CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems Slide #1

CIT 380: Securing Computer Systems

PC Security


Topics

1. MS Windows2. Web Browsing3. Spyware4. Viruses5. Personal Firewalls6. Being a Regular User7. Physical Protection8. Home Wireless9. Disk Security10. Using Public PCs


MS WindowsSingle-user OS heritage causes problems.

– Original design had no security, networking.– Later versions added increasing security.

• NT: multiple users, file ACLs.

• XP: NT+95 with many insecure services.

• XP SP2: firewalls off many insecure services.

• Vista: tries to separate user/admin like UNIX.

MS Windows

– Software still designed for single user no security.

• Must run software as admin.

• Sometimes can reconfigure OS to run w/o admin.



MS Windows

Tight integration of OS with applications.– IE and Outlook tied deeply to OS.– Complexity leads to more security issues.– Compromises of IE typically compromises OS.

MS Windows

Patch Tuesday– Day Microsoft releases security patches.– Second Tuesday of each month.– Important patches rarely made available earlier.



Web Browsing

• No safe browser.

• Complexity– ActiveX– Javascript– Flash– Java– HTML– Images


Securing your Browser• Keep it updated

– Firefox auto-updates.– Windows update for IE.

• Firefox security extensions– Tools | Add-ons | Get Extensions– Flashblock– NoScript– Netcraft– PasswordMaker

• Sandboxing– VMWare Virtual Browser Appliance– Protected Mode IE (Windows Vista)


3. Adware and Spyware

• Annoying?

• Harmful?

• Legal?

• Removal Tools

• Recommendations

• Resources


Annoyance Factors

Tracking surfing habits • Uses resources on your computer

• Uses internet bandwidth

• Collects data about you, possibly without your permission

Can interfere with computer operations• Can reset your home page

• Can cause popup ads to appear randomly and regularly

May actually install with “desirable” software –and permission hidden in a license agreement.


Is Spyware Legal?Beware of the license agreement.

• To most users, a phrase such as "may include software that will occasionally notify you of important news" is NOT equivalent to "will place a stealthy Trojan Horse on your system that you can't get rid of, which will collect information about you and send it to us, and allow us to bother you with targeted advertisements all day".

• Once the user has "agreed" with the License Agreement, Spyware provider is much more immune from potential lawsuits.

• Some Spyware companies do not mention the Spyware at all, laying blame on the company that provided you the freeware with the Spyware attached.


Is Spyware Legal?

The FTC alleges the stealthy downloads violate federal law and asked the court to order a permanent halt to one vendor: – On October 5, 2005, the Federal Trade Commission

asked a U.S. District Court judge to halt an operation by Odysseus Marketing and its principal, Walter Rines.

– The advertised “free” software supposedly allowed consumers to engage in peer-to-peer file sharing anonymously. The FTC maintains that it does not.

– The software could not be uninstalled by the consumers whose computers it infected.


Anti-Spyware Tools

Free tools– AdAware– Hijack This– Spybot Search & Destroy– Windows Defender

Caveat emptor– Some anti-spyware tools are spyware themselves.– Use more than one tool to find all problems.


Anti-Spyware Resources

Ben Edelman– http://www.benedelman.org/spyware/– Legal, EULA issues.

Gibson Research – http://www.grc.com/

Spyware Guide– http://www.spywareguide.com/

Spyware Info– http://www.spywareinfo.com/

http://www.benedelman.org/spyware/

http://www.grc.com/

http://www.spywareguide.com/

http://www.spywareinfo.com/


Anti-virus Software

• What should an AV tool do that it didn’t do last year?– Scan instant message attachments explicitly

• What are the current “best” tools?

• Is a bundle better?

• Tips to maximize protection from your AV software suite


Current ToolsAVG Anti-Virus

– Good, free anti-virus tool for personal use.– Sells commercial version with support.

Norton AntiVirus – www.symantec.com

Kaspersky AV Personal– www.kaspersky.com

McAfee VirusScan – http://www.mcafee.com/us/

Trend Micro PC-Cillin – http://us.trendmicro.com/us/products/personal/trend-micro-internet-security-

2007/

http://www.kaspersky.com/


Tips to maximize AV software • Important to update virus signatures regularly

– Live Updates – Manual updates– Should update signature database on daily basis.

• Set AV to scan attachments, including IM attachments

• Set email to NOT display any portion of messages until you open them.


