5 Computer and Network Security

Published on June 2016 | Categories: Documents | Downloads: 24 | Comments: 0 | Views: 323
of 22
Download PDF   Embed   Report

Comments

Content

& IT
Professional
Practices
Computer and
Network Security

College of Information Technology, UNITEN

….getting more and more
important…
• Computers getting faster and less expensive
• Utility of networked computers increasing






Shopping and banking
Social Media
Booking and reservations (flight, movies, …)
Managing personal information
Controlling industrial processes

• Increasing use of computers  growing importance of
computer security
College of Information Technology, UNITEN

Specific threats
• Hacking
• Malware
• Cyber crime and cyber attacks
• Online voting

College of Information Technology, UNITEN

The original hackers (the good
MIT’s
Tech Model Railroad Club in
guys)
1950s

• Original meaning of hacker: explorer, risk taker, system
innovator

• The history of model railroading parallels that of MIT,
although the first student group, the Tech Model
Railroad Club (TMRC), was not established until 1946.
TMRC moved into the famous old Radiation Lab
structure, Building 20, a year later and began
constructing its first layout. Realism mattered and club
members became fanatical in the design, fabrication,
and operation of their quarter-scale world. Electrical
Engineering Professor Carlton Tucker was the faculty
advisor who helped supply the club with sophisticated
electronics. During peak membership years in the
1950s and 1960s, many TMRC members became
interested in computers. Thanks to Tucker and
Digital Equipment Corporation (DEC), club members
began experimenting with such pioneering computers
as the TX-0, PDP-1, and PDP-11. The group members
became legends and were featured in Steven Levy’s
Source:Revolution.
http://
paean, Hackers—Heroes of the Computer
museum.mit.edu/150/63
College
of Information Technology, UNITEN
Today, the TMRC is considered by some
to be
the
birthplace of hacker culture. The trains can still be

Evolution of the hackers (good turned
political)
• Hacking has a long (starting with TRMC) and variably honored history
• One of the key elements of these hackers' work, was that the computers
and software they hacked was open for modification, improvement and
extension.
• When you bought your computer it came with the source code to any programs
bundled with it, in the full expectation that the owner would want to take it apart.

• By 1980, the trend started to change.
• and manufacturers began restricting copying, redistribution and modification of
the software they provided.

• "hacking" developed its political edge.
• The discovery in 1980 that the licensing restrictions attached to the latest version
of a printer at MIT's artificial intelligence lab launched Richard Stallman's lifetime
career of writing and campaigning for free – as in free speech – software

• In 1981, the Hamburg chaos computer club was founded; it rapidly
became known for both exposing security flaws and for advocating
Wendy M. Grossman, Modern 'hackers' are not worthy of the name,
freedom of information.

http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking

College of Information Technology, UNITEN

The modern hackers (..and they
became evil)
• By the early 1990s, "hacker" had come to mean what it
still means to many people: a very clever, computerobsessed, (usually) young, (usually) male with maybe a
shaky grasp on the ethics. The equivalent of
joyriders, because of their abilities to operate weird,
new technology and penetrate what should have been
locked rooms, but largely motivated by bragging rights
and the satisfaction of solving difficult puzzles.
• the first version of the Computer Misuse Act was passed
Grossman, Modern 'hackers' are not worthy of the name,
in 1990 inWendy
theM.USA.

http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking

College of Information Technology, UNITEN

The hackers today
• A hacker is someone who seeks and exploits
weaknesses in a computer system or computer
network.
• Hackers may be motivated by a multitude of
reasons, such as profit, protest, challenge or
enjoyment.
• There are hackers who are politically-edged:
• Wikileakers (freedom-of-information activist. They like to
think of themselves as journalist)
• Hacktivist (they claim that they are protesting actions
they believe to be unfair, even morally bankrupt in a way
that attracts public notice)
College of Information Technology, UNITEN

The hackings
Obtaining Login
Names and
Passwords:
• Eavesdropping
• Dumpster
diving
• Social
engineering

Wide variety of
criminal
hacker-related
activities:
• Transmitting code that
damages a computer
• Accessing any Internetconnected computer
without authorization
• Transmitting classified
government
information
• Trafficking in computer
passwords
• Computer fraud
• Computer extortion

Sidejacking:
• hijacking of an open
Web session by
capturing a user’s
cookie
• Sidejacking possible
on unencrypted
wireless networks
because many sites
send cookies “in
the clear”
• Internet security
community
complained about
sidejacking
vulnerability for
College of Information Technology,
years, butUNITEN
ecommerce sites

Malware

Worm:

