Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | beverley-fitzgerald |
View: | 212 times |
Download: | 0 times |
Home PC Security
What PC Users and Law Enforcement
Should KnowPrinting with “Notes” enabled with provide a script for each
slideBob Samson
11/20/2004
What is the Problem? Hardware architecture of a PC Complexity of computer software
Anonymity of the Internet High speed connections Dial up connections Wireless connections
Hardware Architecture of a PC
There are 65,535 open ports on every Intel-based PC Only a few ports are probably necessary for the
average home user Port 25 – SMTP Simple Mail Transport Protocol is used for
sending email Port 53 – DNS Domain Name Server translates URLs into IP
Addresses Port 67/68 - When an ISP uses DHCP (Dynamic Host
Configuration Protocol) to assign IP addresses when you logon Port 80 - Your main Internet Connection Port 110 – POP3 Post Office Protocol version 3 for retrieving
email Games, the use of instant messaging, or other business
uses all may add a few additional ports to this list
Complexity of Computer Software
Windows has about 40 million lines of code (instructions)
By the year 2010, Windows is projected to grow to 100 million lines of code
A Carnegie Mellon University study found that a programmer makes an error every 1,000 lines of code.
That means just in Windows, there are probably 40,000 errors. If you consider all of the other application software that runs on the average PC, there are hundreds of thousands of errors that can be exploited by computer hackers so that they can gain entry into your computer
Anonymity of the Internet
When you are connected to the Internet, you are only known by a numeric Internet Protocol address
IP Addresses are not a reliable source of identification (they can easily be changed)
There is no way to identify a physical location from an IP address
Since the Internet is a network of millions of interconnected computers, it is easy to hide one’s “trail” behind the numerous points of interconnection
There are three sources of hackers: geeks; socially deprived intellects; terrorists - all pose a threat
High Speed Connections DSL and cable connections pose a greater risk than telephone
modems because they process data more quickly Without a firewall, anyone in the world can gain access to
your computer [easily!] If you have more than one computer and share files between
them, every file may also shared with the world unless you have a firewall
Peer-to-Peer programs like Kazaa, Gnutella used to swap music files can share more than you intended such as password files
Leave your computer open to the world wide web, add a few web pages to your files and you can easily find your private files indexed and accessible through search engines such as Google
Dial Up Connections Dial up connections or modems
have risks associated with them Risks include the hijacking of
one’s telephone for generating bogus long distance charges Be thoroughly familiar with spyware
and how to avoid it Never leave your PC on unattended
while connected to your modem
Wireless Connections If you can connect without a wire, your neighbor’s
high school computer wizard can also connect to your computer and your Internet connection
A wireless network must have: Encryption of the signal/connection Data encryption may also be required for additional
protection Strong log in and password rules for your computer are a
must Don’t let children use the wireless feature to hide
and connect to the Internet - use it to keep them in the accompaniment of an adult
Personal Information Surfing habits can be tracked so a profile of your
interests developed for marketing purposes Your address book and the email addresses of all
your friends can be copied Financial information like bank records, tax
records, social security numbers, etc. can be stolen
Information can be corrupted or deleted by a virus
Read those Privacy Policies - you could be giving up your personal information
Reputation Your computer can be used to send Spam email
without your knowledge Your address book containing all of your
contacts can be emailed pornographic content
Financial Resources $53 billion dollars was lost in 2003 through
identity theft 27.3 million Americans in the last 5 years
reported that personal information was stolen [Identity Theft]
The cost to victims for recovery of their good name in 2003 was $5 million
In the last year, nearly 2 million Americans had their checking accounts raided by criminals
What can you do? Use anti-virus software Use a firewall Learn about patch management
Change your behavior Be careful with online purchases
Anti-virus Software Purchase an anti-virus application to protect
your computer Update frequently - better yet, use anti-virus
software that will update automatically Stay alert to virus trends - the media is an
excellent source of pending attacks
Use a Firewall At a minimum, use a software firewall (port
blocker) Use a hardware firewall if you connect to the
Internet via a cable modem or DSL Both a software and hardware firewall together
offer the best protection Block as many ports as you can - this may mean
that you cannot play some Internet Games
Learn About Patch Management