Tips to maximize AV software

• Don’t open suspicious emails– A security hole in MS Outlook and IE5 allowed the

Bubble Boy virus to infect when the email was opened

• If the security hole had not been patched, VBS.BubbleBoy inserted the Update.hta file as soon as the email was opened

• http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html

• Don’t open any links sent via IM

http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html

http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html


Install a Firewall

• Why use a firewall?

• How do firewalls work?

• Windows Firewall Tools

• Tips to get the best protection from a firewall


What is a Firewall?

A software or hardware component that restricts network communication between two computers or networks.

In buildings, a firewall is a fireproof wall that restricts the spread of a fire.

Network firewall prevents threats from spreading from one network to another.


Why Use a firewall?

• Protects PC from network attacks.

• Open ports– Windows RPC, NetBIOS services.– Your services: web, file/print sharing, remote

access.

• Prevent outgoing packets from– Spyware phoning home.– Botnet/worm attacks against other PCs.


Types of Firewalls

Personal firewall– Software tool runs on PC.– Protects a single machine.– Fine-grained protection.

External firewall– Typically integrated with router.– Protects all machines on subnet behind it.– Coarse-grained protection.


How does a firewall work?

Methods used by a firewall– Packet filtering

• Examines every incoming packet header and selectively filters packets based on

• address, packet type, port request, and other factors

• The restrictions most commonly implemented are based on:– IP source and destination address

– Direction (inbound or outbound)

– TCP or UDP source and destination port-requests

– Access control list• A user must train a firewall, hence they are more complex to

implement than AV software


Better packet filtering:Stateful Inspection

• Keeps track of – Each packet and its network connection in a state table

– Access Control List determines whether to allow the packet to pass

– connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic

• The primary disadvantage – the additional processing requirements of managing and

verifying packets against the state table

– Increases potential for a denial of service attack


Training a personal firewall• User sets up rules for access by watching pop up

alerts from the firewall and allowing or denying traffic

• This creates an access control list for specific IP addresses and applications– You will probably allow your browser access

automatically when you open it– You may not want MS word to access the internet

automatically• Takes time to train your firewall• Home network routers often include hardware

firewall protection; look for one with stateful inspection


Windows Firewall Tools

• ZoneAlarm is free and available at Zonelabs.com

– Has received many awards

– Worth a try if you haven’t used one.

• Norton Internet Security

– Includes firewall and AV software

– Requires annual subscription

• Panda

• Use shields UP! From Gibson research to test your firewall before and after http://www.grc.com

http://www.grc.com/


Use a non-Administrator Account

• Must have administrator privileges to install software

• Start | Control Panel | User Accounts | Add User Account | Create a new account

• Pick Type of Account: Limited (Restricted User)


Don’t allow your computer to boot from a floppy or CD-ROM

• Restart your computer

• F2 during reboot to enter setup

• Boot Sequence menu

• Set PC to boot only from hard disk


Boot Sequence

1. Diskette Drive

2. IDE CD-ROM Device

3. Hard-Disk Drive C:

4. Integrated NIC

• Space to enable/disable

• +/- move down/up


Prevent Changes to BIOS

• Restart your computer

• F2 during reboot to enter setup

• System Security menu

• Enable System Security menu item

• Enter a password and confirm it


Use Strong Passwords

• Want a long password with upper & lower case letter, digits, and special characters.

• Avoid words, dates, other guessable items.• Avoid password re-use.• Use a password manager tool.• Techniques

– Use first letter of each word of a phrase.

– Use a line of code• Java: Sum+=5*B;

• HTML: <li>Item#1</li>


Secure Your Wireless Home Network

• Newest Cisco routers use Secure Easy Setup (SES)

• Follow all the procedures that you would for a desktop

• Use www.grc.com tools to test regularly

• Use WPA- Wi-Fi Protected Access and WEP encryption


Security Threats Facing Wireless Networks

Wireless networks are easy to find. – Hackers know that in order to join a wireless network,

wireless networking products first listen for "beacon messages".

– These messages are unencrypted and contain much of the network’s information, such as the network’s SSID (Service Set Identifier) and the IP Address of the network PC or access point.

– Hackers use the beacon messages to access free bandwidth and free Internet access through your wireless network. This is called “Warchalking”.


Steps to Wireless Setup

• Change the default network name

• Disable broadcast

• Change the default password needed to access the wireless device

• Enable MAC address filtering

• Enable WEP 128-bit Encryption.


Change default passwords and names needed to access the wireless device

• Change the default network name– Linksys default network name is “linksys”

• Change administrator password regularly– Default is often “administrator”

• Network settings can only be changed by the administrator

• Hackers know default passwords and weak passwords to try and access your network

• Changing names and passwords regularly is good policy


Enable WEP 128-bit Encryption

• Not a panacea, but can thwart hackers

• Can reduce network performance

• Use multiple keys

• Change the WEP encryption keys periodically.

