Embed Size (px)
DESCRIPTION
Citation preview
www.techdata.com
Jim Coffman CISSP, CSSA, CCSA, MCSESecurity Engineer
Computer Security @ Home
2
Ever felt like the world is after you?Ever felt like the world is after you?
3
Trouble just comes out of nowhere?
4
A new danger at every corner?
5
Or “pack” of dangers
6
It’s the little things that will save you.
7
A little extra effort can make the difference!A little extra effort can make the difference!
8
1. It’s A Brave New World . . .1. It’s A Brave New World . . .
2. And It Can Be A Scary Place 2. And It Can Be A Scary Place
3. Ways to Protect Yourself Today3. Ways to Protect Yourself Today
AgendaAgenda
4. Security On A Tight Budget4. Security On A Tight Budget
5. Where To Go For Hope5. Where To Go For Hope
9
It’s A Brave New World . . .
9
10
The “Good Ol’ Days”
Source: http://nric.org
11
The “New World” . . . (at least as of 1998)
Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html
12
Forget Online Banking – I’ll do it myselfForget Online Banking – I’ll do it myself
13
Things are not always as they seemThings are not always as they seem
Second scanner over original captures your account information.
14
Fraud – But don’t they need my PIN?Fraud – But don’t they need my PIN?
15
Fraud – yes, they need your PIN . . .Fraud – yes, they need your PIN . . .
Things are not always as they appear.
16
And It Can Be A Scary Place
16
17
Computer Security Computer Security
Computer Security is everyone’s problem.
86% of all attacks are aimed at home users, not corporate users.*
Trojans and Worms don’t care who you are, they just know you as an IP address.
* Symantec Internet Security Threat Report 10, Sept. 2006
18
You are valuable . . .You are valuable . . .
Your personal identity & financial information are valuable to hackers;
so they want to infect you with a keystroke logger Trojan.
Your system can be used as a zombie to further their DDOS attacks;
so they want to infect you via mass mailing worms.
19
You are valuable . . .You are valuable . . .
They are counting on gullible end users buying junk online;
so they come at you with SPAM and Phishing attacks.
And then some of these people are just plain sick in the head;
so they try to “engage” our children online.
20
You are vulnerable . . .You are vulnerable . . .
What is the AVERAGE lifespan of an unprotected PC on the Internet before it is attacked AND compromised?
. . . 4 . . .minutes.
Some machines were compromised in as little as 30 seconds.
Source November 2004 study by Kevin Mitnick and AvantGarde
21
Worms & VirusesWorms & Viruses
22
Danger Will Robinson!!Danger Will Robinson!!
Viruses and Worms can carry the same “payload” or destructive result.
– Create new accounts or delete existing accounts– Open back doors to future malware programs– Erase Hard drives – Delete Files– Change data files – Change users rights– Commit attacks on other systems – Disable Antivirus or other security software– Capture and transmit passwords and logins to remote hacker
There are well over 60,000 known viruses and 400 new ones are created every month.
23
OutbreakOutbreak
Worms spread across networks, like the Internet which is just a big network.
Worms can spread worldwide in minutes which does not give antivirus software companies enough time to update their antivirus signatures.
Many of the new viruses / worms know how to turn off your security software.
24
Example: W32.BugbearB@mm - a mass mailing wormExample: W32.BugbearB@mm - a mass mailing worm
Spread across networks shutting down the following security programs on all systems
Zonealarm.exe Wfindv32.exe Webscanx.exe Vsstat.exe Vshwin32.exe Vsecomr.exe Vscan40.exe Vettray.exe Vet95.exe Tds2-Nt.exe Tds2-98.exe Tca.exe Tbscan.exe Sweep95.exe Sphinx.exe Smc.exe Serv95.exe Scrscan.exe Scanpm.exe Scan95.exe Scan32.exe Safeweb.exe Rescue.exe Rav7win.exe Rav7.exe Persfw.exe Pcfwallicon.exe Pccwin98.exePavw.exe Pavsched.exe Pavcl.exe Padmin.exe Outpost.exe Nvc95.exe Nupgrade.exe Normist.exe Nmain.exe
Nisum.exe Navwnt.exe Navw32.exe Navnt.exe Navlu32.exe Navapw32.exe N32scanw.exe Mpftray.exe Moolive.exe Luall.exe Lookout.exeLockdown2000.exe Jedi.exe Iomon98.exe Iface.exe Icsuppnt.exe Icsupp95.exe Icmon.exe Icloadnt.exe Icload95.exe Ibmavsp.exe Ibmasn.exe Iamserv.exe Iamapp.exe Frw.exe Fprot.exe Fp-Win.exe Findviru.exe F-Stopw.exe F-Prot95.exe F-Prot.exe F-Agnt95.exe Espwatch.exe Esafe.exe Ecengine.exeDvp95_0.exe Dvp95.exe Cleaner3.exe Cleaner.exeClaw95cf.exe Claw95.exe Cfinet32.exe Cfinet.exe Cfiaudit.exe Cfiadmin.exe Blackice.exe Blackd.exeAvwupd32.exe Avwin95.exe Avsched32.exe Avpupd.exeAvptc32.exe Avpm.exe Avpdos32.exe Avpcc.exe Avp32.exe Avp.exe Avnt.exe Avkserv.exeAvgctrl.exe Ave32.exe Avconsol.exe Autodown.exe Apvxdwin.exe Anti-Trojan.exe Ackwin32.exe Avpm.exe
25
Is that all it did?Is that all it did?
