• No results found

Internet Security. For Home Users

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Internet Security. For Home Users"

Copied!
65
0
0

Loading.... (view fulltext now)

Download now ( 65 Page )

Full text

(1)

For Home Users

(2)

Basic Attacks

Malware Social Engineering Password Guessing Physical Theft Improper Disposal

(3)

Malware

Malicious software

Computer programs designed to break into and create havoc on computers. • Virus

• Worms • Trojans

(4)

Viruses

A program that secretly attaches itself to a document or another program

and executes when that document or program is opened. Like its

biological equivalent, viruses require a host to carry them from one

(5)

Viruses

A virus might corrupt or delete data on your computer, use your e-mail

program to spread itself to other

computers, or even erase everything on your hard disk.

(6)

Viruses

Can be disguised as attachments of funny images, greeting cards, or audio and

video files.

They can be hidden in illicit software or other files or programs you might

(7)

Symptoms of a Virus

Computer runs very slowly

New programs don’t install properly New icons appear on the desktop

A program suddenly disappears from the computer

(8)

Symptoms of a Virus

An email message appears that has an unexpected attachment or an

attachment has a double file

extension such as PICTURE.JPG.VPS. After opening attachment, dialog

boxes appear or the computer slows significantly.

(9)

Symptoms of a Virus

Out-of-memory error messages appear. Programs that used to function normally

stop responding.

Windows restarts unexpectedly.

Windows error messages appear listing “critical system files” that are missing and refuse to load.

(10)

Worms

Like a virus but not dependent on a host – can spread by itself.

Unlike a virus which requires a trigger such as opening an email

attachment, a worm does not need a user action to begin to spread.

(11)

Worms

Worms usually replicate until they clog all available resources.

Typical symptom of a worm infected computer is running slowly and

(12)

Trojans Horse

Trojan horses disguise themselves as valuable and useful software

available for download on the

internet. Most people are fooled by

this ploy and end up downloading the virus disguised as some other

(13)

Social Engineering

Tricking or deceiving someone to access a system.

• Phishing

• Dumpster Diving • Password Peeking

(14)

Phishing

Phishing e-mail messages or phone calls are designed to steal your

identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

(15)

Forms of Phishing

They might appear to come from

your bank or financial institution, a company you regularly do business with, or from your social

(16)
(17)

Forms of Phishing

They might appear to be from someone you know.

Spear phishing is a targeted form of

phishing in which an e-mail message might look like it comes from your

(18)

Forms of Phishing

Phone phishing scams direct you to call a customer support phone number. A

person or an audio response unit waits to take your account number, personal

identification number, password, or other valuable personal data. The phone

phisher might claim that your account will be closed or other problems could occur if you don't respond.

(19)

Forms of Phishing

They might include official-looking logos and other identifying

information taken directly from

legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking

(20)
(21)

Forms of Phishing

They might include links to spoofed Web sites where you are asked to enter personal information.

(22)

Dumpster Diving

Low-tech method to steal your

personal information by digging through your discarded trash for credit card offers, medical

statements, bills and other sensitive papers.

(23)

Password Peeking

Visual “peeking” to obtain passwords or user codes.

(24)

Password Guessing

• Brute force

• Dictionary attack • Rainbow tables

(25)

Brute Force

Creating every possible combination by systematically changing one

character at a time in a password. Programs are widely available on the internet that use brute force.

L0phtCrack

(26)

Dictionary attack

Using an electronic dictionary of words to use as passwords.

Generally more efficient than a brute force attack, because users typically choose poor passwords.

(27)

Rainbow Tables

Contains a large pregenerated data set of nearly every possible password

combination. Freely available online. Ophcrack

(28)

Physical Theft

60% of stolen data is due to laptop theft

Many mobile devices simply get left behind in places like cabs, subways, and airplanes. 10 to 15 percent of all handheld computers, PDAs, mobile phones, and pagers are eventually lost by their owners.

(29)

Improper Disposal

Two MIT graduates published a study in which, over two years, they bought 158 used hard drives at second-hand

computer stores and on eBay; on 69 drives they found recoverable files, including medical correspondence,

credit card numbers and a year's worth of transactions from an Illinois ATM.

(30)

How to Prevent Attacks

What you can and should do to

protect your personal information and system integrity.

(31)

Malware

Patch software – security updates designed to fix vulnerability.

Computers can be configured to automatically receive patches.

(32)

Patch software

Security updates. A broadly released fix for a product-specific security-related vulnerability. Security vulnerabilities are rated based on their severity, as critical, important, moderate, or low. Critical updates. A broadly released fix

for a specific problem addressing a critical, non-security related bug.

(33)

Patch software

Service Packs -

A tested, cumulative set of hotfixes,

security updates, critical updates, and updates, as well as additional fixes for problems found internally since the

release of the product. Service Packs might also contain a limited number of customer-requested design

(34)
(35)

Malware

Anti-virus software – Must be

continuously updated to recognize new viruses. Scan system weekly. Consider an internet security suite

which may include additional layers of defense – spam filters, firewall,

pop-up blockers, phishing detectors, real-time threat alerts.

