Your SlideShare is downloading. ×
Best presentation about computer security (for individuals, families, and small business owners)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Best presentation about computer security (for individuals, families, and small business owners)

7,088
views

Published on

Think of this presentation as the driver training course you never had - for the Internet. A companion book ( 200 pages), available on Amazon, provides all the details, links to the best free security …

Think of this presentation as the driver training course you never had - for the Internet. A companion book ( 200 pages), available on Amazon, provides all the details, links to the best free security software, and much more. You can buy the book on Amazon at http://www.amazon.com/dp/B006UIVA9G/
The most comprehensive treatment of the subject.

Published in: Education, Technology, Business

1 Comment
1 Like
Statistics
Notes
  • Hello my dear
    I am Modester by name good day. i just went to your profile this time true this site (www.slideshare.net) and i got your detail and your explanation in fact the way you explain your self shows me that you are innocent and maturity and also understand person i decided to have a contact with you so that we can explain to our self each other because God great everyone to make a friend with each other and from that we know that we are from thism planet God great for us ok my dear please try and reach me through my email address (modester4life2@yahoo.com) so that i can send you my picture true your reply we can know each other ok have a nice day and God bless you yours Modester
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
7,088
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
118
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Preface xiA book and a web site xiiiAbout the Author xivIntroduction xvOrganized crime discovers the Internet xviHackers out of the open and into the shadows xviiiInformation leaks you can’t control xixSummary xxCHAPTER 1: Personal information - risks and impact of exposure 1Information you should protect 2Dangers of the internet 4Some people are at more risk than others 8Information people share on Social Networks 10CHAPTER 2: Make it safe at home 12Introduction 13Secure physical documents and devices 14Know your malware 17Implement anti-virus scanning 21Implement a backup strategy for your systems and data 22Use firewalls to keep intruders out 28Lock down your home network 31Filter undesirable internet content with a HOSTS file 33Choose your DNS provider 37Make your system a less vulnerable target 38Get smart about passwords 43Use encryption 51Protect physical ports on your computer 55Keep your software up to date 57Keep your system clean and running smoothly 59Select a browser and security add-ons 61CHAPTER 3: Security while out and about 66Be vigilant when on the go 66Take precautions on public (WiFi) networks 67Don’t do anything important on public computers 68Use Virtual Private Networking (VPN) 70CHAPTER 4: Plan ahead 73Make your computing devices repair ready 73Prepare for computer disposal 74Prepare for loss or theft 76CHAPTER 5: Ignorance is risk, not bliss 79Browser and URL fundamentals 79Links on a page 84Phishing attacks 85Phony alerts 88Important Frequently Asked Questions (FAQs) 90Better ways to share files 91Opt out on background checks 95CHAPTER 6: Highest risk activities 99Perils of Social Networking 99viii ContentsUsing webmail and email 103Gaming and gambling online 107Sharing files on and off-line 108Investing on and off-line 111Viewing adult content on-line 115CHAPTER 7: Medium risk activities 117Using the classifieds on-line 117Participating in auctions on-line 119Finding a date on-line 126Buying health care products on and off-line 129Seeking debt relief on and off-line 133Job hunting on-line 136CHAPTER 8: Lowest risk activities 138Using search engines 138Banking on-line 139Shopping on-line 140Voice communications 143Following the news 144Accessing entertainment and education 145CHAPTER 9: Call to action 146Setup your system 147Plan for emergency data access 151Teach your children well 161Perform scheduled maintenance 163Perform scheduled account and credit monitoring 165Create your security calendar 167
  • Transcript

    • 1. Best Presentation about Computer Security Protect yourself, because no one else can A new e-book, available now at amazon.comCopyright 2012 – AmigOmega Publishing
    • 2. About this book • Introduction • A book and a web siteCopyright 2012 – AmigOmega Publishing
    • 3. Introduction - in this presentation, we will: • Frighten, Enlighten, Entertain, and hopefully . . . Inspire you to stop being apathetic about security So that you, and your family members can use the internet with greater confidence and safety • Specifically, we will: • Recommend specific technical solutions for improved protection of personal data assets • Identify security and privacy risks • Identify the best means of avoiding threats entirely Provide something you can implement as soon as you get home.Copyright 2012 – AmigOmega Publishing
    • 4. A book and a web site • Website • 564738.com • This slide presentation • Additional resources • e-book • Detailed information related to each slide • Additional insight and guidance • Inexpensive (no printing, distribution, inventory, etc.) • Live links to software, etc.) • Available everywhere • If in print, 200 pages long Read more than 1 million Kindle e-books on your PC or Mac with a free reader app from Amazon. You do not need a physical e-reader to read an e-book. Click on this link: (for the PC reader)Copyright 2012 – AmigOmega Publishing
