Documente Academic
Documente Profesional
Documente Cultură
2007
Backdoor Keyloggers Viruses & Worms Worms Trojans Spyware Rootkits Bots
Tracking Cookies
Not malware Tag containing info, sometimes useful to you No personal info unless offered Cookie storage can be limited May expire Easy to remove
Flash Cookies
Largely unknown, widely used Installed by a Flash plugin Never expire More cumbersome to remove Can send info w/o user permission
Flash Cookies
Widely used including in Extension
Adware
Free software that plays, displays or downloads advertising May be toolbars, search boxes, games, utilities Mostly safe but some is spyware Read privacy policies
Social Engineering
Means: Manipulating people to do things or to divulge confidential information
Phishing
Aim is to steal valuable information such as credit cards, social security numbers, user IDs and passwords Usually done by email Social engineering
Phishing
Often masquerades as legitimate person or business, even government Often contains a threat or consequence E-mail may look genuine, trustworthy Always points to different website than it appears to come from. Legitimate organizations never ask for sensitive information through e-mail
Pharming
Intent is to redirect a legitimate website's traffic to another, nearly identical but bogus website for the purpose of stealing sensitive information.
Scams
Based on social engineering Often appeal to compassion or greed Disasters typically generate large numbers of scams Appear legitimate
Scams
Dont click on links in these e-mails Typically offer something of value, ask for money in advance Nearly impossible to track the monetary transactions Scammers are accomplished social engineers
Scams
Nigerian money fraud scams began in 1997 or before by fax! These scams have spread to 80 countries or more. U.S. and U.K. are major targets
Scam Targets
Dating sites - exploit the victims desire for a companionship Religious sites - seek donations from their victims for worthy cause Social websites exploit personal info
Scams
Estimated annual losses
US - $1-$2 billion UK 150 million pounds Australia - $36 million AUD
Trojans
Programs that masquerade as good programs Can spy, steal information, log keystrokes, download other malware Open backdoors, over write data
Trojans
Cannot reproduce Must be spread by user interaction Many different types of trojans
Virus
Can create files, move files, erase files Can consume memory and cause computer problems Can replicate Can attach to other programs Can travel across networks
Worms
A special type of virus Can replicate itself and use memory Reproduce so fast they overload and shut down entire systems Cannot attach itself to other programs. Spreads mostly by e-mail
Backdoor
Malware that allows access to a computer without knowledge of the users password and user name. Allows attackers easy remote access
Spyware
Purpose is to capture information Email, usernames, passwords, credit card info, etc. Can transmit this information
Rootkit
Help intruders gain access to systems Avoid detection Subversion & evasion May avoid antivirus or antispyware scan
Bots or Zombies
A computer infected with malware, controlled remotely without the knowledge of the user Combined into networks called botnets Rented or sold to criminal interests
Bots or Zombies
Can be used to propagate malware or for cyber attacks Botnets may consist of thousands of machines worldwide Used to send about 80% of all spam and to attack commercial websites and other systems
Bot Network
Intermission
When we return how do we protect our computers and our data?
Backup Data
Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware
Data
Best Practices
Physical computer security Legal agreements - read the fine print Use good passwords Keep passwords safe Use a flash drive capable of read-only Update your operating system (OS) Update your applications
Best Practices
Use a hardware firewall Use a software firewall Use and update security products ie: antispyware, anti-virus, etc. Clean the system regularly Backup system regularly (after cleaning) Suggest using FireFox w/ security plugins
Legal Agreements
A software license agreement is a legal contract between a producer and a purchaser of computer software. Called End User Licensing Agreements (EULA) or Terms of Use (TOU) Privacy Agreements
RoboForm
KeePass
USB Malware
Flash drives banned by US Army in 2008 due to malware and security concerns. An estimated 10% of malware was written to move on a flash drive.
Upgrade vs Update
An upgrade from v2.5 to v2.6 for example is simply a major update Upgrading is taking your vitamins; fixing a hack is open-heart surgery. Matt Mullenweg, founding developer of WordPress
Backup Data
Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software
Data
Firewall Technology
Hardware or software designed and implemented to control the flow of network traffic. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewall Technology
A company will have hundreds of computers that all have network cards connecting them together. One or more computer will have connections to the Internet. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. Company can control how employees connect to Web sites, whether files are allowed to leave the company over the network
Firewall Technology
Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering Proxy service Stateful inspection
Software Firewall
Protects against intrusion scanning or attacks Protects against outbound communication by malware
Outbound Communication
Software Firewall
Use the pre-installed Windows firewall only if you have no other options. Turn it off before installing a better product. If you have the XP operating system you MUST obtain a software firewall DO NOT use XPs firewall.
Software Firewall
Install firewall first, then install other security software antivirus, antispy Do not install multiple software firewalls ZoneAlarm Pro is adequate - $40 Does require system resources
Backup Data
Wireless Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software
Data
Antivirus Software
Many software options Many are free, or free trial
Antivirus Software
Worries for all computer users is the threat of viruses entering their systems Fight against all kinds of malicious attacks and prevent adware, spyware, Trojans and worms from entering into the computer System for analyzing information and then, if it finds that something is infected, it disinfects it Antivirus software acts basically in two ways - Scanning files - Heuristic Approach.
