Upload
domenic-harrison
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
UNDERSTANDING UNDERSTANDING INFORMATION SECURITYINFORMATION SECURITY
Lee Ratzan, MCP, Ph.D.Lee Ratzan, MCP, Ph.D.School of Communication, Information & Library Studies at School of Communication, Information & Library Studies at
Rutgers University Rutgers University [email protected]@scils.rutgers.edu
VIRUSES,WORMS,HOAXES,
And TROJAN HORSES
IT’S A JUNGLE OUT THEREIT’S A JUNGLE OUT THERE
Computer Viruses
Trojan Horses
Address Book theft
DNS Poisoning
Zombies, IP Spoofing
Password Grabbers
Logic Bombs
Network Worms
Hijacked Home Pages
Denial of Service Attacks
Buffer Overruns
Password Crackers
AND THE EVER POPULAR:AND THE EVER POPULAR:
Hoaxes
Ploys
Pop-Ups
Scams
Spam
In 1980 a computer cracked a 3-In 1980 a computer cracked a 3-character password within one character password within one
minute.minute.
DID YOU KNOW?
In 2004 a computer virus infected 1 In 2004 a computer virus infected 1 million computers within one hour.million computers within one hour.
In 1999 a team of computers cracked a In 1999 a team of computers cracked a 56-character password within one day.56-character password within one day.
DEFINITIONSDEFINITIONS
A computer programA computer program
Computer viruses, network worms, Computer viruses, network worms, Trojan HorseTrojan Horse
Tells a computer Tells a computer what to do and how to do it.what to do and how to do it.
These are computer programs.These are computer programs.
SALIENT DIFFERENCES SALIENT DIFFERENCES
1) Computer Virus:•Needs a host file
2) Network Worm: •No host (self-contained) •Copies itself •Executable
•Copies itself•Executable
3) Trojan Horse: • No host (self-contained)•Does not copy itself•Imposter Program
TYPICAL SYMPTOMSTYPICAL SYMPTOMS
• File deletionFile deletion
• File corruptionFile corruption
• Visual effectsVisual effects
• Pop-UpsPop-Ups
• Erratic (and unwanted) behaviorErratic (and unwanted) behavior
• Computer crashesComputer crashes
BIOLOGICAL METAPHORSBIOLOGICAL METAPHORS1. Bacterial Infection Model:
2. Virus Infected Model:
•Single bacterium
•Viral DNA Fragment
•Replication
•Dispersal
•Infected Cells•Replication •Dispersal
A computer virus spreads similarly, hence the name
WHY DO WE HAVE THIS WHY DO WE HAVE THIS PROBLEM?PROBLEM?
Software companies rush Software companies rush products to the consumer products to the consumer
market (“No program should market (“No program should go online before its time…”)go online before its time…”)
Recycling old code reduces development
time, but perpetuates old flaws.
AND A FEW MORE AND A FEW MORE REASONSREASONS
Market share is more important than security
Interface design is more important than security
New feature designs are more important than securityEase of use is more important than security
HACKER MOTIVATIONSHACKER MOTIVATIONS
Attack the Evil Empire Attack the Evil Empire (Microsoft)(Microsoft)
Display of dominance
Misdirected creativity
“Who knows what evil lurks in the hearts of men?”
Showing off, revenge
Embezzlement, greed
NETWORKED SYSTEMS NETWORKED SYSTEMS VS SECURED SYSTEMSVS SECURED SYSTEMS
NETWORKS SECURITY
Open Communicati
on
Closed Communicatio
nFull Access Full Lockdown
Managers must strike a balance
Some platforms are more secure than others
POPULAR FALLACIESPOPULAR FALLACIESIf I never log off then my computer can
never get a virus
If I lock my office door then my computer can never get a virus
Companies create viruses so they can sell anti-virus software
My ISP will
protect me?
