Тексты на английском
<<  Architecture and Gardens at the Getty Villa Architecture Весне для 1класса  >>
CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6
CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6
Syllabus
Syllabus
Malware
Malware
Types of Malware
Types of Malware
What is a Virus
What is a Virus
Two Virus Components
Two Virus Components
Virus Propagation
Virus Propagation
Virus Propagation
Virus Propagation
Examples
Examples
Worms
Worms
Virus vs
Virus vs
Why are Worms Powerful
Why are Worms Powerful
Anatomy of Worm
Anatomy of Worm
Warhead
Warhead
Propagation Engine
Propagation Engine
Target Selection Algorithm
Target Selection Algorithm
Scanning Engine
Scanning Engine
Payload
Payload
Examples
Examples
Examples
Examples
Examples
Examples
Code Red (2001)
Code Red (2001)
Code Red (2001)
Code Red (2001)
Santy (2004)
Santy (2004)
Ethical Worms
Ethical Worms
Ethical Disclosure
Ethical Disclosure
Backdoors
Backdoors
Types of Backdoors
Types of Backdoors
Trojan Horse
Trojan Horse
Rootkits
Rootkits
Botnets
Botnets
Hackers and Phreaks
Hackers and Phreaks
Early Hacking Incidents
Early Hacking Incidents
U.S. Law on Hacking
U.S. Law on Hacking
Recent Enforcement
Recent Enforcement
Blue Security
Blue Security
In-Class Exercise
In-Class Exercise
In-Class Exercise
In-Class Exercise
In-Class Exercise
In-Class Exercise

Презентация: «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security». Автор: . Файл: «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security.ppt». Размер zip-архива: 219 КБ.

CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security

содержание презентации «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security.ppt»
СлайдТекст
1 CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6

CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6

Computer Networks and Security

Herbert G. Mayer, PSU CS status 6/24/2012 Slides derived from prof. Wu-Chang Feng

2 Syllabus

Syllabus

Malware Virus Worms Examples Backdoor Trojan Horse Rootkit Botnet Hackers and Phreaks Enforcement In-Class Exercise

3 Malware

Malware

Malware: unwanted SW attack, instructing your computer to do something an attacker wants, but you don’t want, such as: Delete files to render your computer inoperable Infect other systems --worms, viruses Monitor activity --webcams, keystroke loggers Gather information on you, your habits, web sites you visit Provide unauthorized access --Trojans, backdoors Steal files, store illicit files Send spam or attack other systems Stepping stone to launder activity --frame you for a crime Hide activity --rootkits

4 Types of Malware

Types of Malware

Viruses Worms Trojans Backdoors Rootkits (user & kernel level)

5 What is a Virus

What is a Virus

Self-replicating piece of code that attaches itself to other programs; usually requires human interaction to propagate

6 Two Virus Components

Two Virus Components

Payload The malicious/anti-social action that viruses & worms perform that make them highly irritating or worse Examples: wiping your hard drive, deleting files, encrypting files for blackmail purposes Propagation mechanism How do viruses spread?

7 Virus Propagation

Virus Propagation

Locally Simplest method Write to file system Local files, executables, documents Write it into the boot sector/operating system Removable storage Initial viruses propagated through tapes and floppies Today through thumb drives and CDs Rarely target CDs specifically but Chernobyl (CIH) on Yamaha CDR update CD NIMDA on Visual Studio .net in Korea Modern media Compact Flash, SD, USB Keys

8 Virus Propagation

Virus Propagation

Network Most common currently Email (Iloveyou) Web Newsgroups (Melissa) P2P Networks (Fastrack, Gnutella, IRC, Torrent) 2003 study showed 45% of executable files downloaded from KaZaA had viruses or Trojan horses Beware of Warez! NFS, Samba mounts Social networks

9 Examples

Examples

Benign Brain virus (1986) Determine level of software piracy in Pakistan Malicious Michelangelo (1991) Erased boot sector on March 6, 1991 Love bug (2000) Deleted files Collected passwords and e-mailed them Author was a 23 year old Filipino CS student No hacking laws in Philippines so no prosecution

10 Worms

Worms

A worm is a self-replicating piece of code that spreads via networks; usually does not require human interaction to propagate

11 Virus vs

Virus vs

Worm

Similarities Goal is to infect other machines Both may contain a payload Virus Infects other files (must have executable sections) Transmitted via removable storage or network Require user interaction for propagation -- e.g. Open a file, boot from floppy, launch an executable, click on e-mail attachment or simply open an email Worm Travels through the network only ? key May infect other files (might be cleared through reboot) Does not require human interaction Target misconfiguration or flaws/vulnerability in systems --buffer overflows!

