Computer Security Literacy

Transcription

1 Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A CHAPMAN & HALL BOOK

2 Contents Preface, xv About the Authors, xxiii Chapter 1 What Is Information Security? INTRODUCTION HOW MUCH OF OUR DAILY LIVES RELIES ON COMPUTERS? SECURITY TRUISMS BASIC SECURITY TERMINOLOGY CYBER ETHICS THE PERCEPTION OF SECURITY THREAT MODEL SECURITY IS A MULTIDISCIPLINARY TOPIC SUMMARY 17 BIBLIOGRAPHY 19 Chapter 2 Introduction to Computers and the Internet INTRODUCTION COMPUTERS Hardware Operating Systems Applications Users 25 v

3 vi Contents 2.3 OPERATION OF A COMPUTER Booting a Computer Running an Application Anatomy of an Application OVERVIEW OF THE INTERNET Protocols Internet Addressing Internet Protocol Addresses Public versus Private IP Addresses Finding an IP Address Domain Name Service Network Routing World Wide Web COMPUTERS AND THE INTERNET SECURITY ROLE-PLAYING CHARACTERS SUMMARY 54 BIBLIOGRAPHY 56 Chapter 3 Passwords Under Attack INTRODUCTION AUTHENTICATION PROCESS PASSWORD THREATS Bob Discloses Password Social Engineering Key-Logging Wireless Sniffing Attacker Guesses Password Exposed Password File Security Questions Stop Attacking My Password STRONG PASSWORDS Creating Strong Passwords 77

4 Contents vii 3.5 PASSWORD MANAGEMENT: LET'S BE PRACTICAL SUMMARY 84 BIBLIOGRAPHY 86 Chapter 4 Security INTRODUCTION SYSTEMS Message Transfer Agent User Agents Addressing Message Structure SECURITY AND PRIVACY Eavesdropping Spam and Phishing Spoofing Malicious Attachments Replying and Forwarding To, Carbon Copy, and Blind Carbon Copy SUMMARY 102 BIBLIOGRAPHY 103 Chapter 5 Malware: The Dark Side of Software INTRODUCTION WHAT IS MALWARE? HOW DO I GET MALWARE? Removable Media Documents and Executables Internet Downloads Network Connection Attachments Drive-By Downloads Pop-Ups Malicious Advertising 120

5 viii Contents 5.4 WHAT DOES MALWARE DO? Malicious Adware Spyware Ransomware Backdoor Disable Security Functionality Botnets SUMMARY 124 BIBLIOGRAPHY 126 Chapter 6 Malware: Defense in Depth INTRODUCTION DATA BACKUP FIREWALLS Function of a Firewall What Types of Malware Does a Firewall Protect Against? Two Types of Firewalls Putting a Hole in a Firewall Firewalls Are Essential SOFTWARE PATCHES Patch Tuesday and Exploit Wednesday Patches Are Not Limited to Operating Systems Zero-Day Vulnerabilities Just Patch it ANTIVIRUS SOFTWARE Antivirus Signatures Function of Antivirus Software Antivirus Limitations False Positives and False Negatives Sneaky Malware Antivirus Is Not a Safety Net 149

6 Contents ix 6.6 USER EDUCATION SUMMARY 151 BIBLIOGRAPHY 153 Chapter 7 Securely Surfing the World Wide Web INTRODUCTION WEB BROWSER Web Browser and Web Server Functions Web Code HTML: Images and Hyperlinks File and Code Handling Cookies "HTTP SECURE" WEB BROWSER HISTORY SUMMARY 177 BIBLIOGRAPHY 179 Chapter 8 Online Shopping INTRODUCTION CONSUMER DECISIONS Defense in Depth Credit Card versus Debit Card Single-Use Credit Cards Passwords Do Your Homework SPYWARE AND KEY-LOGGERS WIRELESS SNIFFING SCAMS AND PHISHING WEBSITES Indicators of Trust MISUSE AND EXPOSURE OF INFORMATION Disclosing Information Audit Credit Card Activity 190