• Self-contained program
• Spreads through a computer
network
Virus:
• Exploits security holes in
• Piece of self-replicating code
Morris worm (1988)
networked computers
embedded within another
Robert Tappan Morris, Jr.
program (host)
Graduate student at Cornell
• Viruses associated with
Released worm onto Internet from MIT
program files
computer
• Hard disks, floppy disks,
• Effect of worm
CD-ROMS
Spread to significant numbers of Unix
• Email attachments
computers
Infected computers kept crashing or
• How viruses spread
became unresponsive
• Diskettes or CDs
Took a day for fixes to be published
• Email
Antivirus:
• Impact on Morris
• Files downloaded from
Suspended from Cornell
• Allow computer
Internetusers to detect and destroy viruses
3 years’ probation + 400 hours
• Must be kept up-to-date to be most effective
community service
• Many people do not keep their antivirus software
$150,000 in legal fees and fines
packages up-to-date
• Today, Robert Tappan Morris is an
American computer scientist and
• Consumers need to beware of fake antivirus
entrepreneur!!!!
applications
College of Information Technology, UNITEN

Rootkit:
Trojan horse:
A set of programs that provides
Program with benign
privileged access to a computer
capability that masks
Activated every time computer is
a sinister purpose
booted
Backdoor Trojan:
Uses security privileges to mask
Trojan horse that
its presence Spyware:
gives attack access to
Program that communicates
Bot:
victim’s computer
over an Internet connection
A kind of backdoor Trojan that responds to
without user’s knowledge or
commands sent by a command-and-control
consent
program on another computer
Monitor Web surfing
• First bots supported legitimate activities
Log keystrokes
Internet Relay Chat
Take snapshots of computer
Multiplayer Internet games
screen
• Other bots support illegal activities
Send reports back to host
Distributing spam
computer
Collecting person information for ID
Adware:
theft
Type of spyware that displays
Denial-of-service attacks
pop-up advertisements related
Botnet: Collection of bot-infected
to user’s activity
computers controlled by the same
Backdoor
Trojans often
used to
College of Information
Technology,
UNITEN
command-and-control program
deliver spyware and adware
Bot herder: Someone who controls a botnet

Malware

Cyber Crime and Cyber Attacks

Phishing:
Large-scale effort to gain sensitive information from gullible computer users
At least 67,000 phishing attacks globally in second half of 2010
New development: phishing attacks on Chinese e-commerce sites
Spear-phishing:
Variant of phishing in which email addresses chosen selectively to target particular
group of recipients
SQL Injections:
Method of attacking a database-driven Web application with improper security
Attack inserts (injects) SQL query into text string from client to application
Application returns sensitive information
enial-of-service attack:
entional action designed to prevent legitimate users from making use of a computer service
m of a DoS attack is not to steal information but to disrupt a server’s ability to respond to its clients
stributed denial-of-service attack:
oS attack launched from many computers, such as a botnet
College of Information Technology, UNITEN

Cyber Crime
Criminal organizations making significant amounts of
money form malware
• Jeanson James Ancheta
• Pharmamaster
• Albert Gonzalez
• Avalanche Gang

College of Information Technology, UNITEN

Jeanson James Ancheta
Ancheta was going to Downey High School in California until 2001 when he
dropped out of school. He later entered an alternative program for students
with academic or behavioral problems. He worked at an Internet cafe and
according to his family wanted to join the military reserves. Around June
2004 he started to work with botnets after discovering rxbot, a common
computer worm that could spread his net of infected computers.

Hackers have for some time utilized Botnets for various purposes, but Ancheta set himself above the crowd
by actively advertising his network of bots on Internet chat channels. A Web site Ancheta ran included a
ange of prices he charged people who wanted to rent out the machines, along with guidelines on how man
bots were required to bring down a particular type of Web site.

College of Information Technology, UNITEN

PharmaM
aster

Blue Security:
Part I
• An Israeli company selling a spam
deterrence system
• Blue Frog bot would automatically
Leonid Aleksandrovitch
respond to each spam message with an
Kuvayev aka Alex Rodrigez
Kuvayev is a Russian/American
opt-out message
(born
13the
May
1972) of
spammer[believed
to be
ringleader
• Spammers started receiving hundreds
one of the world's biggest spam gangs.
of thousands of opt-out messages,
Anti-spam group Spamhaus.org currently
disrupting their operations
features Kuvayev as #2 on its Top 10
• 6 of 10 of world’s top spammers
worst spammers list. In 2005, the
agreed to stop sending spam to users
attorney general of Massachusetts
of Blue Frog
successfully sued Kuvayev for violations
of the CAN-SPAM Act - he and six
Part II
business partners were fined $37 million
• PharmaMaster) started sending Blue
Frog users 10-20 times more spam
It was found that they were responsible
• PharmaMaster then launched DDoS
for millions of unsolicited e-mails per day.
attacks on Blue Security and its
According to Spamhaus he could be the
business customers
"Pharmamaster" spammer who
• Blue Security could not protect its
performed a denial-of-service attack
customers from DDoS attacks and
(DDoS) against the BlueSecurity
College
of Information
virus-laced
emails Technology, UNITEN
company. Kuvayev is also behind
• Blue Security reluctantly terminated its

