UNDERSTANDING INFORMATION SECURITY

sweetlipscasteΑσφάλεια

2 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

76 εμφανίσεις

UNDERSTANDING
INFORMATION SECURITY

Lee Ratzan, MCP, Ph.D.

School of Communication, Information & Library Studies at
Rutgers University
Lratzan@scils.rutgers.edu



VIRUSES,

WORMS,

HOAXES,

And

TROJAN HORSES


IT’S A JUNGLE OUT THERE

Computer Viruses

Trojan Horses

Address Book theft

DNS Poisoning

Zombies, IP Spoofing

Password Grabbers

Logic Bombs

Network Worms

Hijacked Home Pages

Denial of Service Attacks

Buffer Overruns

Password Crackers

AND THE EVER POPULAR:

Hoaxes

Ploys

Pop
-
Ups

Scams

Spam

In 1980 a computer cracked a 3
-
character
password within one minute.


DID YOU KNOW?

In 2004 a computer virus infected 1
million computers within one hour.

In 1999 a team of computers cracked a 56
-
character password within one day.


DEFINITIONS

A computer program



Computer viruses, network worms,


Trojan Horse

Tells a computer
what to do and how to do it.


These are computer programs.



SALIENT DIFFERENCES

1) Computer Virus:


Needs a host file

2) Network Worm:


No host (self
-
contained)


Copies itself


Executable


Copies itself


Executable

3) Trojan Horse:



No host (self
-
contained)


Does not copy itself


Imposter Program

TYPICAL SYMPTOMS


File deletion



File corruption



Visual effects



Pop
-
Ups



Erratic (and unwanted) behavior



Computer crashes



BIOLOGICAL METAPHORS

1. Bacterial Infection Model:

2. Virus Infected Model:


Single bacterium


Viral DNA Fragment


Replication


Dispersal



Infected Cells


Replication


Dispersal

A computer virus spreads similarly, hence the name

WHY DO WE HAVE THIS
PROBLEM?


Software companies rush
products to the consumer
market (“No program should go
online before its time…”)



Recycling old code reduces
development time, but
perpetuates old flaws.

AND A FEW MORE
REASONS


Market share is more important than security


Interface design is more important than security


New feature designs are more important than


security


Ease of use is more


important than security


HACKER MOTIVATIONS

Attack the Evil Empire

(Microsoft)

Display of dominance

Misdirected creativity

“Who knows what evil lurks in the hearts of men?”

Showing off, revenge

Embezzlement, greed

NETWORKED SYSTEMS VS
SECURED SYSTEMS

NETWORKS

SECURITY



Open
Communication

Closed
Communication

Full Access

Full Lockdown

Managers must strike a balance

Some platforms are more secure than others

POPULAR FALLACIES


If I never log off then my computer can
never get a virus


If I lock my office door then my computer
can never get a virus


Companies create viruses so they can sell
anti
-
virus software


Microsoft will protect me

AND A FEW MORE….


I got this disc from my (mother, boss, friend) so it
must be okay


You cannot get a virus by opening an attachment
from someone you know


But I only downloaded one file


I am too smart to fall for a scam


You can catch a cold from a computer virus


My friend who knows a lot about computers


showed me this really cool site…

THINGS THE LIBRARY CAN DO

ACTION PLAN:


Designate security support staff (and fund them)


Make security awareness a corporate
priority (and educate your staff)


Enable real
-
time protection


Update all vendor security patches


Subscribe to several security alert bulletins


Periodically reboot or re
-
load all computers


Control, limit or block all downloads and installs


Install anti
-
virus software on computers
(keep it current)

“It takes a carpenter to build a house but
one jackass can knock it down”

(Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)

WHAT CAN THE LIBRARIAN DO?


Set bookmarks to authoritative:






virus hoax Web pages


public free anti
-
virus removal tools

Provide patrons with:

up
-
to
-
date information about
viruses, etc.

Confirm:

that desktops have the latest anti
-
virus updates


anti
-
virus Web pages

BACK IT UP


Offline copies: Grandfather/father/son
(monthly/weekly/daily)


Online copies: Shared network drive


Changes only: Incremental/differential


Do not back up a file on the same disc as the


original!


