itp 101 intro to information technology information security
TRANSCRIPT
ITP 101Intro to Information
Technology
Information Security
2
Before we starthttp://www.colbertnation.com/the-colbert-report-videos/375428/february-24-2011/corporate-hacker-tries-to-take-down-wikileaks
3
Overview• What is security?• Why do we need security?• The History of Information Security• What is an attack?
– What is malware– What is phishing?
• Who is vulnerable?• What is a hacker?
– Why hack?
• How do I protect myself?
4
What is Security?• What does security mean to you?
• “Freedom from doubt, anxiety, or fear; confidence”– dictionary.com’s definition of the word security
• Most security professionals agree that security involves the following:– Confidentiality, Integrity, Availability
5
What is Security?• Since information security is such a huge area of study,
it has been divided into 10 domains of focus:– Cryptography– Software development security– Telecommunications / Network Security– Operations security– Physical Security– Legal, regulations, investigations and compliance– Business continuity and disaster recover planning– Information security governance and Risk Management– System architecture and design– Access Control
6
Why do we need security?• To keep in private the information that we deem important
– Confidentiality
• To make sure what we send/receive has not been tampered with– Integrity
• To ensure that our services are always usable– Availability
• You can image all the other reasons why you need security.
7
Hacking throughout History
8
History of Information Security
• 70’s– IBM mainframes and end user security– Phone networks
• Phreaking (phone hacking)
• 80’s– Hacking groups started to appear
• Only wanted to learn more about the complex computer networks/setups that each organization has
– Started to see some hackitivsm startup here– Beginning of government laws with it comes to
computer crimes
9
History of Information Security
• 90’s– Government crack down against computer crimes
• Still a lack of true understanding of the power of the computer
– At the end of the 90’s government started to see computers are a potential as a weapon
• 2000’s– An increase of computer attack awareness (thanks
Internet)– Increase of people hacking for money, this actually
started in the late 80’s
10
Percentage of IT Budget on Security
“If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”
- Richard Clarke
11
Types of Security Technology Used
12
What is an attack?• An attack usually has a clearly identified target and has a goal
– Example Targets:• a company, a server, a website
– Example goals:• deface a web page, get system access, make server unavailable, steal documents
– Attacks can employ malware
• Attack Examples– Eavesdropping
• documents, messages, passwords,...
– Man-in-the-middle• intercept communication link
– Tampering• modify system, manipulate data
– Spoofing• email with wrong sender, phishing
– Hijacking• hijack session (e.g. Telnet), hijack host (zombie)
– Capture – replay• capture and reply of command messages
– Denial of service• crash or overload server with (e.g. malformed) requests
Goal Attacks
Confidentiality EavesdroppingMan-in-the-middleHijacking
Integrity (+Authentication)
Man-in-the-middleHijackingTamperingSpoofingCapture-replay
Availability Denial of service
13
Who is vulnerable?• Any machine/person
– It does not need to be connected to a network
• i.e. Iran Nuclear Program
• Typically most modern operating systems cannot be directory attacked if fully patched
– Attackers will aim for other things installed or not installed.
14
What is malware?• Any software program developed for the performing an
action unknowing and unwanted by the end user (malicious software)
• First known in the 80’s as a Trojan horse
• Various types– Trojan horse– Virus– Worm– Spyware– Adware– …
15
Types of Malware• Trojan Horse
– A harmful piece of software that isdisguised as legitimate software
• Virus– A program that spreads by inserting
copies of itself into other executable code or documents (host dependent, replication)
– Requires the user to transmit infected file to other users
16
Types of Malware• Worms
– A self-contained, self-replicating computerprogram
– Similar to a computer virus, but does not needa user to transmit an infected file does not typically destroy the computer.
– First Internet worm in 1988
• Spyware– Software that collects and sends information about users or, more precisely, the
results of their computer activity,without explicit notification
• Adware– Advertising-supported software– At times can be a subset of spyware
17
What is phishing?
• Phishing is the act of attempting to acquire information by masquerading as a trustworthy entity in an electronic communication
– Some of this information include:
• usernames, passwords, and credit card details (and sometimes, indirectly, money)
18
Who gets hacked?• Government servers
– North Korean Social Media Hackedhttp://www.cnn.com/2013/04/04/world/asia/north-
korea-hacking
• Banks, e-commerce sites– Bank of America Hacked by Anomymous
http://www.ibtimes.com
/bank-america-hacked-anonymous-hackers-leak-secrets-about-executives-salaries-spy-activities-1107947
• Educational institutions– USC Applications Database Hack
http://news.cnet.com
/Man-charged-with-hacking-USC-database/2100-7350_3-6063470.html
19
What is a hacker?• Hacker is a term that has been
used to mean a variety of different things in computing. The term could refer to a person in any one of several distinct communities and subcultures:
– People committed to circumvention of computer security.
– A community of enthusiast computer programmers and systems designers.