Places itself in the startup folder to auto-execute when your PC reboots
Searches for addresses in email program databases then launches it’s own email server and mails a virus laden email to every address it found on your system
Creates a back door on your PC for the hacker to get back on your system
Captures keystrokes and send them back to the hacker
26
SPAM & PHISHINGSPAM & PHISHING
27
“Phishing”“Phishing”
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
Hackers have used emails that appear to be from Microsoft, Ebay, Paypal, AOL and every imaginable bank.
The language and graphics can be very convincing.
"Due to your inactivity your account has been put On Hold. To remove this status you have to Log In to your account and review Discover Privacy Policy."
28
29
30
31
SPYWARESPYWARE
32
What harm can it do?What harm can it do?
Beyond the invasion of privacy…
Spyware can also negatively impact your system’s performance to the point where your system crashes and becomes unusable.
Spyware can transmit data about your systems vulnerabilities back to hackers.
Spyware often hijacks your browser’s start page or floods you with pop-ups.
33
So what’s a Trojan / RAT?So what’s a Trojan / RAT?
A program that you download or someone sends you.
It’s supposed to be: • Cool New Game! • Beautiful Screensaver• Hot Song or Movie• Great Utility, etc, etc, etc …
When you launch it, the program may do something cool but it also infects your machine.
34
What do they do?What do they do?
Transmit back to the hacker letting him know your PC is now infected and listening.
Captures and transmits every thing you type
back to the hacker.
Allows the hacker to take remote control of your PC including searching your drive and viewing what you see on your screen.
Ways to Protect Yourself Today
35
36
Ways to protect yourself TODAYWays to protect yourself TODAY
Keep your Operating System patches up to date.
Install Antivirus and keep it up to date.
Install Spyware software.
Use a hardware based firewall
Use complex passwords and if you must record the passwords, do it off-line or encrypt them.
37
Ways to protect yourself TODAYWays to protect yourself TODAY
Use caution when opening and responding to emails even from known parties.
Use caution when downloading files from sources that are not very well known.
Jealously guard your personal data.
Use a credit card with a small credit line for online purchases.
38
Ways to protect yourself TODAYWays to protect yourself TODAY
Read those license agreements – some actually state that you will accept undesirable spyware.
Turn your computers off when not in use, especially at night.
Keep backups of your valuable data on read only, offline media like CD, DVD or tape.
Don’t email personal data. It is usually an insecure transmission medium.
39
Ways to protect yourself TODAYWays to protect yourself TODAY
Do NOT post your email address on web sites or in public newsgroups. Spammers use spiders to scour web sites and harvest those addresses.
If you must publish an email address, use a secondary address, not the one you want friends and family to use.
40
Don’t trust phone calls or emails asking you to provide personal information such as account numbers, user names, logins, passwords or birth dates. Reputable administrators NEVER EVER ask for passwords; they can reset your account password for you without needing to know your old password.
Pay close attention to the URLs you are taken to. Simple changes in names can lead you to a hacker site.
WWW.DlSC0VERCARD.COM -> What’s wrong?
Fraud TipsFraud Tips
41
Ways to protect yourself TODAYWays to protect yourself TODAY
DO NOT REPLY TO SPAM EMAILS! ! !
Attempting to “unsubscribe” just confirms to the Spammer that there is a live human being at that email address so they SPAM you more!!
