59
Living in a Digital World Discovering Computers 2010
Slide 1
Living in a Digital WorldDiscovering Computers 20101Computer Security RisksWhat is a computer security risk?Any event or action that could cause a loss of or damage to a computer system (hardware, software, data, information, or processing capability)2
2Computer Security MythsMyth 1: I have anti-virus software so my PC wont get infected.Myth 2: Anti-virus software protects against spyware.Myth 3: My network is behind a firewall, I am safe from hackers.
Myth 4: I can protect my PC if I disconnect from the Internet or turn it off when not using it.Myth 5: Mac & Linux computers are safe from viruses/attacks.Myth 6: Security threats only come from outside your network or company.Myth 7: Cellphones and other mobile devices arent susceptible to viruses and other security risks.3
Computer Security RisksA cybercrime is an online or Internet-based illegal act.An example of cybercriminals include:44Computer Security Risks: HackersThe term hacker was originally used for people that write code (programmers) and other computer enthusiasts.Later adapted to people that crack the security of computer systems.
Methods of Attack:MalwareKey-loggingPacket-sniffingPort-scanningDoS (denial of service)Social engineeringDumpster diving
5Computer Security Risks: MalwareWhat is a Malware?Short for malicious software. Software designed for a malicious purpose. Used to intrude or damage a computer system.
Examples of Malware:Viruses, Worms, TrojansRootkitSpyware
6
Attacks: VirusesVirusA program that attaches itself to a file.Spreads to other files, and delivers a destructiveaction called a payload.
Trojan HorseAppears to be a harmless program.When they run, install programs on the computer that can be harmful.Used to open a backdoor for hackers to gain control of your computer.
WormsActs as a free agent, replicating itself numerous times in an effort to overwhelm systems.
7Attacks: SpywareSpywareA program that is installed on your computer without your knowledge or consent.Their purpose is to collect information about you.They can be a pain!Keep you from visiting certain sitesVery difficult to remove.Anti-spyware programs indentify and remove spyware programs from your computer.
AdwareA program that displays online advertisements.8
Internet and Network Attacks99Attacks: VirusesHow can a virus spread?Using infected removable media.USB flash-drives, CDs/DVDs, floppy disks.
From the Internet.Downloading an infected file or program.File sharing networks. Websites that contain harmful script.
Through email attachments.
10
10Attacks: Viruses
1111Attacks: VirusesAn infected computer has one or more of the following symptoms:1212Video: Attack of the Mobile Viruses13CLICK TO START
13Preventing Virus AttacksAn anti-virus program is software that identifies and removes viruses.This software looks for a virus signature,which is a specific pattern of virus code.Also called a virus definition.
14
14Preventing Malware Attacks
1515Internet and Network AttacksA denial of service attack (DoS attack) disrupts computer and network communications.A computer system or network is bombarded with so many requests, such that it cannot handle legitimate requests and eventually renders it useless.Usually disrupts the computer or networks access to the Internet. Distributed DoS (DDoS).
A botnet is a group of compromised computers connected to a network.A compromised computer is known as a zombie.
A back door is a program or set of instructions in a program that allow users to bypass security controls.It is simply a security hole or exploit that allows access to a computer system.1616What is phishing?
Scam in which a perpetratorsends an official lookinge-mail and/or uses a fake website in an attemptto obtain your personal and financial information.Attacks: Phishing
Spoofing is a technique used by intruders to make their network or Internet transmission appear legitimated.
Internet and Network Attacks1818DNS cache poising is used to redirect a person away from a legitimate site to a fake one.
Video: Bluetooth Hacking19Preventing Internet and Network AttacksA firewall is a security system consisting of hardware and/or software that protects a network and computer from intrusion.20
20Preventing Internet and Network Attacks21What is a honeypot?A trap set to detect and counteract network intrusions.Typically a vulnerable computer that is set up to entice an intruder to break into it.A honeynet is two or more honeypots setup on a network.
21Unauthorized Access and Use2222Unauthorized Access and UseOrganizations take several measures to help prevent unauthorized access and use.Acceptable use policyUser policies and privilegesFirewallsIntrusion detection software23
23Unauthorized Access and Use24
Make stronger passwords.Longer passwords provide greater security.Mix letters (uppercase and lowercase), numbers, and symbols.
Unauthorized Access and UseA possessed object is any item that you must carry to gain access to a computer or computer facility.Often are used in combination with a personal identification number (PIN).Smartcards contain embedded circuitry that allow it to process data.Provide greater security.25
25Unauthorized AccessTips for protecting your computer:Disable file and printer sharing on Internet connection
File and printer sharing turned off
Unauthorized Access and UseA biometric device authenticates a persons identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer.
Facial RecognitionUses mathematical technique to measure the distances between 128 points on the face.
Retinal ScannerAnalyzes the pattern of blood vessels at the back of the eye.27
27
Video: Future of Facial Recognition28Unauthorized Access and UseDigital forensics is the discovery, collection, and analysis of evidence found on computers and networks.Many areas use digital forensics2929Hardware Theft and Vandalism3030Hardware Theft and VandalismTo help reduce the of chances of theft, companies and schools use a variety of security measures31
31Software TheftSoftware theft occurs when someone:32
32Software TheftA single-user license agreement typically contains the following conditions:3333Software TheftThere are some safeguards against software theft:3434Information TheftInformation theft occurs when someone steals personal or confidential information.Financial InformationBanking information, credit cards, e-cash, etc..Personal InformationSSN, medical info, occupational info, etcBusiness & Government InformationTop-secret military informationIndustrial secrets
Identity Theft is the criminal act of using stolen information about a person to assume that persons identity.In 2008, over 10 million people were affected (22% increase over 2007).
