MANAGEMENT INFORMATION SYSTEM (MIS)

MBA II SEM(SEC-A)
PRESENTED

BY

THAKUR SINGH GOVIND SINGH TANWER DHARMVIR

Overview
The

FLI Model Infiltrations:

Viruses / Worms Lessons Learned
Firewalls

& Attacks

What is a firewall? How do they work? How to prevent attacks

Security Problems & Solutions

Failure (Process/Storage) Prevention Physical Security Uninterruptible Power Firewalls Management Non-Stop Processes Fault-Tolerance Watchdog Processor Replication, RAID Backups Fail-Over Hot Swapping Key Escrow Lies Authentication Authorization Non-Repudiation Time-Stamping Digital Signatures Byzantine Agreement Reputation Systems Infiltration Hardware Protection Firewalls Common Sense Intrusion Detection Anti-virus Software

Recovery

Fail-Stop Digital Signatures Auditing

Certificate Revocation

Morris Worm (1988)

Damage:

6000 computers in just a few hours What: just copied itself; didnt touch data Exploited:

buffer overflow in fingerd (UNIX) sendmail debug mode (exec arbitrary cmds) dictionary of 432 frequently used passwords

Morris Worm (1988)

Lessons

Learned from Morris

Diversity is good. Big programs have many exploitable bugs. Choose good passwords. Dont shut down mail servers: did prevent worm from spreading but also shut down defense CERT was created to respond to attacks

Melissa (1999)
What:

just copied itself; did not touch data When date=time, Twenty-two points, plus triple word
score, plus fifty points for using all my letters. Games over. Im outta here.

Exploited:

MS Word Macros (VB) MS Outlook Address Book (Fanout = 50) Important message from <user name>

Melissa (1999)
Lessons

Learned:

Homogeneity is bad. Users will click on anything. Separation of applications is good. Users trusted the message since it came from someone they knew. Dont open attachments unless they are expected.

Other Viruses / Worms

CIH Chernobyl Virus, 1998, Taiwan:

Time bomb: April 26, or 26th of each month Writes random garbage to disk start at sector 0 attempts to trash FLASH BIOS Hides itself in unused spaces

Worm.ExploreZip, 1999: Melissa + zeroed out files BubbleBoy, 1999: Melissa-like except doesnt require opening an attachment (ActiveX) Love Bug, 2000: I LOVE YOU (like Melissa)

Code Red (2001)

Runs on WinNT 4.0 or Windows 2000 Scans port 80 on up to 100 random IP addresses Resides only in RAM; no files Exploits buffer overflow in Microsoft IIS 4.0/5.0 (Virus appeared one month after advisory went out) Two flavors:

Code Red I: high traffic, web defacements, DDOS on whitehouse.gov, crash systems Code Red II: high traffic, backdoor install, crash systems

Three phases: propagation (1-19), flood (20-27), termination (28-31) Other victims: Cisco 600 Routers, HP JetDirect Printers

Nimda (2001)

Multiple methods of spreading (email, client-to-server, server-to-client, network sharing)

Server-to-client: IE auto-executes readme.eml (that is attached to all HTML files the server sends back to the client) Client-to-server: burrows: scanning is local 75% of time Email: readme.exe is auto executed upon viewing HTML email on IE 5.1 or earlier

Just this week BadTrans Worm

Spread

via email; attacks Windows systems Records (once per second) keystrokes, usernames, & passwords into windows with titles: LOG, PAS, REM, CON, TER, NET Sends to

one of 20+ email addresses one of 15+ from addresses one of 15+ attachment names w/ 2 extensions ({.doc/.mp3/.zip},{.pif/.scr})

Firewalls
Two

major technologies:

Packet Filters Proxies

Related

technologies

Network Address Translation (NAT) Virtual Private Networks (VPN)

Packet Filtering Routers

Filter on:

IP Source, IP Dest, Protocol (TCP, UDP, ICMP) TCP/UDP Source & Dest Ports ICMP Message Type (req,reply,time exceed) Packet Size NICs i.e., UDP DA/DP checking i.e., Format Checking, Disconnect anonymous FTP x-fers