    • 5. 1. The Internet new normal 1. Introduction 2. Organized crime discovers the Internet 3. Hackers out of the open and into the shadows 4. Information leaks you can’t control 5. SummaryCopyright 2012 – AmigOmega Publishing
    • 6. 1.1 Introduction • Windows XP, once the most wide spread personal computer Operating System, was released in August of 2001. • Security features were limited and could only be implemented by trained IT professionals in large organizations. • The Internet was young. Security protocols didn’t yet exist, so there was no buying and selling going on. The few web sites that existed were largely static. • Apple was struggling to compete with the Microsoft and Intel • There were no e-book readers, tablet computers, or smartphones • Over the next decade, along came … great changes, and not all for the better.Copyright 2012 – AmigOmega Publishing
    • 7. 1.2 Organized crime discovers the Internet • 65% of 70,000 participants in a recent survey had been personally victimized by cybercrime. • Only 44% reported the crimes to law enforcement • No faith that anything will be done if they do report it. • Don’t want to spend even more of their time filling out forms • Don’t want others to know they were victimized because they think it makes them look weak or stupidCopyright 2012 – AmigOmega Publishing
    • 8. Growth in malware In the first three months of 2011, PandaLabs said it had identified an average of 73,000 new malware strains each day, a 26% increase from the same period the previous year Visiongain research shows that the number of mobile malware more than doubled in 2011 from 2010 with over 200 new variants in the first half of 2011 alone, out of a total of 800 since 2003. By 2016, Visiongain expects that almost every employee will have a smartphone that supports e-mail, can access the internet and install a variety of applications.Copyright 2012 – AmigOmega Publishing
    • 9. Growth in malicious web sites In the first quarter of 2011, an average of 8,600 new bad sites per day were recorded In addition to websites with bad reputations, included in this chart are sites that host malware, potentially unwanted programs, and phishing sites Source: McAfee Threats Report: First Quarter 2011Copyright 2012 – AmigOmega Publishing
    • 10. 1.3 Hackers out of the open and into the shadows • Hackers used to code for fun and notoriety among peers • They gained notoriety because others noticed their work • Recently, hacking has become a way to earn a living – through criminal profit – off the backs of others • Malware writers now add stealth features to their programs • The objective: for you to never know (until it is too late)Copyright 2012 – AmigOmega Publishing
    • 11. 1.4 Information leaks you can’t control Data under your control Not • In your files at home (paper) • With your employer • In your wallet or purse • With the government and utilities • On your computer • With your credit providers • On external storage devices • With places you shop (in person or online) • On your smart phone • With your health-care providers • In your memory • With your insurance company • With your ESP (Email service provider) and SNP (Social network provider) • In the air • With your DNS and Search providers • Somewhere in the Internet cloud? • And everyone else they share it with, intentionally or otherwiseCopyright 2012 – AmigOmega Publishing
    • 12. 1.5 Summary Climate change Internet Crime anotherinconvenienttruthCopyright 2012 – AmigOmega Publishing
    • 13. 2. Personal information risks 1. Introduction 2. Information you should protect 3. Dangers of the Internet 4. Some people are more at risk than others 5. Information people share on social networksCopyright 2012 – AmigOmega Publishing
    • 14. 2.1 Introduction • The is no such thing as 100% protection • You do not have to spend much money to get good protection • Protection is a fallback. Avoidance is the first line of defense Protection AvoidanceCopyright 2012 – AmigOmega Publishing
    • 15. 2.2 Information you should protect • With your credit or debit card data, thieves can purchase products and services. • If they have your PIN code (that goes with your card data), they can withdraw cash from your account . • With your Social security number, home address, and date of birth, they may be able to obtain a drivers license replacement and open new accounts in your name. They can then run up the charges, and disappear. • With your bank login credentials, they can transfer money out of your accounts. • With your email account log-in credentials, they can read all your stored mail, send spam to your contacts, and potentially reset your passwords at various accounts such as your bank, your social network , your shopping sites, etc.Copyright 2012 – AmigOmega Publishing
    • 16. 2.3 Dangers of the Internet 1. Malware, particularly keyloggers, installed on the computer. These can steal your identity by capturing the keys you press and the screens you see. 2. Misconfigured peer-to-peer apps. If a user configures P2P applications like Limewire to share too large a portion of the file system, such as all of My Documents, then other users on the network can see anything you put there. 3. Phishing attacks, and increasingly , targeted phishing attacks. Targeted attacks are called spear phishing, in which the attacker uses some prior knowledge of you to tailor the phishing e-mail to what you would expect in a real one. 4. Unsolicited offers that sound too good to be true. Such offers, like Nigerian- type scams, rely on human weaknesses. 5. Card skimmers installed by criminals on ATMs and other card reading devices, including credit card readers. These are devices which install over the reader appear to be part of the machine. When you insert your card the skimmer reads it and records the information on it.Copyright 2012 – AmigOmega Publishing
