Date post: | 28-Mar-2015 |
Category: |
Documents |
Upload: | jalen-carmen |
View: | 216 times |
Download: | 0 times |
Network SecurityNetwork SecurityThreats to the E-LearnerThreats to the E-Learner
Steven FurnellSteven FurnellNetwork Research GroupNetwork Research Group
University of PlymouthUniversity of Plymouth
United KingdomUnited Kingdom
OverviewOverview
IntroductionIntroduction
Threats facing e-learnersThreats facing e-learners
What e-learners need to knowWhat e-learners need to know
Addressing the problemsAddressing the problems
ConclusionsConclusions
IntroductionIntroduction
The Internet has always had a reputation The Internet has always had a reputation for being unsafe for being unsafe
Increasing range of threats and scams that Increasing range of threats and scams that specifically target the end-user communityspecifically target the end-user community affects both domestic and workplace contextsaffects both domestic and workplace contexts
Users can represent attractive targetsUsers can represent attractive targets lack of technical knowledge, and occasional lack of technical knowledge, and occasional
gullibility, can make them vulnerable gullibility, can make them vulnerable attackers hunt the easy prey!attackers hunt the easy prey!
IntroductionIntroduction
Many threats not only Many threats not only affectaffect online users, online users, but specifically but specifically targettarget them themRepresents a clear concernRepresents a clear concern for users themselves, who do not wish to for users themselves, who do not wish to
become victimsbecome victims for institutions, if their users should unwittingly for institutions, if their users should unwittingly
cause or facilitate a security breachcause or facilitate a security breach
Important to ensure that users do not Important to ensure that users do not undermine the attempts to protect themundermine the attempts to protect them
Threats facing Threats facing e-learnerse-learners
yoursystem@riskyoursystem@risk
Virus
Spam
Hacking
Denial of
ServicePhishing
Identity Theft
WormsSpyware
TrojanHorses
SpamSpam
Junk email that is, at the least, an annoyanceJunk email that is, at the least, an annoyance
Can also lead to other problems:Can also lead to other problems: can cause embarrassment and offence as a result of can cause embarrassment and offence as a result of
their frequently dubious subject mattertheir frequently dubious subject matter users can waste time looking at it or be tricked into users can waste time looking at it or be tricked into
scamsscams
Can easy receive several hundred kilobytes of Can easy receive several hundred kilobytes of spam per dayspam per day costly if downloading on a slow link and/or paying by costly if downloading on a slow link and/or paying by
the bytethe byte
SpamSpam
Over 66% of email traffic Over 66% of email traffic in the last monthin the last month
(MessageLabs)(MessageLabs)
Spam examplesSpam examples
Many messages give themselves away as being Many messages give themselves away as being unlikely to be legitimate simply from the titles:unlikely to be legitimate simply from the titles:
Don't Buy Vi-gra Don't Buy Vi-gra you can't beat our RX you can't beat our RX She wants a better sex? All you need's here! She wants a better sex? All you need's here! Put your property on the front pagePut your property on the front page St0ck Market Standout? St0ck Market Standout? Horny pills - low price Horny pills - low price I am really happy I got this nice thing on-line!I am really happy I got this nice thing on-line! The Ultimate pharmacyThe Ultimate pharmacy 仛弌夛偄偺婫愡両仛仛弌夛偄偺婫愡両仛
Spam examplesSpam examples
Others, however, could be mistaken for Others, however, could be mistaken for something legitimate . . . something legitimate . . .
FYI FYI You computer are INFECTEDYou computer are INFECTED Urgent and confidentialUrgent and confidential Dear SirDear Sir Re [5]:Re [5]:
Some users may still get suspicious because of Some users may still get suspicious because of unknown sender, but others may be fooledunknown sender, but others may be fooled
Bogus QualificationsBogus Qualifications
Trust in the e-learning provider is vital for Trust in the e-learning provider is vital for both e-learners and prospective employersboth e-learners and prospective employers
Bogus qualifications can already be obtained Bogus qualifications can already be obtained via the Internetvia the Internet may lead to suspicion and adverse publicitymay lead to suspicion and adverse publicity undermine the credibility of legitimate e-learning undermine the credibility of legitimate e-learning
courses / providerscourses / providers
Consider the following, received via email . . . Consider the following, received via email . . .