Replying to the email also confirms to the spammer that your ISP is not doing a good job filtering emails so they will spam your ISP. (Internet Service Provider)
42
Ways to protect yourself TODAYWays to protect yourself TODAY
Do not click on web site links in spam! This will confirm you address and likely take you to a bogus, hacker run web site.
Do not even open the spam email as it could contain imbedded attacks like Active X, Java, VBScript that auto execute.
Obviously, do not BUY anything from them.
CYA without $$$
43
44
Words of WisdomWords of Wisdom
Remember that “good” security NOW
is better than “perfect” security NEVER.
So . . . start by addressing the cheapest, easiest and fastest steps to implement.
45
CYA without the $$$CYA without the $$$
• Security software doesn’t need to break the bank
46
Security FreewareSecurity Freeware
• FIREWALL / UTM– Windows Firewall Installed with Windows XP Service Pack 2– Zone Alarm http://www.zonelabs.com– Kerio http://www.sunbelt-software.com/kerio.cfm– Comodo http://www.personalfirewall.comodo.com/
• ANTI-VIRUS– Grisoft AVG http://free.grisoft.com/doc/1– Avast http://www.avast.com/eng/download-avast-home.html– ClamWin http://www.clamwin.com/– Antivir http://www.free-av.com
• SPYWARE– Lavasoft Ad-aware http://www.lavasoft.de/software/adaware/– Javacool Spyware Blaster / Guard http://www.javacoolsoftware.com– Spybot Search & Destroy http://spybot.safer-networking.de/en/– Grisoft ewido
http://free.grisoft.com/doc/ewido-anti-spyware-free/lng/us/tpl/v5– Sophos RootKit Eliminator http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
• WEB BROWSING TOOLS:– McAfee Site Advisor http://www.siteadvisor.com/– ShieldsUp Online Test www.grc.com– HackerWhacker http://www.hackerwatch.org/probe/
47
Security FreewareSecurity Freeware
• SPAM: Use primary email account for friends and a second free email account for online surfing / shopping.– K9 http://www.keir.net/k9.html– SpamBayes http://spambayes.sourceforge.net/– Despammed www.despammed.com– SpamAssassin http://spamassassin.apache.org/
• PHISHING TOOLBARS:– Netcraft http://toolbar.netcraft.com/– Earthlink http://www.earthlink.net/software/free/toolbar/– PhishGuard http://www.phishguard.com/default.htm– Spoofstick http://www.spoofstick.com/– CallingID http://callingid.com/Default.aspx
• VARIOUS:– Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Where To Go For Help
48
49
Best Places for More InformationBest Places for More Information
• BEWEBAWARE.org• CERT.org/homeusers• CERT.org/tech_tips/home_networks• GETNETWISE.org• FIREWALLGUIDE.org• MICROSOFT.com/athome/security• PCWORLD.com• PCMAGAZINE.com• SANS.org/rr/whitepapers/hsoffice• STAYSAFEONLINE.info• US-CERT.gov
50
Best Places for More InformationBest Places for More Information
• SpywareWarrior.com• Antiphishing.org• FTC.gov• PCMagazine & PCWorld• Microsoft.com• Symantec.com/athome/security• hhi.corecom.com/phishing.htm• theregister.co.uk/security• Phishinginfo.org• CoreStreet.com/spoofstickFirewallguide.com• Firewallguide.com/anti-virus• Anti-Virus-Software-Review.com• HackFix.org• Tom-Cat.com/security• PracticallyNetworked.com
51
52
Evolution of a PasswordEvolution of a Password
• Examples:– Favorite Singer?
Frank Sinatra
Fr@nk Sin@tr@
Fr@nk 5!n@tr@
53
Evolution of a PasswordEvolution of a Password
• Examples:– Favorite Nursery Rhyme?
Humpty Dumpty sat on a wall.
HDsoawall
HDso@w@ll
HDs0@w@11
54
Evolution of a PasswordEvolution of a Password
• Examples:– Favorite Sports Team?
Raiders
R@iders
R@|der5
55
Why use 1 defense when you can use 3?Why use 1 defense when you can use 3?
Indiana Jones
• Open Pits
• Stone Doors
• Trick Floor Tiles
• Poison Darts
• Spikes
• Rolling Boulders
56
Why use 1 defense when you can use 3?Why use 1 defense when you can use 3?
Banks• Bars
• Cameras
• Locks / Safes
• Guards with Guns
• Bullet Proof Glass
• Insurance / FDIC
• Dye Packs
• Mantraps
• Alarms