35
35Information TheftWhat is encryption?The process of converting readable data (plaintext) into unreadable characters (ciphered text).A safeguard against information theft.An encryption key is a mathematical formula used to convert data into ciphered text.To read the data, the recipient must decipher or decrypt the data.
36
36Information TheftExample of an encrypted file:
37
37Information Theft38
38Information TheftHow to encrypt files & folders in Windows Vista & Windows 7:Right-click the folder or file you want to encrypt, and then click Properties.Click the Advanced button.Select the Encrypt contents to secure data check box, and then click OK.*** To decrypt the folder, just remove the check from the checkbox.
39
39Information TheftWhat is BitLocker Drive Encryption in Windows?Software used to encrypt an entire hard drive.Helps keep data safe in the event your computer is lost, stolen, or intruded by a hacker.
40
Information TheftHow to encrypt files & folders in MAC OS X:http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1906.html
41
41Information TheftA digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the sender.Often used to ensure that an impostor is not participating in an Internet transaction.Used to authenticate the source of messages.
A certificate authority (CA)is a company or organization thatissues and authorizes digital certificates.These certificates contain a digital signature and the issuing CA. 42
42Information Theft43
What is Secure Sockets Layer (SSL)?Provides encryption for all data that passes between client and Internet server.Web addresses begin with https to indicate secure connections.
43Information PrivacyWhat is a cookie?Set browser to accept cookies, prompt you to accept cookies, or disable cookiesSome Web sites sell or trade information stored in your cookiesSmall file on your computer that contains data about youUser preferencesInterests and browsing habitsHow regularly you visit Web sites
44Ethics and Society45
45Information Theft46Are cookies a security risk?First party cookies Usually dont contain information that present a risk to your privacy.They contain data like your username, preferences, shopping cart products, info about your visit to their website.The information is only for their website and contains no data about previous websites.Disabling these may keep you from viewing many websites. Third part cookiesThese contain information that present a risk to your privacy.They collect information about the websites you visit, web searches, and other private information, which can be sold to companies.You should disable these!
46Surfing AnonymouslySurfing the Web anonymously means your browsing habits and identity is hidden from snoopers.
You need to use a Web proxy.A Web proxy is a Web server or service that acts like a middle-man for all communications between your browser and the websites you visit. Also called an anonymizer.Besides hiding your IP address, a good proxy will remove traffic such as cookies, pop-ups, and scripts.Make sure the proxy you chose uses SSL or TLS security measures for transmitting your information.Best Commercial Anonymizers:AnonymizerGhostsurfFree Anonymizer:The Cloak
47There are several risks involved with using a proxy. The proxy my be harvesting your information to provide to companies. Personal information like usernames, passwords, and PINs may be leaked or used by the proxy administrator for their own malicious purposes. They dont protect you from Internet threats 47Surfing AnonymouslyBeware of false protection!There are several risks involved with using a proxy:They do not protect you from Internet threatsThe proxy may be harvesting your information to provide to companies.Personal information (usernames, passwords, PINs, etc) may be leaked or used by the proxys administrator for their own malicious purposes.
48There are several risks involved with using a proxy. The proxy my be harvesting your information to provide to companies. Personal information like usernames, passwords, and PINs may be leaked or used by the proxy administrator for their own malicious purposes. They dont protect you from Internet threats 48Information Privacy & SecurityPreventing information theft and violations to privacy requires a few security measures.Use of encryption for important information.Keep operating system and all programs up-to-date. Surf the Web anonymously.
49System FailureA system failure is the prolonged malfunction of a computer.
A variety of factors can lead to system failure, including:Aging hardware.Natural disasters.Errors in computer programs.Electrical power problemsnoise unwanted electrical signals.undervoltages a drop is electrical supply.overvoltages a significant increase in electrical power.5050System FailureProtection against system failures caused by electrical disturbances: A surge protector provides protection from an overvoltage that can destroy a computer and other electronic equipment.
An uninterruptable power supplies (UPS) is a surge protector that provides power during a power loss.
51
51Backing Up The Ultimate SafeguardA backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyedTo back up a file means to make a copy of it
Offsite backups are stored in a location separate from the computer site52Cloud Storage52Wireless SecurityWireless access poses additional security risks.About 80 percent of wireless networks have no security protection.
War Driving Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks.
53
53Wireless SecurityIn additional to using firewalls, some safeguards to improve security of wireless networks:5454Ethics and SocietyComputer ethics are the moral guidelines that govern the use of computers and information systemsInformation accuracy is a concernNot all information on the Web is correct
5555Protecting Personal Information56
56Fun ThoughtIs the problem ignorance or apathy?I dont know and I dont care.57The EndThe Last LectureHOORAY!!!
For More InformationGuard Privacy & Online Security http://www.guard-privacy-and-online-security.com/index.htmlLots of really good information about privacy and online security.
Gibson Research Corporationhttp://www.grc.comSome tools to protect your computer.59