    • 17. 2.4 Some people are more at risk than others • Do you have bank accounts, brokerage accounts, credit and/or debit cards? • Do you have on-line accounts with bank and/or stores? • Do you use Social Networking web sites and/or have an e-mail account? • Do you use a bank card at stores or cash machines? • Do you own a computer and/or smart phone and perhaps travel with one or both? • Do you store any financial (or account login) information on any of these devices? • Do you have family, friends and business associates contact information stored in your address book? • Have you created secure back-ups of your information? • Do you update your backups regularly? • Have you provided your loved ones with a means of accessing your information in an emergency? • Are in you in an important position at work that would make you a target? Then you will benefit from this presentationCopyright 2012 – AmigOmega Publishing
    • 18. 2.5 Information people share on social networks • Too much – here are types: • Service data – what you give to sign up • Disclosed data – what you post • Entrusted data – what you post on others’ pages • Incidental data – what others post about you • Behavioral data – what the site observes about your behavior • Derived data – what can be derived from a combination of the above (such as who are your friends, what does the group ―like‖ or ―dislike‖Copyright 2012 – AmigOmega Publishing
    • 19. What you are risking if your data is stolen • Your money • Your reputation • Your job • Your health • Your time • Your families’ well being • And more . . .Copyright 2012 – AmigOmega Publishing
    • 20. And, what is your disaster recovery plan?Copyright 2012 – AmigOmega Publishing
    • 21. 3. Make it safe at home 1. Introduction 9. Choose your DNS provider 2. Secure physical documents and 10. Make your system less devices vulnerable 3. Know your malware 11. Get smart about passwords 4. Implement anti-virus scanning 12. Use encryption 5. Implement a backup strategy for 13. Protect physical ports on your your systems and data computer 6. Use firewalls to keep intruders 14. Keep your software up-to-date out 15. Keep your system clean and 7. Lock down your home network running smoothly 8. Filter undesirable Internet 16. Select a browser and security content with a HOSTS file add-onsCopyright 2012 – AmigOmega Publishing
    • 22. 3.1 Introduction Protect Avoid Monitor MaintainCopyright 2012 – AmigOmega Publishing
    • 23. A safety analogy If you want to reduce driving risk: If you want to reduce Internet risk: Learn the rules Learn the rules Read / Take a course Read / Take a course Learn how to drive safely Learn how to use the web safely Get qualified instruction Get qualified instruction Develop safe driving habits Develop safe internet use habits Take protective measures Take protective measures Don’t drive recklessly Don’t ―surf & click‖ recklessly, Wear seatbelts Buy a safer computer or OS Get a safer car Make your computer/network safe, Perform regular maintenance Perform regular maintenanceCopyright 2012 – AmigOmega Publishing
    • 24. Maintenance is required Regular maintenance Regular maintenance Clean it regularly (wash & wax) Clean it regularly (clear cache, etc) Change fluids (oil, coolant, etc.) Update software & virus definitions Check for wear (brakes, tires, etc.) Monitor credit and financial accounts Replace worn parts (tires, brakes, etc.) Replace outdated hardware and softwareCopyright 2012 – AmigOmega Publishing
    • 25. Older products time has passed • No seat belts • No head restraint • No airbags • Poor crash protection • Drum brakes • Narrow tires • Poor headlights • Insufficient power for crash avoidance Old = less safe to drive • Less dependableCopyright 2012 – AmigOmega Publishing
    • 26. Newer products with improved features • Improved seat belts • Head restraints • Surround airbags • Better crash protection • Anti-lock brakes • Wider tires • Better headlights • More power for crash avoidance Newer = Built-in safety features • More dependableCopyright 2012 – AmigOmega Publishing
    • 27. Stronger protection for the Internet age • Greatly improved security features • Aftermarket add-ons • User account control • Easier to implement • Randomized memory • Free or low cost Less often targetedCopyright 2012 – AmigOmega Publishing
    • 28. After market add-ons to increase safety • Additional and alternative OS utilities • Alternative browsers and browser add-onsCopyright 2012 – AmigOmega Publishing
    • 29. Software selection criteria Has won many awards The right price ($0 !!) Or, provides unique functionCopyright 2012 – AmigOmega Publishing
    • 30. 3.2 Secure physical documents and devices • Shred receipts instead of throwing them out • Make copies of very important documents • Store originals in a safe box at the bank (with the exception of your will – store a copy at the bank) • Store copies (and will original) in a fire safe at home • Keep your file cabinets locked • You might also store a recent backup of your computer data (on a portable disk drive) in one or both locations.Copyright 2012 – AmigOmega Publishing