Patch management means updating software frequently with the changes that manufactures add to improve security
Software updates are usually free Microsoft provides automatic updates as a
service to their customers If you are using Windows 95 or older, stop and
upgrade - the older versions are no longer supported and leave you vulnerable
If you have to re-install software for any reason, you must update it again because the patches will be missing
Change Your Behavior Don’t use illegal copies of software - it can be loaded with
viruses and spyware and besides it is wrong to steal! Don’t surf questionable web sites - Pornographic sites are
one of the biggest sources for web bugs and spyware Update your software frequently (patch management) Never send credit card data in an email - Emails should
always be considered unsecured Don’t open email attachments without understanding that
these are the largest cause of viruses - Even opening an attachment from a trusted email address is not safe (your friend could have been infected and had their address book stolen)
Dangerous Email Extensions ADE Microsoft Access Project
Extension MDB Microsoft Access Application ADP Microsoft Access Project MDE Microsoft Access MDE Database BAS Visual Basic® Class Module MSC Microsoft Common Console
Document BAT Batch File MSI Windows Installer
Package CHM Compiled HTML Help File MSP Windows Installer Patch CMD Windows NT® Command Script MST Visual Test Source File COM MS-DOS® Application PCD Photo CD Image CPL Control Panel Extension PIF Shortcut to MS-DOS Program CRT Security Certificate REG Registration Entries EXE Application
SCR Screen Saver HLP Windows® Help File SCT Windows Script Component HTA HTML Applications SHS Shell Scrap Object INF Setup Information File URL Internet Shortcut (Uniform
Resource Locator) INS Internet Communication
Settings VB VBScript File ISP Internet Communication Settings VBE VBScript Encoded Script File JS JScript® File VBS VBScript Script File JSE JScript Encoded Script File WSC Windows Script Component LNK Shortcut WSF Windows Script File WSH Windows Scripting Host
Settings File ZIP Compressed File Format
Watch Out for Phishing Emails from legitimate companies are copied to trick
consumers into providing confidential information Passwords Credit card numbers and expiration dates Banking account numbers
Even experts cannot tell by looking at the messages or the web site that you are directed to that this message is a forgery
Understand that no legitimate company ever asks you to validate personal information via an email in this way
Never respond, even if you do business with the company. If you are concerned, call them first!
Do Not Join Social Networks
“Social Networks” are services joined to help you remember addresses and phone numbers
Some companies are Plaxo, Friendster, Tickle and others
You risk your personal information, privacy and the information contained in your own computer’s address book
Remember, joining free services will expose your information and possibly the information stored on your computer to misuse and theft
Change Your Behavior continued
Make backups of important information stored on your computer
Don’t download browser add-ons and other software from unknown sources - this is an easy way to give your personal information to anyone through spyware or adware
Set your browser’s security and privacy settings to protect you from 3rd party cookies - these are used to track you
Be careful of HTML email - it can contain web bugs and spyware
Learn how to identify a “secured” web page - Never send your personal information over an unsecured web page
AND… Don’t click on “Unsubscribe” links
Change Your Behavior continued
Disable Java and ActiveX in your browser - These can be used to steal information from your computer
For Windows XP users, don’t log in with ADMINISTRATIVE RIGHTS
Use complex passwords created from phrases Example: MwaiJ10 (My wedding anniversary is June
10th) Example: Gmlogmd1775 (Give me liberty or give me
death 1775) Learn how to tell if a web page is secure
What About SPAM? Two Thirds of all email is SPAM One of the largest sources of SPAM is infected
home computers Trojan programs hijacking computers to send others
SPAM (zombies) Beware of spyware/adware and Trojan programs
Disguised as free programs, they track your surfing activities
Don’t use music download sites like KaZaA, GrokSter, Imesh
Free Screen Savers are a source of spyware If your computer becomes infected, your Internet
Service Provider may turn off your email capability until you fix it
Be Smart About Online Purchases
Selling or purchasing online through groups like eBay carry risks 40% of all credit card fraud is committed by
criminals overseas The top five offending countries are:
Yugoslavia Nigeria Romania Pakistan Indonesia
Many con artists hide the real country of origin Use protection services Never pay with a check card or debit card - only true
credit cards with online protection
Where to go for help Your local computer store Microsoft’s web site A knowledgeable and trusted friend Community Services
Senior community centers Community college classes State and Federal fraud assistance web sites
Your local police department (when you suspect that a crime has been committed)