Security for Home Computing Topics to Cover

Security for Home Computing
Topics to Cover
The best way(s) to connect one or more
home computers to the Internet
Wired vs. Wireless networking
The types of threats that exist today and
how to reduce your vulnerability
1
Connecting to the Internet
Today’s most common options
–
Dial-up
Analog or Digital
–
–
–
–
DSL
Cable
Satellite
Wireless
Dial-up Connections
Analog - POTS
Digital - ISDN
Circuit Switched Technologies
Connection As Needed Only
Dial-up Connection Is Most Economical to
Provide Access for Infrequent Use
2
Analog - POTS
Plain Old Telephone System
Refers to the Analog Phone System We’ve Used
for Years
Analog Connection through POTS Supported by
Use of Modems at Each End
Modems
Stands for MOdulator / DEModulator
Modulation Is the Conversion of Digital
Information Into an Analog Signal
Demodulation Is the Conversion of the
Analog Signal Back Into Digital
Information
3
Standards for Modems
Some of the ITU (formerly CCITT) Modem Standards :
standard
V.21
V.22
V.22 bis
V.23
V.26
V.26 bis
V.26 ter
V.27
V.27 bis
V.27 ter
V.29
V.32
V.32 bis
V.32 ter
V.34 (V.fast)
V.34 modified
V.90
Encoding
V.92
FDM
EC
date
ratified
1964
1980
1984
1964
1968
1972
1984
1972
1976
1976
1976
1984
1991
1992
1994
1996
1998
speed
in bps
200
1200
2400
1200
2400
2400
2400
4800
4800
4800
9600
9600
14400
19200
28800
33600
56000
HDX/FDX
FDX(FDM)
FDX(FDM)
FDX(FDM)
HDX
HDX
HDX
FDX(EC)
HDX
HDX
HDX
HDX
FDX(EC)
PSTN/
private
PSTN
PSTN
PSTN
PSTN
Private
PSTN
PSTN
Private
Private
PSTN
Private
PSTN
modulation
FSK
PSK
QAM
FSK
PSK
PSK
PSK
PSK
PSK
PSK
QAM
QAM
TCM
TCM
TCM
TCM
Digital
2000
56000
(moves upload from 33.6 to 48, adds Internet call waiting)
means Frequency Division Multiplexing
means Echo Canceling
Analog Connectivity
Does Not Scale
Limited to 53.3 kbps in USA
Suitable for Text and E-mail
Slow for Graphic Intensive Downloads
Most Inexpensive Connection Solution
Slowest Connection Solution
Suitable Only for Home or Small Office
4
Digital - ISDN
Developed for Digital Transmission of
Integrated Voice and Data Over Existing
Telephone Lines
Sets up Call Faster Than Analog Telephone
Service
Much More Common in Europe
Usually not Cost Effective in USA
DSL
Multiple Variations (xDSL) Available
–
ADSL, SDSL, HDSL, RADSL, and VDSL
Becoming Very Popular
Many Believe It Will Replace Dial Up Soon
Supports Voice & Data Over Existing Phone
Wiring
FCC Ruling Recently May Soon Change
Available Choices
5
Digital Subscriber Line (DSL)
DSL Can Be a Pair of Boxes on Each End of a Copper
Wire Pair
DSL Converts Ordinary Phone Lines Into High-speed Data
Conduits
Like Dial, Cable, Wireless, and T1, DSL by Itself Is a
Transmission Technology
Service Is Limited to Certain Geographical Areas
Central
Office
End User
DSL
Ethernet
DSL
“Modem”
Copper Loop
DSL
“Modem”
Server
ADSL Service
An Always-On Service Commonly Sold to
Consumers for Home Internet Access
Utilizes Existing Phone Wiring
Carries Both Voice Phone Service and Data
Usually Billed Monthly Flat-Rate
Rates Vary Greatly by Region and Speed of
Service
Requires Box in the Home to Split Out Data and
Voice
6
ADSL Service
Local Phone Service Must Support Service
–
–
DSLAM Splits Out Voice and Data on Carrier Side
DSLAM Usually Located in CO
Typical Home Offering is 1.5 Mbps Download
and 640 Kbps upload
–
Maximum Range for This Speed Is 18000 Feet
DSL Box
DATA
Splitter
VOICE
DATA
DSLAM
Router
VOICE
Phone Switch
Your Home
