Anti Hacker Poetry in the Mac OS X
description
Transcript of Anti Hacker Poetry in the Mac OS X
1
Anti Hacker Poetry in the Mac Anti Hacker Poetry in the Mac OS XOS X
Your karma check for today:Your karma check for today:
There once was a user that whined/There once was a user that whined/
his existing OS was so blind/his existing OS was so blind/
he'd do better to pirate/he'd do better to pirate/
an OS that ran great/an OS that ran great/
but found his hardware declined./but found his hardware declined./
Please don't steal Mac OS!/Please don't steal Mac OS!/
Really, that's way uncool./Really, that's way uncool./
(C) Apple Computer, Inc." (C) Apple Computer, Inc."
2
Automated Attack VectorsAutomated Attack Vectors
3
Automated Attack VectorsAutomated Attack Vectors VirusesViruses
A computer program file capable of A computer program file capable of attaching to disks or other files attaching to disks or other files
Necessary characteristics of a virus:Necessary characteristics of a virus:It is able to replicateIt is able to replicate
It requires a host program as a carrierIt requires a host program as a carrier
It is activated by external actionIt is activated by external action
4
Automated Attack VectorsAutomated Attack Vectors Viruses: Polymorphic virusesViruses: Polymorphic viruses
Creates copies during replication that Creates copies during replication that are functionally equivalent but have are functionally equivalent but have distinctly different byte streamsdistinctly different byte streams
Randomly insert superfluous instructionsRandomly insert superfluous instructions
Interchange order of independent Interchange order of independent instructionsinstructions
Use encryption schemesUse encryption schemes
This variable quality makes difficult to This variable quality makes difficult to locate, identify, or removelocate, identify, or remove
5
Automated Attack VectorsAutomated Attack Vectors WormsWorms
A self-replicating computer program, similar A self-replicating computer program, similar to a virusto a virusA virus attaches itself to, and becomes part A virus attaches itself to, and becomes part of, another executable programof, another executable programA worm is self-contained and does not need A worm is self-contained and does not need to be part of another program to propagate to be part of another program to propagate itselfitselfThe Robert Morris WormThe Robert Morris Worm
Written at CornellWritten at CornellReleased at MITReleased at MITFixed at HarvardFixed at Harvard
6
Automated Attack VectorsAutomated Attack Vectors WormsWorms
Necessary characteristics of a worm:Necessary characteristics of a worm:It is able to replicate without user interventionIt is able to replicate without user intervention
It is self-contained and does not require a hostIt is self-contained and does not require a host
It is activated by creating process It is activated by creating process
If it is a network worm, it can replicate across If it is a network worm, it can replicate across communication linkscommunication links
Some customers like to distinguish between Some customers like to distinguish between worms that use buffer overruns to propagate worms that use buffer overruns to propagate and those that use e-mailand those that use e-mail
7
Automated Attack VectorsAutomated Attack Vectors Worms: ExamplesWorms: Examples
SQL SlammerSQL Slammer
BlasterBlaster
MyDoomMyDoom
SasserSasser
8
Automated Attack VectorsAutomated Attack Vectors BotsBots
Derived from the word RobotDerived from the word Robot
Program designed to search for Program designed to search for information Internet with little human information Internet with little human interventionintervention
Search engines, such as Yahoo and Search engines, such as Yahoo and Altavista, typically use bots to gather Altavista, typically use bots to gather information for their databasesinformation for their databases
9
Automated Attack VectorsAutomated Attack Vectors BotsBots
Bots analogous to agentBots analogous to agentTypically an exeTypically an exeBots are not exploits themselvesBots are not exploits themselves
They are payloads delivered by worms, They are payloads delivered by worms, viruses and hackersviruses and hackersInstalled after compromiseInstalled after compromise
Infect system and maintain access for Infect system and maintain access for attackers to control themattackers to control them
Botnets – thousands of system controlledBotnets – thousands of system controlled
10
Automated Attack VectorsAutomated Attack Vectors BotsBots
Thousands of highly configurable bot Thousands of highly configurable bot packages available on Internetpackages available on InternetUsually between 10,000-100,000 machinesUsually between 10,000-100,000 machinesSome at 350,000Some at 350,000Some in the millionsSome in the millions
11
Automated Attack VectorsAutomated Attack Vectors Bots: usesBots: uses
DDoS attacksDDoS attacks
Information theftInformation theftkeyboard logging, network keyboard logging, network monitoring, etcmonitoring, etc
Warez i.e. host illegal dataWarez i.e. host illegal dataPirated software, movies, games, etc.Pirated software, movies, games, etc.
12
Automated Attack VectorsAutomated Attack Vectors TrojansTrojans
Term borrowed from Greek historyTerm borrowed from Greek history
Malicious program disguised as Malicious program disguised as something benignsomething benign
Screen saver, game, etc.Screen saver, game, etc.
exe, com, vbs, bat, pif, scr, lnk, js, etc.exe, com, vbs, bat, pif, scr, lnk, js, etc.
