Digital Security Practices and Preventing Data Theft

SADET Module-A2: Taking Reasonable precautions (Digital security)

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos, meaning "covered, concealed, or protected", and graphein meaning "writing". Steganography

Can you tell the difference?

Each byte represents a shade red, blue or green Random changes to the least priority bit generally produce only slight changes of shade How does it work? Resulting Shade [Balaji, Palanisamy, U Pitt]

Hide messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of Security through obscurity What other types of files can be used? Documents, images, audio files Hide relatively small amount of data in other data files that are significantly larger So what is Steganography What is it useful for? Send secret messages Watermarking products for proprietary issues [Balaji, Palanisamy, U Pitt]

Ways hackers steal our data 3. Malware 2. Social engineering attack 1. Physical attack 4. Wireless network attack data

Physical attack Physical attacks refers to the attacks launched by people who have a direct physical access to your devices like laptops, hard drives and mobile devices. A physical attack may be launched inconspicuously. For example, someone may stand behind you and watch you typing your password.

Social engineering attack Social engineering refers to the possibility of getting data from person through social activities by leveraging not technical nature, but human nature.

What kinds of human nature are leveraged? People have the need to be respected and liked. People have the need to help other people. People tends to avoid conflict and dispute. People tends to trust other people.

Phishing As perhaps the most common social engineering attack, phishing refers to the fraudulent attempt to obtain sensitive information (e.g., passwords and credit card details) by disguising as a trustworthy entity in an electronic communication (e.g., emails).

Malware Malware is any software intentionally designed to cause damage to a computer with a malicious intent.

Viruses are prominent example of general-purpose malicious code Not targeted against any user Attacks anybody with a given app/system/config/... Viruses Many kinds and varieties Benign or harmful Transferred even from trusted sources Also from trusted sources that are negligent to update antiviral programs and check for viruses Viruses [cf. B. Endicott-Popovsky]

Kinds of Malicious Code [cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Kinds of Malicious Code [Balaji, Palanisamy, U Pitt]

Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Time bomb - activates when specified time occurs Rabbit A virus or worm that replicates itself without limit to exhaust resource Trapdoor / backdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Kinds of Malicious Code [Balaji, Palanisamy, U Pitt]

Programs (pgms) containing virus must be executed to spread virus or infect other pgms Even one pgm execution suffices to spread virus widely Virus actions: spread / infect Spreading Example 1: Virus in a pgm on installation CD User activates pgm contaning virus when she runs INSTALL or SETUP Virus installs itself in any/all executing pgms present in memory Virus installs itself in pgms on hard disk From now on virus spreads whenever any of the infected pgms (from memory or hard disk) executes How Viruses Work [Leszek Lilien, Western Michigan U]

Spreading Example 2: Virus in attachment to e-mail msg User activates pgm contaning virus (e.g. macro in MS Word) by just opening the attachment => Disable automatic opening of attachments!!! Virus installs itself and spreads ... as in Example 1... Spreading Example 3: Virus in downloaded file File with pgm or document (.doc, .xls, .ppt, etc.) You know the rest by now... Document virus Spreads via picture, document, spreadsheet, slide presentation, database, ... E.g., via .jpg, via MS Office documents .doc, .xls, .ppt, .mdb How Viruses Work [Leszek Lilien, Western Michigan U]

Wireless network attack Wireless network attack targets the security of a wireless local-area network (LAN) and one commonly attacked wireless LAN is Wi-Fi networks.

Eavesdropping Eavesdropping refers to the action to monitor the wireless communications. There are two types of eavesdropping: Casual eavesdropping: a wireless client may actively scan for wireless access points. Malicious eavesdropping: Bad guys may try to collect confidential data transferred between wireless clients and the access point.

Encryption cracking Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. Due to the weak encryption scheme is used (RC4), an attacker with five minutes connected with the Wi-Fi has a high chance to crack the encryption.