7 x Contents 8.7 SUMMARY 190 BIBLIOGRAPHY 191 Chapter 9 Wireless Internet Security INTRODUCTION HOW WIRELESS NETWORKS WORK WIRELESS SECURITY THREATS Sniffing Unauthorized Connections Rogue Router Evil Twin Router PUBLIC WI-FI SECURITY WIRELESS NETWORK ADMINISTRATION Default Admin Password Service Set Identifier Wireless Security Mode MAC Address Filtering Firewall Power Off Router SUMMARY 209 BIBLIOGRAPHY 211 Chapter 10 Social Networking INTRODUCTION CHOOSE YOUR FRIENDS WISELY Access Control Friend Gluttony Relative Privacy Why Do You Want to Be My Friend? INFORMATION SHARING Location, Location, Location What Should I Not Share? 219

8 Contents xi Opt In versus Opt Out Job Market MALWARE AND PHISHING Koobface Applications Hyperlinks Phishing SUMMARY 228 REFERENCES 229 Chapter 11 Social Engineering: Phishing for Suckers INTRODUCTION SOCIAL ENGINEERING: MALWARE DISTRIBUTION Instant Messages Fake Antivirus s Phone Calls PHISHING Phishing s No Shame Game Other Types of Phishing DETECTING A PHISHING URL Reading a URL Protocol Top-Level Domain Name Domain Name Subdomain Name File Path File APPLICATION OF KNOWLEDGE Tools of the Trade SUMMARY 256 BIBLIOGRAPHY 257

9 xii Contents Chapter 12 Staying Safe Online: The Human Threat INTRODUCTION THE DIFFERENCES BETWEEN CYBERSPACE AND THE PHYSICAL WORLD CONSIDER THE CONTEXT: WATCH WHAT YOU SAY AND HOW IT IS COMMUNICATED WHAT YOU DO ON THE INTERNET LASTS FOREVER NOTHING IS PRIVATE, NOW OR IN THE FUTURE CAN YOU REALLY TELL WHO YOU ARE TALKING WITH? CAMERAS AND PHOTO SHARING I AM A GOOD PERSON, THAT WOULD NEVER HAPPEN TO ME IS THERE ANYTHING I CAN DO TO MAKE THE INTERNET A SAFER PLACE FOR MY CHILD? 271 BIBLIOGRAPHY 272 Chapter 13 Case Studies INTRODUCTION UNABLE TO REMOVE MALWARE: HELP! SECURELY HANDLING SUSPICIOUS ATTACHMENTS RECOVERING FROM A PHISHING ATTACK ACCOUNT HACKED? NOW WHAT? SMART PHONES AND MALWARE HEY! YOU! GET OFF MY WIRELESS NETWORK BAD BREAKUP? SEVER YOUR DIGITAL TIES "DISPLAY IMAGES BELOW"? THE MEANING BEHIND THE QUESTION PHISHING FORENSICS IT'S ON THE INTERNET, SO IT MUST BE TRUE BUYING AND SELLING ONLINE 294 BIBLIOGRAPHY 295

10 Contents xiii Chapter 14 Moving Forward with Security and Book Summary INTRODUCTION AFTER THE COMPLETION OF THE BOOK DEFENSE-IN-DEPTH TASKS CHAPTER SUMMARIES 300 Chapter 1: Introduction 300 Chapter 2: Computers and the Internet 300 Chapter 3: Passwords 301 Chapter 4: 301 Chapter 5: Malware 302 Chapter 6: Malware Defense 303 Chapter 7: Securely Surfing the Web 303 Chapter 8: Online Shopping 303 Chapter 9: Wireless Internet Security 304 Chapter 10: Social Networking 304 Chapter 11: Social Engineering: Phishing for Suckers 305 Chapter 12: Staying Safe Online: The Human Threat 305 Chapter 13: Case Studies 306 GLOSSARY, 307 APPENDIX A: READING LIST, 315 APPENDIX B: BASICS OF CRYPTOGRAPHY, 319 APPENDIX C: WEB SURFING SECURITY TECHNOLOGIES, 333