Understanding Data Security Tools and Techniques

This presentation explores techniques and tools for understanding digital data, focusing on protecting your data. Topics include analyzing PC processes, network activity, and utilizing tools like Task Manager to manage processes effectively. Learn how to identify and address potential security threats, such as malware, using practical examples and best practices in data security.

• Data Security
• Tools
• Techniques
• Malware
• Task Manager

bra_lea Follow

Uploaded on Sep 29, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Digital Data Safety 1

2. SADET Module A.1: Digital Data Safety Exploring Digital Data Michael B. Spring Department of Informatics and Network Systems School of Computing and Information

3. Introduction This slide set looks at some techniques and tools for understanding computers and networks focused on protecting your data. This slide set is optional and intended for students interested in the technical side of data security issues. Prior presentations examined the issues of data privacy conceptually and looked at things you can do to keep your data private

4. Overview Looking at your PC Processes Addresses Networking activity Routing Where is my data? Doing a search Using the wayback machine Snooping on Twitter Two More Tools Wireshark Twitter Streams

5. Task Manager On any windows PC, pressing the keys Ctrl , Alt , and Del at the same time will either launch task manager or display a list which will allow you to select task manager. Task manager allows you to look at the applications that are running and gather some information about them. For now, simply note that while only a few applications are running, there are dozens of processes and services running. Also note that services that are running have a PID Process ID. We will want to look at these PID s later. Many of the services and some of the processes are communicating over the network.

6. Two Screen Shots of Task Manager The Process ID of the dozens of services Only a few applications running More than 100 processes are running

7. What Might You Do Using Task Manager You turn to Task Manager to get more information about why things are slow on your machine. By clicking on the CPU column heading you can sort processes by how much CPU they are absorbing. Before deleting a process, you should do a web search on the process name often you will find it may be marked as a malicious process with directions about how to remove it. Sometimes, a windows indexing process is absorbing too much time and you can remove it. Malicious software (malware) sometimes hides as a service. They can be more difficult to remove, but a web search will often tell you how.

8. What Might You Do Using Task Manager - malware as an example KingMiner malware mines cryptocurrency without users' consent. Added by: Xin Liu Source: https://www.pcrisk.com/removal-guides/14146-kingminer-virus

9. What Might You Do Using Task Manager - malware examples Think about what else malwares can do to our PC? It can be about Ads File scanning Added by: Xin Liu

10. Address Information Your device, connected to the internet a network card, needs to keep track of a number of addresses. It needs to know: Its MAC address for Ethernet functionality Its Internet Protocol (IP) address The name of the Domain Name Server that does address resolution The address of the gateway that it uses to access the internet. All of this information used to be entered manually. Now it occurs automatically via a number of mechanisms. We can access this information by issuing the command ipconfig all in a command window

11. ipconf -all MAC Address IP Address Default gateway DNS Servers

12. What might you do with ipconfig? The program will show you all of the information for each network card on your computer make sure you find the information for the right card. If you are dealing with a help desk or a technician, being able to provide this information will be of great help. This information will be of use if you are trying to sniff packets intended for your machine see the section on wireshark.

13. Whats going on over the network As we indicated earlier, while you may be running only a few applications, there are many processes running on your machine that are communicating with each other and with other machines. The program that reveals these connections is called netstat. On the next three slides, we show three executions of netstat Netstat f Netstat o

14. C:\>netstat -f Note that ports 3306 (mysql) and 8080 (webserver) are open TCP 136.142.121.73:52081 a23-15-8- 131.deploy.static.akamaitechnologies.com:http ESTABLISHED TCP 136.142.121.73:52110 40.97.41.66:https ESTABLISHED TCP 136.142.121.73:52856 ec2-34-214-162-88.us-west- 2.compute.amazonaws.com:https ESTABLISHED TCP 136.142.121.73:53131 40.97.157.66:https ESTABLISHED TCP 136.142.121.73:53132 40.97.157.66:https ESTABLISHED .... TCP 136.142.121.73:58881 iad23s63-in-f4.1e100.net:https ESTABLISHED TCP 136.142.121.73:59025 107.152.26.219:https ESTABLISHED TCP 136.142.121.73:59082 ec2-52-39-131-77.us-west- 2.compute.amazonaws.com:https ESTABLISHED TCP 136.142.121.73:59661 107.152.26.197:https CLOSE_WAIT TCP 136.142.121.73:60358 107.152.27.197:https CLOSE_WAIT TCP 136.142.121.73:61903 qv-in-f188.1e100.net:5228 ESTABLISHED TCP 136.142.121.73:64495 107.152.26.197:https CLOSE_WAIT TCP [::1]:8080 Spring-PC:52078 TIME_WAIT ... Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:3306 Spring-PC:51929 ESTABLISHED ... TCP 127.0.0.1:3306 Spring-PC:59055 ESTABLISHED TCP 127.0.0.1:8009 Spring-PC:58983 TIME_WAIT TCP 127.0.0.1:8080 Spring-PC:58982 TIME_WAIT TCP 127.0.0.1:20121 Spring-PC:58948 TIME_WAIT TCP 127.0.0.1:20121 Spring-PC:59027 TIME_WAIT TCP 127.0.0.1:49158 Spring-PC:49159 ESTABLISHED TCP 127.0.0.1:49159 Spring-PC:49158 ESTABLISHED ...... TCP 136.142.121.73:51935 107.152.27.219:https TIME_WAIT TCP 136.142.121.73:52061 ns1.pitt.edu:domain TIME_WAIT TCP 136.142.121.73:52062 52.96.4.178:https ESTABLISHED

