Internet Security. For Home Users

Transcription

1 Internet Security For Home Users

2 Basic Attacks Malware Social Engineering Password Guessing Physical Theft Improper Disposal

3 Malware Malicious software Computer programs designed to break into and create havoc on computers. Virus Worms Trojans

4 Viruses A program that secretly attaches itself to a document or another program and executes when that document or program is opened. Like its biological equivalent, viruses require a host to carry them from one system to another.

5 Viruses A virus might corrupt or delete data on your computer, use your program to spread itself to other computers, or even erase everything on your hard disk.

6 Viruses Can be disguised as attachments of funny images, greeting cards, or audio and video files. They can be hidden in illicit software or other files or programs you might download.

7 Symptoms of a Virus Computer runs very slowly New programs don t install properly New icons appear on the desktop A program suddenly disappears from the computer

8 Symptoms of a Virus An message appears that has an unexpected attachment or an attachment has a double file extension such as PICTURE.JPG.VPS. After opening attachment, dialog boxes appear or the computer slows significantly.

9 Symptoms of a Virus Out-of-memory error messages appear. Programs that used to function normally stop responding. Windows restarts unexpectedly. Windows error messages appear listing critical system files that are missing and refuse to load.

10 Worms Like a virus but not dependent on a host can spread by itself. Unlike a virus which requires a trigger such as opening an attachment, a worm does not need a user action to begin to spread.

11 Worms Worms usually replicate until they clog all available resources. Typical symptom of a worm infected computer is running slowly and unexpectedly rebooting the system.

12 Trojans Horse Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up downloading the virus disguised as some other application.

13 Social Engineering Tricking or deceiving someone to access a system. Phishing Dumpster Diving Password Peeking

14 Phishing Phishing messages or phone calls are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

15 Forms of Phishing They might appear to come from your bank or financial institution, a company you regularly do business with, or from your social networking site.

16 Phishing Sample

17 Forms of Phishing They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an message might look like it comes from your employer, friend or family member.

18 Forms of Phishing Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don't respond.

19 Forms of Phishing They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.

20 Phishing Sample

21 Forms of Phishing They might include links to spoofed Web sites where you are asked to enter personal information.

22 Dumpster Diving Low-tech method to steal your personal information by digging through your discarded trash for credit card offers, medical statements, bills and other sensitive papers.

23 Password Peeking Visual peeking to obtain passwords or user codes.

24 Password Guessing Brute force Dictionary attack Rainbow tables

25 Brute Force Creating every possible combination by systematically changing one character at a time in a password. Programs are widely available on the internet that use brute force. L0phtCrack

26 Dictionary attack Using an electronic dictionary of words to use as passwords. Generally more efficient than a brute force attack, because users typically choose poor passwords.

27 Rainbow Tables Contains a large pregenerated data set of nearly every possible password combination. Freely available online. Ophcrack

28 Physical Theft 60% of stolen data is due to laptop theft Many mobile devices simply get left behind in places like cabs, subways, and airplanes. 10 to 15 percent of all handheld computers, PDAs, mobile phones, and pagers are eventually lost by their owners.

29 Improper Disposal Two MIT graduates published a study in which, over two years, they bought 158 used hard drives at second-hand computer stores and on ebay; on 69 drives they found recoverable files, including medical correspondence, credit card numbers and a year's worth of transactions from an Illinois ATM.

30 How to Prevent Attacks What you can and should do to protect your personal information and system integrity.

31 Malware Patch software security updates designed to fix vulnerability. Computers can be configured to automatically receive patches.

32 Patch software Security updates. A broadly released fix for a product-specific security-related vulnerability. Security vulnerabilities are rated based on their severity, as critical, important, moderate, or low. Critical updates. A broadly released fix for a specific problem addressing a critical, non-security related bug.

33 Patch software Service Packs - A tested, cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product. Service Packs might also contain a limited number of customer-requested design changes or features.

34 Windows Update Settings

35 Malware Anti-virus software Must be continuously updated to recognize new viruses. Scan system weekly. Consider an internet security suite which may include additional layers of defense spam filters, firewall, pop-up blockers, phishing detectors, real-time threat alerts.

36 Kaspersky

37 Malware Removal Many applications are available to detect and remove malware that has infected your system. I recommend malwarebytes, free version. Must manually update but very effective.

38 Malwarebytes

39 Malwarebytes

40 Phishing Don t click on links within s that ask for your personal information. No legitimate business would place links within s. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).

41 Spoofing Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

42 Pop-ups Never enter your personal information in a pop-up screen. Legitimate companies, agencies and organizations don t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.

43 Attachments Only open attachments if you re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

44 Verify If someone contacts you and says you ve been a victim of fraud, verify the person s identity before you provide any personal information. Ask for the name of the person, agency or company, phone number, and the address. Get the main number from the phone book, or Internet, then call to find out if the person is legitimate.

45 Shop Securely Industry has developed technology that can scramble sensitive information, such as your credit card number, so that it can be read only by the merchant you are dealing with and your credit card issuer. This ensures that your payment information cannot be read by anyone else or changed along the way.

46 Online Payments There are several ways to determine if you have that protection when you are sending payment information on the web.

47 Online Payments Look for the picture of the unbroken key or closed lock in your browser window. Either one indicates that the security is operative. A broken key or any open lock indicates it is not.

48 https Look to see if the web address on the page that asks for your credit card information begins with " instead of "http."

49 SSL Some web sites use the words "Secure Sockets Layer (SSL)" or a pop up box that says you are entering a secure area.

50 SSL Credentials SSL Certificates are credentials for the online world, uniquely issued to a specific domain and Web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser.

51 View Credentials Click the closed padlock in a browser window.

52 View Credentials Click the trust mark

53 Strong Passwords Must be at least 8 characters Must contain a combination of letters, numbers, special characters, upper and lowercase. Don t reuse passwords. Use unique passwords or each application

54 Passphrases Take a common phrase such as Four score and seven years ago and replace the spaces with numbers Four1score2and3seven4years5ago. Use your favorite song title or poem.

55 Password Safes KeePass is a free password manager. Put all your passwords in one database, which is locked with one master key. The databases are encrypted and you only have to remember one master password.

56 Keepass

57 Keepass

58 Password Generators Keepass also contains an excellent password generator. Or online programs such as:

59 Keepass

60 Physical Theft Record serial numbers Use ID tags Never leave your laptop unguarded in a hotel or conference room. Never leave a laptop bag on a car seat in plain view. Lock it!

61 Recovery Services Simple software application displays a lost message on log in screen locks the device remotely shreds data on your hard drive May include GPS feature

62 Erasing Hard Drive Even reformatting a drive may not be enough to erase data. Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. Free.

63 Physically Destroy HD Smash your hard disk with a hammer Pour paint on the hard disk platters Drill holes through the drive case and shatter the hard drive platters inside it Use a radial arm saw to cut the hard disk in two pieces Put a few nails through the drive

64 Software Downloads Download only from companies that are known to be malware-free and do not have a hidden motive for providing software.

65 The End Take Control. Be proactive! Plenty of free applications to protect your system online. If you need help (you are not alone!), ask experts or research online. Beware! It is getting worse, not better. If you do become a victim, report it.