Information Security and its Implications on Everyday
Transcription
Information Security and its Implications on Everyday
Information Security and its Implications on Everyday Usage: An end-user’s Perspective Sherif El-Kassas Academic Computing Services Outline The Status Quo Speed New technologies The Human Factor Things to do Conclusions The Status Quo (bad news) Incidents http://www.cert.org/stats/cert_stats.html 160,000 140,000 120,000 100,000 80,000 60,000 40,000 20,000 0 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 Year CSI' s Security Survey http://www.counterpane.com/incidents.html Conducted for the past six years 64% of respondents reported “unauthorized use” 25% said that they had no such unauthorized uses 11% said that they didn' t know The number of insider versus outsider incidents was roughly equal Attacks via the Internet: 70% ↑ Attacks via dial-in: 18% ↓ Attacks via internal systems: 31% ↓ http://vil.mcafee.com/mast/viruses_by_continent.asp Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/ Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/ Virus Wars We' re in the middle of a huge virus/worm epidemic Dozens of different viruses have been found in the past few weeks Most are not new There seems to be an ongoing war between the people who write the Bagle worm and the people who write the Netsky worm CRYPTO-GRAM, April 15, 2004 http://www.schneier.com/crypto-gram.html Speed! (fast bad news) Security is Moving Fast The Slammer worm! The fastest mass attack in history It doubled in size each 8.5 seconds It infected 90% of vulnerable systems in 10 minutes! Slammer after a few minutes D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003 Slammer after a few hours D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003 Slammer Geographic Distribution D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003 HOW does it work? Buffer Overflow Tell SQL that it want to open a database Provide a database name that it too long Wired, July 2003 HOW does it work? (continued) Infect the SQL binary! Choose the next Victims at Random Replicate Repeat forever Wired, July 2003 The Victims Emergency services Banks’ ATM machines Anyone with an internet connection and vulnerable windows system Networking devices failed under the load … Time to recovery? Why was it so fast? D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003 More Speed! Windows update Office update Anti virus update CISCO IOS update …etc. New Technologies (new bad news) New Technologies! New Technologies improve usability BUT Introduce new security challenges IP telephony Both data and voice share same network IP has security problems Call signaling is now in-band Added intelligence at network edge (phone) Susceptibility to attacks Brennen Reynolds, Department of Electrical and Computer Engineering University of California, Davis, Security Lab Seminar – 7/17/2002 Wireless technology Wireless technology No Physical network boundaries Weak authentication Weak data protection … WEB services The next RPC More generic Allows for application and backend integration Hides within HTTP, HTTPS, and SMTP Renders standard firewalls almost useless! Opens up applications The Human Factor! (blame bad technology on its users) The Five Worst Security Mistakes End Users Make 1- Opening unsolicited e-mail attachments without verifying their source and checking their content first 2- Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape 3- Installing screen savers or games from unknown sources 4- Not making and testing backups 5- Using a modem while connected through a local area network http://www.sans.org/mistakes.htm Monoculture (It’s all the same to me) A single, homogeneous culture without diversity or dissension. What can be done? “I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually: "Nothing; you' re [doomed]. " But it' s really more complicated than that.” --Bruce Schneier CRYPTO-GRAM, May 15, 2001 Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/ Backups Make (at least) weekly backups Test your backups Keep backups on separate media and if possible off site Refresh and test old important backups Destroy obsolete backups Antivirus software Essential no matter which platform you are using Update once a week (at least) and whenever you receive an auc advisory Consider spy-ware detection tools (http://www.earthlink.net/spyaudit/) Update your software Windows update Applications update Uninstall applications you don’t use ..etc. Personal firewall & ID software As a minimum precaution: Windows users make sure you configure and use ICF (or install 3rd party product) Linux users: IPTABLES & Snort E-mail Delete spam without reading it Don' t open messages with suspicious or cute attachments Don’t blindly trust the From: filed If you can, turn off HTML mail make sure you enable macro virus protection Turn off the "hide file extensions for known file types" option The Web If possible, block cookies except for sites that provide services you need Regularly delete your cookies and temp files Don’t blindly trust web sites (look out for web cons) Limit financial and personal information you send to web sites Laptops, PDAs, & Phones Keep your laptop, PDA, & phone with you at all times Consider the use of physical security devices Regularly delete unneeded information from them Consider encrypting sensitive files Encryption Install and use e-mail and file encryption software (e.g. GnuPG) Encrypt important emails Encrypt important files Passwords Try to choose and memorize good passwords If you can' t: Write them down and keep them in your wallet Use smartcards or similar tamper resistant devices Don' t let Web browsers store passwords for you Don' t transmit passwords (or PINs) in unencrypted e-mail and Web forms. Assume that all PINs can be easily broken, and plan accordingly. Other issues Turn off the computer when you' re not using it Don’t violate P&Ps Avoid local shares Avoid P2P software Be vigilant Conclusions Technology isn’t perfect Probably won’t change significantly for the next 10 years E-crime on the rise “Genuine, widespread awareness of information security issues is the only practical way to counter attacks targeting computer users” http://www.noticebored.com/ It’s not easy, but a lot can be done! Questions? Links: www.counterpane.com www.ccianet.org/papers/cyberinsecurity.pdf www.cert.org/ vil.mcafee.com/mast/viruses_by_continent.asp www.schneier.com/crypto-gram.html www.earthlink.net/spyaudit/ www.gnupg.org Email: [email protected] Download: acs2.aucegypt.edu/sk2004/pre.zip