0% found this document useful (0 votes)
108 views57 pages

L9 Computer Network Security

Uploaded by

Sana Khattak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
108 views57 pages

L9 Computer Network Security

Uploaded by

Sana Khattak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 57

Computer and Network

Security
Lecture#09
Prepared by Sana Khattak
Sana Khattak ([email protected])

• Introduction
• Hacking
Lecture
• Malware
Overview
• Cyber crime and cyber attacks
• Online voting
Introduction
• Computers getting faster and less
expensive
• Utility of networked computers
increasing
• Shopping and banking
• Managing personal information
• Controlling industrial processes
• Increasing use of computers ® growing
importance of computer security

Sana Khattak ([email protected])


Hacking

Sana Khattak ([email protected])


Sana Khattak ([email protected])

Hackers, Past and Present

• Original meaning of hacker: explorer, risk taker, system innovator


• MIT’s Tech Model Railroad Club (TMRC) in 1950s
• 1983 movie WarGames
• Modern meaning of hacker: someone who gains unauthorized access
to computers and computer networks
MIT’s Tech Model Railroad Club (TMRC)

Sana Khattak ([email protected])


Obtaining Login Names, Passwords
Eavesdropping

• Simply looking over the shoulder of a computer user to learn his login name
and password.

Dumpster Diving

• Means looking through garbage for interesting bits of information.

Social engineering

• Refers to the manipulation of a person inside the organization to gain access to


confidential information.

Sana Khattak ([email protected])


Password Dos and Don’ts
• Do not use short passwords.
• Do not use a word from the dictionary.
• Do not rely on substituting numbers for letters.
• Do not reuse passwords.
• Give ridiculous answers to security questions.
• Enable two-factor authentication if available.
• Have password recoveries sent to a secure email address.

Sana Khattak ([email protected])


Computer Fraud and Abuse Act

• Criminalizes wide variety of hacker-related activities


• Transmitting code that damages a computer
• Accessing any Internet-connected computer without authorization
• Transmitting classified government information
• Trafficking in computer passwords
• Computer fraud
• Computer extortion
• Ransomware, DDoS Attacks, Data Breach Threats, Threats of Releasing Embarrassing
or Sensitive Information,
• Maximum penalty: 20 years in prison and $250,000 fine

Sana Khattak ([email protected])


Sana Khattak ([email protected])

• Sidejacking: hijacking of an open Web session by


capturing a user’s cookie.
• Sidejacking possible on unencrypted wireless
networks because many sites send cookies “in
Sidejacking the clear”
• Internet security community complained about
sidejacking vulnerability for years, but
ecommerce sites did not change practices
• October 2010: Eric Butler released Firesheep
extension to Firefox browser
• Firesheep made it possible for ordinary computer

Case Study:
users to easily sidejack Web sessions
• More than 500,000 downloads in first week
Firesheep • Attracted great deal of media attention
• Early 2011: Facebook and Twitter announced
options to use their sites securely
• Was Firesheep release good?

Sana Khattak ([email protected])


Act Utilitarian Analysis
• Release of Firesheep led media to focus
on security problem
• Benefits were high: a few months later
Facebook and Twitter made their sites
more secure
• Harms were minimal: no evidence that
release of Firesheep caused big increase
in identity theft or malicious pranks
• Conclusion: Release of Firesheep was
good

Sana Khattak ([email protected])


• By releasing Firesheep, Butler helped public understand lack
of security on unencrypted wireless networks

Virtue • Butler’s statements characteristic of someone interested in


protecting privacy
Ethics • Butler demonstrated courage by taking responsibility for the
Analysis program
• Butler demonstrated benevolence by making program freely
available
• His actions and statements were characteristic of someone
interested in the public good

Sana Khattak ([email protected])


Kantian Analysis

• Accessing someone else’s user account is an invasion of their privacy and is


wrong
• Butler provided a tool that made it much simpler for people to do something
that is wrong, so he has some moral accountability for their misdeeds
• Butler was willing to tolerate short-term increase in privacy violations in hope
that media pressure would force Web retailers to add security
• He treated victims of Firesheep as a means to his end
• It was wrong for Butler to release Firesheep
([email protected])

• There are other ways Butler could have achieved his goal.
• For example, he could have gone on a popular television show and hacked into
Sana Khattak

the host’s Facebook page, generating a great amount of publicity without


having to release the software.
Malware

Sana Khattak ([email protected])


Viruses
• Virus: Piece of self-replicating code embedded within another program (host).
• When a user executes a host program infected with a virus, the virus code executes
first. The virus finds another executable program stored in the computer’s file
system and replaces the program with a virus-infected program.
• Viruses associated with program files
• Hard disks, floppy disks, CD-ROMS
• Email attachments
• How viruses spread
• Diskettes or CDs
• Email
• Files downloaded from Internet

Sana Khattak ([email protected])


One Way a Virus Can Replicate

Sana Khattak ([email protected])


Email
Attachment
with Possible
Virus

Sana Khattak ([email protected])


How an Email Virus Spreads

Sana Khattak ([email protected])