Antivirus Software
Scanning Files
Employs a database of familiar virus code and applies it to compare the files with the known malicious code Database of the antivirus updated so that it can prevent the malicious attacks which are being crafted each and every day. After the match have been detected, Antivirus will take action in three different forms: - Quarantine the file - Repair the infected files - Remove the file
Antivirus Software
The Heuristic Approach
Keeps track of the type of the programs that are executable on a computer Doubtful behavior is identified then a prescheduled range of responses are activated The response can start from asking the owner of the PC how execute the process of deleting the malicious code automatically Protects against latest malware threats that are yet to be identified or registered in the antivirus database.
Security Policy
Security policies are rules that are electronically programmed and stored within security equipment to control such areas as access privileges The policies that are implemented should control who has access to which areas of the network and how unauthorized users are going to be prevented from entering restricted areas The security policy management function should be assigned to people who are extremely trustworthy and have the technical competence required.
In the future, some passwords may be replaced by biometrics, which is technology that identifies users based on physical characteristics, such as finge
Security Policy
Implementation
Identity methods and technologies must be employed to help positively authenticate and verify users and their access privileges. Making sure that certain areas of the network are password protectedonly accessible by those with particular passwords The golden rules, or policies, for passwords are: - Change passwords regularly - Make passwords as meaningless as possible - Never divulge passwords to anyone until leaving the company
Security Policy
Security policy
Digital Certificate
E-commerce has flourished because of the ability to perform secure transactions online using the proper tools. These tools are public key encryption and digital certificates. Public key encryption uses SSL (Secure Sockets Layer) to encrypt all data between the customer's computer and the ecommerce website Anyone can create a website and key pair using a name that doesn't belong to them. This is where digital certificates come in. Digital certificates are trusted ID cards in electronic form that bind a website's public encryption key to their identity for purposes of public trust
Security Policy
Digital Certificate
Digital certificates are issued by an independent, recognized and mutually trusted third party that guarantees that the website operating is who it claims to be. This third party is known as a Certification Authority (CA). Digital certificate contains an entity's name, address, serial number, public key, expiration date and digital signature, among other information. When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review..
Security Policy
Digital Certificate
The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption Digital certificates play an integral role in keeping online commerce safe. If your browser alerts you to a problem with a digital certificate, you are welladvised not to click through. Instead, call the business using a telephone number from your statements or phone book, and inquire as to the problem.
Security Policy
Digital Certificate
Access Control
Access control systems are electronic systems which are designed to control who has access to a network Door which can be locked, limiting people to one side of the door or the other. Access control servers validate the users identity and determine which areas or information the user can access based on stored user profiles Access control systems which span over computer networks are typically administered in a central location, with each user being given a unique identity. An administrator grants access privileges to personnel on a case by case basis, using settings within the administration software.
Encryption
Encryption technology ensures that messages cannot be intercepted or read by anyone other than the authorized recipient Encryption is usually deployed to protect data that is transported over a public network and uses advanced mathematical algorithms to scramble messages and their attachments. All VPN hardware and software devices support advanced encryption technology to provide the utmost protection for the data that they transport.
Encryption
Intrusion Detection
A network-based intrusion detection system (IDS) provides around-the-clock network surveillance An IDS analyzes packet data streams within a network, searching for unauthorized activity, such as attacks by hackers, and enabling users to respond to security breaches before systems are compromised When unauthorized activity is detected, the IDS can send alarms to a management console with details of the activity and can often order other systems, such as routers, to cut off the unauthorized sessions.
Intrusion Detection
Network Scanning
Network scanners conduct detailed analyses of networked systems to compile an electronic inventory of the assets and detect vulnerabilities that could result in a security compromise Allows network managers to identify and fix security weaknesses before intruders can exploit them
Super AntiSpyware
Removes spyware, Adware Trojans, Dialers, Worms, HiJackers, KeyLoggers, Parasites, Rootkits
MalwareBytes
Free version Full version (one time fee of $24.95) includes real-time protection.
Backup Data
Wireless Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software
Data
Data-Only Backup
Dozens of software choices for every budget & free Backs up selected files Typically uses proprietary compression SyncToy Free MS program no compression
Whole-System Backup
Takes an image of the whole system not each file individually Several choices including Acronis, Norton Ghost, others Backup in 15-20 min, restore - 30 min to 1 hr
Virtual PC Products
These programs create a virtual PC within your real PC. When programs run in the virtual PC, they cant make changes to the real PC Requires some technical knowledge Requires extra processing power Extremely safe if the Virtual PC gets infected, simply delete it and create a new one.
Virtual PC Software
Microsoft Windows Virtual PC VMware Connectix Virtual PC Sun VirtualBox
Sandboxie
Creates a small virtual space inside your computer called a sandbox. Can run a program or browser inside the sandbox. Smaller learning curve than a Virtual PC Less processing power needed than a Virtual PC
Commercial Repair CompUSA Geek Squad Local repair shop Etc. You
PC Users Groups
50+ organized groups around the state. Dues avg $25-$35/yr FACUG Fla Assn of Computer User Groups is the umbrella organization - list is at http://www.facug.org/ Members help members w/ problems Attend meetings occasionally build relationships
Disclaimers
Information presented here is based on currently available information. This information changes frequently. No guarantee of accuracy is possible. Hardware, software, companies and techniques discussed are options, not recommendations. You alone are responsible for software and /or hardware choices and use of any techniques. Please read all legal agreements, instructions, user agreements and privacy terms associated with any hardware, software or websites.
Thanks You