    • 31. 3.3 Know your malware • A chosen target (OS, browser, etc) is studied for weaknesses. • A program (virus, trojan, etc) is designed to attack (exploit) identified flaws. • The program is developed, tested and deployed. • Phishing is a special type of malware • It is not software. It is a communication (e-mail, phone call, etc.) designed to attack human weaknesses (trust, ignorance etc.) • To a limited degree, it can be avoided through filtering • The best defense is behavioral change (knowledge, skepticism, investigation)Copyright 2012 – AmigOmega Publishing
    • 32. Malware targets 1st Quarter 2011 – Much more malware is developed to exploit flaws in Adobe products Source: McAfee Threats Report: First Quarter 2011 • This chart shows the continued the trend of malware authors heavily exploiting weaknesses in both Adobe Flash and PDF technologies. • Malicious exploits of Adobe products (more than 36,000 in 1Q2011) topped the number of malicious exploits of Microsoft Office products by a wide margin. • Adobe products have become the clear target of choice of malware authors because of Adobe’s wide deployment footprint. • 11/9/2011 – Adobe announced it plans to stop development of its Flash player software for mobile browsers, saying it will focus its efforts on HTML 5.Copyright 2012 – AmigOmega Publishing
    • 33. 3.4 Implement anti-virus scanning • Most AV products scan new files downloaded to your computer for known malware. • You can add an additional product to monitor running programs for unusual behavior.Copyright 2012 – AmigOmega Publishing
    • 34. 3.5 Implement a backup strategy • Accounts and login credentials • Family photos (digital, of course) • Music library • Videos (personal and commercial) • Documents and Spreadsheets • Email, browser bookmarks, and everything else! • And, don’t forget the value of your time spent trying to recover from a loss • When the inevitable day comes that your hard drive crashes, your data will be gone if you haven’t prepared Backup is your most important protection A 1TB drive, dedicated to backups costs less than $100Copyright 2012 – AmigOmega Publishing
    • 35. 3.6 Use firewalls to keep intruders out • A firewall ensures intruders cannot directly access your system through the internet. • If connected to the internet via your home router, ensure the NAT firewall is enabled. • If connected directly to broadband, or via a public network, ensure your software firewall is enabled.Copyright 2012 – AmigOmega Publishing
    • 36. 3.7 Lock down your home network • Secure your local network, your computers, and your smartphones • Start with your router: • Change the log-in credentials from the default • Ensure you set a strong password • If you have wireless, enable encryption with a strong encryption key and turn off ID broadcasting • Use an alternative DNS provider • Ensure the NAT firewall is enabledCopyright 2012 – AmigOmega Publishing
    • 37. 3.8 Filter undesirable internet content • The HOSTS file is a text file that maps hostnames to IP addresses. • Every device that accesses the internet can use a HOSTS file. • Your browser resolves an address by checking first for an entry in a HOSTS file (if it exists) and then via the active connection’s DNS servers.Copyright 2012 – AmigOmega Publishing
    • 38. Filtering affects advertisers • The HOSTS file can be used instead of a browser based ad blocker. • Advertisers hate ad blocking, but you will love it. • Your favorite ad supported website will lose revenue from your visitCopyright 2012 – AmigOmega Publishing
    • 39. 3.10 Make your system less vulnerable Use an account which does NOT have ―Administrator‖ authority • Windows 7 is hard to hack if the user doesnt have ―administrator‖ rights. • The computer administrator account should be used only to: • Make system wide changes • Install, upgrade, repair, or back up the operating system and components and to Install maintenance.Copyright 2012 – AmigOmega Publishing
    • 40. Remove Windows services you don’t use Control Panel – Programs – Programs and Features • Each unnecessary service provides a hacker an additional target to exploit • Remove what you don’t need – like tablet, or gadget supportCopyright 2012 – AmigOmega Publishing
    • 41. Eliminate script runtimes you don’t use Two common computer scripting languages with similar names Both require interpreters to run • Required for many web pages • Required for most smartphones to function • Common language for hacker code • Can be selectively controlled • Can potentially be removed from with ―white listing‖ computersCopyright 2012 – AmigOmega Publishing
    • 42. Don’t jailbreak your phone • Jailbreaking is the term that describes the process of modifying a device so its owner can download and install unauthorized software. • If you jailbreak your iPhone you remove most of the Apple’s security protections — 80% to be exact — and are vulnerable to attacks. • By design, a jailbroken smartphone allows software to run as "root,― giving hackers automatic access to everything on the device.Copyright 2012 – AmigOmega Publishing
    • 43. Beware which apps you install • Virus infected apps • Apps obtained from file sharing sites are very often infected • Unofficial apps markets are more likely than official ones to host infected apps. • The Android market is more likely to contain infected apps than the Apple apps store. • Rooted or Jailbroken phones are more susceptible to viruses. • Apps with poor security • Many smartphone apps store passwords and other sensitive user data on the phone in cleartext. • Apps are rushed to market without sufficient testing.Copyright 2012 – AmigOmega Publishing
