Computer saftey may 2013

Socastee SC Library

Computer EducationWhiteHouseComputing

Safe Computing

Visualization of the various routes through a portion of the Internet

Source: WWW.Wikipedia.Com

http:\\WhiteHouseComputing.Blogspot.Com ”

Socastee SC Library


Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths Myth: “Myth: “There is nothing important on my There is nothing important on my

computer, so no attacker would want to access computer, so no attacker would want to access it”it”

Reality:Reality: ““Internet Background Radiation” – a techie Internet Background Radiation” – a techie

term that refers to the constant stream of term that refers to the constant stream of probes and malicious traffic on the internet.probes and malicious traffic on the internet.

Probes are looking for any machine that can Probes are looking for any machine that can be “hijacked” to make money for their be “hijacked” to make money for their hijackers.hijackers.

Spam Robots (spambot)(spambot) Zombies trained to attack web sites on demand trained to attack web sites on demand

(extortion robots)(extortion robots)

Socastee SC Library


Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths

Myth:Myth: “The biggest security threats “The biggest security threats involve hackers who target individual involve hackers who target individual computer users”.computer users”.

Reality:Reality: Many probes are automated. Many probes are automated.

Computers under program control can Computers under program control can probe other computers much faster probe other computers much faster than computers under human control than computers under human control can.can.

Socastee SC Library


Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths Myth:Myth: “Paying bills online increases the risk “Paying bills online increases the risk

of identity theft”. of identity theft”. Reality:Reality:

Communication from the browser can be secure Communication from the browser can be secure encryptedencrypted

LOOK for the LOCKLOOK for the LOCK Either bottom right or just to the right of the Either bottom right or just to the right of the

address entry window depending on browser address entry window depending on browser and browser versionand browser version

AND look for AND look for httpshttps instead of instead of httphttp in the in the addressaddress

For example: For example: https://WWW.Chase.Com

However – above assumes no However – above assumes no keylogers on your machine on your machine

Socastee SC Library


Online SecurityOnline SecurityTypes of ThreatsTypes of Threats

AnnoyancesAnnoyances Spam Adware

DangerousDangerous Spyware Virus Phishing Scareware

EnablerEnabler Trojan Backdoor

MALWARE

Socastee SC Library


Online SecurityOnline SecurityTypes of Threats - AnnoyancesTypes of Threats - Annoyances

Spam – AKA Unwanted, Unsolicited Junk Spam – AKA Unwanted, Unsolicited Junk EmailEmail Clogs your email inboxClogs your email inbox Can be dangerousCan be dangerous

Can lead you to dangerous websitesCan lead you to dangerous websites Example – sites that attempt to exploit unpatched bugs Example – sites that attempt to exploit unpatched bugs

in your browser to insert “in your browser to insert “backdoor” or other malware ” or other malware in your systemin your system

Adware – Software that delivers targeted Adware – Software that delivers targeted advertisements to your computeradvertisements to your computer

Socastee SC Library


Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous

Spyware “is a type of malware that is “is a type of malware that is installed surreptitiously on personal installed surreptitiously on personal computers to collect information about computers to collect information about users, their computer or browsing habits users, their computer or browsing habits without their informed consent.” without their informed consent.” Wikipedia. Wikipedia. (Spyware)(Spyware)

Can simply record information about your Can simply record information about your browsing habits to guide Adware in delivering browsing habits to guide Adware in delivering ads ORads OR

Worst case: Keylogger – can record your Worst case: Keylogger – can record your keyboard keystrokes and transmit them over the keyboard keystrokes and transmit them over the InternetInternet

Socastee SC Library



Virus “A Virus “A computer viruscomputer virus is a computer is a computer program that can copy itself and infect a program that can copy itself and infect a computer without the permission or computer without the permission or knowledge of the owner.” knowledge of the owner.” WikipediaWikipedia

How is it spread?How is it spread? Email attachmentEmail attachment Visiting a malicious website with an unpatched Visiting a malicious website with an unpatched

buggy browserbuggy browser Infected files on any portable media (thumb drives, Infected files on any portable media (thumb drives,