It seems to function as user expectsIt seems to function as user expects
13
Automated Attack VectorsAutomated Attack Vectors TrojansTrojans
May or may not appear in process listMay or may not appear in process list
May install a backdoorMay install a backdoor
Generally spread through e-mail and Generally spread through e-mail and exchange of disks and filesexchange of disks and files
Worms also spread Trojan horses, IRC Worms also spread Trojan horses, IRC channels, P2P applications, porn sites, channels, P2P applications, porn sites, etc. etc.
14
Security at MicrosoftSecurity at Microsoft
15
Security Teams at MicrosoftSecurity Teams at Microsoft
PSS Security – Microsoft Services and Our Customers
Trustworthy Computing SecurityStrategy for Trustworthy Computing
Microsoft SecurityResponse Center
(MSRC)
Corporate SecurityOperations, Network Security
Security Business & Technology Unit(SBTU)
Microsoft ConsultingNational Practice TWC
Premier Support ServicesSecurity Solutions Architects
Secure Windows Initiative (SWI)
Security Center of Excellence(SCOE)
MSN, MS.com, etc.
16
Vulnerability ReportedVulnerability Reported
Is the reported problem really a Is the reported problem really a vulnerabilityvulnerability??
A security vulnerability is a flaw in a product A security vulnerability is a flaw in a product that makes it infeasible – even when using that makes it infeasible – even when using the product properly – to prevent an the product properly – to prevent an attacker from usurping privileges on the attacker from usurping privileges on the user's system, regulating its operation, user's system, regulating its operation, compromising data on it, or assuming compromising data on it, or assuming ungranted trust.ungranted trust.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp
17
Vulnerability ReportedVulnerability Reported
18
Protecting Your P.C.Protecting Your P.C.
19
How To Protect Your PCHow To Protect Your PC
Three primary ways to exploit you:Three primary ways to exploit you:Weak passwordsWeak passwords
Unpatched vulnerabilitiesUnpatched vulnerabilities
Social EngineeringSocial Engineering
20
How To Protect Your PCHow To Protect Your PC Use Complex PasswordsUse Complex Passwords
At least eight characters longAt least eight characters long
Does not contain all or part of user's account Does not contain all or part of user's account namename
Contain characters from three of following Contain characters from three of following four categories:four categories:
English uppercase characters (A through Z)English uppercase characters (A through Z)
English lowercase characters (a through z)English lowercase characters (a through z)
Base-10 digits (0 through 9)Base-10 digits (0 through 9)
Non-alphanumeric (for example, !, $, #, %) Non-alphanumeric (for example, !, $, #, %) extended ASCII, symbolic, or linguistic charactersextended ASCII, symbolic, or linguistic characters
21
How To Protect Your PCHow To Protect Your PC Other OptionsOther Options
Use a pass phrase instead of passwordUse a pass phrase instead of password
Use non-English words in passwordUse non-English words in password
Rename accounts including Rename accounts including Administrator accountAdministrator account
22
How To Protect Your PCHow To Protect Your PC Social EngineeringSocial Engineering
Do not open e-mail from people you Do not open e-mail from people you don’t knowdon’t know
Do not open e-mail attachmentsDo not open e-mail attachments
Do not follow URLs sent in e-mailDo not follow URLs sent in e-mail
Do not go to web sites that you cannot Do not go to web sites that you cannot trusttrust
23
Biometrics 101 (cont)Biometrics 101 (cont)
Required System ComponentsRequired System Components
A biometric authentication device is made A biometric authentication device is made up of three components: up of three components:
A database of biometric data. A database of biometric data.
Input procedures and devices. Input procedures and devices.
Output and graphical interfaces. Output and graphical interfaces.
24
Identification Vs. VerificationIdentification Vs. Verification
In identification, the system then attempts to find In identification, the system then attempts to find out who the sample belongs to, by comparing the out who the sample belongs to, by comparing the sample with a database of samples in the hope of sample with a database of samples in the hope of finding a match (this is known as a finding a match (this is known as a one-to-many one-to-many comparisoncomparison). ). "Who is this?""Who is this?"
Verification is a Verification is a one-to-one comparisonone-to-one comparison in which in which the biometric system attempts to verify an the biometric system attempts to verify an individual's identity. individual's identity. "Is this person who he/she "Is this person who he/she claims to be?"claims to be?"
25
Human trait examples used in Human trait examples used in BiometricsBiometrics
FingerprintsFingerprintsA fingerprint looks at the patterns found on a fingertip. There are a A fingerprint looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification. Ex. traditional variety of approaches to fingerprint verification. Ex. traditional police method of matching minutiae; others use straight pattern-police method of matching minutiae; others use straight pattern-matching devices; verification approaches can detect when a live matching devices; verification approaches can detect when a live finger is presented; some cannot.finger is presented; some cannot.
