How You Can Protect Yourself from Cyber-Attacks

Ian G. Harris

Department of Computer ScienceUniversity of California Irvine

Irvine, CA 92697 USAharris@ics.uci.edu

About the Class

Schedule: Mondays, 10:00 - 10:50 in DBH 1420

Website: Look at http://www.ics.uci.edu/~harris

Readings: The Symantec Guide to Home Internet Security, Andrew Conry-Murray and Vincent Weafer, Addison- Wesley, 2006

Topics: Computer security risks (i.e. phishing, spam, malware, etc) and how to protect against them (i.e. firewalls, anti-virus, patching software, etc.)

• This course is meant to be practical, not too technical.

• I can give pointers to more technical information.

Social Engineering

Exploiting vulnerabilities in the user, not the network or device

Traditional scams using the computer (and/or the phone) as a vehicle

People trust official looking emails and websites

Not primarily technical attacks

Often used to gain information for larger attacks

Social Engineering Examples

Examples:•“Dear Honorable Sir, I need to transfer $10,000,000,000 to your account”

Required to pay a “small” transfer fee

•“You need to update your Paypal account …”Directed to send personal information

•Call computer support and masquerade as a technician

“Where is that TFTP server located again?”

Spoofing

• Making a fake version of something in order to trick a user

• Often used as part of a social engineering scam

Example:

1. You get an email saying something is wrong with your ebay account.

2. It provides a link to a website www.ebayaccounts.com

3. The website is fake but can look completely real

• Can be done with email addresses and calling trees

Preventing Social Engineering

Don’t trust anyone or any information that you can’t verify

1. Don’t give critical info to unverified websites/phone numbers2. Don’t accept anything (i.e. programs) from unverified sources

This may be inconvenient

1. If Citibank calls, you should call them back at a known Number2. Can’t purchase online from unknown vendors3. Be careful about freeware/shareware

“Technical” Threats

Exploiting vulnerabilities in the computational device or in the network

•Require some technical abilityUnderstand network protocols and componentsWrite code (at least execute scripts)Deeply understand networked applications

•May be directed at your machineYou can defend against these

•May impact you but be directed against other machinesYou can’t really stop these

Typical Technical Threats

Denial of Service - A service provided by the device is caused to fail

•Cellphone cannot receive calls, desktop reboots

Quality of Service - Quality is degraded, not destroyed

•Noise added to a phone call, anti-lock brakes slow

Data Theft - Important data is taken from the device

•Passwords, name, usage patterns, location

Botnet Zombie - Complete ownership of the device to use in the future for other attacks.

Threats Against Other Machines

•Your machine’s operations are impacted by an attack on another machine

Usually part of the network infrastructure

Examples:

Your Domain Name Server (DNS) is attacked so you can no longer resolve domain names

Your university’s computers are attacked and your personal data is stolen

•You can’t do much about these attacks, except complain/sue

Threats Against Your Machine

•Most such threats require executing malicious code on •your machine

Malware - General term for “Malicious code”

Common types of malware:

Spyware - Record information inside your deviceBrowsing habits, keystrokes, etc.Also change behavior (web page redirects …)

Adware - Record information and display ads catered to you

How Does Malware Work?

• Need to know this in order to defend against it

1. Gets into the memory of your computer

2. Tricks your computer into executing it

3. Hides itself

4. Spreads itself to other machines

Getting Into Your Computer

User-driven - User allows the malware in

•Read your email

•Click on an attachment

•Click on a website link

•File transfer (ftp)

Background traffic - Many programs communicate on the network in the background

•IM, skype, automatic updates, etc.

Executing on Your Machine

How can foreign programs run on my computer?

User Gives Permission

•“Do you want to enable this macro?”

•Bad default settings, (ex. Automatically enable all macros)

•These vulnerabilities can be fixed fairly easily

Software Vulnerability

•A networked application has a coding flaw which allows unauthorized code execution

Rootkits

•A rootkit is a program that uses stealth- Sneaks onto your machine without you knowing- Hides itself on your machine so that is can’t be removed

•Rootkits change components of the operating system to hide their •presence

Example of stealth- A rootkit may attach itself to a good executable- Detected by examining properties of the executable (i.e. size)- Checking properties is a call to an OS program- Rootkit may change the “check properties” program to print the

original size

•Most malware is fundamentally a specialized rootkit

Malware Propagation/Spread

Trojan Horse - Malware which is part of another program which the user believes is safe

•Spread occurs when the user installs the “safe” program•Social engineering may be involved

Virus - Malware which is part of a larger program or file

•Ex. Macro in an .xls spreadsheet•Self-replicates by inserting itself into new programs/files

Worm - Malware which is not attached to another program/file

•Self-replicates over the network