– The hobbyist home computing community, focusing on hardware
20
World’s definition of a hacker
• Media definition of hacker is definition of criminal hacker
– Someone who maliciously breaks into networks and systems for personal gain
– Crack (v) – to break into a systemwith malicious intent
21
Who are these hackers?• Internal threats (rogue
insiders)– Bored students– Disgruntled employees
• External threats– Bored people– Political action groups– Ex-employees
• Basically anyone
22
Levels of Hackers• Script kiddies/Cyberpunks
– Novices
– Very little actual knowledge of what goes on behind
the scenes. They simply find a cool tool on the net
• Intermediate Hackers
– “halfway hackers”
– Know enough to cause serious damage
– Most want to be advanced (l33t), and will
get there if they’re not caught
• Advanced Hackers
– Criminal Experts
– Uber/l33t hackers
– These are the authors of the hacking tools, viruses,
and malware
– They know enough to hide their tracks• most of the time you won’t even know that your system has been
compromised
23
Why hack?• For the lulz
• Curiosity, notoriety, fame
• Profit ($$$ or other gain)– Hackers for Hire– Sell people’s personal
information on the black market
• Hacktivism
• Cyberterrorists
24
Hacker Methodology1. Information Gathering (passive)
2. Scanning (active)
3. Exploitation
4. Maintaining Access
5. Covering Tracks
25
APT (Advanced Persistent Threat)
• Usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity
– Originally used to classify persistent attacks against government and government contractors• Now attacks directed at anyone with valuable information
• Advanced– Operators behind the threat have a full spectrum of intelligence-gathering techniques at their
disposal
• Persistent– Operators give priority to a specific task, rather than opportunistically seeking information for
financial or other gain.
• Threat– APTs are a threat because they have both capability and intent. – APT attacks are executed by coordinated human actions, rather than by mindless and
automated pieces of code. – The operators have a specific objective and are skilled, motivated, organized and well funded.
26
APT Example• Operation Aurora (2009)
– Targets:• Adobe Systems, Juniper Networks and Rackspace have
publicly confirmed that they were targeted.– According to media reports, Yahoo, Symantec, Northrop Grumman,
Morgan Stanley and Dow Chemical were also among the targets.
– Goal:• The attack was to gain access to and potentially modify source
code repositories at these high tech, security and defense contractor companies.
– Team:• APT based in Beijing, China with ties to the People’s Liberation
Army
27
How Widespread is the APT?
28
Where is the APT?
29
How do I protect myself?
• Keep your software up to date
• Use protection software "anti-virus software" and keep it up to date
• Don't open unknown, unscanned or unexpected email attachments
• Use hard-to-guess passwords
• Understand what a firewall is and how to use it.
• Use the least shared privileges
• Sharing is not caring
30
How do I make a good password?
• Passwords should contain at least 8 characters
• Use one of each of the following:– Uppercase letters ( A-Z )– Lowercase letters ( a-z )– Numbers ( 0-9 )– Punctuation marks ( !@#$%^&*()_+=- )
• The best password is one that is totally random to anyone else except you
31
Password Examples• kEp*-h&y = keep your laser handy• yCag5wyw = you can't always get what you want• imcmit2s,Ibl = if my car makes it through 2 semesters, I'll be
lucky• oBGcat$7t = only Bill Gates could afford this $70.00
textbook• WtimaciK2? = What time is my computer class in KAP 267?• If33lg8! = I feel great!• W1ldcatzR#1 = Wildcats are #1• d0lf1n’sfan = Dolphins Fan• Uc1@SuX! = UCLA Sucks!
32
Password Rules• Don't use your name, your pet's name, your birth date or other
information that is easy to get
• Don't use 'qwerty' or any word in the dictionary
• Never write down your password
• Never tell anyone your password
• Remember – the key to security is embedded in the word security
SEC - - Y
33
Careers• Security Administrator
– Implements network security policies and procedures– Average salary is $69,000
• Web Security Administrator– Develops, implements, and maintains firewall
technologies that secure an organization's website– Average salary is $79,000
• IT Security Consultant– Average salary is $106,000
34
Security at USC• Introductory & Intermediate Classes
– ITP 125 – From Hackers to CEOs: Introduction to Information Security
– ITP 325 – Ethical Hacking and Systems Defense– ITP 357 – Enterprise Network Design– ITP 375 – Digital Forensics
• Minor in Applied Computer Security
• Minor in Computer & Digital Forensics
35
Resources• Computer Security Institute
– http://gocsi.com/survey
• Messagelabs Intelligence October 2010– http://www.messagelabs.com/intelligence.aspx
• Ponemon Institute 2009 Annual Study: Cost of a Data Breach– http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/US_Ponemon_C
ODB_09_012209_sec.pdf
• Symantec Global Internet Security Threat Report– http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_
security_threat_report_xv_04-2010.en-us.pdf
• Verizon 2010 Data Breach Investigations Report– http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en
_xg.pdf