Antivirus Software Packages
• Allow computer users to detect and destroy viruses
• Must be kept up-to-date to be most effective
• Many people do not keep their antivirus software
packages up-to-date
• Consumers need to beware of fake antivirus
applications

Sana Khattak ([email protected])


Worm

• Self-contained program
• Spreads through a computer network
• Exploits security holes in networked
computers

Sana Khattak ([email protected])


How a Worm Spreads

Sana Khattak ([email protected])


Sana Khattak ([email protected])
The Internet
Worm
Ethical Evaluation
Kantian evaluation
• Morris used others by gaining access to their computers without permission

Social contract theory evaluation


• Morris violated property rights of organizations

Sana Khattak ([email protected])


Conclusion
• Morris may not have been acting maliciously, but he was acting selfishly.
• If he had wanted to experiment with worms, he probably could have gotten
permission to try out his creations on a local area network detached from the
Internet.
• Even if his worm multiplied out of control, there would have been no fallout to the
rest of the computer community.
• Instead, he chose to use the entire Internet as his experimental laboratory,
inconveniencing thousands of people.

Sana Khattak ([email protected])


Sana Khattak ([email protected])

Conficker Worm
• Conficker (a.k.a. Downadup) worm appeared in 2008 on Windows
computers
• Designed to exploit vulnerabilities in the Windows operating system
• Spread primarily through network connections and by infecting computers
connected to shared networks or by utilizing infected USB drives.
• Millions of copies of worm are circulating
• Purpose of worm still unknown
Cross-site Scripting

• Another way malware may be downloaded without user’s knowledge


• Problem appears on Web sites that allow people to read what others have
posted
• Attacker injects client-side script into a Web site
• Victim’s browser executes script, which may steal cookies, track user’s
activity, or perform another malicious action

Sana Khattak ([email protected])


Drive-by Downloads

• Unintentional downloading of malware


caused by visiting a compromised Web
site
• Also happens when Web surfer sees pop-
up window asking permission to download
software and clicks “Okay”
• Google Anti-Malware Team says 1.3
percent of queries to Google’s search
engine return a malicious URL somewhere
on results page

Sana Khattak ([email protected])


Trojan Horses and
Backdoor Trojans

• Trojan horse: Program with benign


capability that masks a sinister
purpose
• Backdoor Trojan: Trojan horse that
gives attack access to victim’s
computer

Sana Khattak ([email protected])


Sana Khattak ([email protected])

Rootkits

• Rootkit: A set of programs that provides privileged access to a


computer
• Activated every time computer is booted
• Uses security privileges to mask its presence
Spyware and Adware

• Spyware: Program that communicates over an Internet connection


without user’s knowledge or consent
• Monitor Web surfing
• Log keystrokes
• Take snapshots of computer screen
• Send reports back to host computer
• Adware: Type of spyware that displays pop-up advertisements related to
([email protected])

user’s activity
• Backdoor Trojans often used to deliver spyware and adware
Sana Khattak
• Bot: A kind of backdoor Trojan that responds
to commands sent by a command-and-control
program on another computer
• First bots supported legitimate activities
• Internet Relay Chat
Bots • Multiplayer Internet games
• Other bots support illegal activities
• Distributing spam
• Collecting person information for ID theft
• Denial-of-service attacks

Sana Khattak ([email protected])


Sana Khattak ([email protected])

Botnets and Bot Herders

• Botnet: Collection of bot-infected computers controlled


by the same command-and-control program
• Some botnets have over a million computers in them
• Bot herder: Someone who controls a botnet
Defensive Measures

• Security patches: Code updates to remove security vulnerabilities


• Anti-malware tools: Software to scan hard drives, detect files that contain
viruses or spyware, and delete these files
• Firewall: A software application installed on a single computer that can
selectively block network traffic to and from that computer

Sana Khattak ([email protected])


Cyber Crime and Cyber
Attacks
Sana Khattak ([email protected])

Phishing and Spear-phishing

• Phishing: Large-scale effort to gain sensitive information from gullible


computer users
• At least 67,000 phishing attacks globally in second half of 2010
• New development: phishing attacks on Chinese e-commerce sites
• Spear-phishing: Variant of phishing in which email addresses chosen
selectively to target particular group of recipients
SQL Injection
• Method of attacking a database-driven
Web application with improper
security
• Attack inserts (injects) SQL query into
text string from client to application
• Application returns sensitive
information

Sana Khattak ([email protected])


Denial-of-service and Distributed Denial-of-
service Attacks
• Denial-of-service attack: Intentional action designed to prevent
legitimate users from making use of a computer service
• Aim of a DoS attack is not to steal information but to disrupt a server’s
ability to respond to its clients
• Distributed denial-of-service attack: DoS attack launched from many
computers, such as a botnet

Sana Khattak ([email protected])


Cyber Crime

• Criminal organizations making


significant amounts of money from
malware
• Jeanson James Ancheta
• Pharmamaster
• Albert Gonzalez
• Avalanche Gang

Sana Khattak ([email protected])