Provider CO
Cable “Modem” Service
Utilizes One 6Mhz Cable Channel
Can Support Up to 30 or 40 Mbps of Data
–
Upload and Download Rates May Be Restricted by
Cable Provider
Bandwidth is Shared
–
–
All Devices Connected to
Same Cable Head-End
Up to 2000 Typically
7
Cable Standards
DVB/DAVIC
–
Based on Fixed Cells Like ATM
MCNS/DOCSIS
–
–
–
De Facto US “Standard”
European Version Becoming Popular
Not Accepted by Any Standards Body
IEEE 802.14
–
Not Yet Widely Supported by Cable Companies or
Equipment Manufacturers
aDSL vs. Cable
aDSL Uses Separate
Circuit for Each Service
Max 8 or 9 Mbps
Download Speed (Usually
Limited to 1.5 Mbps for
Residential)
Deregulation Allows
Multiple Vendors
Uses Existing Telephone
Distribution System with
Distance Limitation
Cable Service is Shared
within a Neighborhood
Max 30 Mbps Download
Speed (Usually Limited
for Residential)
Current Regulations Mean
Single Vendor
Uses Existing Cable TV
Distribution System
8
Satellite Connection
Usually Most Expensive Solution
Often “Last Resort” When DSL and Cable
Are Not Available
Available Anywhere – No Limitations
Wireless Metro Area Network
IEEE 802.16a Standard Approved January
2003
Also Known as Wi-Max
Range Up to 20 Km (~12.4 Miles)
May Require Licensed Provider
Not Yet Widely Available
Pricing Should Be Competitive
9
Multiple Home PCs
“Windows Home Networking” Allows
Multiple Networked Home PCs to Share
One Dial-up Connection
Home “Routers” Allow Multiple Home
PCs to Share One Cable or DSL Connection
–
–
These Boxes Provide Many Other Useful
Functions (Firewall, NAT, Switch, etc.)
Strongly Recommended For All Cable or DSL
Wired vs. Wireless
Home Wiring Often
Very Complex
Very Inexpensive
Standard 10/100/1000
Mb Connections
Good Security by
Default
Home Wireless Easy
to Install
Low Cost Standard
11/54 Mb, Proprietary
108 Mb Connections
Fair Security by
Default, Requires
More User Setup
10
Wiring Your Home
Materials Cost About $5-10 per Room
Labor Is the Major Problem
Can Take Shortcuts
–
–
–
–
No IDFs
No Patch Panel
Just Run Cables
No Jacks
Wireless In Your Home
Standards – 802.11a, 802.11b, 802.11g
Security Never On By Default
New Standards (June 2004) Support Good
Security
Older Wireless May Be Upgradeable
11
Home Routers
Strongly Recommended
Wired Only or Wireless Support
Newest Versions Include “Stateful” or
“Second Generation” Firewalls
Functions In Home Routers
Four Port 10/100 Mb Ethernet Switch
May Also Have Wireless Support
Network Address Translation (NAT)
Router
Firewall
12
What Are the Threats?
Malware
–
–
–
–
–
Spyware
Virus, Worm, Trojan Horse
Unauthorized Access or Intercepted Transmission
Denial of Service, Distributed DoS
Buffer Overflow, CGI Exploit
Impersonation
Social Engineering
Lack of User Support
What is Malware?
Malicious Software
Software that installs or runs on your computer
without your knowledge or your permission.
Software that degrades or disrupts the
performance of your network without your
knowledge or permission
Software that captures your data transmissions
without your knowledge or permission
13
Malware Problems
Microsoft Says Malware Caused More Than a
Third of All Windows XP Crashes In Early 2004
80% of All Consumer PCs Have Some Malware
Installed (source: IDC and TruSecure)
No One Anti-Malware Program Available Today
Can Detect/Stop All Types of Malware
Some Vendors Offer Product “Suites” or
Collections of the Various Programs Needed
What is Spyware?