Stateful vs. Stateless Inspection

Simple Protocol Checking

Packet Filtering
Advantages

One router can protect entire network Simple filtering is efficient Widely available Hard to configure & test Reduces router performance Cant enforce some policies (i.e., user-level)

Disadvantages

Proxies
Security

vs. Caching Proxies SOCKS: proxy construction toolkit Trusted Information Systems Firewall Toolkit (TIS FWTK: Telnet, FTP, HTTP, rlogin, X11) Most used to control use of outbound services Can also be used to control inbound services (reverse proxying)

Proxies
Advantages

Logging, Caching, Intelligent Filtering User-level authentication Guards against weak IP implementations Lag behind nonproxied services Requires different servers for each service Usually requires modifications to client applications

Disadvantages

Firewall Architectures
Dual-Homed

Host

Services can only be proxied

Screening

Router w/ Bastion Host Subnet

Security by packet filtering Bastion host is single point of failure Ext Router, Perimeter, Bastion Host, Interior Router Internal ethernet packets protected from perimeter

Screened

Example Attacks
IP

Spoofing TCP SYN Flood SMURF Attack

ICMP Ping w/ max payload to broadcast address

D-DOS

Attack

Infiltrate, set up sleepers, attack at once

References
White-Hat

Security Arsenal, A. Rubin Security Engineering, R. Anderson Gary Kessler Building Internet Firewalls, E. Zwicky, et. Al. Counter Hack, E. Skoudis

Network Address Translation (NAT)

Translates

network addresses & ports Does not provide additional security Possibilities:

One external address per internal address Dynamically assign external address Map multiple internal to one external (port sharing) Dynamically assign external addresses and ports

Network Address Translation (NAT)

Advantages

Helps enforce control over outbound connections Helps restrict incoming traffic Helps conceal internal network configuration Not good for UDP (guess session lifetimes) Doesnt deal with embedded IP addresses Interferes with authentication & encryption Interferes with logging & packet filtering

Disadvantages

Virtual Private Networks

Advantages:

Provides overall encryption Allows use of protocols that are hard to secure any other way Involves dangerous network connections Extends the network that must be protected

Disadvantages:

 Management
An

information system (MIS)

MIS provides managers with information and support for effective decision making, and provides feedback on daily operations Output, or reports, are usually generated through accumulation of transaction processing data Each MIS is an integrated collection of subsystems, which are typically organized along functional lines within an organization

What is a computer virus?

Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files

How to remove and avoid computer viruses

A computer virus is malicious software (also known as "malware") that can copy itself and infect other software or files on your computer. If you suspect your computer has been infected, the Microsoft Windows website provides step-by-step instructions for removing viruses and other malware. Fortunately, if you update your computer and use free antivirus software such as Microsoft Security Essentials, you can help permanently remove unwanted software and prevent installation in the first place.

What is spyware?

Spyware is a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first, such as: Advertising Collecting personal information Changing the configuration of your computer Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.

Trading tracking for services

That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you "pay" for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.

What spyware does

Other

kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.

How to protect spyware

Spyware

and other unwanted software can Invade your privacy Bombard you with pop-up windows Slow down your computer Make your computer crash

What is a computer virus? computer operation. A virus might corrupt

Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files

How to remove and avoid computer viruses

A computer virus is malicious software (also known as "malware") that can copy itself and infect other software or files on your computer. If you suspect your computer has been infected, the Microsoft Windows website provides step-by-step instructions for removing viruses and other malware. Fortunately, if you update your computer and use free antivirus software such as Microsoft Security Essentials, you can help permanently remove unwanted software and prevent installation in the first place.

What is spyware?

Spyware is a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first, such as: Advertising Collecting personal information Changing the configuration of your computer Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.

Trading tracking for services

That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you "pay" for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.

What spyware does

Other

kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.

How to prevent spyware

Spyware

and other unwanted software can Invade your privacy Bombard you with pop-up windows Slow down your computer Make your computer crash

Steps to protect your pc

Step

1: Use a firewall Step 2: Update your software Step 3: Adjust Internet Explorer security settings Step 4: Download and install antispyware protection Step 5: Surf and download more safely

Thank you