Lecture 9: Security (continued)
We got an email just the other day from someone watching the podcast, thanking us for mentioning John Hodgman's clip regarding "the internet as a series of pipes"
Can view this same clip off comedycentral.com
What kind of attachments are particularly dangerous these days?
Executable files (applications)
.exe, .scr (screen saver)
Resist the temptation to open attachments of these types, even from friends
When a virus is on your computer what can it do to it?
Slow it down
If you receive an email from someone you know that is obviously spam, does that mean the person's computer is infected with a virus?
These days its possible to spoof who the email is from.
If you really want to be sure, you must look at the email headers to see the sender's IP address
Denial of Service attack
essentially exactly what it means
multiple computers requests so many times per second to a website that no one else can get through
A large website (amazon.com possibly?) was being hit by a Distributed Denial of Service (DDoS) attack. Distributed because many infected computers across the internet tried to access the homepage many times a second.
How is a worm different from a virus?
A worm travels by itself through the Internet - self propagating
A virus needs some naiveté or stupidity to spread
basically a server on every Windows machine running important (sometimes esoteric) services
A number of these were buggy that were exploited by worms
Better since Windows XP SP2.
The Windows firewall with SP2 helps the problem to a great degree.
Literal firewall: the wall is meant to protect buildings (or the interior cabin of a car) from a fire from another building (or a car's engine).
Similarly, a firewall on a computer will protect what is behind it (a LAN, for example) from 'bad stuff' on the Internet
A firewall will only allow requests to allowed ports. For example, a web server might have port 80 open, because this is the HTTP port. A request to another port, (say, 65 for example) will automatically be ignored and dropped.
80 - HTTP
25 - SMTP
21 - FTP
22 - SSH
It is possible to run these services on other ports.
For example, when you are entering in the information for email, not only do you have to enter the fully qualified domain name of the company's email server, but you have to enter in a port number.
If your corporate firewall is blocking everything but HTTP (port 80), how could you run a different service (say, SSH).
You could tell the service to run on port 80.
This is only one example of many that show that no matter how many technological solutions you implement to block certain traffic within your network, there is almost always a way around it.
Routers these days contain so much more than routing capabilities
Also, switch ("splits" the connection to multiple computers)
a hub is a term almost interchangeable with a switch, but a switch is the more intelligent of the two (it does not broadcast all packets to all computers connected to it)
Access point (wireless capabilities)
How could you allow or disallow certain traffic?
If you wanted to disallow, say, all AOL instant Messenger traffic in and out of your home?
Find the port number that the service operates on (in this case, 5190), and block it
But like we said, its stil possible to get around this
You'd need a Proxy server, or someone on the outside
Little Timmy down the street could be running a proxy server on port 80. You could then connect to it without problems from inside the firewall. The proxy will forward your traffic to the proper server and port, and channel the reply back to the machine behind the firewall.
Are there an infinite number of ports available?
No, there are only 16 bits worth of available ports to a computer
The only ones officially reserved are the ones below 1,024
There is no central authority that requires the enforcement of port numbers
Why is joe schmoe's website not have a special port # but AOL Instant Messenger do?
Because these are different services, Joe Schmoe is running a standard HTTP site, so he should use the standard port 80. He COULD use a different port but then people who access his website would have to know the port number of the HTTP service
If you were running on a non standard port, you would enter it like so: http://cnn.com:10006/ for example, to find an HTTP service running on port 10006.
If you want to engage in Voice over IP (VOIP) or video conference behind a firewall, you may have a problem because many nonstandard ports are blocked.
Two machines behind firewalls each have "private" addresses
What some VOIP applications are good at (Skype, or Google Talk for example) are connecting two machines behind firewalls and allowing them to directly connect to share the video and audio of a video conference call.
STUN is a protocol that can help connect two machines behind firewalls
Remote Desktop and VNC are technologies that allow you to connect to a host computer and see its desktop, icons, everything, as if you were sitting in front of it.
If each computer behind a LAN has its own private IP address. If you try to remote desktop into a machine, how does the router know to which private IP to send the request? (For exmaple, if you have remote desktop running on one host machine).
port forwarding - tell your router to forward all requests on a specific port (in this case, 3389) to a pre-defined computer.
But how do you know what the IP address is of your router?
You can go to the Start menu, click on "RUN", type "cmd" and enter "ipconfig"
However, this will only show you the private IP address provided to you by your router.
Try searching for "what is my IP address" in Google
The website knows your public IP address, because remember that the router has made the request for the website on your behalf.
Is one company of several that provide a service
You register for the service and download an application one of the machines in your LAN
Every couple of hours this application says "Hello!" to the dyndns servers. Since this request is routed through the internet, DynDNS then learns the IP address of the router.
Using this, you never need to know the IP address of your machine since it is updated automatically
So we've talked about enabling a number of services, but how does this tie back to security.
If we enable Remote Desktop, what can happen?