Microsoft will protect me
AND A FEW MORE….AND A FEW MORE….I got this disc from my (mother, boss, friend) so it must be okay
You cannot get a virus by opening an attachment from someone you know
But I only downloaded one file
I am too smart to fall for a scam
You can catch a cold from a computer virus
My friend who knows a lot about computers showed me this really cool site…
THINGS THE LIBRARY CAN DOTHINGS THE LIBRARY CAN DO
ACTION PLAN:
•Designate security support staff (and fund them)
•Make security awareness a corporate priority (and educate your staff)
•Enable real-time protection
•Update all vendor security patches
•Subscribe to several security alert bulletins
•Periodically reboot or re-load all computers
•Control, limit or block all downloads and installs
•Install anti-virus software on computers (keep it current)
“It takes a carpenter to build a house but one jackass can knock it down”
(Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)
WHAT CAN THE LIBRARIAN DO?WHAT CAN THE LIBRARIAN DO?
Set bookmarks to authoritative: • virus hoax Web pages
•public free anti-virus removal tools
Provide patrons with: up-to-date information about viruses, etc.
Confirm:that desktops have the latest anti-virus updates
•anti-virus Web pages
BACK IT UPBACK IT UPOffline copies: Grandfather/father/son (monthly/weekly/daily)
Online copies: Shared network drive
Changes only: Incremental/differential
Do not back up a file on the same disc as the original!
Assume every disc, CD, etc is suspect, no matter who gave it to you
“Doveryay, No Proveryay” (Trust but Verify)
MACHINE INFECTED?MACHINE INFECTED?ACTION PLAN:ACTION PLAN:
1)Write down the error or alert message verbatim
•inform your tech support team•quarantine the machine
2) Look up the message in an authoritative anti-virus site (demo)
•diagnose the problem•take recommended remedial action
If appropriate:
3) Reboot the machine
•Run a full system scan before placing the machine back in service
•Apply all missing critical security patches (demo)
•Download, install, run the anti-virus removal tool (demo)
THE HOAX STOPS HERETHE HOAX STOPS HERE
•tells you to do something
•tells you to take immediate action
•cites a recognizable source to give itself credibility (“Microsoft has warned that…”)
•does not originate from a valid computer vendor
IF THE MESSAGE:
•lacks specific verifiable contact information
IF IN DOUBT, CHECK IT OUT
Confirm the hoax by checking it against authoritative hoax sites
Inform other staff so the hoax does not propagate
AND:
POPULAR HOAXES POPULAR HOAXES INCLUDE:INCLUDE:
JDBGMGR (teddy-bear JDBGMGR (teddy-bear icon)icon)
NIGERIA
$800 FROM MICROSOFT
Tricks users into deleting a file
Money scam
Pyramid scheme
STOPPING THE TROJAN HORSESTOPPING THE TROJAN HORSE
The Horse must be “invited in” ….The Horse must be “invited in” ….
How does it get in?
Downloading a file
By:
Installing a program
Opening an attachment
Opening bogus Web pages
Copying a file from someone else
A Trojan Horse exploits computer ports letting its “friends” enter, and
Security patches often close computer ports and vulnerabilities
MORE ON THE HORSE…….
“once a thief gets into your house he opens a rear window for his partners”
NOTE #1NOTE #1 Search engines are NOT reliable sources of Search engines are NOT reliable sources of
virus informationvirus information
Information may be inaccurate, incomplete or out of dateSearch engines generate huge numbers of indiscriminate hitsSome anti-virus Web sites are scams (or contain trojan Horses)
Go directly to authoritative anti-virus sites
NOTE #2NOTE #2
Computer companies are Computer companies are NOTNOT reliable sources of virus informationreliable sources of virus information
are not in the anti-virus business
Usually refer you to an anti-virus vendor
themselves are victims!