Bogus QualificationsBogus Qualifications
PhishingPhishing
Another threat typically initiated via emailAnother threat typically initiated via emailAttempts to dupe users into divulging Attempts to dupe users into divulging sensitive informationsensitive informationCurrent attacks have tended to target Current attacks have tended to target personal data relating to the user personal data relating to the user e.g. bank account and credit card detailse.g. bank account and credit card details
However, similar techniques could target However, similar techniques could target information to compromise an institutioninformation to compromise an institution e.g. passwords and institutional detailse.g. passwords and institutional details
Going phishingGoing phishingA bogus email message . . .A bogus email message . . .
Going phishingGoing phishing. . . and a bogus website. . . and a bogus website
55,643 new sites in April 200755,643 new sites in April 200711,121 in April 200611,121 in April 2006
(Anti-Phishing Working Group)(Anti-Phishing Working Group)
SpywareSpyware
Parasitic software that invades users’ Parasitic software that invades users’ privacyprivacyCan divulge details of browsing habits Can divulge details of browsing habits and other sensitive details from target and other sensitive details from target systemsystem
captured information can be transmitted to a captured information can be transmitted to a 33rdrd party party
puts both personal and corporate data at risk puts both personal and corporate data at risk of abuseof abuse
One of the most prominent threats in One of the most prominent threats in recent yearsrecent years
6 out of 10 home PCs are infected6 out of 10 home PCs are infected(AOL/NCSA 2005)(AOL/NCSA 2005)
SpywareSpyware
One of the most prominent One of the most prominent threats in recent yearsthreats in recent years
Market for anti-spyware Market for anti-spyware products predicted to grow products predicted to grow from $12M in 2003 to from $12M in 2003 to $305M by 2008 $305M by 2008
(source: IDC)(source: IDC)
MalwareMalware
Viruses, worms and Trojan Viruses, worms and Trojan horseshorsesOver 231,540 known strainsOver 231,540 known strains over 8,830 in Mar 2007over 8,830 in Mar 2007
Commonly targets end-usersCommonly targets end-users bogus email attachmentsbogus email attachments infected web pagesinfected web pages peer-to-peer file sharingpeer-to-peer file sharing
Once run, the malware may then Once run, the malware may then target the user in other ways target the user in other ways e.g. stealing their data or hijacking e.g. stealing their data or hijacking
their system their system
Malware EvolutionMalware EvolutionMany early viruses were more of a nuisance than Many early viruses were more of a nuisance than actually harmfulactually harmful
The Ambulance virus (1990)The Ambulance virus (1990)
Less reliance upon usersLess reliance upon users
Early 1990sEarly 1990s Relied upon people to exchange disks Relied upon people to exchange disks between systems, to spread boot sector and between systems, to spread boot sector and file virusesfile viruses
Mid 1990sMid 1990s A move towards macro viruses, which A move towards macro viruses, which enabled the malware to be embedded in files enabled the malware to be embedded in files that users were more likely to exchange with that users were more likely to exchange with each othereach other
Late 1990sLate 1990s The appearance of automated mass mailing The appearance of automated mass mailing functionality, removing the reliance upon functionality, removing the reliance upon users to manually send infected filesusers to manually send infected files
TodayToday Avoiding the need to dupe the user into Avoiding the need to dupe the user into opening an infected email attachment, by opening an infected email attachment, by exploiting vulnerabilities that enable infection exploiting vulnerabilities that enable infection without user interventionwithout user intervention
Chances of avoiding malwareChances of avoiding malware
0
100
200
300
400
500
600
700
800
900
2000 2001 2002 2003 2004 2005 2006
Pro
po
rtio
n o
f in
fect
ed e
mai
ls (
1 in
x)
1 in 790messagesinfected
1 in 68messagesinfected
Slammer / Sapphire Slammer / Sapphire WormWorm
Fastest spreading wormFastest spreading wormExploited a known vulnerability in the Exploited a known vulnerability in the software (patch already released by Microsoft software (patch already released by Microsoft in July 2002)in July 2002)Not destructive – its only aim was to spreadNot destructive – its only aim was to spread
Infected systems doubled every 8.5 Infected systems doubled every 8.5 secondsseconds90% of vulnerable systems got infected in 90% of vulnerable systems got infected in just 10 minutesjust 10 minutes
The Spread of a WormThe Spread of a WormSapphire / Slammer 2003Sapphire / Slammer 2003
25 Jan 2003 - 05:29:00 / 0 victims
The Spread of a WormThe Spread of a Worm31 Minutes Later31 Minutes Later
25 Jan 2003 - 06:00:00 / 74,855 victims
Slammer: The end resultSlammer: The end result
Ultimately infected over 120,000 systemsUltimately infected over 120,000 systemsVolume of Slammer traffic affected many people:Volume of Slammer traffic affected many people:
Brought down the entire telecommunications Brought down the entire telecommunications service in South Koreaservice in South KoreaDisrupted over 13,000 Bank of America cash Disrupted over 13,000 Bank of America cash machinesmachinesdegraded performance by up to 30% in the degraded performance by up to 30% in the Asia-Pacific region and by 10% in the USAsia-Pacific region and by 10% in the US
Disruptive effects estimated to have cost up to Disruptive effects estimated to have cost up to $1.2bn $1.2bn
