Objectives in chapter 3: Explain how to harden operating systems, list ways to prevent attacks through a Web browser, define SQL injection and explain how to protect against it, explain how to protect systems from communications-based attacks, describe various software security applications.
Protecting Systems Driveby Downloads v At least one in ten web pages are booby-trapped with malware v Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable Objectives v Explain how to harden operating systems v List ways to prevent attacks through a Web browser v Define SQL injection and explain how to protect against it v Explain how to protect systems from communicationsbased attacks v Describe various software security applications Hardening the Operating System Three Steps v Updates to the operating system v Protecting against buffer overflows v Configuring operating system protections Managing Operating System Updates v Operating systems are huge and contain many bugs (errors in code) v Linux contains 0.17 bug per 1,000 lines of code v Typical commercial software contains 20-30 bugs per 1,000 lines of code v 81 bugs a day were reported for Windows Vista Beta v Some of those bugs create vulnerabilities Managing Operating System Updates Managing Operating System Updates Update Terminology v Security patch v A general software security update intended to cover vulnerabilities that have been discovered v Hotfix addresses a specific customer situation v Often may not be distributed outside that customer’s organization v Service pack v A cumulative package of all security updates plus additional features Update Terminology Instant Messaging v Instant messaging (IM) v Real-time communication between two or more users v Can also be used to chat between several users simultaneously, to send and receive files, and to receive realtime stock quotes and news v Basic IM has several security vulnerabilities v IM provides a direct connection to the user’s computer; attackers can use this connection to spread viruses and worms v IM is not encrypted by default so attackers could view the content of messages Instant Messaging v Steps to secure IM include: v Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers v Enable IM virus scanning v Block all IM file transfers v Encrypt messages PeertoPeer (P2P) Networks v Peer-to-peer (P2P) network v Uses a direct connection between users v Does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network v P2P networks are typically used for connecting devices on an ad hoc basis v For file sharing of audio, video, and data, or real-time data transmission such as telephony traffic v Viruses, worms, Trojan horses, and spyware can be sent using P2P PeertoPeer (P2P) Networks v A new type of P2P network has emerged known as BitTorrent v Torrents are active Internet connections that download a specific file available through a tracker v Server program operated by the person or organization that wants to share the file v With BitTorrent, files are advertised v BitTorrent downloads are often illegal and contain malware Applying Software Security Applications v Antivirus v Anti-spam v Popup blockers v Personal software firewalls v Host intrusion detection systems Antivirus v Antivirus (AV) software v Scan a computer for infections as well as monitor computer activity and scan all new documents, such as e-mail attachments, that might contain a virus v If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file v The drawback of AV software is that it must be continuously updated to recognize new viruses v AV software use definition files or signature files Popup Blockers v Popup v A small Web browser window that appears over the Web site that is being viewed v Popup blocker v Allows the user to limit or block most popups v Can be either a separate program or a feature incorporated within a browser v As a separate program, popup blockers are often part of a package known as antispyware v Helps prevent computers from becoming infected by different types of spyware Popup Blockers AntiSpam v Two different options for installing a corporate spam filter v Install the spam filter with the SMTP server v See Figure 3-14 v Install the spam filter with the POP3 server v See Figure 3-15 AntiSpam AntiSpam AntiSpam v A third method is to filter spam on the local computer v Typically, the e-mail client contains several different features to block spam, such as: v Level of junk e-mail protection v Blocked senders v Allowed senders v Blocked top level domain list v A final method of spam filtering is to install separate filtering software that works with the e-mail client software Gmail's Spam Filter v Very effective v Free v Automatic - effortless to use Personal Software Firewalls v Firewall, sometimes called a packet filter v Designed to prevent malicious packets from entering or leaving computers v Can be software-based or hardware-based v Personal software firewall v Runs as a program on a local system to protect it against attacks v Many operating systems now come with personal software firewalls v Or they can be installed as separate programs Host Intrusion Detection Systems (HIDS) v Monitors network traffic v Detects and possibly prevents attempts to v HIDS are software-based and run on a local computer v These systems can be divided into four groups: v File system monitors v Logfile analyzers v Connection analyzers v Kernel analyzers v HIDS compare new behavior against normal behavior ... v Java v ActiveX v Cross-site scripting (XSS) Cookies v Cookies are computer files that contain user-specific information v Types of cookies v First-party cookie v Third-party cookie v Cookies... protect systems from communicationsbased attacks v Describe various software security applications Hardening the Operating System Three Steps v Updates to the operating system v Protecting. .. Managing Operating System Updates v Operating systems are huge and contain many bugs (errors in code) v Linux contains 0.17 bug per 1,000 lines of code v Typical commercial software contains 2 0-3 0 bugs per 1,000 lines