Computer companies:
ONLINE RESOURCESONLINE RESOURCES
Authoritative Hoax InformationAuthoritative Hoax Information
securityresponse.symantec.com/avcenter/hoax.htmlsecurityresponse.symantec.com/avcenter/hoax.html vil.mcafeesecurity.com/vil/hoaxes.aspvil.mcafeesecurity.com/vil/hoaxes.asp
Authoritative Anti-Virus Vendor Authoritative Anti-Virus Vendor InformationInformation
ssecurityresponse.symantec.com/avcenter/vinfecurityresponse.symantec.com/avcenter/vinf odb.htmlodb.html
www.mcafeesecurity.com/us/security/vil.htmwww.mcafeesecurity.com/us/security/vil.htm
REFERENCESREFERENCESAuthoritative Security Alert InformationAuthoritative Security Alert Information
securityresponse.symantec.comsecurityresponse.symantec.com// (Symantec)(Symantec)
wwww.microsoft.com/security ww.microsoft.com/security (Microsoft)(Microsoft) www.apple.com/support/security/ www.apple.com/support/security/ (Apple)(Apple)
Authoritative Anti-Virus OrganizationsAuthoritative Anti-Virus Organizations
www.cert.org www.cert.org (Computer Emergency Response Team-CMU)(Computer Emergency Response Team-CMU)
www.ciac.org/ciac www.ciac.org/ciac (CIAC-Department of Energy)(CIAC-Department of Energy)
www.sans.org/aboutsans.php www.sans.org/aboutsans.php (Server and Network Security)(Server and Network Security)
www.first.org www.first.org (Forum of Incident Response and Security (Forum of Incident Response and Security
Teams)Teams)
www.cirt.rutgers.eduwww.cirt.rutgers.edu (Computing Incident Response Team-Rutgers(Computing Incident Response Team-Rutgers))
Authoritative Free Public Anti-Virus Authoritative Free Public Anti-Virus Removal Tool InformationRemoval Tool Information
securityresponse.symantec.com/avcenter/securityresponse.symantec.com/avcenter/tools.list.html tools.list.html
vil.nai.com/vil/averttools.asp vil.nai.com/vil/averttools.asp
mssg.rutgers.edu/documentation/viruses mssg.rutgers.edu/documentation/viruses (Rutgers)(Rutgers)
some professional library sites have some professional library sites have pointers to reliable anti-virus informationpointers to reliable anti-virus information
PRINT RESOURCESPRINT RESOURCES
Allen, Julia, (2001) Allen, Julia, (2001) The CERT Guide to The CERT Guide to System and Network Security PracticesSystem and Network Security Practices, , Addison-Wesley, New YorkAddison-Wesley, New York
Crume, Jeff, (2000) Crume, Jeff, (2000) Inside Internet SecurityInside Internet Security, , Addison-Wesley, New YorkAddison-Wesley, New York
Ratzan, Lee, (January 2005) Ratzan, Lee, (January 2005) A new role for A new role for librarieslibraries, SC Magazine (Secure Computing , SC Magazine (Secure Computing Magazine), page 26Magazine), page 26
Ratzan, Lee, (2004) Ratzan, Lee, (2004) Understanding Understanding Information SystemsInformation Systems, American Library , American Library Association, ChicagoAssociation, Chicago
A NEW ROLE FOR A NEW ROLE FOR LIBRARIES?LIBRARIES?
THE AUTHOR THE AUTHOR ACKNOWLEDGESACKNOWLEDGES
The cooperation of InfoLink (The cooperation of InfoLink (www.infolink.orgwww.infolink.org) for promoting ) for promoting library professional development library professional development programsprograms
The Monroe Public Library for the use The Monroe Public Library for the use of its facilitiesof its facilities
SC Magazine for publishing an essay SC Magazine for publishing an essay on libraries being at the forefront of on libraries being at the forefront of information securityinformation security
Lisa DeBilio for her production of the Lisa DeBilio for her production of the PowerPoint slides. PowerPoint slides. THANK YOU ALL