• Can be broken: use a secure, encrypted protocol like ssh or SSL at application level for defense in depth.


Enable MAC Address filtering

• Allows you to provide access to only those wireless nodes with certain MAC Addresses.

• Hacker can’t access your network with a random MAC address.

• But more knowledgeable hackers can change their MAC address to match an allowed one.


Encrypt Sensitive Files

• Windows XP Encrypting File System (EFS) for encrypting files

• GnuPG for encrypting files and email messages


Windows XP Encrypting File System (EFS)

• EFS is not available with XP Home Edition

• Reference: Microsoft Windows XP Inside Out – Chapter 14

• Right Click in Windows Explorer on the folder

• Choose Properties | General Tab | Advanced Button | Encrypt contents to secure data

Windows XP Encrypting File System (EFS)

• File names are green in Window Explorer





truecrypt

• Encase, computer forensic tool, can break EFS

• Free open source - http://www.truecrypt.org/

• http://www.truecrypt.org/docs/– Beginner’s tutorial– Plausible Deniability – Hidden Volume

http://www.truecrypt.org/


GnuPG

• GnuPG is an open-source encryption tool for Windows and Linux

• Complete and free replacement for PGP (www.gnupg.org)

• http://wolfram.org/writing/howto/gpg.html– (CD: gpg.html)

• Install Windows Privacy Tray (WinPT)


Enigmail

• Install Thunderbird mail client from www.mozilla.org

• Download Enigmail extension from www.mozilla.org

• Add a menu item to encrypt and decrypt email using GnuPG


Erase your hard drive when decommissioning your computer

• Simson Garfinkel, “Hard-Disk Risk” (CD: 20003.CS0.04.Hard_disk_risk.htm)

• Found a lot of sensitive information on recycle hard disks

• “Running FDisk on a 10GB drive overwrites only 0.01 percent of the drive’s sectors.”


Darik’s Boot and Nuke

• Hard disk sterilization on bootable floppy• Put floppy into the computer which has the drive you

want to erase and reboot.• Download from http://dban.sourceforge.net/

– Free.

– Fast. Rapid deployment in emergency situations.

– Easy. Start the computer with DBAN and press ENTER.

– Safe. Irrecoverable data destruction. Prevents most forensic data recovery techniques.


Backup your system regularly

• “Hard Disk Quality and Reliability”, http://www.pcguide.com/ref/hdd/perf/qual/index.htm (see quotes from the article)– “While the technology that hard disks use is very

advanced, and reliability today is much better than it has ever been before, the nature of hard drives is that every one will, some day, fail.”

Backup your system regularly

• “full recovery usually starts at a few hundred dollars and proceeds from there.”



Ntbackup utility

1. Find ntbackup.exe

– Start | Programs | Accessories | System Tools Or

– C:\dell\Tech Tools\System Tools\ Backup Or

– Run C:\WINDOWS\system32\ntbackup.exe

2. Run the Backup/Restore Wizard

3. Choose a place to save your backup

– C:\temp\Backup

4. Creates a file Backup.bkf


Create Backup CD

1. Run your CD creator

2. Make a data CD

3. Add Backup.bkf to the CD


Simple Quick Backup

Copy My Documents folder to a CD or USB


Safe use of public PCs

• Kinko's Case Highlights Internet Risks – (CD: Kinko.htm)

• “For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. ”


Keyloggers

• Capture keystrokes

• Can steal passwords and credit card numbers

• Can email or ftp the file containing the keystrokes

• Keyghost (http://www.keyghost.com )

• Keyloggers are difficult to detect

• Look at an ordinary system process


Public PCs

• Kinko’s

• Cyber cafes

• Public Libraries

• Hotels


Using Public PCs

• Avoid using important accounts (bank, etc.)

• Remove web browser data– Cache, history, cookies, form data.

• Remove temporary files– Start | Search | All files and folders | when it was

modified? | today– Empty recycle bin


References

1. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005.

2. Thomas C. Greene, Computer Security for the Home and Small Office, Apress

3. Andrew Conry-Murray & Vincent Weafer, The Symantec Guide to Home Internet Security, Addison Wesley

CIT 380: Securing Computer Systems

Documents

securing computer systemsslide

securing computer systemscit

computer operationscan

spyware legal

security issues

spyware provider

spyware companies

license agreement