Other people can potentially connect to your machine and have access to it and your files, especially if you have a simple username and password combination.
VPN - Virtual Private Network
What's typically useful is to keep everything out of your network
Essentially creates an encrypted tunnel between your own machine and the LAN of your company (or home, if you have it set up)
This way you can connect to resources within your company
The only downside is that all traffic to the internet goes through the VPN and therefore through the company's internet connection.
Cryptography is the art of scrambling, or encrypting, data
Or fher gb qevax lbhe binygvar!
Can you decrypt that phrase?
Hint: "Radio Orphan Annie's S.S." medallion
This is a form of "Caesar" cypher. It was used by Caesar to encrypt communications between military personnel
This takes the english alphabet, 26 letters, to rotate the alphabet. It uses a key, or just a number, to represent how many places the alphabet has rotated.
So, if the above phrase uses a key of 13, can you decode the phrase above?
"Be sure to drink your ovaltine!"
From A Christmas Story
A bit of a spoiler, sorry!
But this is a good start for this discussion of ciphers.
A Caesar cypher is just an example of an idea, how to encrypt data.
Modern computers don't use 26 letter keys.
How many bits do you need to represent 26 letters?
3 bits? Nope, 8 bits.
5 bits - 32 total values
Compare this with RSA - the algorithm common in SSL and secure online commerce
With a 5 bit key, it doesn't take that long to go through all the various keys since there are only 32 different ones.
But, lets put this into perspective, a 32-bit key means that there are 4 billion keys. a 64-bit key would then be 4billion * 4billion (16 billion) keys .. and so on and so on and so on.
The large keys work on the assumption that factoring very very large numbers into its large primes would take far too long for any computer to figure out in any reasonable amount of time.
What are other ways to protect against bad things on the Internet?
How does it detect viruses and worms, and get rid of them
It scans your computer hard drive, email, etc for known threats.
It literally checks for known patterns of bits that represent viruses and such
However, not all patterns are known. (This is why you need to download new definitions)
What about polymorphic worms (worms that change shape, or their pattern, every time they are propagated) - usually then software has to infer via behavior that it is malicious, rather than relying on known bad patterns of bits.
Sharing software, distributing software for which you do not own licenses
It is generally easy to copy software - they're just bits
What do companies use to discourage this?
You get product activation, CD keys, and the like
Now, not only do people have to download the software but have to obtain license keys
With product activation, not only do you need to know the code, but you have to make a connection to a server that records the key that you use and some information from your computer. Next time the product is installed, if the information about your computer doesn't match a red flag may go up.
Music, movies illegally copied
These are protected via systems known as DRM - Digital Rights Management.
What Apple does, for example, with iTunes is tie a specific Apple account to a song. When the song is played it must be verified that the computer is authenticated on that account before it will be played.
What can you do to protect your own data given that you want to sell the computer?
If you hand over your machine to someone, they clearly have access to the files.
Despite a password, with the right software and savvy you can access the files.
In short, if you have physical access to a machine you have access to its data.
So, to protect yourself, do you drag your data over to the Recycle Bin (or Trash in Mac) and empty the machine, does that protect your data?
When deleting a file, you're basically just telling the computer that the space used by the old files is available for use - the bits are NOT actually removed.
In a HDD, the files are stored on the platters. However, there is also a table that tells the computer WHERE on the hard drive the data of a file is stored. When a file is deleted, the data itself is not erased, but only the reference to the data.
For this reason, you can actually scour the data itself on the hard drive to recover deleted files. By looking for the right pattern of 0s and 1s, you can find files (such as photos, word documents, etc).
You may be able to get only 50% of a file (if, say, the operating system decided it needed some of the space being used by the left over data).
But even if you securely delete a file (by erasing its reference and its data) it is sometimes still possible to find something out about the file.
Virtual Memory = RAM stored on hard drive (remember the first lectures??)
If you had opened the file and it was stored in Virtual memory, even if you securely delete the file, remnants of the file may still be in Virtual Memory.
Many commercial products even have bugs, such that most do not actually do what they claim to, and do not actually securely erase data.
One we recommend that is free and works is "Darik's Boot and Nuke" (available off the course's website).
The software will change all 0s and 1s (all of the data) on a hard drive to all 0s or random data.
You can even do multiple passes of this software, 7 times (as the Department of Defense uses), or even 35 times!
If you format the hard drive, does this protect it?
When formatting a drive, it only erases the partition table and writes certain 1s and 0s that allow the operating system to recognize it as being an empty drive.
This does not erase data, it only makes it more difficult to recover it.
It only overwrites a limited amount of data.
Demo: packet sniffing
Using packet sniffing software (legally and ethically dubious depending on its use) it is possible to "sniff" out the TCP/IP packets that a person's machine is sending and receiving
In the demo, we performed a short packet sniff on the traffic to a router we set up in-class.
from it, we could see that a user connected to our router had visited Google and had searched for "computer science e-1"