Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
53 Cards in this Set
- Front
- Back
|
Common Security Problems
|
Privacy invasion, Background/trojan infections where an unauthorised person remotely has complete control of your computer, Virus and Worm infections, Spyware, Warez (file trading) servers installed, destruction of files, Phishing
|
|
|
Cable modems/DSL
|
Have a fast, always on connection that hackers can return to again and again.
This atmosphere also provides a good breeding ground for self-replicating worms. |
|
|
Dial-up modem sessions
|
Occasionally security incidents occurred on dial up machines with both worms and hacking incidents.
|
|
|
Ways to secure home machine
|
Making sure computer and other accounts have good passwords. Patch your computer regularly. Install an anti-spy product and update it regularly. Use anti-virus product and update regularly. Use a router-based firewall and install a personal firewall. Know what is running your system. Use good internet hygiene.
|
|
|
Patch your machine regularly
|
Computer software vendors provide regular updates for their products that can protect agains known security vulnerabilities (these updates are called patches). Use automatic updates where possible or download updates from vendors.
|
|
|
Spyware
|
Software that installed on a computer without the user's knowledge which monitors users activity and transmits it to other computers. Many spyware programs are set to monitor what websites you visit and how long you visit them for, generally for advertising/marketing purposes (adware).
|
|
|
How is spyware installed on a machine?
|
Spyware is usually bundled with other software such as shareware or freeware programs (peer to peer file-sharing programs, games).
The disclosure for spyware is usually in the fine print of the licensing agreement. Also from clicking on pop-ups. |
|
|
Consequences of spyware
|
Spyware runs in the background, using your computer system resources and memory to log what you are doing. This can interfere with other programs on the computer and can cause computers to frequently crash or lock up. Spyware uses internet connection to send information of your activities to someone else. This could cause internet connection to slow down.
|
|
|
Malware
|
Malware is a software which has malicious intent that is usually installed without the owner's knowledge.
Malware is disguised to look like benevolent software. |
|
|
Viruses
|
A computer virus is a small written to alter the way a computer operates, without the permission or knowledge of the user.
|
|
|
Virus (2 criteria)
|
It must execute itself: it often places its own code in the path of execution of another program.
It must replicate itself: For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike. |
|
|
Worms
|
Worms are programs that replicate themselves from system to system without the use of a host file.
This is in contrast to viruses, which requires the spreading of an infected host file. |
|
|
Trojan horses
|
Trojan horses are impostors - files that claim to be something desirable but, in fact, are malicious.
|
|
|
Virus Hoaxes
|
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters.
|
|
|
Examples of malware
|
One example would software that has a “backdoor” installed. This means that someone at a remote location has some level of control of your computer. That person can modify or add files to your computer, install programs, add user accounts, or even delete all of your files!
|
|
|
Examples of malware
|
Another example is a “keylogger”, which records every stroke you enter into your keyboard.
The keylogger may record a wealth of information: credit card information, passwords, chat room transcripts, private e-mail messages, etc. |
|
|
Keep anti-virus program up to date
|
Update virus definitions daily, or more often if you hear of a new virus.
Set virus protection to automatically download virus definition updates if possible. Perform a full virus scan of your hard drive(s) at least monthly (if not more often). |
|
|
Personal firewall
|
A personal firewall is a software-based filter between your computer and the outside world that is installed on your computer to protect it from unauthorised access by other external users.
Personal firewalls are configurable to specify which incoming and outgoing programs, ports, and IP addresses can be accessed. E.g zonealarm |
|
|
Inexpensive routers with built in firewalls
|
A firmware or hardware based firewall is a separate device that physically sits between your computer and Internet connection. This type of firewall is generally more secure than a personal firewall and saves processing time on the computer that the personal firewall would otherwise be using. This type of firewall device is highly recommended for home use especially for cable modem and DSL connections.
|
|
|
How to prevent identity theft?
|
Look for the padlock symbol for web pages, indicating that the site is secured by encrypting data when submitting sensitive information such as credit card numbers or a NI number. A secure site means that your data is encrypted during transmission. Purchase from well-known companies.
|
|
|
Good computer hygiene
|
Be careful with e-mail attachments – call or write back to confirm before opening. Be careful about what web sites you go to. Be careful when prompted to download software. Use good passwords and change them periodically for both machine and web sites you visit!
|
|
|
Examples of digital crime
|
Hacking, trojans, grooming, viruses, fraud (phishing), Paedophilia, blackmail, terrorism, trafficking, identity theft.
|
|
|
Evidence gathering doctrine
|
“…the onus is on the prosecution to show to the court that the evidence produced is no more and no less now than when it was first taken into the possession of police."
|
|
|
Principle 1
|
Data preservation: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
|
|
|
Principle 2
|
Competence: In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
|
|
|
Principle 3
|
Audit trail: An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
|
|
|
Principle 4
|
Responsibility: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
|
|
|
First actions when seizing computer equipment
|
Legal considerations, have a plan before you go in. Once in: Move people away, preserve the scene, stand back don't touch, consider your options.