HackingHacking
Hackers may target an Hackers may target an end-user system for end-user system for various reasons:various reasons: a soft option for some a soft option for some
mischiefmischief a convenient file repositorya convenient file repository a platform for attacking a platform for attacking
other systemsother systems
Users can also be Users can also be targeted as sources of targeted as sources of sensitive informationsensitive information social engineeringsocial engineering
HackingHacking
Hackers may enter by many meansHackers may enter by many means may use one of the other threats as an entry may use one of the other threats as an entry
mechanismmechanism e.g. phishing for a password, using malware e.g. phishing for a password, using malware
to open a backdoorto open a backdoor
May achieve unlimited control over the May achieve unlimited control over the compromised systemcompromised system exposing the user to a full range of exposing the user to a full range of
confidentiality, integrity and availability confidentiality, integrity and availability impactsimpacts
Examples of what hackers doExamples of what hackers doWebsite Defacement – December 1996Website Defacement – December 1996
One of 20 defacements recorded that year
Examples of what hackers doExamples of what hackers doWebsite Defacement – June 2003Website Defacement – June 2003
One of 1000s of defacements recorded that month
Impacts and ease of avoidanceImpacts and ease of avoidance
The threats are not of equal magnitudeThe threats are not of equal magnitude differing potential to trouble end-usersdiffering potential to trouble end-users
Likelihood of avoiding the impact is often Likelihood of avoiding the impact is often different to avoiding the threatdifferent to avoiding the threat e.g. Spame.g. Spam
extremely prevalent but generally easy to prevent extremely prevalent but generally easy to prevent it becoming a real problem to usersit becoming a real problem to users
avoiding the impact will be related to security avoiding the impact will be related to security safeguards and user awarenesssafeguards and user awareness
Impacts and ease of avoidanceImpacts and ease of avoidance
Spam
Phishing
Spyware
Malware
Hacking
Potential impact
Imp
act
av
oid
an
ce
+
Hard
-
Med
Easy
Impacts and ease of avoidanceImpacts and ease of avoidance
SpywareSpyware Easier to avoid than malwareEasier to avoid than malware
often installed from an explicit user action (e.g. often installed from an explicit user action (e.g. installing free software of dubious origin)installing free software of dubious origin)
Often harder to eradicate once installedOften harder to eradicate once installed
MalwareMalware Harder to avoid – more attack vectorsHarder to avoid – more attack vectors Greater range of potential impactsGreater range of potential impacts
What e-learners What e-learners need to knowneed to know
What e-learners need to knowWhat e-learners need to know
Why the threats might Why the threats might affect them, and what the affect them, and what the impacts could beimpacts could be
Possible contexts in Possible contexts in which each threat can be which each threat can be encounteredencountered
Capabilities of any Capabilities of any technological safeguards technological safeguards in use (i.e. the level of in use (i.e. the level of protection provided)protection provided)
Understanding the threatUnderstanding the threat
Need to appreciate how a threat could harm themNeed to appreciate how a threat could harm them what could spyware determine from their activities?what could spyware determine from their activities? what could malware damage or steal?what could malware damage or steal?
Also need to appreciate why Also need to appreciate why theythey would be would be targetedtargeted may otherwise assume that there is no reason for it to may otherwise assume that there is no reason for it to
happen (e.g. little to offer compared to bigger targets)happen (e.g. little to offer compared to bigger targets)
Choice of target depends upon the attacker’s Choice of target depends upon the attacker’s motivesmotives a vulnerable end-user system may be much more a vulnerable end-user system may be much more
convenient than a hardened corporate serverconvenient than a hardened corporate server e.g. many botnet participants are compromised user e.g. many botnet participants are compromised user
systemssystems
Understanding the attack vectorsUnderstanding the attack vectors
Email is still the main (visible) routeEmail is still the main (visible) routeBUT other avenues are also vulnerable and BUT other avenues are also vulnerable and getting usedgetting used e.g. Instant Messaging is now a viable option for both e.g. Instant Messaging is now a viable option for both
malware infection and phishing attemptsmalware infection and phishing attempts however, without advice to contrary, users may feel however, without advice to contrary, users may feel
they are safe as long as they are not using emailthey are safe as long as they are not using email
Threats are becoming more complex in terms of Threats are becoming more complex in terms of the tricks they use to dupe usersthe tricks they use to dupe users heightens the need for awareness amongst the heightens the need for awareness amongst the
possible victimspossible victims
Understanding the protectionUnderstanding the protection
Users are presented with a potentially Users are presented with a potentially confusing array of technologiesconfusing array of technologies anti-virus, anti-spyware, anti-spam, personal anti-virus, anti-spyware, anti-spam, personal
firewall, etc.firewall, etc.
