D:\umad\seminars\Computer (In)Security\Common Sense Computer

Common
Sense
Computer
Security
BJ Gleason
GleasonB@korea.army.mil
Topics
Protecting your System
Out of the Box
Antivirus Software
Trojans
Firewalls
Patches
Passwords
SPAM
Phishing
Social Engineering
Physical Security
Email Encryption
Wireless Security
Backups
Getting rid of Your Computer
Will it help?
Note
Do not make any modifications until you
speak to your system administrator.
For Home Computers, it is typically you.
For Work Computers, it is typically
someone else.
Improper usage of some security tools
can be perceived as an attack.
http://thinairlabs.com/security
Is This How You Protect
Your Systems?
Out of the Box
Your system can be hijacked within
minutes of turning it on if it is connected
to the Internet.
Is this you?
“We have a two
pronged security
plan: ignorance
and gravity.”
- Anonymous
What to do
Do not connect to Internet, Turn On PC
Turn on Internet Connection Firewall
Connect to Internet
Hackers use automated tools to find it.
War Dialing, IP/Port Scanners
"Door Knob Rattling"
Update Anti-virus
Update Windows
Broadband (DSL/Cable) - Always on!
Get Spybot Search and Destroy
Protecting your System
Why?
"I don't have anything important on it."
Identify Theft on the rise
ChoicePoint, Lexus/Nexus, BOA
Using your PC and Connections
SPAM Servers
Illegal Software Servers (Warez)
Zombies
Turn On Internet Connection Firewall
Anti-Virus Software
According to Norton:
67,526 on 5/19/04
69,137 on 3/14/05
1611 new viruses in 10 months
161+ new viruses per month
Trojan Horse
A computer program
that claims to do one
thing, but also does
something else.
Spyware
Keep it Updated!
Free to Military
www-rcert.korea.army.mil
Where to Fight the Battle?
Worms can attack during boot up.
Sasser was attacking 2000 times/hour
Microsoft AntiSpyware Beta1
www.microsoft.com
Spybot Search and Destroy - Free
www.safer-networking.org
Hardware Firewall
Linksys DSL/Cable Router
Simple firewall - allows outbound only
Can open up incoming ports
Connect up to 4
computers to the
Internet
Uses Private IP
addresses
Patches
All system have a lot of bugs
Updates come
out often
Passwords
People are still using simple passwords
Or no passwords at all!
Easy for hackers to guess
Use Windows
Updates
Complicated passwords are written
down
Firewalls
Keep the
bad guys
out...
Simple in concept, can be complicated
to configure
Hardware or Software?
Software Firewalls
Zone Alarm
www.zonelabs.com
Free for personal use
Symantec Firewall
Free to Military
If not setup properly,
can prevent you from accessing the
Internet. Can control incoming and
outgoing data.
Password Hints
Don't use your login name in any form
Don't use your last name in any form
Don't use your spouse's or child's name
Don't use information easily obtained
about you.
Do mix UPPER and lower case.
Do use special symbols !@#$%^&*
Use a Phrase
I ate a lot of ice cream: I8aL0ic!
Combine words: kid?goat
Why strong Passwords?
John the Ripper
Program to crack passwords
Password Calculator
How long will it take to crack?
Biometrics
Something you have, and won't leave at
home
Reliability Issues
False Positives
False Negatives
The next big thing that will protect us...
Beating Fingerprint Scanners
A Japanese grad student using $10 of
typical supermarket materials
Creates a “gummy finger” able to fool
fingerprint detectors 70+% of the time
Gummy finger can be created and
touched up using a microscope, able
to use fingerprints lifted from objects,
such as coffee cups
How It Works
Making the Gummy Finger
The Results
From the Scanner
SPAM
Never Open SPAM or suspicious email
Be very careful with attachments
Never Reply to SPAM
Keyword Filter
Check your SPAM folders
Sometimes legit mail goes there
Create a SPAM account
Check for valid mail
White Lists - allowed addresses
Black Lists - disallowed addresses
Keyword Filter
stocks
homeowner
debt
prescription
diploma
xanax
valium
grants
viagra
{other words...}
But the Best Part...
"After it lets you in, you can
eat the evidence"
Stupid SPAM Tricks
Strange Addresses
an1mal2fakvoyaged@mypersonalemail.com
JennaKFLscoundrel80803483@charterpa.net
Customerservice@paypal.com.myserver.net
Strange Spellings
V1cod1n, Xan3x, D1PL0MA
If we delete all this spam, why do they
still send it?
The Email
SPAM Works
According Wired News, 6,000 people
responded to an email from Amazing
Internet Products with the subject line,
"Make your member HUGE." Most
ordered two bottles of pills at $50 per
bottle, generating over half a million
dollars in sales. And it doesn't even
work...