CDs, floppys, etc)CDs, floppys, etc) Over a network when file sharing is too broadly set Over a network when file sharing is too broadly set

upup

Socastee SC Library



Virus – How Can You Protect Yourself?Virus – How Can You Protect Yourself? Install an antivirus program on your Install an antivirus program on your

computercomputer Two parts of an Antivirus program defenseTwo parts of an Antivirus program defense

The program itselfThe program itself Understands basic look and feel of generic computer Understands basic look and feel of generic computer

virusvirus Can also read and understand specific descriptions of Can also read and understand specific descriptions of

specific virus family and virusspecific virus family and virus Descriptions of specific virus and virus familiesDescriptions of specific virus and virus families

New descriptions need to be downloaded to your New descriptions need to be downloaded to your computer on a continuing basis. computer on a continuing basis.

In commercial software, there is an annual fee for In commercial software, there is an annual fee for subscription. When your subscription runs out, NEW subscription. When your subscription runs out, NEW descriptions stop being downloaded.descriptions stop being downloaded.

Socastee SC Library



Virus – How Can Virus – How Can You Protect You Protect Yourself?Yourself? See handout for See handout for

examples of good examples of good antivirus software.antivirus software.

For another For another source go to source go to WWW.PCMag.ComWWW.PCMag.Com

Look past “sponsored Look past “sponsored links” which are ads and links” which are ads and click on appropriate click on appropriate articles.articles. Select

Reviews here

Enter Antivirus in the search box here

Socastee SC Library



Phishing “is the criminally fraudulent Phishing “is the criminally fraudulent process of attempting to acquire sensitive process of attempting to acquire sensitive information such as usernames, passwords information such as usernames, passwords and credit card details by masquerading as and credit card details by masquerading as a trustworthy entity in an electronic a trustworthy entity in an electronic communication.” communication.” WikipediaWikipedia

Fraudulent email scares you into clicking a link Fraudulent email scares you into clicking a link in the email taking you to a site that LOOKS in the email taking you to a site that LOOKS like a real bank (for example) but is notlike a real bank (for example) but is not

Fraud site asks for userid password account number Fraud site asks for userid password account number etcetc

PhishingPhishing

Socastee SC Library



Phishing – How to Avoid Being Phishing – How to Avoid Being FooledFooled Avoid following links in emailsAvoid following links in emails

If you do and the site wants info DO NOT If you do and the site wants info DO NOT GIVE ITGIVE IT

Banks, Brokerage Houses, etc WILL Banks, Brokerage Houses, etc WILL NOT ASK YOU VIA EMAIL TO VERIFY NOT ASK YOU VIA EMAIL TO VERIFY INFORMATIONINFORMATION If they seem to be doing that IT IS A FRAUDIf they seem to be doing that IT IS A FRAUD

Socastee SC Library



ScarewareScareware Spyware masquerading as antivirus softwareSpyware masquerading as antivirus software Message will pop up while using your browserMessage will pop up while using your browser

Message will tell you have been infected and need Message will tell you have been infected and need to click somewhere on it to download software to to click somewhere on it to download software to get rid of the infectionget rid of the infection

Could happen even on a legitimate site it the site Could happen even on a legitimate site it the site has been compromisedhas been compromised

Do not click ANYWHERE on the messageDo not click ANYWHERE on the message Start Taskmanager and end browser applicationsStart Taskmanager and end browser applications

Socastee SC Library



Learn to Recognize Scams of All Learn to Recognize Scams of All KindsKinds Check the web address. type in the

web address exactly as it appears on your statement.

Look for a https:// a secure connection However, even scam

sites can use secure connections, so use this rule in conjunction with the others.

Check the spelling and grammar.