The Rise and Fall of Blue Security Part I: The Rise

• Blue Security: An Israeli company selling a spam deterrence system


• Blue Frog bot would automatically respond to each spam message with an
opt-out message
• Spammers started receiving hundreds of thousands of opt-out messages,
disrupting their operations
• 6 of 10 of world’s top spammers agreed to stop sending spam to users of Blue
Frog

Sana Khattak ([email protected])


The Rise and Fall of Blue Security Part II: The Fall

• One spammer (PharmaMaster) started sending Blue Frog users 10-20 times
more spam
• PharmaMaster then launched DDoS attacks on Blue Security and its business
customers
• Blue Security could not protect its customers from DDoS attacks and virus-
laced emails
• Blue Security reluctantly terminated its anti-spam activities

Sana Khattak ([email protected])


Estonia (2007)

Georgia (2008)

Politically Georgia (2009)

Motivated Exiled Tibetan Government (2009)

Cyber United States and South Korea (2009)

Attacks Iran (2009)

Espionage attributed to People’s Liberation Army

Anonymous

Sana Khattak ([email protected])


Attacks on Twitter and Other
Social Networking Sites
• Massive DDoS attack made Twitter service
unavailable for several hours on August 6, 2009
• Three other sites attacked at same time:
Facebook, LiveJournal, and Google
• All sites used by a political blogger from the
Republic of Georgia
• Attacks occurred on first anniversary of war
between Georgia and Russia over South Ossetia

Sana Khattak ([email protected])


Supervisory Control and Data
Acquisition (SCADA) Systems

• Industrial processes require constant monitoring


• Computers allow automation and centralization of
monitoring
• Today, SCADA systems are open systems based on
Internet Protocol
• Less expensive than proprietary systems
• Easier to maintain than proprietary systems
• Allow remote diagnostics
• Allowing remote diagnostics creates security risk

Sana Khattak ([email protected])


SCADA Systems Carry Security Risks

© p77/ZUMA Press/Newscom

Sana Khattak ([email protected])


Stuxnet Worm (2009)

• Attacked SCADA systems running


Siemens software
• Targeted five industrial facilities in Iran
that were using centrifuges to enrich
uranium
• Caused temporary shutdown of Iran’s
nuclear program
• Worm may have been created by Israeli
Defense Forces

Sana Khattak ([email protected])


Cyber Espionage Attributed to
People’s Liberation Army
• Hundreds of computer security breaches in
more than a dozen countries investigated by
Mandiant
• Hundreds of terabytes of data stolen
• Mandiant blamed Unit 61398 of the People’s
Liberation Army
• China’s foreign ministry stated that accusation
was groundless and irresponsible

Sana Khattak ([email protected])


Year Victim Reason
2008 Church of Attempted suppression
Scientology of Tom Cruise
Anonymous interview
2009 RIAA, MPAA RIAA, MPAA’s attempt
• Anonymous: loosely organized international to take down the Pirate
movement of hacktivists (hackers with a Bay
social or political cause)
2009 PayPal, Financial organizations
• Various DDoS attacks attributed to VISA, freezing funds flowing
Anonymous members
MasterCard to Julian Assange of
WikiLeaks
2012 U.S. Dept. U.S. Dept. of Justice
of Justice, action against
RIAA, MPAA Megaupload
Sana Khattak ([email protected])
Online Voting

Sana Khattak ([email protected])


Motivation for Online Voting
• 2000 U.S. Presidential election closely
contested
• Florida pivotal state
• Most Florida counties used keypunch voting
machines
• Two voting irregularities traced to these
machines
• Hanging chad
• “Butterfly ballot” in Palm Beach County

Sana Khattak ([email protected])


The Infamous “Butterfly Ballot”

AP Photo/Gary I. Rothstein

Sana Khattak ([email protected])


Sana Khattak ([email protected])

Benefits of Online Voting


• More people would vote
• Votes would be counted more quickly
• No ambiguity with electronic votes
• Cost less money
• Eliminate ballot box tampering
• Software can prevent accidental over-voting
• Software can prevent under-voting
Risks of Online Voting

• Gives unfair advantage to those with home computers


• More difficult to preserve voter privacy
• More opportunities for vote selling
• Obvious target for a DDoS attack
• Security of election depends on security of home computers
• Susceptible to vote-changing virus
• Susceptible to phony vote servers
• No paper copies of ballots for auditing or recounts

Sana Khattak ([email protected])


Utilitarian Analysis

• Suppose online voting replaced traditional voting


• Benefit: Time savings
• Assume 50% of adults actually vote
• Suppose voter saves 1 hour by voting online
• Average pay in U.S. is $21.00 / hour
• Time savings worth $10.50 per adult American
• Harm of DDoS attack difficult to determine
• What is probability of a DDoS attack?
• What is the probability an attack would succeed?
• What is the probability a successful attack would change the outcome of the election?

Sana Khattak ([email protected])


Kantian Analysis
• The will of each voter should be reflected in
that voter’s ballot
• The integrity of each ballot is paramount
• Ability to do a recount necessary to guarantee
integrity of each ballot
• There should be a paper record of every vote
• Eliminating paper records to save time and/or
money is wrong

Sana Khattak ([email protected])


Conclusions
End of Lecture

Sana Khattak ([email protected])

You might also like