Information Security and its Implications on Everyday

Transcription

Information Security and its Implications on Everyday
Information Security and its
Implications on Everyday
Usage: An end-user’s
Perspective
Sherif El-Kassas
Academic Computing Services
Outline
The Status Quo
Speed
New technologies
The Human Factor
Things to do
Conclusions
The Status Quo
(bad news)
Incidents
http://www.cert.org/stats/cert_stats.html
160,000
140,000
120,000
100,000
80,000
60,000
40,000
20,000
0
1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003
Year
CSI'
s Security Survey
http://www.counterpane.com/incidents.html
Conducted for the past six years
64% of respondents reported “unauthorized use”
25% said that they had no such unauthorized uses
11% said that they didn'
t know
The number of insider versus outsider incidents
was roughly equal
Attacks via the Internet: 70% ↑
Attacks via dial-in: 18% ↓
Attacks via internal systems: 31% ↓
http://vil.mcafee.com/mast/viruses_by_continent.asp
Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/
Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/
Virus Wars
We'
re in the middle of a huge virus/worm
epidemic
Dozens of different viruses have been
found in the past few weeks
Most are not new
There seems to be an ongoing war
between the people who write the Bagle
worm and the people who write the
Netsky worm
CRYPTO-GRAM, April 15, 2004
http://www.schneier.com/crypto-gram.html
Speed!
(fast bad news)
Security is Moving Fast
The Slammer worm!
The fastest mass
attack in history
It doubled in size each
8.5 seconds
It infected 90% of
vulnerable systems in
10 minutes!
Slammer after a few minutes
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Slammer after a few hours
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Slammer Geographic
Distribution
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
HOW does it work?
Buffer Overflow
Tell SQL that it want to
open a database
Provide a database
name that it too long
Wired, July 2003
HOW does it work? (continued)
Infect the SQL binary!
Choose the next Victims at Random
Replicate
Repeat forever
Wired, July 2003
The Victims
Emergency services
Banks’ ATM machines
Anyone with an internet connection and
vulnerable windows system
Networking devices failed under the load
…
Time to recovery?
Why was it so fast?
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
More Speed!
Windows update
Office update
Anti virus update
CISCO IOS update
…etc.
New Technologies
(new bad news)
New Technologies!
New Technologies improve usability
BUT
Introduce new security challenges
IP telephony
Both data and voice share same network
IP has security problems
Call signaling is now in-band
Added intelligence at network edge
(phone)
Susceptibility to attacks
Brennen Reynolds, Department of Electrical and Computer Engineering University of California, Davis, Security Lab Seminar – 7/17/2002
Wireless technology
Wireless technology
No Physical network boundaries
Weak authentication
Weak data protection
…
WEB services
The next RPC
More generic
Allows for application and backend integration
Hides within HTTP, HTTPS, and SMTP
Renders standard firewalls almost useless!
Opens up applications
The Human Factor!
(blame bad technology on its users)
The Five Worst Security
Mistakes End Users Make
1- Opening unsolicited e-mail attachments without
verifying their source and checking their content
first
2- Failing to install security patches-especially for
Microsoft Office, Microsoft Internet Explorer, and
Netscape
3- Installing screen savers or games from
unknown sources
4- Not making and testing backups
5- Using a modem while connected through a local
area network
http://www.sans.org/mistakes.htm
Monoculture
(It’s all the same to me)
A single, homogeneous
culture without diversity or
dissension.
What can be done?
“I am regularly asked what the average
Internet user can do to ensure his security.
My first answer is usually:
"Nothing; you'
re [doomed]. "
But it'
s really more complicated than that.”
--Bruce Schneier
CRYPTO-GRAM, May 15, 2001
Incident and Vulnerability Trends,
http://www.cert.org/present/cert-overview-trends/
Backups
Make (at least) weekly backups
Test your backups
Keep backups on separate media and if
possible off site
Refresh and test old important backups
Destroy obsolete backups
Antivirus software
Essential no matter which platform you are
using
Update once a week (at least) and
whenever you receive an auc advisory
Consider spy-ware detection tools
(http://www.earthlink.net/spyaudit/)
Update your software
Windows update
Applications update
Uninstall applications you don’t use
..etc.
Personal firewall & ID software
As a minimum precaution:
Windows users make sure you configure and
use ICF (or install 3rd party product)
Linux users: IPTABLES & Snort
E-mail
Delete spam without reading it
Don'
t open messages with suspicious or
cute attachments
Don’t blindly trust the From: filed
If you can, turn off HTML mail
make sure you enable macro virus
protection
Turn off the "hide file extensions for known
file types" option
The Web
If possible, block cookies except for sites
that provide services you need
Regularly delete your cookies and temp
files
Don’t blindly trust web sites (look out for
web cons)
Limit financial and personal information
you send to web sites
Laptops, PDAs, & Phones
Keep your laptop, PDA, & phone with you
at all times
Consider the use of physical security
devices
Regularly delete unneeded information
from them
Consider encrypting sensitive files
Encryption
Install and use e-mail and file encryption
software (e.g. GnuPG)
Encrypt important emails
Encrypt important files
Passwords
Try to choose and memorize good passwords
If you can'
t:
Write them down and keep them in your wallet
Use smartcards or similar tamper resistant devices
Don'
t let Web browsers store passwords for you
Don'
t transmit passwords (or PINs) in
unencrypted e-mail and Web forms.
Assume that all PINs can be easily broken, and
plan accordingly.
Other issues
Turn off the computer when you'
re not
using it
Don’t violate P&Ps
Avoid local shares
Avoid P2P software
Be vigilant
Conclusions
Technology isn’t perfect
Probably won’t change significantly for the
next 10 years
E-crime on the rise
“Genuine, widespread awareness of
information security issues is the only
practical way to counter attacks targeting
computer users”
http://www.noticebored.com/
It’s not easy, but a lot can be done!
Questions?
Links:
www.counterpane.com
www.ccianet.org/papers/cyberinsecurity.pdf
www.cert.org/
vil.mcafee.com/mast/viruses_by_continent.asp
www.schneier.com/crypto-gram.html
www.earthlink.net/spyaudit/
www.gnupg.org
Email: sherif@aucegypt.edu
Download: acs2.aucegypt.edu/sk2004/pre.zip