(36)
(37)

Malware Removal

Many applications are available to detect and remove malware that has infected your system.

I recommend malwarebytes, free version. Must manually update but very effective.

(38)
(39)
(40)

Phishing

Don’t click on links within emails that ask for your personal information. No legitimate business would place links within emails.

To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).

(41)

Spoofing

Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

(42)

Pop-ups

Never enter your personal information in a pop-up screen.

Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens.

Install pop-up blocking software to help prevent this type of phishing attack.

(43)

Attachments

Only open email attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you

know, they could be from scammers and contain programs that will steal your personal information.

(44)

Verify

If someone contacts you and says you’ve

been a victim of fraud, verify the person’s identity before you provide any personal information.

Ask for the name of the person, agency or company, phone number, and the

address. Get the main number from the phone book, or Internet, then call to find out if the person is legitimate.

(45)

Shop Securely

Industry has developed technology that

can scramble sensitive information, such as your credit card number, so that it

can be read only by the merchant you are dealing with and your credit card issuer. This ensures that your payment information cannot be read by anyone else or changed along the way.

(46)

Online Payments

There are several ways to determine if you have that protection when you are sending payment information on the web.

(47)

Online Payments

Look for the picture of the unbroken key or closed lock in your browser

window. Either one indicates that the security is operative. A broken key or any open lock indicates it is not.

(48)

https

Look to see if the web address on the page that asks for your credit card information begins with "https:"

(49)

SSL

Some web sites use the words "Secure Sockets Layer (SSL)" or a pop up box that says you are entering a secure area.

(50)

SSL Credentials

SSL Certificates are credentials for the online world, uniquely issued to a

specific domain and Web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the

identification information to the browser.

(51)

View Credentials

Click the closed padlock in a browser window.

(52)

View Credentials

(53)

Strong Passwords

Must be at least 8 characters

Must contain a combination of letters,

numbers, special characters, upper and lowercase.

Don’t reuse passwords.

(54)

Passphrases

Take a common phrase such as “Four score and seven years ago” and

replace the spaces with numbers

“Four1score2and3seven4years5ago”. Use your favorite song title or poem.

(55)

Password Safes

KeePass is a free password manager. Put all your passwords in one

database, which is locked with one master key. The databases are

encrypted and you only have to remember one master password. http://keepass.info/

(56)
(57)
(58)

Password Generators

Keepass also contains an excellent password generator.

Or online programs such as:

http://www.pctools.com/guides/password/ http://strongpasswordgenerator.com/

(59)
(60)

Physical Theft

• Record serial numbers • Use ID tags

• Never leave your laptop unguarded in a hotel or conference room.

• Never leave a laptop bag on a car seat in plain view.

(61)

Recovery Services

Simple software application

• displays a lost message on log in screen • locks the device remotely

• shreds data on your hard drive • May include GPS feature

(62)

Erasing Hard Drive

Even reformatting a drive may not be enough to erase data.

Darik's Boot and Nuke ("DBAN") is a

self-contained boot disk that securely wipes the hard disks of most

computers. Free.

(63)

Physically Destroy HD

• Smash your hard disk with a hammer • Pour paint on the hard disk platters • Drill holes through the drive case and

shatter the hard drive platters inside it • Use a radial arm saw to cut the hard

disk in two pieces

(64)

Software Downloads

Download only from com panies that are known to be m alware-free and do not have a hidden m otive for providing software.

(65)

The End

Take Control. Be proactive!

Plenty of free applications to protect your system online.

If you need help (you are not alone!), ask experts or research online.

Beware! It is getting worse, not better. If you do become a victim, report it.

References

Download now ( PDF - 65 Page - 1.92 MB )

Related documents

Deregulation, Misallocation, and Size: Evidence from India

Briefly, some of this research predicts that deregulation will lead to (i) more firms and less incumbent power (Blanchard and Giavazzi, 2003; Alesina et al., 2005); (ii) increases

2013 All Rights Reserved. Acer Liquid E1 V360 User s Manual Model: V360 First issue: 2/2013

If you have configured your phone to place all calls using Internet calling or to ask for each call, you may also call a phone number using Internet call, whenever you are

Sign up for an Acer ID and enjoy great benefits

Calling a phone number using internet calling If you have configured your smartphone to place all calls using internet calling or to ask for each call, you may also call a phone

Imagination Station: Activating Creativity in Children with Disabilities

This paper presents a combined method of intermodal expressive arts therapies and play therapy techniques to aid in the fostering of creativity within children with disabilities

Measurements of seismic wave attenuation using multiple ScS waves

All scaling factors A are lower than 1, so the amplitudes of all seismic phases are       overestimated by the PREM synthetic, presumably because the seismic moment reported in the  

EMC NetWorker vs. Veeam Backup Report From IT Central Station 2016-03-04

Bratislav Petkovic , Senior Associate - System Engineer at a financial services firm with 100-1000 employees: Support for various operating systems, we use, AIX, Solaris, Linux,

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

[r]

Questions. about insurance you need to ask

Tenants insurance is relatively cheap and protects you financially if you unintention- ally cause damage or injury to yourself or others.. There are a number of variables (where