Topics in Internet Security A&D Lunch & Learn Brown Bag Friday, August 19, 2011 Brian Allen, CISSP [email protected] Network Security Analyst, Washington.

Topics in Internet Security

A&D Lunch & Learn Brown BagFriday, August 19, 2011

Brian Allen, [email protected]

Network Security Analyst,Washington University in St. Louis

http://nso.wustl.edu/presentations/

Let’s Talk About

• Facebook Privacy• Password Managers• Email Security• Phishing Examples• Top Ten Security Tips• Virus Example and Case Study

NSS

NSO

Business School

Law School

Arts & Sciences

Medical School

Engineering School

Internet

Decentralized Campus NetworkNSS = Network Services and SupportNSO = Network Security Office

Library

Social Work

Art & Architecture

Facebook/Social Networking:

Password Managers

Parents’ Password Cracked On First Try The Onion News Feb 27, 2002

• REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password.

• “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account.

Free Password Managers

1. KeePass – I use this one– Called KeePassX for the Mac

2. Password Safe3. I Use Dropbox.com to store my

KeePass file so I can always access it

KeePass

KeePass

Email Security

Email Security Tip #1

• Do not click on links in emails

Email Security Tip #2

• See Tip #1

Spam Product Supplier

Seller 1 Seller 2 Seller 3

Accountant

Spammer3

Spammer2Spammer1

Spammer1

Spammer2

Spammer3

Spammer1

Spammer2

Spammer3

Where Does Spam Originate?Why Do We Care?

• Spam = Bots (Large armies of infected machines sending out spam)

• Bots = Sophisticated Malware• Sophisticated Malware = Organized Crime• More than 89% of all email messages were

spam in 2010 - Symantec

Spam is Big Business

• Rates for one million email addresses: $25 to $50 http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf

• 10,000 malware installations: $300–$800• Sending 100 million emails per day: $10,000

per month http://www.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf

• Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010

• How much do the spammers gross per day? $7000 http://www.wired.com/magazine/2011/02/st_equation_spamprofits/

CBL Breakdown By Country

Country Count %total %cumu Rank Infect %India 1253890 18.80 18.80 1 4.465%Vietnam 565839 8.48 27.28 2 3.306%Brazil 479491 7.19 34.47 3 0.857%Indonesia 392814 5.89 40.36 4 3.163%Pakistan 383319 5.75 46.10 5 7.688%Russia 358142 5.37 51.47 6 0.912%China 222761 3.34 54.81 7 0.075%

One Cause Of This Problem

• Many machines in these countries are running pirated copies of Windows.

• They are not getting security updates.• They are vulnerable and get infected.• Also, it can take a long time to download

updates.

Underground Economy

• Spammers also are involved in:– CAPTCHA solving– Email harvesting– Custom software– Bulletproof hosting– Proxys

Spam Volume

• From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion emails were successfully sent

Spam Content

• The Zeus/SpyEye Banking Trojan Typically Uses:– Greeting card– Resume– Invitation– Mail delivery failure– Receipt for a recent purchase

Spam Volume on WUSTL Ironports -

Feb 2011

Phishing Examples

Phishing Email

Real or Phish?

<http://michaelkellett com/ez/wustl.html>

Real or Phish?

Real or Phishing Site?

Emails, Like Postcards, Are Not Encrypted

Contact me to discuss encryption options for storing or sending

sensitive information

Social Security Number Email 1

From: BOB [[email protected]]Sent: Friday, April 01, 2011 12:54 PMTo: ALICE [[email protected]]Subject: Registration Request ALICE:Couldn't remember if I had already sent this request or not.Please register CHARLIE ( 111-11-1111 ) for the session Thank youBOB

Social Security Number Email 2

From: BOB [[email protected]]Subject: FW: University talkTo: [email protected], [email protected]: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE,I sent this e-mail a couple of weeks, but I haven't heard back from you

yet, so I thought that I would send it again.Also, my SSN is 222-22-2222 and my home address is: 1234 Oak Ave.St. Louis, MO 63130

Top 10 Security Tips

Top 10 Security Tips For Everyone I

1. Make sure the Windows Firewall is turned on2. Make sure all accounts on your computer have

good passwords3. Make sure Windows Automatic Updates is on4. Install an Anti-Virus software package.

Microsoft is now providing their Security Essentials anti-virus/anti-spyware for free to home users: http://www.microsoft.com/Security_Essentials

Top 10 Security Tips For Everyone II

5. I use Firefox with AdBlock Plus6. Run Secunia Personal Software Inspector

(www.secunia.com). It is free, and it will tell you when you need to update your other software (Adobe, Java, Quicktime, RealPlayer, etc).

7. Educate yourself on Phishing and don’t become a victim (google phishing quiz)

Top 10 Security Tips For Everyone III

8. Don’t click on links in e-mail.9. Don’t give out your password to anyone, for

any reason, especially in an e-mail!10.Never enter your password into a site that is

not using HTTPS (look at the URL and make sure there is a lock in the lower right corner).

Thanks!

Brian [email protected]

Network Security Analysthttp://nso.wustl.edu