12 Why are Worms Powerful

Why are Worms Powerful

Fast scaling Can take control of a vast number of machines, each of which will act as a launch point to infect other machines Goal: Infect 10,000s of machines Serial example Suppose an average of 1 hour per machine Includes time to find a vulnerable machine, as well as infecting it 10000 hours = 416 days > 1 year! Worm example Again, suppose an average of 1 hour per machine, Infected machines will subsequently take an hour to infect another 1st hour: 1 infection 2nd hour: 3 infections 3rd hour: 7 infections 14th hour: 16,383 infections = 714 times faster than serial

13 Anatomy of Worm

Anatomy of Worm

A worm is composed of Warhead Propagation Engine Target Selection Algorithm Scanning Engine Payload

14 Warhead

Warhead

Warhead – the mechanism by which a worm gains entry into a system This is the part that we protect our systems against. The warhead contains the exploitation code Buffer overflow, copying into open file shares Password attacks

15 Propagation Engine

Propagation Engine

Propagation Engine – How the worm transports a new copy of itself into another machine Often, warheads contain the entire worm, but not always Warhead code can download the rest of the worm code, e.g. remote root shell exploit followed by an ftp

16 Target Selection Algorithm

Target Selection Algorithm

Target Selection Algorithm – How a worm selects its next target Want to choose nearby targets. Nearby targets are much faster to infect than far away targets IP address proximity, network neighborhood, e-mail address books

17 Scanning Engine

Scanning Engine

Scanning Engine – Code that probes machines to determine if addresses generated by the targeting algorithm are vulnerable. Pretty simple usually – send probing packets (TCP SYN) to targets, wait for response If successful in opening a socket, attempt to compromise

18 Payload

Payload

Payload – The malicious code that the worm actually delivers Early worms often had no payload, just the mere act of spreading itself around will damage the Internet Install a backdoor, Trojan, or rootkit Alter or destroy files (immediately, timed, on-demand) Encrypt your data, delete the originals, hold it for ransom Form a botnet (e-mail spam, search engine spam, phishing) Launch DoS attacks

19 Examples

Examples

The first few worms were “ethical” worms – worms that tried to perform a useful service Creeper First worm developed for the assistance of air traffic controllers by Bob Thomas in 1971 Notified air traffic controllers when the controls of a plane moved from one computer to another Traveled from one computer screen to the other on the network showing the message, "I'm creeper! Catch me if you can!" Did not reproduce itself

20 Examples

Examples

Xerox PARC worms John Shock and Jon Hepps of Xerox PARC, early eighties Worms as efficient carriers of software "town crier" worm posted announcements on all computers of network More complex – activated only at night to consume unused CPU cycles Escaped laboratory into Xerox’s network One morning the employees returned to find that all the computers had crashed. When they tried to restart the computers, they crashed again One of the worms malfunctioned and had created havoc in the network A "vaccine" had to be created so as to deactivate the worm

21 Examples

Examples

Infamous, accidental Internet worm (1988) Robert Morris (student at Cornell) discovers multiple security holes in Unix (ftp, sendmail, and fingerd) Wanted to research whether one could create an automated means for exploiting them Goal was to infect quickly, but do no other damage (i.e. files left alone) In the middle of the design, a patch was released for one vulnerability Morris quickly launched worm before it was completed Released November 2, 1988 Brought down the Internet Morris suspended from Cornell and convicted of felony under U.S. Computer Fraud and Abuse act. (Given probation) Went back to school at Princeton, now a professor at MIT Ethics? Malicious or selfish?

22 Code Red (2001)

Code Red (2001)

Targeted indexing service used in Windows IIS web server Spreads as a bad HTTP request (buffer overflow) Infected server creates 99 threads to attack random IP addresses windowsupdate.microsoft.com was infected too Infection rate Over 20,000 infections in less than 10 minutes Over 250,000 infections in less than 9 hours Over 975,000 total infections Payload DDoS attack against whitehouse.gov’s IP

23 Code Red (2001)

Code Red (2001)

People don’t patch IIS vulnerability was fixed months before Code Red launched Infected machines observed years later

24 Santy (2004)

Santy (2004)

Attacks PHP Bulletin Board (phpBB) website software. Exploit URL descrambling error in PHP on input allows arbitrary PHP script to execute. Novel target selection algorithm How do you find vulnerable phpBB2 software to attack? The same way you do. It Googles for it. 40000 phpBB2 servers hit Google eventually started blocking/censoring searches to slow down worm Result: New variant of Santy used AOL and Yahoo search engines “Ethical” worm developed 1 week later Anti-Santy worm used same method Google used Defaced webpage: “viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11.”

25 Ethical Worms

Ethical Worms

Suppose you create a worm that… Exploits the vulnerability Patches the system Removes itself Should you release it? What if it spreads out of control? What if it doesn’t work? Patching could bring about problems E.g. Critical application depends on vulnerability to work correctly E.g. Application depends on a certain interpretation of the specification Patches have to be tested thoroughly! Are ethical worms an oxymoron? Perhaps not worth the trouble? How would one analyze this using ethical frameworks?

