1

Securing your computerGADGET GURUS

Dr. Wayne Summers

TSYS Department of Computer Science

Columbus State University

Summers_wayne@colstate.edu

http://csc.colstate.edu/summers

3

4

SQL Slammer

“It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet.”

“The worm, shut down some U.S. bank teller machines, doubled the number of computers it infected every 8.5 seconds.”

5BLASTER

At least 500,000 computers worldwide infected

In eight days, the estimated cost of damages neared $2 billion.

6SOBIG.F

One of every 17 e-mails scanned was infected (AOL detected 23.2 million attachments infected with SoBig.F)

Worldwide, 15% of large companies and 30% of small companies were affected by SoBig - estimated damage of $2 billion.

7

8Goals confidentiality (privacy) - limiting

who can access assets of a computer system.

integrity - limiting who can modify assets of a computer system.

availability - allowing authorized users access to assets.

9

Definitions vulnerability - weakness in the security

system that might be exploited to cause a loss or harm.

threats - circumstances that have the potential to cause loss or harm. Threats typically exploit vulnerabilities.

control - protective measure that reduces a vulnerability or minimize the threat.

10Vulnerabilities

“Today’s complex Internet networks cannot be made watertight…. A system administrator has to get everything right all the time; a hacker only has to find one small hole.”– Robert Graham, lead architect of Internet Security

Systems

11Recent News “New Trojan horses threaten cell phones”

Keyloggers Jump 65% As Info Theft Goes Mainstream

Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.

12Recent News

IM Worms could spread in seconds – “Symantec has done some simulations … and has found that half a million systems could be infected in as little as 30 to 40 seconds.”

Fraudulent e-mails designed to dupe Internet users out of their credit card details or bank information topped the three billion mark last month.

13

14E-mail from “Microsoft” security@microsoft.com

{Virus?} Use this patch immediately !

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

15

16Malware and other Threats Viruses / Worms (over 180,000 viruses –

4/2007)– 1987-1995: boot & program infectors

– 1995-1999: Macro viruses (Concept)

– 1999-2003: self/mass-mailing worms (Melissa-Klez)

– 2001-???: Megaworms [blended attacks] (Code Red, Nimda, SQL Slammer, Slapper)

Trojan Horses

17

18Solutions Apply “defense in-depth”

– Don't open email from strangers or attachments you weren't expecting—especially attachments with .exe extensions

– Use good passwords

– Back up important files

– Run and maintain an antivirus product

– Do not run programs of unknown origin

– Deploy a firewall

– Keep your patches up-to-date

19

20Password Management Passwords should be at least 6-8 characters

Passwords should be alphanumeric with special characters like punctuation marks

Never use common words from the dictionary

Never tell anyone your password, not even to security personnel or to your best friend

Never send passwords through e-mails, as passwords are sensitive items

Never write a password down on scratch paper where someone might discover it

Never throw a password in the trash. A Dumpster Diver may discover it

21

22Password Management Potential passwords – which are good?

– 11042007– abc– Fido– Wayne– WayneSummers – Password– Password1996– QuePasa?– W@yn3Summ3r$

23

24

“The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…”

Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003.

25Caesar cipher (key = 3)

The message

“caesar is a roman”

becomes

FDHVD ULVDU RPDQ

a b c d e f g h i j k l m n o p q r s t u v w x y Z

D E F G H I J K L MN O P Q R S T U V WX Y Z A B C

26Caesar cipher (key = DOG)

The message

“caesar is a roman”

becomes

FOKVO XLGGU CSDB

a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L MN O P Q R S T U V WX Y Z A B C

O P Q R S T U V WX Y Z A B C D E F G H I J K L MN

G H I J K L MN O P Q R S T U V WX Y Z A B C D E F

D E F G H I J K L MN O P Q R S T U V WX Y Z A B C

27Popular Cryptography

Jules Verne's - decipherment of a parchment filled with runic characters in the Journey to the Center of the Earth.

Sir Arthur Conan Doyle's detective, Sherlock Holmes, was an expert in cryptography. The Adventure of the Dancing Men, involves a cipher consisting of stick men, each representing a distinct letter.

Edgar Allan Poe issued a challenge to the readers of Philadelphia's Alexander Weekly Messenger, claiming that he could decipher any mono-alphabetic substitution cipher. He successfully deciphered all of the hundreds of submissions. In 1843, he wrote a short story, "The Gold Bug”

28

COMPUTER SECURITY AWARENESS WEEK

(http://cins.colstate.edu/awareness/)April 16-20, 2007

ACCENTUATE THE POSITIVE

29

QUESTIONS?