View
1.071
Download
0
Category
Tags:
Preview:
DESCRIPTION
Presentation slides for a class in online security at the Socastee South Carolina public library.
Citation preview
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityInternet 303 - Socastee South Carolina Public
Library
Visualization of the various routes through a portion of the Internet
Source: WWW.Wikipedia.Com
A link to and discussion of this presentation on the web can be found on my blog. Go to http:\\WhiteHouseComputing.Blogspot.Com and scroll down if necessary to “Online Security Class”
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths Myth: “Myth: “There is nothing important on my There is nothing important on my
computer, so no attacker would want to access computer, so no attacker would want to access it”it”
Reality:Reality: ““Internet Background Radiation” – a techie Internet Background Radiation” – a techie
term that refers to the constant stream of term that refers to the constant stream of probes and malicious traffic on the internet.probes and malicious traffic on the internet.
Probes are looking for any machine that can Probes are looking for any machine that can be “hijacked” to make money for their be “hijacked” to make money for their hijackers.hijackers.
Spam Robots Spam Robots (spambot)(spambot) ZombiesZombies trained to attack web sites on demand trained to attack web sites on demand
(extortion robots)(extortion robots)
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths
Myth:Myth: “The biggest security threats “The biggest security threats involve hackers who target individual involve hackers who target individual computer users”.computer users”.
Reality:Reality: Many probes are automated. Many probes are automated.
Computers under program control can Computers under program control can probe other computers much faster probe other computers much faster than computers under human control than computers under human control can.can.
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityCommon Computer Security MythsCommon Computer Security Myths Myth:Myth: “Paying bills online increases the risk “Paying bills online increases the risk
of identity theft”. of identity theft”. Reality:Reality:
Communication from the browser can be secure Communication from the browser can be secure encryptedencrypted
LOOK for the LOCKLOOK for the LOCK Either bottom right or just to the right of the Either bottom right or just to the right of the
address entry window depending on browser address entry window depending on browser and browser versionand browser version
AND look for AND look for httpshttps instead of instead of httphttp in the in the addressaddress
For example: For example: https://WWW.Chase.Comhttps://WWW.Chase.Com
However – above assumes no However – above assumes no keylogers on your machinekeylogers on your machine
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of ThreatsTypes of Threats
AnnoyancesAnnoyances SpamSpam AdwareAdware
DangerousDangerous SpywareSpyware VirusVirus PhishingPhishing
EnablerEnabler TrojanTrojan BackdoorBackdoor
MALWARE
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - AnnoyancesTypes of Threats - Annoyances
Spam – AKA Unwanted, Unsolicited Junk Spam – AKA Unwanted, Unsolicited Junk EmailEmail Clogs your email inboxClogs your email inbox Can be dangerousCan be dangerous
Can lead you to dangerous websitesCan lead you to dangerous websites Example – sites that attempt to exploit unpatched bugs Example – sites that attempt to exploit unpatched bugs
in your browser to insert “in your browser to insert “backdoorbackdoor” or other malware ” or other malware in your systemin your system
Adware – Software that delivers targeted Adware – Software that delivers targeted advertisements to your computeradvertisements to your computer
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
SpywareSpyware “is a type of “is a type of malwaremalware that is that is installed surreptitiously on personal installed surreptitiously on personal computers to collect information about computers to collect information about users, their computer or browsing habits users, their computer or browsing habits without their informed consent.” without their informed consent.” Wikipedia. (Wikipedia. (SpywareSpyware))
Can simply record information about your Can simply record information about your browsing habits to guide Adware in delivering browsing habits to guide Adware in delivering ads ORads OR
Worst case: Keylogger – can record your Worst case: Keylogger – can record your keyboard keystrokes and transmit them over the keyboard keystrokes and transmit them over the InternetInternet
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
Virus “A Virus “A computer viruscomputer virus is a computer is a computer program that can copy itself and infect a program that can copy itself and infect a computer without the permission or computer without the permission or knowledge of the owner.” knowledge of the owner.” WikipediaWikipedia
How is it spread?How is it spread? Email attachmentEmail attachment Visiting a malicious website with an unpatched Visiting a malicious website with an unpatched
buggy browserbuggy browser Infected files on any portable media (thumb drives, Infected files on any portable media (thumb drives,
CDs, floppys, etc)CDs, floppys, etc) Over a network when file sharing is too broadly set Over a network when file sharing is too broadly set
upup
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
Virus – How Can You Protect Yourself?Virus – How Can You Protect Yourself? Install an Install an antivirus program antivirus program on your on your
computercomputer Two parts of an Antivirus program defenseTwo parts of an Antivirus program defense
The program itselfThe program itself Understands basic look and feel of generic computer Understands basic look and feel of generic computer
virusvirus Can also read and understand specific descriptions of Can also read and understand specific descriptions of
specific virus family and virusspecific virus family and virus Descriptions of specific virus and virus familiesDescriptions of specific virus and virus families
New descriptions need to be downloaded to your New descriptions need to be downloaded to your computer on a continuing basis. computer on a continuing basis.
