Embed Size (px)
DESCRIPTION
A talk for the average home user on how to better secure their computer on the Internet.
Citation preview
Security starts at Home(Protecting your business by protecting your computer.)
Jayson E. Street, CISSP, GSEC, GCFA, IEM, IAM, CCSE, CCSA, Security+
Know yourself know your enemy
• Sun Wu (Tzu) “Ping-fa”(The Art of War)• “Thus it is said that one who knows the enemy and
knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”
Contents
• INTRO
• Basic PC Safety
• Identity Theft Issues
• Discussion
What should you do?
• Use a Firewall
• Keep Your Computer(s) Patched
• Use Virus Protection Software
Use a Firewall
• Hardware– Linksys
• Software– Norton– ZoneAlarm
• Test Yourself– http://www.hackerwatch.org/probe/
Keep Your Computer(s) Patched
• Windows Update– http://update.microsoft.com– Download patches automatically– Install patches manually
• Don’t Forget Microsoft Office– http://office.microsoft.com/officeupdate/
Use Virus Protection Software
• There are plenty of choices:– McAfee, Symantec, F-Prot, etc…
• Auto-Update daily
• Auto-Scan enabled
Email Safety – KRESV Test• The Know Test – Is the email from someone you know?
• The Received Test – Have you received email from this person before?
• The Expect Test – Were you expecting an email with an attachment from this person?
• The Sense Test – Do the contents described in the subject line and the name of the attachment make sense?
• The Virus Test – Does the email contain a virus? To determine this, you will need to install and use an anti-virus program such as McAfee or Norton.
SCAMS!
• No one in Africa with millions of dollars to smuggle out of the country is going to ask for help in an email.
• Bill Gates is not going to give you money for forwarding an email.
• Sending a “chain” email will not bring you luck – but it might help someone learn some things about you.
• Legitimate companies will not ask you for your password in an email.
Check them out: http://www.snopes.com
More Basic Tips
• Remove File Sharing if not needed• Encrypt confidential data (you can find free
encryption tools from www.download.com)• Lock down WiFi (Wireless Network Connectivity)• Use Good Passwords
– Change passwords often– Use alpha-numeric characters– No password is “Un”crackable. There are an
abundance of tools hackers may use to get your password
– Do not use your user name or full name
Identity Theft Issues
How do thieves get your information?• "Dumpster diving" - often very personal information is
just thrown away. People get credit card solicitations that they throw out as "junk mail." An identity thief could use that offer to open credit in your name. Other sources for digging through trash are businesses, law firms, medical facilities, accountants and banks.
• Roommates, relatives, "friends" and estranged spouses - all have access to very personal information, and may be very motivated to misuse that information.
• Waiters / Waitresses - you hand them your credit card at a restaurant and they disappear for five minutes. Do you know what they did with your credit card while they were out of sight?
Identity Theft Issues
How do thieves get your information?• Public records - for example, if you have been
involved in a divorce, many of your financial records could potentially be part of the public record and available by searching at the courthouse. For a thief - why dig in the trash?
• Hacking - many people now have high-speed internet connections at their homes. That makes their personal computers (full of tax return, checking account and investment records) an excellent target for an identity thief.
Identity Theft Issues
What do thieves do with your information?• Open credit accounts and buy products /
services. • Get phone or utility service. • Get a job (the Social Security Administration has
information about how to detect this) • Commit a crime (there have been reports
ranging from traffic violations to international drug trafficking).
• Buy a car. • Rent an apartment.
Identity Theft Issues10 Ways to Protect Yourself
• Be very careful about to whom you give out personal identification information.
• Never provide any personal, bank account or credit card information to anyone who contacts you through a telephone solicitation.
• Keep items with personal information in a safe place.
• Tear Up/Destroy all old personal information. • Sign any credit or debit cards with permanent ink
as soon as you receive them.
Identity Theft Issues
10 Ways to Protect Yourself (continued)
• Minimize the number of credit cards and other items with personal information that you carry.
• Do not leave envelopes containing your checks in your home mailbox.
• Give out your Social Security Number only when necessary.
• Be careful when creating passwords or PIN's. • Monitor your credit card statements and your
credit report.
Identity Theft Issues
Web resources on Identity Theft:• Federal Trade Commission:• http://www.consumer.gov/idtheft/• Social Security Administration• http://www.ssa.gov/pubs/idtheft.htm• Boston Federal Reserve Bank• http://www.bos.frb.org/consumer/identity/• Better Business Bureau• http://www.bbb.org/alerts/idtheft.asp
Now let’s learn from others
• Discussion and Questions????
• Or several minutes of uncomfortable silence it’s your choice.
• http://f0rb1dd3n.com/s1s/WP/• http://forums.stratagem-one.com
![4 Cyber Security Myths[Infosec Summary]](https://img.dokumen.tips/doc/110x75/55cf8ee4550346703b96bb33/4-cyber-security-mythsinfosec-summary.jpg)