26 Ethical Disclosure

Ethical Disclosure

Publishing zero-day exploits Zero-Day worms especially dangerous as they target brand new exploits No patch available! (Have to hope that your system/network is adequately hardened) Is it ethical to disclose such vulnerabilities? How long should one wait to disclose them? Publishing better ways to design worms Staniford, Paxson, Weaver, “How to 0wn the Internet in your own spare time”, in Usenix Secuirty 02 Warhol Worms/Flash Worms Infect the entire Internet in 15 minutes/30 seconds. (!) Is it ethical to disclose such techniques?

27 Backdoors

Backdoors

A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms

28 Types of Backdoors

Types of Backdoors

Local escalation of privileges Allow attackers with account administrator privileges Remote execution of individual commands Remote attackers can send a message to a victim machine that allows them to execute a single command on the victim machine Remote command-line access (aka remote shell) Remote attacker can type directly into a command prompt of the victim machine across the network Remote control of GUI Remote attacker controls the GUI of the victim machine across the network

29 Trojan Horse

Trojan Horse

Origin of term: The ancient Greeks laying siege to Troy, gaining access via a “loaded” horse That famous horse is generally spelled the “Trojan Horse” Yet the term, alluding to infamously sneaky access to your computer system, is seen as being spelled “Troyan Horse” A Trojan Horse is a program which appears to have some useful or benign capability, but conceals some hidden, malicious functionality

30 Rootkits

Rootkits

Rootkits are Trojan backdoor tools that modify existing operating system software so that attacker can keep access to and hide on a machine without owner’s consent

31 Botnets

Botnets

Short for: network of robots, or robot net A bot is a software program that responds to commands sent by a command-and-control program located on an external computer Botnets are coordinated collections of bots under a single central control Launch denial-of-service attacks Send spam Host phishing sites

32 Hackers and Phreaks

Hackers and Phreaks

Hackers – two definitions: good and bad Someone highly skilled in programming and use of computer systems (sign of respect in some circles) Someone that breaks into computer systems (sign of bad behavior in public circles) Phone phreak – someone that manipulates the telephone system in order to communicate with others without paying Stealing access codes, using outlawed hardware

33 Early Hacking Incidents

Early Hacking Incidents

PDP-11 Programmable minicomputer shared by many students at MIT Students forbidden to modify hardware Stewart Nelson (1960s) Added a new hardware instruction in the middle of the night to “improve” performance Also did it to demonstrate his skills Ethical evaluation Does it depend on the outcome? What good is an ethical framework if you can only tell afterwards if an action is right or wrong?

34 U.S. Law on Hacking

U.S. Law on Hacking

Computer Fraud and Abuse Act Transmitting code that causes damage to a computer system Accessing without authorization any computer connected to the Internet Transmitting classified government information Trafficking in computer passwords Computer fraud Computer extortion Maximum penalty – 20 years and $250k fine Other acts that can be applied to Internet-based crime Wire Fraud Act National Stolen Property ace Identity Theft and Assumption Deterrence Act

35 Recent Enforcement

Recent Enforcement

Ancheta (2005) Created botnet of hundreds of thousands of machines Some within the DoD Used to spam Arrested and convicted under Computer Fraud Abuse act and CAN-SPAM act in May 2005 57 months in prison, $15,000 in restitution to US government Forfeiture of illegal proceeds and computer equipment Gonzalez (2009) With Russian co-conspirators, obtained 130 million credit/debit card numbers Indicted Success of enforcement few and far between due to stealth measures that are easy to implement

36 Blue Security

Blue Security

Fighting bots with bots Users sign up for Blue Security service Whenever they mark a message as spam, inform BlueSecurity service Blue Security bot automatically sends opt-out message to spammer Spammers target Blue Security and its users with enormous volume of spam Service discontinued

37 In-Class Exercise

In-Class Exercise

Oberlin College in Ohio requires that every computer brought to campus by a student be inspected for viruses. System administrators remove all viruses from the students’ computers. Students whose computers subsequently pick up and spread a virus may be fined $25, whether they knew about the virus or not. Is this a morally justifiable policy?

38 In-Class Exercise

In-Class Exercise

SATAN hacker toolkit Security Administrator Tool for Analyzing Networks Probe computers for security weaknesses Could be used for good and evil Morality of publishing SATAN using ethical frameworks?

39 In-Class Exercise

In-Class Exercise

On-line voting Used in many countries to render elections cheap, easily accessible Local elections in the UK (since 2001) U.S. primary elections in Alaska and Arizona (2000) Controversial Election goals Tamper-resistance One vote per person Prevent vote trading/selling Audit trail to ensure proper tallying Authenticating both the voter and the election service Privacy Ease of use to avoid voter disenfranchisement (e.g. “Butterfly” ballot of 2000) Ethical evaluation?

«CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security»
http://900igr.net/prezentacija/anglijskij-jazyk/cs-305-social-ethical-and-legal-implications-of-computing-chapter-6-computer-networks-and-security-94506.html
cсылка на страницу
Урок

Английский язык

29 тем
Слайды
900igr.net > Презентации по английскому языку > Тексты на английском > CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security