15. C:\>netstat -o Note that the last column contains the PID of the process on my machine TCP 136.142.121.73:52044 40.97.131.114:https ESTABLISHED 2636 TCP 136.142.121.73:52320 40.97.85.98:https ESTABLISHED 2636 TCP 136.142.121.73:52856 ec2-34-214-162-88:https ESTABLISHED 7552 TCP 136.142.121.73:55226 107.152.26.197:https CLOSE_WAIT 2984 .... TCP 136.142.121.73:60335 40.97.162.146:https ESTABLISHED 2636 TCP 136.142.121.73:60358 107.152.27.197:https CLOSE_WAIT 2984 TCP 136.142.121.73:60973 ns1:domain TIME_WAIT 0 TCP 136.142.121.73:60974 40.97.205.2:https ESTABLISHED 2636 TCP 136.142.121.73:61001 ec2-52-42-153-139:https ESTABLISHED 7552 TCP 136.142.121.73:64419 ns1:domain TIME_WAIT 0 TCP 136.142.121.73:64495 107.152.26.197:https CLOSE_WAIT 2984 Active Connections Proto Local Address Foreign Address State PID TCP 127.0.0.1:49170 Spring-PC:49171 ESTABLISHED 2660 TCP 127.0.0.1:49171 Spring-PC:49170 ESTABLISHED 2660 TCP 127.0.0.1:49172 Spring-PC:49173 ESTABLISHED 2660 ..... TCP 127.0.0.1:55348 Spring-PC:55349 ESTABLISHED 6500 TCP 127.0.0.1:55349 Spring-PC:55348 ESTABLISHED 6500 TCP 127.0.0.1:56848 Spring-PC:5681 SYN_SENT 10524 TCP 127.0.0.1:59044 Spring-PC:59045 ESTABLISHED 11744 .... TCP 127.0.0.1:59069 Spring-PC:59070 ESTABLISHED 11744 TCP 127.0.0.1:59070 Spring-PC:59069 ESTABLISHED 11744 TCP 127.0.0.1:59657 Spring-PC:59658 ESTABLISHED 1076 TCP 127.0.0.1:59658 Spring-PC:59657 ESTABLISHED 1076 TCP 136.142.121.73:50026 107.152.27.197:https CLOSE_WAIT 2984 TCP 136.142.121.73:50028 107.152.27.197:https CLOSE_WAIT 2984

16. What Netstat can tell you It takes a while to get used to netstat and you need more information to interpret it, but here is what these reports are showing: In the first report, I note that port 3306 and 8080 are open. These are the default ports for a database listener and a web server. It would be dangerous to have them open if I was not behind a firewall The second report shows me the process ID (PID) of the software running on the various ports. Using Task Manager, I can see if the software is OK For more information about netstat, see: https://docs.microsoft.com/en-us/windows-server/administration/windows- commands/netstat https://www.lifewire.com/netstat-command-2618098

17. Routing of Packets When you connect to a web server, or get your mail, the exchanges between your computer and the server follow a given path. That path is not always the same, but it often is. The hops across the internet incur delays at each router You can see the path and the delays using the tracert or trace route command Open a command window and issue the command tracert destination You will see a prinout of the route and delays as shown on the following slide.

