1 Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library
3 Malware, Spyware, Trojans Objectives After After attending this this workshop you you will will be be able able to: to: I. I. Explain threats threats to to your your information security II. II. Explain security requirements III. III. Describe how how to to protect yourself and and others others from from i. i. Password Password compromises compromises ii. ii. Malware Malware iii. iii. Spyware Spyware and and adware adware
4 Don't give up just yet! Some users have given up on the Internet due to spam, spyware, and malware; however a growing number of users have a new stance on spam, spyware, and malware. This session will show you how others are trying to slow the tide, through a variety of new and improved tools, tricks and tips.
5 Digital Self-Defense 101 Outline I. I. The The need need for for self-defense II. II. Primary self-defense tactics tactics and and tools tools III. III. Social Social engineering threats threats and and responses
6 The Need for Self-Defense Rapidly-increasing threats 2004: Year of the Cyber-Crime Pandemic eweek Over 17,000 new malware threats in 2004 Over 8459 new social engineering/phishing attempts in November 2004
7 Who s Doing the Crime? Internet crime is carried out primarily by teenage hackers who are trying to make a name for themselves. False. Internet crime is being funded and sponsored by organized crime, often out of Eastern Europe. True or False?
8 Why am I a Target? Three key reasons: 1. Conduct identity theft for financial gain 2. Access to your network/resources 3. Use of PC in botnets 4. Host for Parasites
9 How are the Attacks Occurring? Attacks from the Internet use several different attack vectors.
10 Attack Vector 1 Worms All a person has to do is connect an unpatched PC to the Internet. No user action is required. Sasser Netsky Bagel
11 Attack Vector 2 Browser exploits Most used application Malicious code Spoofed browser windows Secunia has noted about one vulnerability every 10 days since IE 5 was introduced
12 Attack Vector 3 Infected attachments Phishing scams Links to malicious Web sites
13 Self-defense a Layered Approach No one tactic will be sufficient. There is no silver bullet or impenetrable firewall. You must use a layered defense which uses a combination of software and hardware solutions to prevent, detect, and clean malware.
14 Layer 1 Secure Passwords Choosing a secure password is one of the easiest and most overlooked ways to keep your information secure.
15 The Password Requirement Your password should Be at least 8 characters long Contain both UPPER and lower case letters and at least one number or symbol (placed in the middle not at the beginning or end of the password) Be changed at least every 120 days Not contain your username Not be reused (repeated) for at least 6 changes of password
16 Weak Passwords Weak Weak passwords are are one one of of the the most most critical critical security threats threats to to networks (and (and your your home home PC). PC). Examples of of weak weak passwords: admin Username [default], etc. etc.
17 Strong Passwords Anatomy of a Secure Password MINIMUM of 7-8 characters Mixed numbers and letters * *other characters allowed by the software/operating system UPPER and lower case
18 Constructing a Password You You can can use use the the first first letter letter of of each each word word in in a a phrase phrase and and add add a a number number in in the the middle. middle. Alternate Alternate between between a a random random consonant consonant and and vowel vowel to to produce produce a a nonsense nonsense word word that that can can be be pronounced. Then Then add add a a number number in in the the middle. middle. Choose Choose two two shorter shorter words words and and put put them them together together with with a a number number in in between. between.
19 Password Tools There are are a number of of tools to to help you create a strong password one one example: You You can can check check password strength by by typing typing a SIMILAR password into into the the password checker at at
20 Log off or Lock Your Computer It's a good habit to either log out or lock the system every time you walk away from the computer.
21 Log off or Lock Your Computer If you walk away from your computer you may give someone an open door into your e- mail, personal information, and other sensitive or private data.
22 Layer 2 Defending Against Malware Malware encompasses classic threats, such as viruses, worms, and trojans, and newer threats such as spyware.
23 Malware Viruses A virus virusis is a a piece piece of of program program code code that that makes makes copies copies of of itself itself and and spreads spreads by by attaching attaching itself itself to to files files or or messages, messages, and and requires requires user user action action to to spread. spread.
24 Malware Payloads Malware Malware often often carries carries payloads which are are executed executed by by the the malware malware program. program. Payloads Payloads may: may: Pop Pop up up a a message message Reformat Reformat your your hard hard drive drive themselves themselves and and other other information information to to the the addresses addresses in in your your address address book book Cause Cause file file corruption corruption over over time time
25 Malware Worms A computer worm is is a self-replicating computer program, similar to to a computer virus. A worm is is self-contained and and does not not need to to be be part part of of another program to to propagate itself or or need user action to to spread. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
26 Malware Trojans A Trojan horse or or Trojanis is a computer program which claims to to be be innocuous but but instead has has a malicious effect one which the the programmer (or (or packager, or or distributor) intended and and the the user user didn't expect. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
27 Malware Backdoors A backdoor is is a hidden system administration tool tool that that malware installs onto your system, allowing someone access and and control of of your system in in the the future.
