Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

15-Internet_Threats

VIEWS: 4 PAGES: 38

									INTERNET
 THREATS
 Lasse Erkkilä, Dap01s




                         1
               TOPICS
•   IDENTIFYING THREATS
•   EVOLVEMENT OF MALWARE (History)
•   METHODS AGAINST THREATS
•   COMING NEXT (Future of Internet)
•   CONCLUSIONS




                                       2
        Identifying Threats

•   Viruses
•   Network Worms
•   Trojans
•   Spyware / Adware
•   Other Malware
•   Intrusions
•   Other Threats

                              3
                Viruses
• Main purpose is to spread and infect files
• Attach to a file and replicate when file is
  executed
• More than 100 000 known viruses exists
  in the world today*
• Several hundred new viruses are
  discovered every month

                                                *McAfee, 2004
                          IDENTIFYING THREATS                   4
                      Viruses




IDENTIFYING THREATS              5
                      Source: F-Secure
                      Viruses




IDENTIFYING THREATS         6
         Network Worms
• Self-replicating Viruses that reside in the
  active memory of a computer.
• Worms Send themselves out to the
  Internet from infected systems.
• Either include tiny e-mail server or
  search for unprotected shared network
  drives to unload.


                          IDENTIFYING THREATS   7
Network Worms   8
        Trojan Programs
• Programs that installs themselves
  stealthly via Internet & provide access
  for malicious use
• Threats enabled by (/through) Trojans
   – DDos attacks
   – Data stealing
   – Distributed spam eMails
• Do not replicate
                          IDENTIFYING THREATS   9
          Spyware / Adware
• Cookies – Track you online
• Browser Hijackers – Changes default home page
•   Tracking Cookies – Gathers info of web usage
•   Trickles – Reinstalls spyware when deleted
•   Keyloggers – Records anything you type!
•   Data-Mining
•   Aggressive Advertising
•   Parasites
•   Scumware
•   Dialers
•   List goes on...             IDENTIFYING THREATS   10
            Other malware
•   Dos & DDos attacks
•   Flooders
•   FileCryptors & PolyCryptors
•   Nukers
• List goes on...




                           IDENTIFYING THREATS   11
             Intrusions
• Attempts to break into information
  system & damage or restrict it's
  operability

• Method is to find open ports in the
  target by ”bombing” packets




                          IDENTIFYING THREATS   12
             Other Threats
• Phishing
  – Confidential information stealing by fraud
    emails & web sites (author falsified)
  – Several millions of Phishing messages have
    been sent world wide
  – Fastest growing threat today
• SPIM
  – Instant Messaging SPAM
  – Estimated: 4 billion SPIM's during 2004

                            IDENTIFYING THREATS   13
   Evolvement of Malware
• 1940 -1960's
  – 1940 – 1950's: Roots of viruses created:
    Self-Reproducing (mathematical) methods
    • Common roots with AI and Robotics
  – 1962: Game called 'Darwin' created by
    American Bell Telephone Labs. -engineers
    • Point of the game was to delete opponent's
      programs by own programs which could also
      multiply



                                                   14
   Evolvement of Malware
• 1970's
  – Early 70's a virus called Creeper was
    detected on ARPANET
     • Infected systems displayed the message:
        I'M THE CREEPER: CATCH ME IF YOU CAN!
  – Another virus called Reaper was made to
    delete Creeper
  – In the end of 70's first Trojans were
    discovered

                                                 15
   Evolvement of Malware
• 1980's
  – Trojans appeared in large quantities
  – 1986: First Global IBM-compatible virus
    epidemic was detected
     • Virus called Brain spread world wide within a few
       months
  – In the end of the 80's:
     • Several other viruses discovered
     • Many AntiVirus companies were founded



                                                           16
   Evolvement of Malware
• 1990's
  – Rapid growth of viruses
  – Several operating systems targeted
  – Polymorphic viruses appeared
    • Changed with every infection
    • Encrypted




                                         17
   Evolvement of Malware
• 2000-
  – Microsoft software more often targeted
    • Especially Windows
  – 2001: Share of virus attacks via e-mail 90%
  – 2003: Two of the biggest Internet attacks
    ever
    • Slammer -worm infected nearly a million
      computers world wide within just few minutes
    • LoveSan -Worm attacked almost every Internet
      user
    • Both worms exploited a vulnerability in WINDOWS
                                                        18
     Methods Against Threats

•   Updating!
•   AntiVirus Tools
•   AntiSpyware Tools
•   Firewalls
•   Content Filtering
•   Intrusion Detection



                               19
               Updating!
• Most important factor in security

• Modern Software is too complex to make
  without any security holes, updates are
  needed to fix them when discovered.
  – Windows XP includes 40 million lines of code!

