Computer and Internet Security JCCAA Presentation 03142009

Reviews

Tags

Computer and Internet Security JCCAA Pre..., Internet security, Computer Internet Security, Computer Security, how to, computer & internet, Computer/Internet Security, Protect your Computer, security information, computer system

Stats

views:: 8
rating:: not rated
reviews:: 0
posted:: 4/10/2009
language:: English
pages:: 0

Public Domain

Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University 1 Computer and Internet Security JCCAA Presentation 03/14/2009 Malwares – malicious software Why do people write malwares? Financial gains, Political reasons, Personal reasons What are the other names? Trojan, Virus, Worm, Spyware, Adware, Rogue AVA What do they do? Send spam mails; steal identity, financial information and trade secrets; attack other Internet websites 2 Computer and Internet Security JCCAA Presentation 03/14/2009 Malwares – other names? Trojan Virus Worm Spyware Adware Rogue Antivirus Applications … 3 Computer and Internet Security JCCAA Presentation 03/14/2009 How does a machine get infected? Application Vulnerabilities When an application is listening on the network and it is not written securely – a remote, unauthenticated attacker could gain elevated privileges and execute arbitrary code, example: buffer-overflow User Activities Compromised administrative credentials 4 Computer and Internet Security JCCAA Presentation 03/14/2009 How to prevent malware infections? Windows and application update … Windows firewall … Antivirus application … Ignore spam mails – no curiosity, no greed Careful browsing on the Internet You can never be 100% protected … zero-day exploit and piggy-back download 5 Computer and Internet Security JCCAA Presentation 03/14/2009 How to remove malware infection? Antivirus program … removes known malwares inform you about specific removal steps Seek professional help … Restore an earlier good system state system restore or ntbackup (restore) … Windows recovery console … Reinstall operating system 6 Computer and Internet Security JCCAA Presentation 03/14/2009 Why are those special recovery procedures needed? Can any antivirus application automatically clean a system 100% of the time, if it knows what the malwares executables are? 7 Computer and Internet Security JCCAA Presentation 03/14/2009 Is the system really compromised? Is the system really secure? 8 Computer and Internet Security JCCAA Presentation 03/14/2009 Malware characteristics Installs silently / deceptively Break the system when removed Starts automatically on reboot windows registry Running in the background Obscurely named / pathed Cannot be removed easily Hidden Permission, alternate data stream, rootkit 9 Computer and Internet Security JCCAA Presentation 03/14/2009 Is the system really compromised? Not when there is a malicious registry entry Not when there is a malicious executable Only when a malicious code is running ... Is the system really secure? Not unless you know what are running in the system and are able to verify them 10 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus A Host Intrusion Prevention Application Why develop Orthrus? Bad security incident w/o vendor support How is it developed? What would an administrator do What are the goals? Monitoring host security and user recovery … 11 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus Download http://www.wnsc1.com Click “Free Orthrus Download” link Orthrus Main Components Orthrus.exe Orthnote.exe Custom Event Log 12 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus Knowing what are running auto-start executables operating system modules and sub modules no user applications What are automatically removed registry entries without an executable windows exploits rootkit malwares 13 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus - Verifying an executable Trusted by Windows File Protection Trusted by Trusted Installer ownership … Digitally signed and verified … Obscurely named / pathed … Falsified extended file information … Internet lookup … Exploits 14 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus – Information collected extended file information … process history (exceptions, and warnings) … Orthrus – Information transmitted secure http protocol (https://) Orthrus – Information not touched identity of the user and the computer 15 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus – System Recovery last-known-clean restore point … ntbackup restore … windows recovery console 16 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus – Weakness Speed Support Verifying and permit executables manually 17 Computer and Internet Security JCCAA Presentation 03/14/2009 What if I don’t want to known and don’t want any one else to know what are running in my system Use a more secure operating system Windows VISTA, Windows 7 Windows and application security updates Windows firewall Antivirus application Ignore spam mails – no curiosity, no greed Careful browsing on the Internet 18 Computer and Internet Security JCCAA Presentation 03/14/2009 Orthrus Send questions on how to use Orthrus application to phsieh@rice.edu with the exact subject line “Orthrus Questions” All other inquires may be ignored 19 Computer and Internet Security JCCAA Presentation 03/14/2009 Questions ? 20

Related docs

Introduction to Computer Security

Views: 87 | Downloads: 29

Computer Security

Views: 8 | Downloads: 2

Computer-Security

Views: 0 | Downloads: 0

computer security training

Views: 86 | Downloads: 24

ncma presentation on internet

Views: 33 | Downloads: 1

Computer Security