Microsoft describes spyware as “software that
performs tasks on your computer without your
consent”
A sub-category of malware that includes:
–
–
–
–
Adware – presents ads in browsers or other applications
Trackers – logs web sites that are visited
Key Loggers – records every key stroke that is made
E-mail Harvesters – gathers e-mail addresses from an
address book or other files on the computer
14
Virus or Worm
Similar in nature
Virus relies on execution of another
program to activate it or to spread it
Worm is capable of activating itself
and spreading itself, but may use
other programs or files in the process
Either can be harmless or destructive
Trojan Horse
Either a hidden program or a hidden
function within a program
May appear to have a useful function
May accompany web downloads
May come as e-mail attachment
Effects may be obvious or subtle
15
Data Theft
Unauthorized access to systems or network
Transmitted data is intercepted or rerouted
Impersonation of a valid user
Impersonation of a valid resource or web site
May capture accounts, passwords, or data itself
Phishing and Pharming
Fastest growing security threats
Phishing baits you with e-mail to lure personal information
from you
Phishing attacks in second half of 2004
–
–
260% increase over first half of 2004*
370% increase over second half of 2003*
Pharming is successor to phishing
Pharming based on Domain Spoofing
–
–
–
Often done with DNS poisoning
Redirects your browser to fake web sites despite your best efforts
Increased use of Digital Certificates may be only recourse
*Source: Symantec Security Team
16
Recent Pharming Attacks
Early March 2005
–
–
–
At least 1,300 Internet Domains were redirected
Over 900 unique Internet addresses were redirected
Over 75,000 e-mail messages were redirected
April 1, 2005
–
–
New round of attacks on DNS .com servers
Used DNS cache poisoning
Hacker gains control of one DNS server and installs false info
Uses DNS vulnerability to pass phony info to other DNS
servers
Denial of Service
Overloading a device to prevent normal data flow
Distributed Denial of Service (DDoS)
–
simultaneous attack from multiple sources
Various types
–
–
–
–
–
–
–
SYN Flood – Lots of SYN packets, but no ACK
Ping Flood – Continuous Large Pings
Land Attack – Spoofed SYN to crash system
Smurf Attack – Spoofed Ping, unrequested replies
IP Spoofing – SYN attack with spoofed address
Ping of Death – Oversized ping request
Teardrop – False header fragment information
17
Is Your PC a Bot?
Crackers Use Trojans or Other Attacks to
Install Hidden Programs on Your PC
These Hidden Programs Allow Them to
Control Your PC Remotely
Your PC Becomes One of the Robots In
Their Army For DDoS Attacks or Simply a
Point to Confuse Forensics
System Exploits
Buffer Overflow
–
Often exploits discovered weakness in OS
Remote Procedure Call (RPC) Exploit
Common Gateway Interface (CGI) Exploit
Often used to imbed programs or
open back doors to systems
18
Social Engineering
Low-tech method of cracking
network security
Using other people to obtain what
should be secure information,
accounts, or passwords
Using false pretenses to get secure
information, accounts, or passwords from
people
Lack of User Support
Users with simple passwords
Users with passwords posted at their desk
Unattended, logged on systems
Unrestrained downloading of “free”
software
PASS
WORD
19
What Are The Defenses?
Firewalls to block attacks and Detect
Presence of Some Malware
Anti-Virus Software to Stop Incoming
Viruses and Trojans
Anti-Spyware to Detect and
Remove Spyware and Adware
Security patches & updates to
patch vulnerabilities
Firewalls
Each PC Should Run a Software Firewall
Hardware Firewall Also Strongly
Recommended for Home with Multiple PCs
20
No System Is Totally Secure
No One Product Can Do It All
Use Multiple Products
Product Suites Available from Some
Vendors
Even If You Have All Defenses In Place,
You May Still be Attacked
Backup, Backup, Backup!!!
Happy Web Surfing!
21
Web Resources
Anti-Virus, Firewalls, and Other Security Products
–
–
–
–
–
–
–
–
–
–
–
–
–
–
http://store.ca.com
http://www.centralcommand.com/
http://www.free-av.com/
http://www.grisoft.com/us/us_index.php
http://www.kaspersky.com/
http://us.mcafee.com/virusInfo/default.asp
http://www.pandasoftware.com/
http://www.sophos.com/
http://securityresponse.symantec.com/
http://www.trendmicro.com/
http://www.blackice.com
http://www.checkpoint.com/
http://www.pcviper.com
http://www.zonelabs.com/
Web Resources
Anti-Spyware, Anti-Adware Products
–
–
–
–
–
–
–
–
–
–
–
–
CA Pest Patrol
FBM ZeroSpyware
Lavasoft Ad-aware SE
McAfee AntiSpyware
Microsoft AntiSpyware
PC Tools Spyware Doctor
Spybot Search & Destroy
Sunbelt CounterSpy
Tenebril SpyCatcher
TrendMicro AntiSpyware (formerly Spy Subtract)
Webroot Spy Sweeper
XBlock X-Cleaner
22