Threats and Security on the Internet I
27.1 Security Threats on the Internet (P.184 of textbook)
27.1.1 Malware
- Computer virus
- Worms
- Trojan Horse
Attack: DDOS
27.1.2 Distribution ways of Malware
- Spread via e-mails
- Spread via the Internet (Internal Network)
- Spread via storage media
27.1.3 Spyware
27.1.4 Adware
DDOS attack
https://www.youtube.com/watch?v=0VQqs_J_A38 (year 2011)
- BOTNET and BOT http://evchk.wikia.com/wiki/%E6%AE%AD%E5%B1%8D%E7%B6%B2%E7%B5%A1
Demonstration of Wireshark using VMWare player.to simulate 2 computers in a network
- Type login username and password in a VM Machine
- Run Wireshark in the host machine.
- Capture the packets via their VMware interface.
- Find packets containing "password"
Conclusion: Password can be easily captured in a network especially wireless network. The solution is encryption (via https)
Classwork in Groups
- War Walking around the school.
To protect privacy, only statistics should be posted.
War Driving, War Sailing.
Tools: Vistumbler (for Windows 7, 8) https://www.vistumbler.net/
The software provides a GUI to display the result of a windows Command
"netsh wlan show networks mode=bssid > txtfile.txt"
Choose the correct Interface to scan AP. Learn the meaning of column heading
Find the following
- percentage of hidden SSID
- percentage of different authentication
- percentage of different encryption
- percentage of different radio type (Why only 802.11b, 802.11g, 802.11n are found)
Class work
Read the following articles
http://www.am730.com.hk/article-249650 (Chinese)
How the situation can be avoided?
Bank:
Customer:
Superfish Pre-installed in Lenovo notebook computer
http://support.lenovo.com/us/en/product_security/superfish
http://www.cnet.com/news/lenovo-hit-by-lawsuit-over-superfish-adware/
Concept to learn
Superfish is a kind of adware (or even Spyware)
CA (Certificate Authority) pre-installed in the Browser.
email scam / email fraud
- spoofing
- Phish (Phone Fishing) https://www.youtube.com/watch?v=9TRR6lHviQc
27.2 Security Application software
Antivirus software
- update virus signatures (virus definition) regularly
- Start the anti-virus program once the computer system is running.
- scan the computer periodically
- Scan all incoming file. (Download from Internet, USB drive etc)
It should be THE first Software installed (after the installation of OS)
If virus is detected and can not be removed.
Boot up computer in safe mode and then clean it with antivirus software or some other cleaning tools.
Check from the Internet for proper protection of your computer. The virus may open some back door at your computer. (Check the payload)
Update your software (especially OS).
27.2.2 Anti-spyware Program
It scanning download web pages and executable files for the trace of spyware.
It detect abnormalities such as an arbitrarily opened network channel.
Spyware definition
http://www.avg.com/ww-en/free-antivirus-download
27.2.3 Firewall Software
Firewall software is a computer application that safeguards all incoming and outgoing data through the Internet or computer network.
- most common type: by PORTS
- need more processing power: by contents. Besides, it cannot scan encrypted data.
A firewall should be able to
- allow users to implement the firewall policies
- find out the properties of the data packets such as source IP, destination IP and type of traffic
- judge the access permission
- alert users for any intrusion
27.3 Browsers and security
With the increase of Internet bandwidth, more multimedia elements and dynamic contents are found in web pages.
It manipulate new types of multimedia objects embedded on web pages. (using plug-ins, extensions)
Some powerful features are abused, either intentionally by malicious designers or unintentionally by ignorant programmers.
27.3.1 ActiveX Controls and Java Applets
Many modern browsers may deny/control the execution of these elements
User can fine tune the settings of the web browser.
Demonstrate the browsers settings (Chrome, IE)
Chrome: Settings - Content settings
It is NOT recommend to login Chrome/IE in public computer.
27.3.2 Malicious scripts
VBScript, JavaScript (Client side scripting, run in browser)
AJAX
27.3.2 Browser design flaws (缺陷) and vulnerabilities (漏洞)
You should use the most updated browser (patches). It is the reason why we ask student NOT to use IE in windows XP.