Socastee SC Library



Four RulesFour Rules1. Run Windows Update – plug the holes that let the gunk in

For Virus and Spyware gunk that gets in anyway…

2. Install and run Anti Virus software – keep subscription current

3. Install and run AntiSpyware software–keep subscription current

4. Run a Firewall 1. Start

2. Control Panel

3. Security Center

4. Windows Firewall

5. On

Note – assumes you are not running a different firewall already

Socastee SC Library


Online SecurityOnline SecurityFirewallsFirewalls

Prevent unauthorized entry from outside Prevent unauthorized entry from outside Can be hardwareCan be hardware

Routers include a NAT firewall preventing Routers include a NAT firewall preventing unauthorized entry from outside but not unauthorized entry from outside but not necessarily reporting or preventing rogue necessarily reporting or preventing rogue applications inside your computer from applications inside your computer from communicating outboundcommunicating outbound

Can be software ( Windows firewall, Can be software ( Windows firewall, ZoneAlarm)ZoneAlarm) Software firewalls can/will prevent unauthorized Software firewalls can/will prevent unauthorized

outbound communication toooutbound communication too

Socastee SC Library



How Secure is Your Firewall?How Secure is Your Firewall? Major corporations have their firewalls Major corporations have their firewalls

intentionally probed periodically by a intentionally probed periodically by a security service to test them.security service to test them. You can do the same thing at the “Shields You can do the same thing at the “Shields

Up” site located at Up” site located at https://www.grc.com/x/ne.dll?bh0bkyd2https://www.grc.com/x/ne.dll?bh0bkyd2

NOTENOTE the above site DOES NOT scan your the above site DOES NOT scan your machine for malware of any sort. It machine for malware of any sort. It provides only a test of your firewall (or lack provides only a test of your firewall (or lack thereof) and its ability to block intrusion.thereof) and its ability to block intrusion.

Socastee SC Library



LaptopsLaptops If you depend on the hardware firewall at home, If you depend on the hardware firewall at home,

you need to be sure you have a software firewall you need to be sure you have a software firewall running on your laptop if you take it out of your running on your laptop if you take it out of your house to connect from another location. If you house to connect from another location. If you have file and printer sharing turned on (to share have file and printer sharing turned on (to share files with other computers in you house) TURN IT files with other computers in you house) TURN IT OFF before connecting to a public WiFi hotspot or OFF before connecting to a public WiFi hotspot or someone else’s hard wired LAN because you will be someone else’s hard wired LAN because you will be behind their firewallbehind their firewall sharing sharing youryour files with files with themthem

ON WINDOWS 7: START – CONTROL PANEL - ON WINDOWS 7: START – CONTROL PANEL - NETWORK & SHARING CENTER – ADVANCED SHARING NETWORK & SHARING CENTER – ADVANCED SHARING – TURN OFF FILE AND PRINTER SHARING – TURN OFF FILE AND PRINTER SHARING

Socastee SC Library


Online SecurityOnline SecurityInformation SourceInformation Source

WWW.OnguardOnline.GovWWW.OnguardOnline.Gov ““a partnership between the FTC, other a partnership between the FTC, other

federal agencies, and the technology federal agencies, and the technology industry -- offers tips to help you be on industry -- offers tips to help you be on guard against Internet fraud, secure guard against Internet fraud, secure your computer, and protect your your computer, and protect your personal information. “ personal information. “ Federal Trade Federal Trade Commission web siteCommission web site

Socastee SC Library


Online SecurityOnline SecurityBackupBackup

Make partial backups practicalMake partial backups practical Keep your files organizedKeep your files organized

Choose Backup MediumChoose Backup Medium CD – Holds Max 700 MbCD – Holds Max 700 Mb DVD – Holds Max 4.4 Gb single layer 7.9 DVD – Holds Max 4.4 Gb single layer 7.9

Gb double layer. Only new higher end Gb double layer. Only new higher end machines today will burn double layermachines today will burn double layer

External hard drive – holds 1Tb ++External hard drive – holds 1Tb ++ If If CRITICALCRITICAL keep copy off site keep copy off site

Socastee SC Library


The End The End

Socastee SC Library


Developments to Watch:

Social Fortress ( WWW.SocialFortress.Com ) see http://www.teten.com/blog/2012/09/13/social-fortress-publicly-launches-at-techcrunch-disrupt/

See “Emerging Cyber Threats Report 2013” at http://gtsecuritysummit.com/report.html

Technology

Computer saftey may 2013