    • 44. 3.11 Get smart about passwords • You CAN create a strong password that is easy to remember • Consisting of at least one from each category: • UPPER CASE LETTERS • Lower case letters • 1234567890 (numerals) • &^%$#,.)! (special characters) • Examples: • D0g………. • C1t.,.,.,.,.,.,.,.,., • Longer is better: • Phone and computer: 6+ characters • Websites: 12+ characters • Eliminate password fatigue: Use a Password Manager • Establish a secondary email for password resetsCopyright 2012 – AmigOmega Publishing
    • 45. People and passwords • Basic problems with people and passwords/encryption keys: • Long passwords and keys with random characters are often too hard to remember. • We don’t like typing long, complex passwords or keys. • We cannot remember more than a few passwords/keys, so we reuse the same ones over and over. • All reasons to use a Password ManagerCopyright 2012 – AmigOmega Publishing
    • 46. 3.12 Use encryption • Data encryption allows us to protect data even when we cannot control who has access to it • High security = good algorithm + strong key (longer = stronger) • You can encrypt data for communication and for storage. • You can encrypt an entire storage device, a folder, or a single file. • Unlike simple password protection, which can be cracked, if you forget an encryption key, you cannot retrieve the data without a brute force attack.Copyright 2012 – AmigOmega Publishing
    • 47. Encrypting communication • To protect your log-in credentials when using wireless networks, public networks, or public computers. • Used by banking and most shopping websites, but less often by others. • You should also use it for your e-mail and Social Networking, especially when you are not on a safe network. • Cannot protect against keyloggers!Copyright 2012 – AmigOmega Publishing
    • 48. Encrypting stored data • You can encrypt an entire storage device, a folder, or a single file. • Full drive encryption is good, but has some drawbacks • A computer repair technician will need to test successful system startup • All users would need the encryption key as well • Folder or file level encryption provides needed ―granularity‖ • Windows 7 also provides EFS to encrypt all of a users files.Copyright 2012 – AmigOmega Publishing
    • 49. 3.13 Protect physical ports on your computer • Malware can enter your computer through any physical storage device such as CD/DVD, USB storage devices, and memory cards (such as an SSD card from your camera). • The solution is to turn off ―Autorun‖ or use a free utility to do so • Scan external devices for malware before copying files or running programs.Copyright 2012 – AmigOmega Publishing
    • 50. Warning about cell phone charging kiosks 1. Recharge you smart phone with your wall plug transformer 2. Recharging using the USB connector may not be safe. 3. A free charging kiosk could be configured to read most of the data on your phone, and perhaps even install malware.Copyright 2012 – AmigOmega Publishing
    • 51. 3.14 Keep your software up-to-date • Ensure the latest security updates are installed to maintain protection against the latest threats. • Apply maintenance to your OS (operating system), browser, browser plug-ins, anti- virus, etc. • Windows users turn on Windows update • Update malware signatures database daily • Example free tools to check for updates: • Secunia PSI (personal software inspector) • Qualys Browser check • FileHippo update checkerCopyright 2012 – AmigOmega Publishing
    • 52. 3.15 Keep your system “clean” • Ccleaner, is a widely popular and free tool from Piriform software • It improves system security by clearing cookies and other potentially security compromising files from the browser cache. • It also improves system performance by cleaning up temporary files left by numerous applications and by correcting errors and optimizing the registryCopyright 2012 – AmigOmega Publishing
    • 53. 3.16 Select a browser and security add-ons • Browser choice • OS dependant • Firefox with add-ons has top notch security • Open source • Free • Large user base • Very large number of add-onsCopyright 2012 – AmigOmega Publishing
    • 54. Riot gear for your browser • Recommended security add-ons • Script blocker • Flash blocker • Ad blocker • Pop-up blocker • Password management • Cookie management • Safe surfing tool (site ratings) • Update checker • Other, as requiredCopyright 2012 – AmigOmega Publishing
    • 55. Block scripts in your browser • NoScript is an add-on available only with the Firefox browser. • It provides a unique whitelist based pre-emptive script blocking for any or all links on a webpage vs. blocking all or none. • Allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank). • The most powerful anti-XSS (Cross site scripting) protection available in a browser. • Highly recommended by many trusted sources. • It is a free, open source tool and is updated frequently to address new exploits.Copyright 2012 – AmigOmega Publishing
    • 56. 4. Security while out and about 1. Introduction 2. Be vigilant when on the go 3. Take precautions on public (WiFi) networks 4. Don’t do anything important on public computers 5. Use Virtual Private NetworkingCopyright 2012 – AmigOmega Publishing
    • 57. 4.1 Introduction • Think Security • Use all protective measures at your disposalCopyright 2012 – AmigOmega Publishing
    • 58. 4.2 Be vigilant when on the go • Keep your guard up • Physical device security for laptops, smart phones, storage devices • Public network and public computer securityCopyright 2012 – AmigOmega Publishing
    • 59. 4.3 Take precautions on public networks • Be cautious when using any of the following: • Any unsecured wireless (WiFi) network • Any secured wireless network that you don’t trust. • Hotel or other wired networks ( e.g. in room) • If you must, then take these kinds of precautions: • Ensure your software firewall is enabled. • Use only HTTPS and use a VPN if possible. • Use one-time log-ins or virtual card numbers if you have made arrangements in advance.Copyright 2012 – AmigOmega Publishing