• “Old” code is still running below new to
  provide compatibility with older software
  – Security threats were “internal” before Internet


                        METHODS AGAINST THREATS        20
                Updating!
• Most used software is usually most targeted
  for threats
   – Need for updates more critical with Microsoft
     products at the moment.

• Updates (fixes) are not instantly available
   – Microsofts average fix time is 25 days. *
   – IFRAME -vulnerability in IE discovered 25th
     November
     ->Microsoft released fix at 7th December
                                              *Forrester research

                        METHODS AGAINST THREATS                     21
         AntiVirus Tools
• AV-programs are most common tool
• Hardware tools are made for large
  enterprises
  – Gateway routers




                      METHODS AGAINST THREATS   22
AntiVirus Tools




                  23
       AntiSpyware Tools
• Only Software tools exist at the moment
• Programs are trying to detect distinctive signs
  that spyware places on system
• Popular software (FREE)
   – Lavasoft: Ad-Aware SE
   – Spybot: Search & Destroy 1.3




                       METHODS AGAINST THREATS      24
                Firewalls
• Monitor network traffic and Block
  access by configured rules
• Software Vs. Hardware
• Stateful inspection
  – Examine the headers & content of each passing
    network packet




                      METHODS AGAINST THREATS       25
       Content Filtering
• Means to filter out unwanted data
  – URL Filtering List
  – User Identification
  – Content Inspection




                   METHODS AGAINST THREATS   26
     Intrusion Detection
• Tools to detect Inappropriate, Incorrect
  or anomalous activity.
  – Host-based ID Systems
     • Operate on host
  – Network-based ID Systems
     • Operate on network data flows
• Intrusion = External network attack
• Misuse = Internal network attack

                         METHODS AGAINST THREATS   27
     Intrusion Detection
• Most common approaches to ID
  – Statistical-Based Anomaly Detection
     • Seek to identify abusive behaviour by
       comparing it to legitimate use
  – Rule-Based Intrusion Detection
    • Matching known data with audit patterns of
      intrusive behaviour




                     METHODS AGAINST THREATS       28
          Coming Next
• New threats
• New methods against threats
• Collapse of present Internet?




                                  29
           New Threats
• More Blended threats (Viruses &
  worms)
• ”Zero-day” attacks are coming
  – Attacks before patches(fixes) are released
• More severe threats coming




                                   COMING NEXT   30
           New Methods
• Multi-layered defence
  – Security measures are installed on all
    vulnerable points (desktop, server)




                                   COMING NEXT   31
    Collapse of Internet?
• Hannu H. Kari, HUT:
  – “Internet will become unusable by the end
    of 2006 because of Malware”
• BBC:
  – “If Key hubs of Internet were targeted for
    attacks it would quickly begin to unravel
    and collapse”




                                   COMING NEXT   32
            Conclusions
• Corporate view
• Tools for normal user
• Cautions




                          33
          Corporate view
Companies often lack...
• 1. Effective protection
  – ”Costs are too high”
  – ”We have already AV installed”
  – ”We don't need them”
• 2. Knowledge of own environment
  – ”Yes, we already have one of those” (FALSE)



                                     CONCLUSIONS   34
35
    Tools for normal user
• Keep your system updated
  – Windows (or other OS), internet browsers,
    Java etc. Network related programs
• Use a personal firewall, AV -software &
  AntiSpyware -software
  – Various free products available, examples:
     • ZoneAlarm (Fw)
     • Anti-vir (AV)
     • AdAware SE (AS)

                                   CONCLUSIONS   36
               Cautions
• Close your Internet connection when not
  using it
  – From the second you connect to the Internet
    your computer becomes a target
• Make sure connection is secure when
  inputting for example credit card
  number
  – Https:// -addresses can be trusted as secure


                                   CONCLUSIONS     37
That's all...
Thank you for listening!




                           38
    38

								
To top