The Headers
Genuine Message from Tech Support
Sample AOL Password Scam
Subject: Spoofed Messages
Date: Tue, 9 Mar 2004 11:22:05 +0900
From: "Daniel Wieland" <dwieland@asia.umuc.edu>
Received: from yokexch00.asia.umuc.edu ([202.236.167.18]) by mx1.asia.umuc.edu
To: <faculty@ad.umuc.edu>
Subj: hop@AOL Order Receipt - Invoice# 2640052
Date: 10/13/00 9:01:26 AM Korea Standard Time
From: Shopping@aol.com
If you have recently received a message from support@umuc.edu with a short message and
attachment, TextDocument.zip, please delete it. The address was faked and the attachment
contains the latest variant of the Beagle worm.
It is safe practice not to open any attachments from unknown users or unsigned messages. If
you have any questions regarding e-mails’ authenticity, please feel free to contact our office at
ahelpdesk@ad.umuc.edu.
Dan Wieland
Helpdesk
Tricks to install viruses and Trojans
Tricks to get your name and password
Tricks to get your credit card information
Example:
Nigerian Money Transfer
SPAM costs nothing to send...
Return-Path: <support@umuc.edu>
Received: from yoksmtp01.ad.umuc.edu
([202.236.167.12]) by ronin.ad.umuc.edu (Netscape
Messaging Server 4.01) with SMTP id HU7D8200.50Y
for <faculty@ad.umuc.edu>; Sun, 7 Mar 2004 20:00:02
+0900
Received: From w7a8a6 ([68.51.248.149]) by
yoksmtp01.ad.umuc.edu (WebShield SMTP v4.5 MR1a);
id 1078657526734; Sun, 7 Mar 2004 20:05:26 +0900
Date: Sun, 07 Mar 2004 05:58:51 -0500
To: faculty@ad.umuc.edu
Subject: Notify about using the e-mail account.
From: administration@umuc.edu
Message-ID: <klxhycjsbsgfrkgjffc@ad.umuc.edu>
Dear Faculty members,
Phishing
Shop@AOL Order Receipt - Invoice# 2640052
Order Placed: 10/10/00 5:24 AM Estrn
---------------------------------------------------------------------------Brand: Aptiva
Series: IBM E 545
Model: SN56046
Details: 13 GB, 350 MH, CD-RW, 96MB Ram, Windows 98
Price: $1779.99
Shipping: UPS 3-Day AirMail / $10.00
Total: $1985.26
Your Shop@AOL order will be shipped as soon as you receive this email.
However, your order should arrive within the shipping you choose. If you do
not recieve your order, we ask that you click here if you did not order
the product(s) or want to cancel the order.
Checking out
Originating address is 68.51.248.149
C:>nslookup 68.51.248.149
Name: pcp03808942pcs.sftmyr01.fl.comcast.net
Address: 68.51.248.149
Sender appears to be from Florida, not
UMUC
Encrypted virus to bypass scanners
The Web Site
Message Headers
Where did it come from?
----------------------- Headers -------------------------------Return-Path: Received: from rly-yg01.mx.aol.com (rlyyg01.mail.aol.com [172.18.147.1]) by air-yg01.mail.aol.com (v76_r1.8)
with ESMTP; Thu, 12 Oct 2000 20:01:26 -0400
Received: from mail.siscom.net (mail.siscom.net [209.251.2.99]) by
rly-yg01.mx.aol.com (v75_b3.9) with ESMTP; Thu, 12 Oct 2000
20:01:20 -0400
Received: (qmail 92450 invoked from network); 13 Oct 2000 00:01:14
-0000
Received: from orders.aol.com (HELO aol.com) (209.251.10.245) by
mail.siscom.net with SMTP; 13 Oct 2000 00:01:14 -0000
From: Shopping@aol.com
Subject: hop@AOL Order Receipt - Invoice# 2640052
Date: Tue, 29 Aug 2000 19:58:33 -0600
Track It...
How good are you at
catching Phish?
C:>nslookup 209.251.10.245
Name: ppp245.c5300-2.day-oh.siscom.net
Dial Up Account (PPP)
Link in email sends us to
Try the Phishing Quiz.
It will show you some
emails, and you have
to determine if they
are real or phish.
www.freebox.com/america_online/cancel.html
http://survey.mailfrontier.com/survey/quiztest.html
Social Engineering
Getting people to tell you secrets
Pretend to be someone else
Social Engineering in Action
In London, pollsters randomly offered
people a chocolate candy bar if they
would give up their password.
Social Engineering in Action
In London, pollsters randomly offered
people a chocolate candy bar if they
would give up their password.
Have some familiarity with organization
71% did, and gave lots of other
Preferred method of Kevin Mitnick
information as well.
If you want to know someone's secret,
just ask them...
When asked 37% did it right away.
Would you reveal your password?
Using social engineering tactics, by
suggesting possible passwords, 34%
told the pollsters their password and
many explained the origins.
53% would not give their password
to a telephone caller claiming to be from
their company's IT department.
47% would...
But Wait
Four out of 10 said they knew their
colleagues' passwords.
55 percent said they'd give their
password to their boss.
Two thirds of workers use the same
password for work and personal use,
such as banking and online access.
