Introduction to Security
description
Transcript of Introduction to Security
Introduction to Security
What’s the weakest link?
You
Social Engineering
• Exploiting humans willingness to help• Exploiting our two most powerful
emotions, Regret and fear• Kevin Mitnick • Stealing the Network series• The Real Hustle
social engineering• ten common techniques of social
engineering– impersonation
• pretend to be some from inside the company to obtain passwords
• usually coupled with research regarding IT personnel
– sympathy• usually request access to hardware: server room or
PC• usually coupled with dire consequences if unable
to complete the task
social engineering• ten common techniques (cont'd)
– wooing• develop a trust relationship with the victim• to obtain a wide range of information
– intimidation• for victims who do not respond well to sympathy or
wooing• pretense: company official, government official,
inspector
social engineering• ten common techniques (cont'd)
– greed• money or goods in exchange for information
– confusion• create a diversion which vacates an office• access logged-on session
social engineering
• ten common techniques (cont'd)– shoulder surfing
• passive observation of typing– either by physical presence as a trusted individual– or by using some form of eavesdropping
– dumpster diving• searching garbage for useful information
– either discarded papers– or removable media
social engineering• ten common techniques (cont'd)
– phishing• request for victim to visit a false web site• for purpose of updating invalid / obsolete
information– reverse social engineering
• present oneself as an expert who can fix a problem• results in a reversal of roles:
– victim asks the questions– social engineer provides the answers
» often being granted access to the computer systems
5 Deadliest Viruses• Mydoom fastest spreading worm, SCO &
Microsoft offer $250,000 reward• NIMDA after Sept11, terrorist attack?• CODERED Microsoft IIS• SLAMMER Infected 75,000 in minutes• 365 byte footprint, doubles every8.5 sec• ILOVEYOU caused $5 billion in damages Ford, the Pentagon, British Parliament
Top Hoaxes and Pranks• GOOD TIMES users warned that opening
email would…. and kill your dog• 48 Hours claimed hovering mouse over
email would…. And kill your dog• LIFE IS BEAUTIFUL Powerpoint• HONOR SYSTEM contained no payload
told users to delete there hard drives• LION’s DEN warning of deadly virus,
instead linked to porn site
Proactive measures
• Download Product updates• Service packs, patches, fixes etc• Application updates, Office, Browsers, etc• Virus definitions updates • Spyware definitions
Passwords
• No dictionary words, names• Dogs name, address, birthdates• Use pass phrases• Encrypt important doc’s, password files• Use Truecrypt http://www.truecrypt.org/
Most common passwords• password • 123456 • qwerty • abc123 • letmein • monkey • myspace1 • password1 • link182 • (your first name)
Password suggestions• Application / magic phrase / date• Magic phrase / date / application • Date / Application / magic phrase
• GmailPassPhrasesStinkJan• PassPhrasesStinkGmailJun• JulGmailPassPhrasesStink• 01gmailpa$$phra$e$$tink
Spyware• Malicious software to spy and datamine your
surfing habits• ??? Invasion of privacy ???• Information is collected and used to harass you
with pop-up ads, indirect web searches, browser homepage you can’t change, etc
• Spyware masks itself, seems like legitimate software (toolbars, desktop buddies)
Removing Spyware
• Uninstall browser toolbars, desktop buddies, search helps from control panel
• Scan to remove from startup / reinstalling issues using windows defender http://www.microsoft.com/athome/security/spyware/software/default.mspx#
Other SW Scanners • A-Squared
http://www.emsisoft.com/en/software/free/• Spybot S&D $0 h
ttp://www.safer-networking.org• Ad-Aware $0 http://www.lavasoftusa.com/• AVG Anti-Spyware $0
http://free.grisoft.com/• Spy Sweeper $30
http://www.webroot.com/
Spyware continued
• HijackThis scanner• http://www.spywareinfo.com/• ccleaner
Virus • Can turn your PC into remote-controlled
zombie for Denial of Service attacks• Record key strokes, passwords, banking • Wreak havoc, erase data, damage HW• Install Antivirus software AVG etc• Clamwin http://www.clamwin.com/• alt web-based scanner $0 (scanfromIE)• www.pandasecurity.com/usa
WARNING
• OK to install multiple spyware scanners on same system
• DO NOT install multiple Anti VIRUS software on the same system. They will work against each other.
Rootkits
• Integate into the OS’s kernel• Difficult to detect with conventional
scanners• Blacklight (free for now)
http://www.f-secure.com/blacklight• AVG’s Anti-Rootkit program
http://free.grisoft.com/doc/5390#avg-anti-rootkit-free
Change your Boots
• If Op Sys is render unusable• Boot into safe mode (hit F8 before
windows splash screen)• Select Safe Mode with Networking • Loads Windows with basic drivers allowing
you to disinfect your system while offending programs are dormant
• With NW option you can update scanners
Boot CD
• If you can’t get to Safe Mode• Build a BartPE CD (bootable live CD)
http://nu2.nu/pebuilder/• Installer + Windows CD + optional
pluggins• Such as Spybot S&D, ClamWin
Defensive Measures
• Surf security use Firefox if using IE put sticky on forehead saying “steal from me!”
• Shield against spyware (real time monitoring) Webroots Spy Sweeeper $30 www.webroot.com
• Install Virus Scanner AVG, Avast, AntiVir, Clamwin, ClamAV• Firewall Zone alarms
Change Habits
• AVOID ATTACHMENTS• Don’t Be BAITED (Phishing) Never use
links from emails to ebay, banks, CC, etc• Download responsibly P2P, BitTorrents,
Warez • Use MD5 generators, MD5summer, etc • Surf net as a restricted user
Read – white papers etc
• Spyware Quiz http://www.siteadvisor.com/quizzes/spyware_0306.html
Checklist for Windows
• http://www.securityfocus.com/columnists/220
Resource’s • Freeware
– http://www.econsultant.com/i-want-freeware-utilities/index.html
• PC– http://www.majorgeeks.com/
• Security– http://www.sans.org/– http://www.blackhat.com/– http://www.securityfocus.com/– Open Source– http://sourceforge.net/– http://freshmeat.net/
Credits
• Data taken from xforce report• http://www-935.ibm.com/services/us/iss/ht
ml/xforce-threat-insight.html