Lecture Computer networks 1: Computer crime has contents: Computer crime and security survey, the computer as a tool to commit crime, computers as objects of crime, preventing computer related crime,... and other contents.
Trang 2
Bi Number of Incidents Reported to Computer
Trang 3PK Computer Crime and Security Survey 2002 Results
Respondents that detected computer security breaches within the last 12 months 90% Respondents that acknowledged financial losses due to security breaches 80%
Average dollar loss of the 44% who were willing or able to quantify their financial losses $2.0 million
Respondents that cited their Internet connection as a frequent point of attack 74%
Respondents that cited their internal systems as a frequent point of attack 33%
Respondents that reported intrusions to law enforcement 34%
Respondents that detected computer viruses 85%
3
Trang 4fem the Computer as a Tool to Commit Crime Oo social engineering » E.g pre-texting, phishing (email) oO Dumpster diving
=» 1o get sensitive personal information such as address, password, credit card numbers, etc
Oo Identity theft
Oo Cyberterrorism
Trang 5
Fm commuters as Objects of Crime
Oo Illegal access and use
=» Hackers
=» Crackers
Oo Information and equipment theft
Trang 6
How to Respond to a Security Incident
e Follow your site’s policies and procedures for a computer security incident
(They are documented, aren't they?)
e Contact the incident response group responsible for your site as soon as
possible
e Inform others, following the appropriate chain of command
e Further communications about the incident should be guarded to ensure intrud-
ers do not intercept information
e Document all follow-up actions (phone calls made, files modified, system jobs that were stopped, etc.)
e Make backups of damaged or altered files
e Designate one person to secure potential evidence
e Make copies of possible intruder files (malicious code, log files, etc.) and store them off-line
e Evidence, such as tape backups and printouts, should be secured in a locked cabinet, with access limited to one person
se Get the National Computer Emergency Response Team involved if necessary e if you are unsure of what actions to take, seek additional help and guidance
before removing files or halting system processes
Trang 8
Bi The Six Computer Incidents with the Greatest Worldwide Economic Impact
-: 2001 Nimda $.635 billion eke zoromie mgs
Trang 9Top Viruses — July 2002 Virus Percentage of Virus Occurrences Confirmed 1 WornyKiez.€ if the system Gate is an odd-numbered month 573%
(January, March, etc.) and the day is the 13th, the virus starts scanning local disks (or drives on the network) and fis the Mes it finds with random
data, permanently destroying them
2 W32E&em C The virus monitors all running applications, ard 168%
if there are any applications belonging to an
antivieus program, it Closes them
3 Woxm/N32 Srcam The virus displays a screensaver with a multicolor 44% message that shakes the screen ater i is
complete The display messages are: True Love never Ends
Ur My Best Friend Ur $0 Cute today #!e!
4 W32/Yaha E The virus arrives as an e-mail with an atlachnern 42% thal begins with one of the following names
loveletier, resume, love, weeklyreport, goldfish,
réporl mountan, biodata, dailyreport, love- greentings, of shakingtriendship
5 W32/Nenda The virus arrives through e-mail a5 an attached fle 26%
with the name README EXE The body of the mes- Sage appears empty but actually cortains code to ensoute the virus when the user views the message
6 WorrrWtethemn L The vífus @rWwes 4S an e-nel attachwnerd thal 2.2% when the attachment is opened, collects e-mail
ackiresses from the Wirxiows Address Book and files with DOBX, MBX, EML, WAB, and MOB
eattensions It then sends infected messages
7 W32.MagstarB The virus checks for existence of the ZoneAlarm 2.0% firewall software and, #@ @ exists, terminates &
8 Others 105%
Trang 10
Em reverting Computer-Related Crime
o Crime prevention by state and federal
agencies
o Crime prevention by corporations
=» Public Key Infrastructure (PKI) =» Biometrics
Oo Anti-virus programs
Trang 11
Em reverting Computer-Related Crime
oO Intrusion Detection Software
Trang 12fm preventing Crime on the Internet o Develop effective Internet and security policies o Use a stand-alone firewall with network monitoring capabilities
o Monitor managers and employees
oO Use Internet security specialists to perform audits
Trang 13
Computer Crimes
Add, delete, or change inputs to the computer system
Modify or develop computer programs that commit
the crime
Alter or modify the data files used by the computer system
Operate the computer system in such a way as to com-
mit Computer crime
Divert or misuse valid output from the computer system
Steal computer resources, including hardware, software, and time on computer equipment
Offer worthless products for sale over the Internet
Blackmail executives to prevent release of harmful information Blackmail company to prevent loss of computer-based information Common Methods Used to Commit Examples Delete records of absences from class in a student's school records
Change a bank's program for calculating interest to make
it Geposit rounded amounts in the criminals account
Change a student's grade from C to A
Access a restricted government computer system
Steal discarded printouts of customer records from a company trash bin
Make illegal copies of a software program without paying
for its use
Send e-mail requesting money for worthless hair growth
product
Eavesdrop on organization's wireless network to capture competitive data or scandalous information
Plant logic bomb and send letter threatening to set it off unless paid considerable sum
CuuDuongThanCong.com
13
Trang 14How to Protect Your Corporate Data from Hackers
e Install strong user authentication and encryption capabilities on your firewall e Install the latest security patches, which are often available at the vendor's
Internet site
e Disable guest accounts and null user accounts that let intruders access the net- work without a password
e Do not provide overfriendly log-in procedures for remote users (€.9., an organization that used the word welcome on their initial log-on screen found they had difficulty prosecuting a hacker)
e Give an application (e-mail, file transfer protocol, and domain name server) its own dedicated server
e Restrict physical access to the server and configure it so that breaking into one server won't compromise the whole network
e Turn audit trails on
e Consider installing caller ID
e Install a corporate firewall between your corporate network and the Internet
e Install antivirus software on all computers and regularly download vendor updates
e Conduct regular IS security audits
e Verify and exercise frequent data backups for critical data
14
Trang 15Internet Security Threads
Trang 16
Internet Security Measures
o Firewall
oO Antivirus software
oO Email encryption
o Encryption and authentication o Frequent updates of software
o Always beware of incoming threads
Trang 17
Em antivirus Software
o Symantec: Norton Antivirus, Norton Internet security, etc
Oo McAfee: McAfee Virus Scan, McAfee