18. tracert C:\>tracert -w 1 google.com Tracing route to google.com [172.217.8.14] over a maximum of 30 hops: 1 2 3 4 5 6 7 8 9 10 2 ms 3 ms 2 ms 3 ms 4 ms 21 ms 15 ms 187 ms 139 ms 50 ms 2 ms 2 ms 3 ms 3 ms 2 ms 24 ms 10 ms 278 ms 79 ms 59 ms 2 ms vl3342.cl-core-2.gw.pitt.edu [10.215.48.1] 3 ms et4-3.cl-core-2.gw.pitt.edu [136.142.253.108] 2 ms vl801-oakland-wifi-vrf-palo-vs.cl-core-2.gw.pitt.edu [136.142.252.162] 3 ms vl800-oakland-wifi-vrf-bb.cl-core-2.gw.pitt.edu [136.142.252.160] 2 ms et-2-3-0-712.externals-cl.gw.pitt.edu [136.142.2.161] 30 ms cdn.pitt.3rox.net [147.73.16.162] 9 ms 72.14.213.79 114 ms 108.170.246.33 50 ms 216.239.49.47 13 ms iad23s59-in-f14.1e100.net [172.217.8.14] Trace complete.

19. What can tracert tell you. Tracert sends three packets to each routing point and measures the round trip time (RTT). Generally speaking the times in the three columns should be pretty consistent. When there is a big jump for one of the routers it gives you a sense of where congestion exists In general local devices should be in a few milliseconds, across the US times should be around 100ms (1/10 of a second), international times may be 300-400 or more For more information about tracert, see https://mediatemple.net/community/products/dv/204643870/using-the-traceroute- command https://www.lifewire.com/tracert-command-2618101

20. Whats on the Network about Me

21. Just do a search A Google search will get you a lot of information. Searching for Michael B. Spring, I found 237 million pages obviously a lot not about me. I added Pitt and dropped the number to 11 million pretty good but still too much I added quotes around my name and found 9,620 pages -- pretty good and most were about me or something that had my name on it. Using very little time, you can find a persons Facebook page and a lot of information about them just do a search in Facebook

22. Historical search If you find a webpage that s of interest and you are really curious, you can go back in time. The internet archive, also known as the wayback machine, is constantly taking snapshots of the web. Its address is https://archive.org. I found that my homepage had been captured 207 times between September 8, 1999 and October 21, 2017. If I had deleted things from my pages because they were embarrassing, I might be able to go back and capture them

23. Historical search Update: I found that my homepage had been captured 52 times between January 23, 2015 and June 25, 2021. Added by: Xin Liu

24. Historical search - our own behavior Think about if possible to find out all our network behaviors by Google search? Why? It can be about Facebook social comments Amazon purchases Added by: Xin Liu

25. Two Last Tools to get Started

26. Wireshark Wireshark is shareware that allow you to look at the traffic on an Ethernet. Recall that all the machines on an Ethernet can see all of the packets on the Ethernet Wireshark allows you to sniff all or a selected subset of those packets. We will provide a rudimentary example of using wireshark. You can download wireshark at: https://www.wireshark.org/ In our example we will trap packets that are http requests Open wireshark, and select Capture Options Choose your network card, click on filter and select TCP http as the filter, and click start After it starts, open your browser and go to a web page You can find more information at: https://www.lifewire.com/wireshark-tutorial-4143298 https://www.computerweekly.com/tutorial/Quick-and-dirty-Wireshark-tutorial

27. Using Wireshark to capture a web page request

28. Rolling Your Own: Twitter This last example involves developing an application to watch Twitter streams. It requires a fair amount of work, but demonstrates how people use programs to spy on other people. Basically, you need to understand that you can access twitter information by writing a program. To do that you need to understand the Twitter API or Application Program Interface. You begin by: Checking Twitter s Main Developer Page -- https://developer.twitter.com/en.html Find info on getting started -- https://developer.twitter.com/en/docs/basics/getting-started Info on subscribing -- https://developer.twitter.com/en/docs/accounts-and-users/subscribe- account-activity/overview 28 September 29, 2024 RESTful Web Services

29. Rolling Your Own: Twitter Having read the basic info, you needed to register, obtain a library, and find a simple example. To use the API, you must create an app and use our OAuth-based authorization system. Visit apps.twitter.com to create one. Create an App -- https://apps.twitter.com/app/new Generate Tokens (assuming an app was created --this is my app -- https://apps.twitter.com/app/14280438/keys Use existing libraries and utilities I used twitter4J -- http://twitter4j.org/en/index.html Download the zip file with the jars and docs Find a simple example to begin the process -- http://simpledeveloper.com/twitter-client-using-java/ 29 September 29, 2024 RESTful Web Services

30. Programming I like to work in Java but there are libraries that allow you to use pretty much any language. The next slide show the basic procedure for telling twitter you have registered and agreed to their terms The slide after that shows how to filter all tweet looking for a given term in my case I was looking for tweets about Las Vegas right after the mass shooting in that city. Law enforcement might be looking for all the tweets from a given suspect they are following indeed program like this have found criminal at large tweeting that they are going to a movie at a given place at 8:00!!!!