    • 60. Know the network your using • Smartphone users – be aware • You may be accessing the web through your cellular provider, or through an available public wireless network • If you omit using https, thinking you are not on a WiFi network and that you are protected, you may be wrong. • Ensure your phone will not automatically connect to available free WiFi • Use only HTTPS to access important sites. Otherwise, you login credentials might be stolenCopyright 2012 – AmigOmega Publishing
    • 61. 4.4 Don’t do anything important on public computers 1. Don’t access any important sites 2. See #1 3. If you must, then take these precautions: • Run an online scan (see options below) to check for malware. • Follow instructions for using public networks http://quickscan.bitdefender.com/ http://housecall.trendmicro.com/emea/Copyright 2012 – AmigOmega Publishing
    • 62. 4.5 Use Virtual Private Networking • A VPN is an encrypted ―tunnel‖ between two endpoints - a private network that works across a public network, like the Internet. • VPNs are used by organizations to provide secure access to internal networks by off-site employees and business partners • For a fee, you can sign up for a VPN service to use when neededCopyright 2012 – AmigOmega Publishing
    • 63. 5. Plan ahead 1. Introduction 2. Make your computing devices repair ready 3. Prepare for equipment disposal 4. Prepare for loss or theftCopyright 2012 – AmigOmega Publishing
    • 64. 5.1 Introduction 1. Some things have to be prepared for in advance 2. When S#!T happens, you’ll have a fall back planCopyright 2012 – AmigOmega Publishing
    • 65. 5.2 Make your computing devices repair ready 1. Have a special limited authority user account for the repair person 2. Your critical files should be encrypted 3. If possible • Your browser cache should be cleared • Your free space should be wipedCopyright 2012 – AmigOmega Publishing
    • 66. 5.3 Prepare for equipment disposal • Data remains on a storage device until it is overwritten. • Deleting a file or ―emptying the wastebasket‖ does not overwrite the data. Doing so only removes index pointers. • To ensure data cannot be recovered, it must be ―wiped‖ or ―erased‖ – meaning that it must be completely overwritten with other (random) data. • Free add-on tools are available for this purpose. • Simply reformatting a drive does NOT erase the data. To erase all the data on a drive requires a special utility that you must boot from external media (CD or DVD drive, USB stick, etc)Copyright 2012 – AmigOmega Publishing
    • 67. 5.4 Prepare for loss or theft • Know what you carry with you • Know whom to call or notify • Ensure your sensitive information is encrypted • Keep your backups current • Evaluate remote wipe and tracking applications for useCopyright 2012 – AmigOmega Publishing
    • 68. 6. Ignorance is risk 1. Introduction 2. Browser and URL fundamentals 3. Become a link guru 4. Phishing targets you, not your computer 5. Phony alerts 6. Some FAQsCopyright 2012 – AmigOmega Publishing
    • 69. 6.1 Introduction Pay close attention to this topic It is VERY importantCopyright 2012 – AmigOmega Publishing
    • 70. 6.2 Understand browser and URL fundamentals Encrypted communications using Secure Sockets Layer (SSL)Copyright 2012 – AmigOmega Publishing
    • 71. New ways to force browsers to be safe A Firefox add-on which reviews all HTTP requests from the browser to sites on a whitelist and changes them to appropriate HTTPS requestsCopyright 2012 – AmigOmega Publishing
    • 72. Browser cache security Cache and cookiesCopyright 2012 – AmigOmega Publishing
    • 73. 6.3 Become a link guruCopyright 2012 – AmigOmega Publishing
    • 74. Don’t believe the text, check the linkCopyright 2012 – AmigOmega Publishing
    • 75. Lots of links • Complexity • Chart (9/2009) shows the number of hyperlinks on the homepage of 98 popular news websites and tech blogs • The New York Times had 431 links • A lot of these links may exist purely for navigation • Size • From 2003 to 2011 the average web page grew from 93.7K to over 679K, over 7.2 times larger • Avg 85 objects per page • Use of Javascript Number of Links on the Homepage of Popular Websites • 85% of web pages use courtesy of Nick Bilton Javascript code Size data at right courtesy of Websiteoptimization.comCopyright 2012 – AmigOmega Publishing
    • 76. 6.4 Recognize phishing attacks • Phishing targets you, not your computer • Can occur through any communication medium • In person, by phone, thru email and social networking • Often unsolicited • Rule #1: Always be suspicious • Rule #2: If in doubt, check it out Phishing is a way of attempting to acquire sensitive information by masquerading as a trustworthy entity.Copyright 2012 – AmigOmega Publishing
    • 77. Phishing – a real exampleCopyright 2012 – AmigOmega Publishing
    • 78. 6.5 Recognize phony alerts • What is scareware? • Realistic but phony ―security alerts.‖ • These programs are called ―scareware‖ because they exploit a person’s fear of online viruses and security threats • Though the ―alerts‖ look like they’re being generated by your computer, they actually sent through your browser • They load as pop-ups in your browser, but are designed to look like normal non-browser windows • All kinds of bad things could happen if you fall for the scam • What to do when you see such an alert? • Close your browser immediately (On windows, use Alt+F4)Copyright 2012 – AmigOmega Publishing