|
|
|
Items that should be seized
|
Main unit, monitor, keyboard and mouse, all leads, power supply units, hard disks, dongles, modems, PDAs, printers scanners, answering machines, telephones and pages, GPS, fax machines, notebooks, laptops, card readers, digital cameras.
|
|
|
Digital storage media
|
CD-R, CD-RW, DVD, Floppy disk, pen drive, zip disk, compact flash, memory stick, smart media card, hard drives, games memory cards, cassette, video, USB
|
|
|
The forensic process 1
|
Acquisition: Correct consents, legal documents and procedures must be in place. Pictures, video, written descriptions of where everything was found. Forensic duplication.
|
|
|
The forensic process 2
|
Identification: Physical identification of digital equipment, bagged and tagged: An exhibit, number of hard drives.
Where, logically, did evidence come from, e.g., directory? Partitions and structure of file system. What kind of evidence is it? File type |
|
|
The forensic process 3
|
Evaluation: How was the data produced?
Who produced it? When did they produce it? Is the evidence relevant to the investigation? Are there any signs of foul play, e.g., Trojan defence? |
|
|
The forensic process 4
|
Interpretation of data recovered
Write/present for non-experts Technically correct Defence of findings in the witness box |
|
|
Files
|
File are generally identified by their 3 character extensions.
The computer will usually try to use that extension to associate an application with the file, and then open it. |
|
|
Files signatures
|
In the case of some file types, all files of that type have a known and recognisable header.
Definite indicator of content (extensions can be changed) Known as a “file signature” Used by forensic tools to identify and classify files by content (and identify mismatches). |
|
|
What is network forensics
|
The art of collecting, protecting, analyzing, and presenting network traffic to support remediation or prosecution.
|
|
|
Sources of network forensics
|
Log files generated by server applications such as HTTP FTP, and SMTP
Intrusion Detection System (IDS) logs. Firewall and proxy/cache server logs. Network traffic capture using a tool such as a packet sniffer. Host-based forensic analysis of systems containing traces of network-based evidence including network traffic, routing and ARP tables. |
|
|
Potential problems with network forensics
|
Anonymous browsing capabilities
Anonymous email services Email address spoofing IP address spoofing Tunnelling DNS cache poisoning Man-in-the-middle attacks |
|
|
Session data
|
Can be referred to the session of activity that a user with a unique IP address spends on a Web site during a specified period of time. The number of user sessions on a site is used in measuring the amount of traffic a Web site gets.
|
|
|
Alert data
|
Honeynet project.. set up websites to purposely get hacked for information
|
|
|
Wireshark
|
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network protocol analyzer or sniffer.
can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. |
|
|
Packets
|
Is one unit of binary data capable of being routed through a computer network. To improve communication performance and reliability, each message sent between two network devices is often subdivided into packets by the underlying hardware and software.
|
|
|
What is cryptography?
|
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text.
Also Is the science of designing, building, and using cryptosystems. |
|
|
Cryptosystem
|
Disguises messages, allowing only selected people to see through the disguise.
|
|
|
Cryptoanalysis
|
Is the science of breaking a cryptosystem.
|
|
|
Cryptology
|
Is the study of cryptography and cryptanalysis.
|
|
|
Symmetric key cryptography
|
Same key used to encrypt and decrypt the message.
Data Encryption Standard (DES) most common form using 64 bits. Triple DES (3DES)128 bit encryption. Used by bank ATMs and retail credit card machines. Bank does not store your actual pin to prevent theft. |
|
|
Asymmetric key cryptography
|
Two keys needed.
Send public key to intended recipients. Private key always remains with the sender. Assures that messages are from their advertised source. Public-Private Key (PPK) encryption, typical key length 1024 bits 128 bytes. |
|
|
Hashing
|
Producing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
|
|
|
What are hashing functions used for?
|
A (cryptographic) hash is used to verify the integrity of data – check if it has been altered in any way.
Properties: Fixed length (SHA-1 & MD5) message digest Length of original data message can’t be determined from digest. In general this property not a requirement for cryptosystems. Digest unique to data message (not entirely true for MD5). Impossible to recover original message from message digest alone. |
|
|
Data signing
|
Used to verify the integrity of a digital document – check it hasn’t been altered.
Authenticate - prove that the document is from who it claims to be from. |
|
|
Procedure for digital signing
|
Arrange for intended recipient to obtain a copy of your public key.
Compute message digest for data. Encrypt (PPK) digest using private key and append it to the original message before sending it to the intended recipient. Recipient uses sender’s public key to check that the message has really come from the stated sender and that it hasn’t been altered in any way. If the message is also private then encrypt digest and message (called a digital envelope). |