In commercial software, there is an annual fee for In commercial software, there is an annual fee for subscription. When your subscription runs out, NEW subscription. When your subscription runs out, NEW descriptions stop being downloaded.descriptions stop being downloaded.
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
Virus – How Can Virus – How Can You Protect You Protect Yourself?Yourself? See handout for See handout for
examples of good examples of good antivirus antivirus software.software.
For another For another source go to source go to
WWW.PCMag.CoWWW.PCMag.Comm
Select Reviews here
Enter Antivirus in the search box here
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
PhishingPhishing “is the criminally fraudulent “is the criminally fraudulent process of attempting to acquire sensitive process of attempting to acquire sensitive information such as usernames, passwords information such as usernames, passwords and credit card details by masquerading as and credit card details by masquerading as a trustworthy entity in an electronic a trustworthy entity in an electronic communication.” communication.” WikipediaWikipedia
Fraudulent email scares you into clicking a link Fraudulent email scares you into clicking a link in the email taking you to a site that LOOKS in the email taking you to a site that LOOKS like a real bank (for example) but is notlike a real bank (for example) but is not
Fraud site asks for userid password account number Fraud site asks for userid password account number etcetc
Phishing
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
Phishing – How to Avoid Being Phishing – How to Avoid Being FooledFooled Avoid following links in emailsAvoid following links in emails
If you do and the site wants info DO NOT If you do and the site wants info DO NOT GIVE ITGIVE IT
Banks, Brokerage Houses, etc WILL Banks, Brokerage Houses, etc WILL NOT ASK YOU VIA EMAIL TO VERIFY NOT ASK YOU VIA EMAIL TO VERIFY INFORMATIONINFORMATION If they seem to be doing that IT IS A FRAUDIf they seem to be doing that IT IS A FRAUD
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityTypes of Threats - DangerousTypes of Threats - Dangerous
Four RulesFour Rules1. Run Windows Update – plug the holes that let the gunk in
For Virus and Spyware gunk that gets in anyway…
2. Install and run Anti Virus software – keep subscription current
3. Install and run AntiSpyware software–keep subscription current
4. Run a Firewall 1. Start
2. Control Panel
3. Security Center
4. Windows Firewall
5. On
Note – assumes you are not running a different firewall already
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityFirewallsFirewalls
Prevent unauthorized entry from outside Prevent unauthorized entry from outside Can be hardwareCan be hardware
Routers include a NAT firewall preventing Routers include a NAT firewall preventing unauthorized entry from outside but not unauthorized entry from outside but not necessarily reporting or preventing rogue necessarily reporting or preventing rogue applications inside your computer from applications inside your computer from communicating outboundcommunicating outbound
Can be software ( Windows firewall, Can be software ( Windows firewall, ZoneAlarm)ZoneAlarm) Software firewalls can/will prevent unauthorized Software firewalls can/will prevent unauthorized
outbound communication toooutbound communication too
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityFirewallsFirewalls
How Secure is Your Firewall?How Secure is Your Firewall? Major corporations have their firewalls Major corporations have their firewalls
intentionally probed periodically by a intentionally probed periodically by a security service to test them.security service to test them. You can do the same thing at the “Shields You can do the same thing at the “Shields
Up” site located at Up” site located at https://www.grc.com/x/ne.dll?bh0bkyd2https://www.grc.com/x/ne.dll?bh0bkyd2
NOTENOTE the above site DOES NOT scan your the above site DOES NOT scan your machine for malware of any sort. It machine for malware of any sort. It provides only a test of your firewall (or lack provides only a test of your firewall (or lack thereof) and its ability to block intrusion.thereof) and its ability to block intrusion.
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityFirewallsFirewalls
LaptopsLaptops If you depend on the hardware firewall at If you depend on the hardware firewall at
home, you need to be sure you have a software home, you need to be sure you have a software firewall running on your laptop if you take it firewall running on your laptop if you take it out of your house to connect from another out of your house to connect from another location. If you have file and printer sharing location. If you have file and printer sharing turned on (to share files with other computers turned on (to share files with other computers in you house) TURN IT OFF before connecting in you house) TURN IT OFF before connecting to a public WiFi hotspot or someone else’s to a public WiFi hotspot or someone else’s hard wired LAN because you will be hard wired LAN because you will be behind behind their firewalltheir firewall sharing sharing youryour files with files with themthem
Socastee SC Library
Computer EducationWhiteHouseComputing
Online SecurityOnline SecurityInformation SourceInformation Source
WWW.OnguardOnline.GovWWW.OnguardOnline.Gov ““a partnership between the FTC, other a partnership between the FTC, other
federal agencies, and the technology federal agencies, and the technology industry -- offers tips to help you be on industry -- offers tips to help you be on guard against Internet fraud, secure guard against Internet fraud, secure your computer, and protect your your computer, and protect your personal information. “ personal information. “ Federal Trade Federal Trade Commission web siteCommission web site
Socastee SC Library
Computer EducationWhiteHouseComputing
The End The End
Recommended