    • 79. 6.6 Use better ways to share files • A good many tools are available for this purpose • The most amazing is Dropbox • Share/sync data amongst your own computing devices • Share with named others • Hundreds of other creative usesCopyright 2012 – AmigOmega Publishing
    • 80. 6.7 Opt-out on background checks • Limit your sharing to avoid too much being made available • Removal / burial takes lots of effort on your part • You must go to each data aggregator and follow the instructions for opt-out • Only way to remove public data from view • Write to your congressman – why don’t Americans have better data privacy laws?Copyright 2012 – AmigOmega Publishing
    • 81. 6.8 Frequently asked questions 1. Can I get a virus just by visiting a webpage, even if I don’t click on anything? • Yes, a script can execute when the page is first loaded. • Using a script blocker will provide some protection in case you did visit. 2. Can I get a virus from clicking on an image (like in Google image search)? • Yes, the image can contain a link to a malicious web site – see #1. 3. Can I get a virus by visiting a website I deem safe? • Yes, especially if you clicked on a link in a message/email that was not first examined (it may be a bogus site). • Also, a legitimate web site could have been hacked, in which case it is no longer safe (at least temporarily). 4. Can I get a virus from a PDF file, Excel spreadsheet, or Power point presentation, or Word document that I downloaded? • Yes, A PDF file can imbed an exploit of a flaw in your PDF reader • Likewise, Word, Excel, and Power point support scripting languages. When you load a document that contains scripts, if scripts are not turned off, they will run.Copyright 2012 – AmigOmega Publishing
    • 82. Safe and Unsafe Behaviors Now for some Do’s and Don’ts that will keep you out of trouble when you are doing the following things on the Internet: • Social networking • Classifieds • Search • E-mail • Auctions • Banking • Gaming • Health care • Shopping • Sharing files • Debt relief • Voice over Internet • Investing • Finding a date • News • Viewing adult content • Finding a job • Entertainment and educationCopyright 2012 – AmigOmega Publishing
    • 83. You must know where the holes are to avoid themCopyright 2012 – AmigOmega Publishing
    • 84. 7. Highest risk activities 1. Introduction 2. Perils of Social Networking 3. Using webmail and e-mail 4. Gaming and gambling on-line 5. Sharing files on and off-line 6. Investing on and off-line 7. Viewing adult content on-lineCopyright 2012 – AmigOmega Publishing
    • 85. 7.1 Introduction • In the HIGH risk category are activities that involve: • Unsolicited communications (potential for phishing) • Addictive and/or expensive forms of entertainment • Opportunity for oversharing • Frequent occurrence of infection (lots of malware)Copyright 2012 – AmigOmega Publishing
    • 86. 7.2 Perils of Social Networking • The more you share, the more privacy you give up. SN sites make money selling your information to advertisers • Information you supply for one purpose will invariably be used for another and there’s a good chance it will be used against you • Facebook has made it difficult to control privacy settings • Social Networks are replacing email as the ―Be careful that what you write does not offend favored method of phishing, spamming, and anybody or cause malware distribution. problems . . . the safest • Always use caution when clicking on a link or approach is to remove all opening an attachment. useful information. ― Scott AdamsCopyright 2012 – AmigOmega Publishing
    • 87. What Consumer Reports says about SN • Stop doing these things now on Social Networking sites: • Using a weak password • Listing a full birth date. Show only the month and day, LIE about the year, or provide no birthday at all • Overlooking useful privacy controls - Limit access for almost everything that is posted on a profile, including photos and family information. Leave out contact information • Posting a child’s name in a caption. If someone else does, delete it by clicking ―Remove Tag‖ • Mentioning being away from home. Doing so is like putting a ―rob me‖ sign on the door. Be vague about the dates of vacations or trips • Being found by a search engine. To help prevent strangers from accessing a profile, go to the Search section of Facebook’s privacy controls and select ―Only Friends for Facebook‖ search results. Be sure the box for Public Search isn’t checked • Permitting youngsters to use Facebook unsupervisedCopyright 2012 – AmigOmega Publishing
    • 88. 7.3 Using webmail and e-mail vs. • The importance of protecting your e-mail is underrated • Reasons to use use Gmail vs. your local ISP, or other providers • Reasons to use an e-mail client vs. webmail (web based e-mail) • Why use the Thunderbird mail client (on Windows at least) • Multi-platform, open source, portable version available • Robust functionality, large user base • Good add-ons for security. • Ability to sync directly with the iPhone using Birdiesync, thereby avoiding going through (and storing contacts on) Gmail.Copyright 2012 – AmigOmega Publishing
    • 89. A few important email tips 1. Use BCC (Blind Carbon Copy) • Especially important if you send forwards 2. Turn off HTML display for default viewing • You can see the real URLS for links • Avoid ―Web bugs‖ that verify the validity of your address 3. Turn off mail preview, unless you have done #2Copyright 2012 – AmigOmega Publishing
