

• Simplest and most common way to ensure that only those that have permission can enter your computer or certain parts of your computer network

• Virtually ineffective if people do not protect their passwords.

• The golden rules, or policies for passwords are: • Make passwords as meaningless as possible • Change passwords regularly • Never divulge passwords to anyone

Firewalls

• A hardware or software solution to enforce security policies

• Built-in filters that can disallow unauthorized or potentially dangerous material from entering the system

• Logs attempted intrusions

Firewall Basics

What They Do and How They Work

What Does a Firewall Do?

• In general, firewalls try to keep people from remotely accessing your computer in bad ways when you are connected to the internet

How Do Firewalls Work?• Most firewalls are designed to

allow or block specific types of data going to and from your computer to the internet

• Allow "good" data traffic and block all "bad" data traffic

How Do Firewalls Work?• "Good" traffic is the kind you need to do

things like: surf the web, download files, chat, share files, etc

• "Bad" traffic is what hackers might do like: steal files on your computer, use a Trojan to control your computer, disrupt your connection or network, etc

• Doors (ports) are points where a person (hacker) can get in

• Think of a firewall as a security guard who is watching each door and who is going in and out of the doors

Computer – a House With Many Doors

• The firewall makes sure only the right doors get opened and that only the right people (data) have access to your house

• Some firewalls can also hide your house (computer) so casual hackers can't see it (also called "stealth mode“)

Computer – a House With Many Doors

What Traffic Is Good/What's Bad?

• Experience• Reading• Learning• The easiest way is to start with a

simple firewall program, see how it works and then graduate to more sophisticated solutions as you gain knowledge

Do Firewalls Prevent Viruses and Trojans?

• NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine

• 95% of all viruses and trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program

• Firewalls can't prevent this -- only a good anti-virus software program can

• However, once installed on your PC, many viruses and trojans "call home" using the internet to the hacker that designed it

• This lets the hacker activate the trojan and he/she can now use your PC for his/her own purposes

• A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system

Do Firewalls Prevent Viruses and Trojans?

What Is "Stealth" Mode?

• In theory, stealth mode hides all the ports on your computer from being visible to others on the internet. – Some think this makes them less vulnerable to a

malicious attack and consider it the "holy grail" of firewall configurations.

• While true that your ports are "invisible", a "stealthed" computer really looks like a black hole to a hacker. – Data goes in but it never comes out.

Stealth Mode• A good hacker can spot this behavior - may

actually consider it a challenge to try to break in as he/she wonders what's there– Sometimes, staying in plain sight makes you less

attractive as a target

• Achieving "stealth" mode with some network configurations (such as Microsoft internet connection sharing or ICS) can be very difficult

• Stealth mode can make it difficult for the networked computers to "see" and interact with the gateway computer

• Computers don't stay "stealthed". The moment you do something that accesses the internet from your end, you're "unstealthed" because data is coming out

• Any hacker with a packet sniffer who knows where to look can tell that something's there

Encryption

• Ensures that messages cannot be intercepted/read by anyone other than the authorized recipient

• Deployed to protect data transported over a public network (internet)

• Uses advance mathematical algorithms to ‘scramble’ messages and their attachments

Encryption

• Provides the security necessary to sustain the increasingly popular virtual private network (VPN) technology– VPNs are private connections, or tunnels,

over public networks– Deployed to protect telecommuters, mobile

workers, branch offices and business partners to corporate networks or each other

Summary

• Common sense, some simple rules and a few pieces of technology can help protect your computer systems from unauthorized use

• Important to remember that by protecting your own computer system, you're also doing your part to protect computers throughout the university

Resources at Cal Poly Pomona University

Foundation MIS http://www.foundation.csupomona.edu/financial

• Policies, procedures and guidelineshttp://foundation.csupomona.edu/hr/hrpolicies.aspx

• University I&IThttp://www.csupomona.edu/~ehelp