Assume every disc, CD, etc is suspect, no matter


who gave it to you


“Doveryay, No Proveryay” (Trust but Verify)

MACHINE INFECTED?

ACTION PLAN:

1)
Write down the error or alert message


verbatim


inform your tech support team


quarantine the machine

2) Look up the message in an

authoritative anti
-
virus site (demo)


diagnose the problem


take recommended remedial action

If appropriate:

3) Reboot the machine


Run a full system scan before
placing the machine back in
service


Apply all missing critical security patches


(demo)



Download, install, run the anti
-
virus


removal tool (demo)


THE HOAX STOPS HERE


tells you to do something


tells you to take immediate action


cites a recognizable source to give itself


credibility (“Microsoft has warned that…”)


does not originate from a valid computer vendor

IF THE MESSAGE:


lacks specific verifiable contact information

IF IN DOUBT, CHECK IT OUT

Confirm the hoax by checking it against
authoritative hoax sites

Inform other staff so the hoax does not propagate

AND:

POPULAR HOAXES INCLUDE:


JDBGMGR (teddy
-
bear
icon)


NIGERIA


$800 FROM MICROSOFT

Tricks users into
deleting a file

Money
scam


Pyramid
scheme

STOPPING THE TROJAN HORSE

The Horse must be “invited in” ….

How does it get in?

Downloading a file


By:

Installing a program


Opening an attachment


Opening bogus Web pages

Copying a file from someone else


A Trojan Horse exploits computer ports
letting its
“friends”

enter, and


Security patches often close computer ports and
vulnerabilities

MORE ON THE HORSE…….

“once a thief gets into your house he
opens a rear window for his partners”


NOTE #1


Search engines are NOT reliable sources of
virus information


Information may be inaccurate, incomplete or


out of date


Search engines generate huge numbers of


indiscriminate hits



Some anti
-
virus Web sites are scams


(or contain trojan Horses)


Go directly to authoritative anti
-
virus sites


NOTE #2


Computer companies are
NOT

reliable
sources of virus information


are not in the anti
-
virus business


Usually refer you to an anti
-
virus vendor


themselves are victims!



Computer companies:

ONLINE RESOURCES


Authoritative Hoax Information



securityresponse.symantec.com/avcenter/hoax.html


vil.mcafeesecurity.com/vil/hoaxes.asp


Authoritative Anti
-
Virus Vendor Information



s
ecurityresponse.symantec.com/avcenter/vinf odb.html



www.mcafeesecurity.com/us/security/vil.htm


REFERENCES

Authoritative Security Alert Information



securityresponse.symantec.com
/

(Symantec)



w
ww.microsoft.com/security



(Microsoft)





www.apple.com/support/security/



(Apple)

Authoritative Anti
-
Virus Organizations




www.cert.org



(Computer Emergency Response Team
-
CMU)




www.ciac.org/ciac



(CIAC
-
Department of Energy)




www.sans.org/aboutsans.php



(Server and Network Security)




www.first.org



(Forum of Incident Response and Security Teams)




www.cirt.rutgers.edu


(Computing Incident Response Team
-
Rutgers
)

Authoritative Free Public Anti
-
Virus Removal
Tool Information



securityresponse.symantec.com/avcenter/tools.
list.html




vil.nai.com/vil/averttools.asp




mssg.rutgers.edu/documentation/viruses
(Rutgers)



some professional library sites have pointers to
reliable anti
-
virus information

PRINT RESOURCES


Allen, Julia, (2001)
The CERT Guide to

System and Network Security Practices
,

Addison
-
Wesley, New York



Crume, Jeff, (2000)
Inside Internet Security
,

Addison
-
Wesley, New York



Ratzan, Lee, (January 2005)
A new role for

libraries
, SC Magazine (Secure Computing

Magazine), page 26



Ratzan, Lee, (2004)
Understanding
Information Systems
, American Library
Association, Chicago


A NEW ROLE FOR LIBRARIES?

THE AUTHOR ACKNOWLEDGES


The cooperation of InfoLink
(
www.infolink.org
) for promoting library
professional development programs


The Monroe Public Library for the use
of its facilities


SC Magazine for publishing an essay on
libraries being at the forefront of
information security


Lisa DeBilio for her production of the
PowerPoint slides.


THANK YOU ALL