Hand GeometryHand GeometryHand geometry involves analyzing and measuring the shape of the Hand geometry involves analyzing and measuring the shape of the hand. This biometric offers a good balance of performance hand. This biometric offers a good balance of performance characteristics and is relatively easy to use. It might be suitable characteristics and is relatively easy to use. It might be suitable where there are more users or where users access the system where there are more users or where users access the system infrequently and are perhaps less disciplined in their approach to infrequently and are perhaps less disciplined in their approach to the system.the system.
26
Security Measures for the Security Measures for the Internet Age Internet Age
27
EncryptionEncryption
Encryption Decryption
PlaintextPlaintextCiphertextCiphertext PlaintextPlaintext
•CryptographyCryptography: art and science of keeping messages secure•CryptanalysisCryptanalysis: art and science of breaking ciphertext•CryptologyCryptology: area of mathematics that covers both
28
Encryption continuedEncryption continued
If If M=the plaintext messageM=the plaintext message
C=the encrypted ciphertextC=the encrypted ciphertext
E=encryption algorithmE=encryption algorithm
D=decryption algorithmD=decryption algorithm
ThenThenE(M)=CE(M)=C
D(C)=MD(C)=M
D(E(M))=MD(E(M))=M
29
Algorithms and KeyspacesAlgorithms and Keyspaces
The cryptographic algorithm (cipher) is a The cryptographic algorithm (cipher) is a mathematical function used for encryption and mathematical function used for encryption and decryptiondecryption
Security based on restriction to internals of Security based on restriction to internals of algorithmalgorithm
ButButIf someone leaves groupIf someone leaves group
Someone buys algorithmSomeone buys algorithm
Problems of restricted algos solved with using Problems of restricted algos solved with using keyskeys
30
KeysKeys
Any one of a large number of valuesAny one of a large number of valuesThe total possible set of keys is called the The total possible set of keys is called the keyspacekeyspaceThe encryption and decryption is dependent on The encryption and decryption is dependent on keykeySoSo
EEKK(M)=C(M)=CDDKK(C)=M(C)=MDDKK(E(EKK(M))=M(M))=MWhat does this mean?What does this mean?
DDK2K2(E(EK1K1(M))=M(M))=M
31
Private vs. Public Key Private vs. Public Key EncryptionEncryption
symmetric
asymmetric
32
Symmetric vs. Asymmetric Symmetric vs. Asymmetric algorithmsalgorithms
SymmetricSymmetricTypically use the same key for encryption and Typically use the same key for encryption and decryptiondecryptionSender and receiver must agree to secret key before Sender and receiver must agree to secret key before sending messagesending message
AsymmetricAsymmetricKey for encryption is different from one for decryptionKey for encryption is different from one for decryptionEncryption key can be made publicEncryption key can be made publicDecryption key is privateDecryption key is privateSometimes called public key encryptionSometimes called public key encryption
33
Cryptanalysis Cryptanalysis
Recovering the plaintext without the key (an Recovering the plaintext without the key (an attack)attack)All secrecy resides in the keyAll secrecy resides in the keyTypes of attackTypes of attack
Ciphertext-only attackCiphertext-only attackKnown-plaintext attack Known-plaintext attack Chosen-plaintext attackChosen-plaintext attackAdaptive-chosen-plaintext attackAdaptive-chosen-plaintext attackRubber-hose attackRubber-hose attackPurchase-key attackPurchase-key attack
34
Public Key InfrastructurePublic Key Infrastructure
Involves hardware, software, data transport Involves hardware, software, data transport mechanism, smart cards, governing mechanism, smart cards, governing policies and protocolspolicies and protocols
Requires services ofRequires services ofRegistration AuthorityRegistration Authority
Certificate AuthorityCertificate Authority
Data RepositoriesData Repositories
35
Digital SignaturesDigital Signatures
Consists of two pieces of informationConsists of two pieces of information the data being transmittedthe data being transmitted
The private key of the individual or organization The private key of the individual or organization sending the datasending the data
The private key acts as a digital signature The private key acts as a digital signature to verify that the data is from the stated to verify that the data is from the stated sourcesource
36
Transaction SecurityTransaction Security
Secure Socket Layer (SSL)Secure Socket Layer (SSL)Uses the SSL in the TCP/IP modelUses the SSL in the TCP/IP modelCreates a Creates a secure negotiated sessionsecure negotiated session between client between client and serverand server
Secure Negotiated SessionSecure Negotiated SessionAll communication between client and server is All communication between client and server is encryptedencrypted
URL, credit card number, cookies, attached documentsURL, credit card number, cookies, attached documents
Agree upon a symmetric session key Agree upon a symmetric session key Used for only one session and then destroyedUsed for only one session and then destroyed
37
Multi-layered Network SecurityMulti-layered Network Security
Technology SolutionsDATADATA
Technology Solutions
Organizational Policies
Industry and Legal Standards