CS101

Security

• http://map.norsecorp.com

Network = Security Risks

• The majority of the bad things that can be done deliberately to you or your computer happen when you are connected to a network

Safe computing tips• Number One Best Security Method: Move away from the herd by using

less popular software to access network functions

• Be smart when using a computer

• Make sure operating system is up-to-date

• Make sure all software used on network is up-to-date

• Access internet from standard user account

• Follow the rest of the advise in this presentation.

4 Areas To Secure

• 1) Your Computer

• 2) Your Network Interaction

• 3) Yourself

• 4) Your Data Elsewhere

Securing

Your

Computer

What can happen to my computer?

• Your computer can be attacked by:– Hackers– Legitimate Software– Malware– Thieves

Hackers• Originally “hacker” referred to someone who

wrote programming code. Now it is mostly used to refer to someone who tries to break into computers electronically.

• Now most hacking is automated.

• Most people who are hacked do not realize they have been hacked.

How can I protect my computer from hackers?

• Follow safe computing practices • Install software and hardware (router)

firewalls and then teach firewall and keep up-to-date.

Legitimate Software

• Spyware

• Dialer

• Remote Control Software

• Other

How do I protect myself from Legitimate Software?

• Follow safe computing practices• Install malware detection software and keep

software up-to-date

Malware• Virus

– Sneaks from computer to computer and copies self to disk. Can move about in many forms but most popular are as an email attachment or infected web page image

• Trojan Horse– Purports to perform one function but actually performs another

less desirable task. Usually the program is knowingly installed by the user

• Worm– Sneaks from computer to computer and copies itself into RAM.

Can move about in many forms but most popular is to move about large networks

• Rootkits– A rootkit is malware which consists of a program (or combination

of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms, "Administrator" or "Admin" access) of a computer system, without authorization by the system's owners and legitimate managers.

How do I protect myself from malware?

• Follow safe computing practices

• Install malware detection software and keep software up-to-date

• Add threat detection software

Thieves

• Use your computer when it is unattended

• Steal computer

How do I protect against thieves?• Use screensaver with password to wake computer

• Turn on OS login and have it require a password for computer access

• Turn on BIOS security and have it require a password for computer to boot

• Encrypt sensitive information stored on your hard drive

• Add LoJack Software

• Lock down computer with security lock

• Get laptop insurance

Securing

Your

Network

Interaction

What can happen to me when using a network?

• Information you send out on a network can be intercepted

• You can be diverted by phishing attacks

• etc.

How can I secure the information I send out on a network?

• Follow safe computing practices• Make sure your connection to the network is secure• Make sure that any important information you send out on

a network is in encrypted form (scrambled) before it is sent• Treat any unencrypted information transmitted as if it was

on a postcard• Use anti-phishing software• Change your DNS to Google• Never open or click on any item you are not 100% sure of• Bookmark all web sites you need to access securely

Securing

Yourself

How can I be a security risk?

• You do not do all the other security items listed in this PowerPoint

• Practice bad password practices

• Fall for human engineering attacks

How can I protect myself from social engineering?

• Use good password practices

• Treat any request for information as suspicious and either ignore or verify request via an independent method

• Treat any offer that sounds to good to be true as suspicious

• Use anti-phishing software.

Securing

Your

Data

Elsewhere

What can happen to the information you no longer control?

Once information is contained outside of your direct control you must protect yourself from it being used in inappropriate ways such as identity theft

How do I protect information I do not control?

• You can’t

• You can stop them from doing anything with the information

• Freeze your credit at all 3 credit reporting agencies and/or add an identity protection service that helps with the cleanup.

• Subscribe to a monitoring service.