Protect buildings that were susceptible to fire People built thick walls made of brick between such buildings If a building caught fire, the thick wall would prevent it from spreading to surrounding buildings Damages would be minimized Political firewall :-) The Internet Firewall prevents security attacks from spreading into the intranet or private network of an organization Firewall [Prashant, Krishnamurthy, U Pitt]

A network level access control mechanism In broad terms a firewall is all of the following A collection of hardware and software PLUS a security policy Something placed between a corporate intranet and the Internet Seeks to prevent unauthorized and unwanted communications into or out of the corporate intranet Allows the organization to implement and enforce its own traffic flow policy between the Internet and the Intranet Today it means many things Ranges from a simple packet filter to a complex intrusion prevention system What is a Firewall? [Prashant, Krishnamurthy , U Pitt]

What is a Firewall? Establishes a controlled link between the insecure public network and the secure private network Erects a security wall or perimeter around the network These days you have host firewalls that prevent a host machine from picking up some types of packets Idea of perimeter is not completely valid these days [Prashant, Krishnamurthy , U Pitt]

Service control Determines the types of services that can be allowed inbound or outbound Direction control Determines the direction in which a service may be initiated and allowed to flow User control Determines access to a service depending on which user is attempting to access it (both inbound and outbound) Behaviour Control Controls how some services are employed Example: DNS, filtering e-mail, etc. Services provided by a firewall [Prashant, Krishnamurthy , U Pitt]

Protects against Information theft (Reconnaissance) Example: Prevents requests to and responses from services within the private network reaching the outside Information sabotage (Exploitation/Pillage) Example: Prevents uploading derogatory content onto a company s web page or changing an employee s medical records Denial of Service (Pillage) Example: Prevents common DoS attacks like Smurf on internal hosts Protection with Firewalls [Prashant, Krishnamurthy , U Pitt]

Cannot protect against Attacks that bypass it Physical removal of files Dial-up modems from hosts on the Intranet Internal threats and insider attacks Malicious employees Viruses in general Viruses may come in to the network in several ways Digital photo frames, iPods, Firewalls are not foolproof They will allow what you permit them to allow Human errors can lead to security breach Limitations of Firewalls [Prashant, Krishnamurthy , U Pitt]

Types of Firewalls based on functionality [Prashant, Krishnamurthy , U Pitt]

Packet filters examine packets entering a network one at a time Examination of packets involves rules set by an administrator Packets can be blocked to certain hosts or services (IP addresses and ports) Packets can be blocked if they correspond to certain protocols Proxies Reproduce application layer functionality Isolate the protected network from the rest of the world Packets are not examined one-by-one but are completely decoded Examination after decoding reveals if it is a valid request Packet Filters vs Proxies [Prashant, Krishnamurthy , U Pitt]

Packet Filters vs Proxies - highlighted differences Packets filters Proxy Firewalls Decode packet? Not decode Completely decode What to check? IP addresses, ports whether the decoded request is valid How to protect? Block certain packets Isolate the protected network from the rest of the world Source: https://networkencyclopedia.com/network-packet/ Added by: Xin Liu

Types of Packet Filters - highlighted differences Static Packet Filters Dynamic or Stateful Packet Filters Info characteristics Static info, e.g., source & destination More than static info range of network to focus on Individual packets full context of a given network connection Source: https://www.n-able.com/blog/stateful-vs-stateless-firewall-differences Added by: Xin Liu

Types of Proxy Firewalls - highlighted differences Circuit level gateway Application level gateway Security level More secure than packet filters More secure than circuit level gateway Rationale of working It simply relays TCP connections. It is a unique program for each application. Source: https://www.rfwireless-world.com/Terminology/Application-Gateway-Vs-Circuit-Level-Gateway.html Added by: Xin Liu

Routers Most routers can be configured to act as packet filters Simple and fast, but usually not very secure Multi-homed Hosts Run a software application on top of an OS Slower, but more secure Single host Most new OSs come with a built in software Firewall to protect a single host Appliances Hardware, software and firmware particularly optimized for firewall functionality Types of Firewalls based on device types [Prashant, Krishnamurthy , U Pitt]

References 5 Social Engineering Attacks to Watch Out For , by DAVID BISSO, https://www.tripwire.com/state-of-security/security-awareness/5-social- engineering-attacks-to-watch-out-for/ What is Malware? Malware Defined, Explained, and Explored , by Cyber Edu | Forcepoint, https://www.forcepoint.com/cyber-edu/malware