Need to understand how they relate to the Need to understand how they relate to the threatsthreats
In some cases, aspects are clear from the In some cases, aspects are clear from the names, but not always . . . names, but not always . . .
Understanding the protectionUnderstanding the protection
Malware protection is Malware protection is provided by software provided by software conventionally referred to conventionally referred to as anti-as anti-virusvirus Some users may wonder if Some users may wonder if
additional software is additional software is needed for worms and needed for worms and Trojan horsesTrojan horses
Others may over-estimate Others may over-estimate protection and assume that protection and assume that AV will handle all malicious AV will handle all malicious code, such as spywarecode, such as spyware
Understanding the protectionUnderstanding the protection
The name of the The name of the technology does not technology does not always indicate the threats always indicate the threats it deals withit deals withUsers’ own perception Users’ own perception may be inaccuratemay be inaccurate A firewall “blocks suspicious A firewall “blocks suspicious
Internet traffic”Internet traffic” But it doesn’t block spam or But it doesn’t block spam or
phishing messages, which phishing messages, which most users would consider most users would consider suspicioussuspicious
Addressing Addressing the problemsthe problems
What we need to protect us . . .What we need to protect us . . .
Anti-virus
Anti-Spam
Passwords
Intrusion
DetectionAnti-
Phishing
Anti-Spyware
PersonalFirewall Backup
AutoUpdates
Use security technologiesUse security technologies
Essential to deploy and maintain Essential to deploy and maintain appropriate protection on end-user appropriate protection on end-user systemssystemsPotentially troublesome for domestic usersPotentially troublesome for domestic users knowing what it is supposed to doknowing what it is supposed to do problems configuring and using itproblems configuring and using it
Users must feel like the beneficiaries of Users must feel like the beneficiaries of the technologies rather than the victimsthe technologies rather than the victims explain and trainexplain and train
Increase awarenessIncrease awareness
Problems relating to users’ understanding can Problems relating to users’ understanding can be addressed via awareness-raisingbe addressed via awareness-raisingPotential unwillingness to devote resourcesPotential unwillingness to devote resources e.g. impacts of phishing affect the individual rather e.g. impacts of phishing affect the individual rather
than the institution than the institution
However, any security awareness is goodHowever, any security awareness is good making users more threat-aware could increase their making users more threat-aware could increase their
caution in other contextscaution in other contexts
Some threats are harder to educate againstSome threats are harder to educate against malware cannot be defeated by awareness alone . . . malware cannot be defeated by awareness alone . . . . . . but a clear understanding of infection vectors can . . . but a clear understanding of infection vectors can
still helpstill help
Evidencing the problemEvidencing the problem
Presenting specific evidence can help to Presenting specific evidence can help to persuade and convincepersuade and convinceSecurity administrators could assess users’ Security administrators could assess users’ reactions to the threats:reactions to the threats: would they freely reply to an email that requests would they freely reply to an email that requests
sensitive information?sensitive information? would they open unsolicited email attachments from would they open unsolicited email attachments from
an unknown source?an unknown source?
Preferable to find out under controlled conditions Preferable to find out under controlled conditions than via a genuine breachthan via a genuine breachFindings could be presented back to the usersFindings could be presented back to the users
ConclusionsConclusions
ConclusionsConclusions
E-learners can clearly find themselves on the E-learners can clearly find themselves on the receiving end of a number of targeted threatsreceiving end of a number of targeted threats
New threats are likely to emerge in the future, New threats are likely to emerge in the future, alongside new end-user Internet servicesalongside new end-user Internet services
No single solutionNo single solution appropriate technologies appropriate technologies andand suitable awareness suitable awareness
initiatives are required initiatives are required
combined approaches will help to prevent users combined approaches will help to prevent users from being such easy preyfrom being such easy prey
Related books . . . Related books . . .