31. Using Twitter (Same for all uses) I chose to store access tokens in a properties file Properties prop = new Properties(); InputStream in; in = new FileInputStream("twitter4jd.properties"); prop.load(in); The access token properties are used to set authorization ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder .setOAuthConsumerKey(prop.getProperty("oauth.consumerKey")) .setOAuthConsumerSecret(prop.getProperty("oauth.consumerSecret")) .setOAuthAccessToken(prop.getProperty("oauth.accessToken")) .setOAuthAccessTokenSecret(prop.getProperty("oauth.accessTokenSecret")) Instantiate a re-usable and thread-safe factory for either a tweet or a stream Twitter twitter = twitterFactory.getInstance(); TwitterStream twitterStream = new TwitterStreamFactory(configurationBuilder.build()).getInstance(); 31 September 29, 2024 RESTful Web Services

32. Tapping the Twitter Stream twitterStream.addListener(new StatusListener () { @Override public void onStatus(Status status) { System.out.println(status.getText()); // print tweet to console } @Override public void onDeletionNotice(StatusDeletionNotice statusDeletionNotice) { System.out.println("Got status del notice id:" + statusDeletionNotice.getStatusId()); } @Override public void onTrackLimitationNotice(int numberOfLimitedStatuses) { System.out.println("Got track limitation notice:" + numberOfLimitedStatuses); } @Override public void onScrubGeo(long userId, long upToStatusId) { System.out.println("Got scrub_geo event userId:" + userId + " upToStatusId:" + upToStatusId); } @Override public void onStallWarning(StallWarning warning) { System.out.println("Got stall warning:" + warning); } @Override public void onException(Exception ex) { ex.printStackTrace(); } }); FilterQuery tweetFilterQuery = new FilterQuery(); tweetFilterQuery.track(new String[]{"Las Vegas"}); // OR on keywords tweetFilterQuery.language(new String[]{"en"}); // twitterStream.filter(tweetFilterQuery); 32 September 29, 2024 RESTful Web Services

33. The Results [Fri Oct 13 16:07:57 EDT 2017]Establishing connection. [Fri Oct 13 16:07:58 EDT 2017]Connection established. [Fri Oct 13 16:07:58 EDT 2017]Receiving status stream. What happened to Jesus Campos? https://t.co/hi40APpvg4 https://t.co/esK2wwTub8 RT @IWillRedPillYou: George Soros Fund Management LLC bet 42 Million dollars on the downfall of MGM stocks right before the events of La Zappos matching up to $1M for Las Vegas shooting victims and families - https://t.co/VlfWCXRxOm https://t.co/Mi3c5Nwzfy Zappos matching up to $1M for Las Vegas shooting victims and families - https://t.co/NTCwtu3Mdj https://t.co/ZLWnVkSVnj So cool at Las Vegas it legal to drink alcohol in public while you walkimg for example. Hidden Valley and Primm Valley Extreme RZR Tour from Las Vegas From USD: $162.99 https://t.co/09KIgHakj4 #Beijing https://t.co/KXTgoJTo7b RT @MikeTokes: @seanhannity @KellyannePolls @TomiLahren @SebGorka @GeraldoRivera @LeslieMarshall @SheriffClarke @parksesq You shou Authorities: Las Vegas shooter fired at aviation fuel tanks 'with intent' https://t.co/qY0EI2FpOb #blog https://t.co/8yw9jdtsFP UNBELIEVABLE! CHECK OUT HOW MANY PATIENTS LAS VEGAS HOSPITALS TREAT IN ONE NIGHT: - https://t.co/td0K6S1y4M https://t.co/6Tjs1cjLBN 33 September 29, 2024 RESTful Web Services

34. Conclusion This presentation look at some of the tools, from simple to complex, that can be used to look at you and what you are doing. This is but a brief introduction to a complex world that includes everything from standard tools to complex programs written to capture all the information on the internet. Anything you put out there can be captured. It just depends how badly somebody want to know about you.