29 Patching In order to keep your information and the network secure, you need to keep your computer patched and up to date.
30 Patching Automatic Updates Most operating systems provide an auto-update feature. Many applications do not.
31 Patching Windows If you are running Windows, find out how to turn on automatic updates by going to:
32 Patching Macintosh If you are running Mac OSX, find out how to turn on automatic updates by going to
33 Patching Applications Windows update does not patch applications. Obtain Microsoft Office patches from Check for updates for other applications at the vendors home pages.
34 Firewalls A personal firewall is a piece of software or hardware installed on an end-user's PC which controls communications to and from the user's PC. From Wikipedia, the free encyclopedia,
35 Firewalls Firewalls allow you to limit access of specific programs to the Internet and also allow you to control various ports and services. From Wikipedia, the free encyclopedia,
36 Recommended Firewalls We recommend the use of a personal software firewall product: For personal computers, we recommend choosing a product from an industry leader such as Zone Alarm, Sygate, McAfee, or Symantec.
37 Firewalls and Routers Placing a router between your computer and your modem can provide some of the protections of a firewall. Internet
38 Antivirus Many good products on the market Absolute must have before going on the Internet As many as 1 in 10 s may contain viruses Must be kept up to date
39 Keeping Anti-Virus Programs Up to Date Set up Auto-Update to check for updates daily. Scan all files weekly.
40 Spyware Computer software that gathers information about a computer user without the user's knowledge or or informed consent, and then transmits this information to to an an external entity. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
41 Spyware How Big is the Threat? According to to eweek.com, spyware is is on on track track to to replace massmailing worms as as the the biggest security threat threat in in the the coming year. year. mass- Spyware, also also known as as adware, has has become the the preferred way way to to deliver malicious Trojans, which which can can relay relay information to to other other computers or or Web Web locations. This This puts puts your your passwords, log-in log-in details, credit credit card card numbers and and other other personal information at at risk. risk.
42 Spyware How did I Get it? You can get spyware from: Unintentional Downloads Software Bundles Other Other Users Users Computer Viruses or or Worms Automatic Installation Embedded in in applets
43 Spyware How do I Prevent It? You can prevent spyware infections by: Using anti-spyware and and antivirus software Increasing security settings in in your browser Carefully reading pop-up warnings Not downloading or or installing software without investigating it it and and its its publisher
44 Anti-Spyware Tools Anti-spyware programs such as Spybot Search & Destroy AND AD-AWARE are available free for personal use.
45 Dealing with Spam At Provincial Library We use a Barracuda Spam Firewall (Model 200) filters out about 3,000 spam and viruses a day on average At Home Leading products include ZoneAlarm Security Suite, McAfee SpamKiller, and MailFrontier Desktop. Use a Hotmail, GMail or Yahoo address for mailing lists, etc.
46 Layer 3 Protecting Yourself from "Social Engineers" "Social engineering" describes the activity of tricking or engineering the user into willingly disclosing confidential or privileged information.
47 Beware of "Social Engineers" Don t give out personal information, especially passwords, to to anyone by by phone, , or or through a a Web page, except login pages you you trust.
48 Layer 4 Common sense Practices Using commonsense can help you avoid many malware and social engineering attacks.
49 Stay Informed Security vendors and criminals are in a race. Keep abreast of security issues by following the news and checking out the following web sites
50 Don t Click Links or Attachments in Unexpected s Many viruses these days can generate s that look like they came from actual users.
51 Don t Work in the Admin Account In In Windows XP: Create a separate account for for installing software and performing administrative functions. Create user accounts with limited privileges and use use those accounts when browsing or or reading . (This may prevent some malware from installing itself on on your computer.)
52 Malware, Spyware, Trojans Wrap up up I. I. Why Why self-defense? II. II. Review threats threats III. III. Review tools tools IV. IV. Your Your questions
Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide Definitions Malware is term meaning malicious software. Malware is software designed to disrupt a computer system.
Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
(2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
Malware, Spyware, Adware, Viruses Gracie White, Scott Black Information Technology Services The average computer user should be aware of potential threats to their computer every time they connect to the
Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library Why should you be concerned? There are over 1 million known computer viruses. An unprotected computer on the
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
Viruses, Trojans and Worms Oh My! 2006 Technology Leadership Presentation Series Why is my computer running so slow? What are all of these little windows popping up on my system? Why did my home page change?