Changing Passwords
51% changed passwords monthly
3% weekly
2% daily
10% quarterly
13% rarely
20% never
Most wrote their passwords down.
Most common password of all? ADMIN
Last year - PASSWORD
Physical Security
If I can touch it, I own it
ATM Machines
Pretty Standard
Not What You Think
Hidden Camera to capture PIN
Wireless, Battery Operated Camera
Field of View
KeyKatcher
Hardware
Keystroke
Recorder
Email Encryption
I can break into any Windows system
within 5 minutes...
Laptop Theft
Keystroke Recorders
Software, Hardware
Credit Card Scanners
No software
Any PC OS
Up to 128KB RAM
Cost: $50 - $99
Not detectable by
software
Where can your email be read?
When you send email there are
dozens of places where other can
intercept it and read it...
The Whole Idea
Convert our message from plaintext
to ciphertext, send it, and then convert
it back again on the other end
Encrypted Message
Symmetric - Shared Keys
How do we share the keys?
If not secure, all messages are
compromised
PGP - Pretty Good Privacy
What we want
One key to lock, another to unlock
PGP Freeware
Works with any email system
Public Key Encryption Software
Download / Install
Developed by Phil Zimmerman
Create Keys with secret passphrase
Hounded by the U.S. Government
Was illegal to export at the time
Widely Used
Send your public key to public server
Now others can use your public key to
encrypt and send you messages
Commercial / Freeware
The Big Debate
Who controls encryption techniques?
The Controversy over Cryptography
Wireless Security
Should the citizens of a country have the
right to create and store documents
which their government cannot read?
Ronald Rivest, speaking before the
MIT Telecommunications Forum,
Spring 1994.
Great, A Lot of Fun
But by default, they are wide open…
Wireless Security
And most wireless access points (WAP)
are INSIDE the firewall
Hackers using wireless cards can "drive"
right into your network...
WarDriving
Hackers will
search for
wireless access
points with a
portable
computer and
GPS...
War Chalking
War Mapping
And produce
maps to share
with their
friends...
More
Wireless
Fun
Free
wireless
Internet
planned for
Washington
Mall
Wireless Security Essentials
1. Change the default SSID
2. Disable the SSID broadcast
3. Change the default password
4. Enable MAC address filtering
5. Enable WEP Encryption
6. Placement of WAP
1. Change the default SSID
For Linysys, the default SSID name is
"linksys"
What can you do?
Don't use wireless!
Not really a solution...
But there are some things you can do to
tighten things up a bit...
2. Disable SSID broadcast
By default, most WAPs broadcast the
SSID, so anyone can easily join
Hackers know the defaults
This also describes the device, giving
hackers additional information
Unless you're running a public hotspot
(like an Internet Cafe), it's best to
disable SSID broadcast.
Change the name
Manually add devices to network
3. Change the default password
4. Enable MAC address filtering
Most devices have a default password,
such as "admin"
Most WAPs allow for MAC address
filtering.
Since WAPs use the internal addresses,
hackers can access the system
configuration using the default
password.
The MAC address unique for each
device (wired or wireless).
Example: 00-E0-18-3F-A8-F0
MAC filtering only allows listed MAC
address to access system.
6. Placement of WAP
Backups
Maximum Range is only 300 ft
Tapes are Expensive and Slow
CDs / DVDs too small
Building materials can limit access
Keep away from windows
Site Survey
Deleting Data - For the serious
Step 1 - take hard
drive apart
Step 2 - Grind it
down
5. Enable Encryption
Most WAPs allow for WEP (Wired
Equivilance Privacy) encryption to
protect transmissions.
Will slow down the system, but provide
an additional layer or protection.
40 bit or 128 bit encryption
Getting Rid of Your Computer
Deleted files can be recovered
Formatted drives can be unformatted
Backup Hard Drive
USB, Firewire
Can be plugged
into other
systems
Document Destruction
MIT Researchers found 80% of old
computers had personal information
Disk Wipers - DOD standards
Overwrites entire disk 7 times
All this security stuff - Will it help?
Shredders
Strip
Cross Cut
Yes...
Incinerators
Maybe...
This document was
recovered from the
US Embassy in Iran
It will stop 99.9+%
No...
Determined hackers can always get in.
Opportunity
Why break into a
car when so many
cars are unlocked?
Why steal a car
with an alarm,
when so many do not have alarms?
A little defense can go a long way...
Minimum
Getting More Help
www.pcmag.com/security
Anti-Virus Software - Up to Date!
www.cert.org/homeusers
Firewall - Block all incoming
Be careful of attachments
Trojan Scanner - Up to Date
University of Maryland
IFSM 430 Information Security
Seoul Computer Club
www.seoulcc.org
Be Careful!
thinairlabs.com/security
Seoul Computer Club
The Seoul Computer Club meet on the
second Saturday of each month, at 2pm
at the Camp Kim USO, 2nd Floor
Conference Room.
Questions
www.seoulcc.org
Everyone is
welcome to attend
All the links can be found at
http://thinairlabs.com/security
End of Presentation