22
The risk factor between the keyboard and the chair – or nobody's child? SPI2009 Kaido Kikkas

The risk factor between the keyboard and the chair – or nobody's child? SPI2009 Kaido Kikkas

Embed Size (px)

Citation preview

The risk factor between the keyboard and the chair – or nobody's child?

SPI2009Kaido Kikkas

A crazy dream

An evil wizard made all the traffic cops to disappear

...driving schools disappeared too ...as well as most traffic signs

The traffic started to look like Internet

The reality case: Joe Sixpack

A nice guy and family man, a mechanic by trade Joe goes to the big department store and decides

to buy his family a new computer for Christmas – great, they had a nice deal with printer and scanner included!

He will unpack the PC and set it up, next day a technician will come and set up his network

For a couple of days, everything is smooth Then some new programs appear, the computer

slows down, lots of ads will show up...

What is the real problem

Joe Sixpack dealt with Computer seller Software seller Network company

None of them were concerned of his security

In the old times

Cracking computers was less malicious (pranks) seldom economically motivated a contest of equals demanding some skill done by quite a small number of people

Today: Netbus....

Back Orifice 2000....

Sub7

The mass factor

For each malicious AND skilled cracker, there is a large number of script kiddies with no skills no life lots of free time to burn

Again the well-equipped fools – but this time a bit different kind

Wild shots

In fact, no one actually aimed to nail Mr Sixpack It was just an undefended machine “Nothing personal” (followed by two head shots) The kiddies comb a segment of the Net, typically

scanning for a certain vulnerability (can also function as foot soldiers for more sophisticated cracker gangs or RBN-like criminal networks)

“Who gives a sh...?”

Quite a common reaction – I am no president/businessman/actor/politician/sportsman

Who cares if my machine is cracked? I DO! Because it will typically join thousands of others

in Storm or similar botnet – AND I MAY GET HIT

A botnet?

Lots of hijacked computers controlled centrally Major uses

Sending spam and propagating scams DDOS attacks – increasingly used in organised

extortion schemes Increasingly used in political attacks

Some other uses for a hijacked PC

Online porn archive – ordinary is just an embarrassment, but child/snuff porn also exists – and earns the propagators a long time in prison

Warehouse for illegal software – BSA will freak out

IRC trading channel for e.g. stolen credit cards Spam engine Attack springboard Money source (via online banking)

Another problem: pick two of three

Simple, affordable, secure Typical perception:

Windows PC: (quite) affordable, simple Mac: simple and (quite) secure Linux PC: affordable and secure

Not exactly true, but hard to change Car race analogy: Joe Sixpack in a top-notch race

car vs Sebastian Loeb in an old Lada – the driver counts the most, but the platform plays a role too

Hopeless....?

Not really Most really simple attacks target systems without

updates – keeping a system up to date helps a lot The apartment door analogy: all sensible people

invest in locks which won't last against any special operations unit – but will keep out the guys needing the next needle

Remember: there is no 100% security – but we may raise the level high enough to keep a majority of smaller pests out

Ten Commandments for home users 1. Thou shalt keep your Systems updated 2. Thou shalt not take the Rights of Administrator

in vain 3. Thou shalt choose all passwords carefully,

paying utmost care to the Administrator account, likewise shall thine passwords not have valid meaning in any known language

4. Thou shalt create separate accounts for each User of thine Computer

5. Thou shalt have good shields if thou insist on using Windows

6. Thou shalt not touch unknown Attachments in thine Mail and not allow anyone who lives in thine household to do it

7. Thou shalt put junk mail filters into good use 8. Thou shalt know what Software lies in thine

Computer 9. Thou dost well if thou use OpenOffice.org,

Mozilla Thunderbird and Firefox instead of MS Office, MS Outlook and Internet Explorer

10. Thou shalt seek wise people to help thee, and wisdom for thyself. A wise Man may err once, while a Fool keeps doing it all over

(Amen!)

Scripture commentary follows

1. Update, update, update. Every system 2. Have at least two accounts in XP – one for

administration, another for everyday use. Vista's UAC may make it a little less important, but it can be done there too

3. Typical password attacks are based on dictionary-type files. Therefore – no straight meaning (hidden ones are recommended though), at least 6-8 symbols, at least two cases plus numbers

4. If there are more than one user, each should have their own account – makes it easier to track problems

5. Shields in Windows include Antivirus (ClamWin is free and open-source) Anti-spyware (Defender, S&D, others) Firewall (Comodo is good) Browser popup and script blockers (for Firefox e.g.

AdBlock Plus and NoScript) 6. If you don't know the sender, don't open it 7. Junk mail filters can be combined if needed,

e.g. may add SpamAssassin to Thunderbird etc, they also need to be trained

8. Your computer is not a box of chocolates (sorry, Forrest!). Or else the bad guys won't even need a rootkit

9. MS Office, Outlook and IE are Big targets Easy targets

10. “A man learns all his life, yet dies a fool” - the question is, how big a fool...

Some notes about the Web

Passwords should not be written down recycled

In case of a monetary transaction over the web Check the address. Twice Check the web page – is it the right one or only poses

as one? Think critically – does a bank ask things like this?

Conclusion

Things are bad enough Protecting one's machine adequately means one

less machine in botnets PROTECT YOURSELF AND TEACH OTHERS