Ethical Evaluation
• What do you say on the
morality of these
individual’s actions?
• Robert Tappan Morris, Jr.
• Jeanson James Ancheta
• Leonid Aleksandrovitch
Kuvayev



Kantian evaluation



Social contract theory evaluation



Utilitarian evaluation

• Benefits: ?
• Harms: ?
• Conclusion: ?

College of Information Technology, UNITEN

Cyber attacks
Politically motivated



Estonia (2007)



Georgia (2008)



Georgia (2009)



Exiled Tibetan Government (2009)



United States and South Korea (2009)



Stuxnet Worm (2009)

Attacks on social networking



Massive DDoS attack made Twitter service unavailable for
several hours on August 6, 2009





Three other sites attacked at same time: Facebook,
LiveJournal, and Google

All sites used by a political blogger from the Republic of
Georgia

Attacks occurred on first anniversary of war between Georgia
and Russia over South Ossetia

College of Information Technology, UNITEN

Cyberattacks on Estonia
• A series of cyber attacks began on 27 April 2007 and swamped websites of Estonian
organizations, including Estonian parliament, banks, ministries, newspapers and
broadcasters following the Estonia’s disagreement with Russia about the relocation of
the Bronze Soldier of Tallinn (The Bronze Soldier of Tallinn is an elaborate Soviet-era
grave marker, as well as war graves in Tallinn).
• Most of the attacks that had any influence on the general public were DDoS type
attacks ranging from single individuals using various methods like ping floods to
expensive rentals of botnets usually used for spam distribution. Spamming of bigger
news portals commentaries and defacements including that of the Estonian Reform
Party website also occurred.
• Some observers reckoned that the onslaught on Estonia was of a sophistication not
seen before. The case is studied intensively by many countries and military planners as,
at the time it occurred, it may have been the second-largest instance of state-sponsored
cyberwarfare.
Ian Traynor,The Guardian 17 May 2007: Russia accused of unleashing cyberwar to disable Estonia

College of Information Technology, UNITEN

United States and South Korea (2009)
4th of July attack

• DDoS attack on governmental agencies and commercial Web sites in
United States and South Korea.
• Attack may have been launched by North Korea in retaliation for United
Nations sanctions
• While most Americans were watching fireworks on July 4, hackers launched
what would turn in to a multi-day denial-of-service attack against U.S.
websites. The Associated Press reported that the cyber attack knocked out the
websites of several government agencies including the U.S. Treasury, Secret
Service, Transportation Department and the Federal Trade Commission. In
addition, the attackers targeted the websites of the White House and the
Pentagon but neither was severely disrupted. The attack later expanded to a
number of other websites including the New York Stock Exchange, NASDAQ
and the Washington Post. South Korean websites were also added to the list
with many of the targets experiencing outages during the same time period.
South Korean intelligence officials believe that North Korea initiated the
http://www.innovationfiles.org/thoughts-on-4th-of-july-cyber-attacks/#sthash.2VauDgrL.dpuf
attacks and
today U.S. officials confirmed that the IP addresses of many of the
attacks originated from North Korea.College
Officials
cautioned,
however, UNITEN
that
ofhave
Information
Technology,
there is no evidence that the Pyongyang government was involved.

Supervisory Control and Data
Acquisition (SCADA) Systems
• Industrial processes require constant monitoring
• Computers allow automation and centralization of
monitoring
• Today, SCADA systems are open systems based on Internet
Protocol
• Less expensive than proprietary systems
• Easier to maintain than proprietary systems
• Allow remote diagnostics

• Allowing remote diagnostics creates security risk
• TNB has a large SCADA installation
College of Information Technology, UNITEN

SCADA Systems Carry Security
Risks

College of Information Technology, UNITEN

Let’s ponder…
Has the arrival of the internet done more harm
than good?

College of Information Technology, UNITEN

Would you mind if I hurt
you?
Understand that I need
to
Wish that I had other
choices
Than to harm the one I
love
What have you done
now?
I know I'd better stop
trying
You know that there's no
denying
I won't show mercy on

College of Information Technology, UNITEN

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close