Guideline for Prevention of Spyware and other Potentially Unwanted Software Introduction Most users are aware of the impact of virus/worm and therefore they have taken measures to protect their computers,
Computer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014 Presented by Nicholas Davis, CISA, CISSP UW-Madison, Division of Information Technology
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
Basic Security Tips Bookmarks for Desktop Self-Defense Get Safe Online http://www.getsafeonline.org/ Get Safe Online will help you protect yourself against Internet threats. The site is sponsored by government
Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There
Paul Nguyen 2014 CSG Interna0onal Security is Top- of- Mind Everywhere High- profile breaches: 2K+ breaches expose nearly 1B records in 2013 Increased regulatory pressure State- sponsored hacking around
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS126.96.36.199 ITS188.8.131.52 ITS184.108.40.206 ITS220.127.116.11 ITS18.104.22.168 ITS22.214.171.124
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
Network Security Demo: Web browser Email Messages An email message can be instantly forwarded around the globe, even if accidentally. Do not write anything in a message that you will later regret! Read
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
Preparing Your Personal Computer to Connect to the VPN (Protecting Your Personal Computer Running Windows) Using the VPN to connect your computer to the campus network is the same as bringing your computer
Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
Information Security By Louis Morgan, CISSP Information Security Officer Why Bother with IT Security? Recent estimate - 900 million personal computers worldwide. Computer hackers are out there. How long
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff INTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal
Internet Security For Home Users Basic Attacks Malware Social Engineering Password Guessing Physical Theft Improper Disposal Malware Malicious software Computer programs designed to break into and create
STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
AARP can help you Spot & Report Fraud Fraud Fighter Call Center: Talk to a volunteer trained in how to spot and report fraud. Call the Fraud Fighter Call Center at (877) 908-3360 Fraud Watch Campaign What
Computer Security: Best Practices for Home Computing Presented by Student Help Desk Merced Community College Defining the Problem Symantec documented 2,636 new vulnerabilities in 2003, an average of seven
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
INFORMATION SECURITY 10 Things You Need to Know About Internet Security Presented by: Steven Blanc IT Security Officer, Bowdoin College Internet Security Versus Internet Safety Security: We must secure
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
Introduction to Computing @ WSU Table of Contents 1 - Information Technology (IT) Security... 2 Information to Remember... 2 2 - Malware... 2 Information to Remember... 3 3 - Firewalls... 3 Information
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
David Watterson & Ross Cavazos Chief Information Officer IT Director City of Billings Yellowstone County Local Government IT Group Vice-Chairmen Classic Battle of Good vs Evil GOOD EVIL Firewall E-Mail
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
FLORIDA ATLANTIC UNIVERSITY IRM NEWS JANUARY 2006 IRM NEWS INSIDE THIS ISSUE: CYBER SECURITY AWARENESS FIREWALLS 1 COMPUTER VIRUSES 2 POP-UPS AND POP- UP BLOCKER ALL ABOUT SPAM 3 YOUR AOL ACCOUNT AND FAU
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer? 1 2 This is the second part of a two-part course on spyware and adware. In this portion of the course we will: Review
Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire
INFORMATION SECURITY BASICS A computer security tutorial for Holyoke Community College I NTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal
Introduction In 2008, mobile devices continue to rapidly replace desktop computers. Mobile devices create easier ways to communicate and work more efficiently while away from the corporate office. In addition,
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
Consumer Choices: Computer Security Software Prepared by: Dave Palmer, Instructional Media Faculty, University of Florida/IFAS Extension, South Central Extension District Laura Royer, Extension Faculty,
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
Threat Protection Tools and Best Practices Objectives 1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders. 2. Threat Vectors Be familiar
You re not as safe as you think Think for a moment: Where do you keep information about your congregants or donors? In an Excel file on someone s desktop computer? An Access database housed on your laptop?
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
Internet Security Why is a strong password important? Identity theft motives: To gain access to resources For the challenge/fun Personal reasons Theft methods Brute forcing and other script hacking methods
1 PREVENTING HIGH-TECH IDENTITY THEFT Presented by The Monument Group Companies Featured speaker: David Floyd November 19, 2014 2 Introduction Preventing Identity Theft (this session) Monitoring for Theft
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
Keeping you and your computer safe in the digital world. After completing this class, you should be able to: Explain the terms security and privacy as applied to the digital world Identify digital threats
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
Securing small business Firewalls Anti-virus Anti-spyware Introduction Due to the phenomenal growth of the Internet in the last decade companies and individuals find it hard to operate without a presence
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
PATRIOT BANK CUSTOMERS Corporate Account Takeover & Information Security Awareness What will be covered! What is Corporate Account Takeover?! How does it work?! Sta9s9cs! Current Trend Examples! What can
Online Security Information ProCredit Bank is committed to protecting the integrity of your transactions and bank account details. ProCredit Bank therefore uses the latest security software and procedures
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
Spyware Linkages to Malware and its Affects A Multi-Layered Approach to Stopping Information Theft Kim Duffy Internet Security Systems Agenda What are the trends? Why should I be concerned? How does Spyware
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
7 Steps to Safer Computing These are the seven essentials: - Use a firewall. - Keep your software up to date. - Use an up to date antivirus program. - Use an up to date anti-spyware program. - Only download
ANTIVIRUS BEST PRACTICES Antivirus Best Practices 1. Introduction This guideline covers the basics on Antivirus Software and its best practices. It will help to have an overall understanding of the subject
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning