ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Transcription

1 ITSC Training Courses Student IT Competence Programme SI Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1

2 Course Outline What you should know from this lecture Fundamental Concepts Issues in Daily Computer and Internet Usage Public Key Infrastructure, SSL, and Digital Certificates Software Demo Policies and Practices Plus Class Activities! SI1-2

3 Services ( ) Services: what does information security () provide? Authentication 確認 Confidentiality 保密 Integrity 完整 Non-repudiation 不可否認 Availability 可用性 SI1-3

4 Services Authentication refers to the validation of the identity of an entity, before it is being authorized to access further information and services Confidentiality refers to the protection of information from being disclosed to unauthorized parties Integrity refers to the protection of information from being altered by unauthorized parties Non-repudiation refers to the prevention of message senders or digital signature signers to deny having sent or signed the corresponding digital message Availability refers to the assurance that information is available to authorized parties when requested SI1-4

5 Threats to Hackers Hackers are those who attack computer systems and networks for unauthorized accesses Some of them do so for malicious purposes such as stealing or corrupting data Some of them are just for fun Some of them hack with the goal of strengthening the security of systems and networks SI1-5

6 Threats to Backdoors Backdoors are mechanisms that originally established by system administrators and software manufacturers for convenience or business purposes Allow one to bypass normal authentication and gain access to computer systems Backdoor accesses remain hidden from casual inspection. One may not even know their existence on the computer However, hackers always have their ways to find them out and uses backdoor as a springboard to hack SI1-6

7 Threats to Loopholes loopholes are bugs in software that can be exploited for security attacks Even popular software such as Microsoft Windows cannot totally eliminate loopholes Sometimes, backdoors which are originally benign in nature are exploited by hackers to launch intrusions, and they eventually become security loopholes SI1-7

8 Measures To defense against various security threats, we should Install protection software such as anti-virus programs and personal firewalls Perform regular software updates to block the security loopholes Software manufacturers announce security bugs and release security patches from time to time Pay attention to newly available patches and perform software updates often E.g. Microsoft Central Practice Computer Safety! (Introduce in the rest of this course) SI1-8

9 Issues in Daily Computer and Internet Usage Let s have a brief introduction of Computer Viruses Worms Trojans Spyware Network for Computer Users Spam Adware Phishing SI1-9

10 Computer Viruses Computer viruses are executable codes that hide inside a program and then infect other programs Computer viruses damage our computers in many different ways, such as Deleting files Erasing programs, and Prompting annoying messages They can also replicate themselves without user intervention SI1-10

11 Computer Viruses Symptoms of computer virus infection include (but not limited to) Display of unusual messages or images Reduction of available memory Appearance of unknown programs or files Corrupted files Malfunction of programs and files SI1-11

12 How Computer Viruses Work? First, the virus hides inside a program or file and remains inactive until the infected program is run Once the infected program or file is executed, the virus is run as well It then infects other programs on the computer hard disk by duplicating itself The computer is then inflected SI1-12

13 How Computer Viruses Work? How we get the infected files? We can receive files and programs that are infected by computer viruses in many ways, including Internet downloads, and File transfer through instant messaging SI1-13

14 Trojans Is a special kind of computer virus The name Trojans come from the story of Trojan horse, in which the Greek solders hid inside a hollow wooden structure and thus sneaked through the city walls of Troy In computer security, a Trojan is a program that performs other than what it is expected E.g., a program claims to be a game but instead it creates backdoors for the hackers to gain unauthorized accesses to a computer Unlike general computer viruses, Trojans do not replicate themselves normally SI1-14

15 Worms Worms are another kind of computer viruses Spread directly from computer to computer without any action taken part by the computer users E.g., the Sasser worms that widespread in 2004 automatically scans computers on a network that have a particular Windows security loophole SI1-15

16 What If I Get Infected?! In case we suspect a computer being infected by viruses We should disconnect the computer from the network immediately! Next, run antivirus program to scan the computer for viruses If the computer is infected, the antivirus program will report the found viruses and the corresponding infected files after the virus scanning Usually, antivirus programs try cleaning the found viruses In case the viruses cannot be cleaned, the infected files will be quarantined It is too late to install antivirus programs at time you suspect your computer having been infected by viruses Therefore, antivirus programs should always be installed at the very first beginning SI1-16

17 What If I Get Infected?! Class Activity One Download Virus?! Visit the Website for EICAR Test Virus (a testing virus sample): Click eicar.com What happens? SI1-17

18 What If I Get Infected?! Screen shot (when viruses are found) Has virus SI1-18

19 Software Software that safeguards security and privacy of information and computer systems In particular: Anti-virus programs defend against computer viruses Anti-spyware program defend against spyware and adware Personal firewalls defend against security threats in network connections Nowadays, popular antivirus software provide the above protections all-in-one SI1-19

20 Software Class Activity Two Using Software Go to the following page of the SITC Homepage Run the courseware of the following activities Add a New Scheduled Scan Task Protection from Hacker Set up Schedule for Updates SI1-20

21 Spyware and Adware Not being regarded as computer viruses Yet can be very annoying and dangerous Sometimes being referred to as malware Malware = software that has malicious purposes Computer users often install them unknowingly SI1-21

22 Spyware and Adware Spyware monitors computer users and collect their information E.g. a keyboard monitor spyware program can log every keystroke you type Adware s mission is to show advertisements Usually via pop-up windows or embedded in a webpage SI1-22

23 Spyware and Adware How do we get them? They install themselves onto a computer by exploiting Web browser security loopholes Sometimes come with the freeware that can be freely downloaded from the Web We may get them also when we click unknown hyperlinks out of curiosity We should take precautions similar to those dealing with computer viruses SI1-23

24 Network Internet connection is essential to almost every computer risk also increases SI1-24

25 Packet Sniffing (Not in Exam) Data being transmitted over the network can be read by computer software called Packet Analyzers Client computer Server (e.g. Gmail.com) SI1-25

26 SI1-26

27 Electronic Communication Viruses Are computer viruses that spread by means of s Can spread by duplicating and sending themselves to addresses in the address book of the application Usually exist in form of file attachments Sometimes may spoof sender addresses In March 1999, the Melissa virus forced a number of global companies, including Microsoft, to turn off their turn off their systems completely! SI1-27

28 Electronic Communication Spam Unsolicited junk s from unknown senders Can arrive in a huge volume and can be annoying Why it is bad? Spam occupies Internet and server resources Uses up disk quota Takes extra time from us to wade through a large number of spam s to locate the legitimate ones SI1-28

29 Electronic Communication Dealing with Spam (at Server Side) Most Internet Service Providers have installed Anti-spam programs in their servers E.g. the Anti-Spam and Anti-Virus (ASAV) gateway of ITSC s that are suspected to be spam are put to the quarantine server and are not directly delivered to users boxes SI1-29

30 Electronic Communication Dealing with Spam (at Client Side) Server side anti-spam measures cannot totally remove spam We should take client-side precautions e.g. Do not response to the spam Do not post you and your friends addresses on the Web Avoid including HTML links in your personal homepage Create filter rules in our own applications to filter out unwanted spam s SI1-30

31 Electronic Communication Phishing Is a technique to steal ones important personal information Is usually conducted by s Phishers pretend as organizations such as a bank, send s and ask the recipients to enter personal information, account numbers and passwords to a counterfeit website that looks like that of the real organization Beware! Legitimate organization do not seek clients information in such way SI1-31

32 WWW and PKI Public Key Infrastructure, or PKI in short, is an umbrella term for a set of security technologies based on public key cryptography, e.g.: Digital Certificates Digital Signature Public Key encryption PKI provides security to the World Wide Web as well as computer systems and networks SI1-32

33 Encryption with Public Key Cryptography Suppose Alice wants to send a message to Bob: Encrypt the message with Bob s public key Decrypt the message with Bob s private key Bob has a pair of key: private and public Public Key private Key Public key is known to the public, Private key is kept secret Public Key Private Key SI1-33

34 Digital Signature with PKI With PKI, suppose Alice wants to sign on the message to Bob so that Bob can be assured it is really from Alice: Sign the message with Alice s private key Verify the signature with Alice s public key Public Key For security reason, encryption and signature should use different key pairs Private Key SI1-34

35 Digital Certificate and SSL Public keys are published in WWW by means of digital certificates A digital certificate is an electronic file containing information about the certificate holder and is authorized by the Certificate Authority (CA) Main components on a Digital Certificate Certificate holder s Certificate holder s public key Certificate Authority s digital signature Expiry date SI1-35

36 Digital Certificate and SSL SSL is the abbreviation of Secure Socket Layer Is a communication protocol for providing authentication and confidentiality to Internet traffic Digital certificate is required for communication over SSL When we connect to a Website over SSL We can see a small lock at the lower right hand corner The URL begins with HTTPS instead of HTTP SI1-36

37 (SSL and no SSL) Packets captured during Gmail login SSL-protected (URL begins with HTTPS) No encryption (in early Gmail) SSL Encrypted packet contents This is a secret message and is confidential! SI1-37

38 Policies and Practices security depends much on the safe practices of the computer users Computer users are often regarded as the weakest link in information security Organizations with a large number of computer users often define the Acceptable Use Policy (AUP) AUP is a set of rules that governs the use of organization computers, networks, and the Internet by members within an organization The Chinese University of Hong Kong also has its own AUP for staff and students SI1-38

39 Policies and Practices Practices for Safe Computing Install and always enable anti-virus and anti-spyware programs. Scan all newly downloaded files and attachments before you open or install them Check out and install Windows updates regularly Always enable personal firewalls Set strong and non-trivial passwords, and change the password from time to time Backup files and data regularly Do not share local files or directories by file sharing Disconnect from the Internet and wireless connections when not in use Keep your desktop and laptop computers physically safe SI1-39