    • 90. 7.4 Gaming and gambling on-line • Playing games on the internet is a very popular activity. Gambling, where players win or lose real money, is only one of many types of games available • Medical professionals are beginning to recognize online gaming as a real addiction • Three (3) dangers unique to online gambling: 1. The potential for fraud over the Internet 2. Childrens access to gambling sites 3. An increase in gambling addictions • Many games contain chat rooms where players meet other gamers. This is the perfect place for online predators to hang out. • For the above stated reasons, filtering programs should be used to help block or limit (to a time period for example) childrens access to online gaming and especially gambling sitesCopyright 2012 – AmigOmega Publishing
    • 91. 7.5 Sharing files on and off-line • File sharing websites, being so popular, are often infested with malware • Any files downloaded have the potential of being infected, and should be scanned – perhaps with at least two different anti-malware tools • Ensure your file sharing software is not making public any folders or files from your system that you did not intend to share • File sharing activity is often monitored by governments or organizations representing copyright holders – be aware of the risk you are taking by sharing materials owned by othersCopyright 2012 – AmigOmega Publishing
    • 92. 7.6 Investing on and off-line • Always seek advice from someone you trust before you invest a dime • Do not stay on the phone with someone asking for money • Never judge a person’s integrity by how they sound • Always do research on investment opportunities before participating • Check for reports of similar scams • Check out the offering party with the better business bureau and government agencies • Ask tough questions, expect straight answers • Be suspicious if you have trouble retrieving your principal or profits • Watch out for anyone who plays on your fears or pressures you for a decisionCopyright 2012 – AmigOmega Publishing
    • 93. 7.7 Viewing adult content on-line Fact: Visitors to these sites experience the highest incidence of malware infectionsCopyright 2012 – AmigOmega Publishing
    • 94. 8. Medium risk activities 1. Introduction 2. Using the classifieds on-line 3. Participating in auctions on-line 4. Buying health care products on and off-line 5. Seeking debt relief on and off-line 6. Finding a date on-line 7. Finding a job on-lineCopyright 2012 – AmigOmega Publishing
    • 95. 8.1 Introduction • In the MEDIUM risk category are activities that involve: • Potential for getting scammed, if you don’t follow avoidance advice • Potential for wasting money on worthless productsCopyright 2012 – AmigOmega Publishing
    • 96. 8.2 Using the classifieds on-line • Today there are over 700 local Craigslist sites in 70 countries • Unfortunately, Craigslist has also become a venue for supporting prostitution • The best way to deal with people you meet on Craigslist is to stay completely local • There are many ways that scammers operate on Craigslist, but there are also common sense ways of avoiding most of them if you sell or purchase items from the site • The most common Craigslist scam is the fake check • Another common scam is to obtain your personal information to use for illegal purposes. Use of escrow companies (owned by the scammer) for payment are now becoming a popular Craigslist scamCopyright 2012 – AmigOmega Publishing
    • 97. 8.3 Participating in auctions on-line There are many scams at online auctions. The most common are fake cashiers checks, shady escrow services, overpayment schemes, wire transfer schemes and second chance schemes TIPS • Always carefully check the feedback on the seller youre considering buying from. • Ask the seller for a phone number and verify it • Beware of buyers who insist on wire transfers as the only form of payment they’ll accept • For big-ticket items, use a legitimate online escrow service that will hold the payment until you receive what you’ve ordered • If you receive an overpayment as a seller, dont cash it but instead ask for the exact purchase price • Don’t ever give out your social security or driver’s license number—a legitimate seller wouldn’t ask • Be skeptical if the price sounds too lowCopyright 2012 – AmigOmega Publishing
    • 98. 8.4 Buying health care products on and off-line • Don’t trust a website just because it looks professional or has success stories from ―real people.‖ • What looks like an online pharmacy could be a front for a scammer or identity thief • Before you think about trying a health product, ask your doctor about it • Websites or ads for pills or other products that make some pretty big promises. • Sellers may claim to offer products that will cure a serious condition like arthritis, diabetes, Alzheimer’s disease, multiple sclerosis, cancer, and HIV-AIDS • Dieting and weight loss products promise that you can lose weight without exercising or changing how you eat. • Products may be called ―scientific breakthroughs‖ or the ads may use scientific- sounding words like ―thermogenesis,‖ or safe-sounding words like ―natural.‖ • Most of these unregulated products are useless, and at best a waste of money. Others are flat-out dangerous to your health.Copyright 2012 – AmigOmega Publishing
    • 99. 8.5 Seeking debt relief on and off-line • The first warning sign of a predator is anyone who wants money from you in order to help save you money. • Just because an organization says it is ―nonprofit‖ does not guarantee that its services are free or affordable • Don’t use any agency but those who are: • On the list of the U.S. Department of Justice’s U.S. Trustee Program approved credit counseling agencies, or • An agency provided by the National Foundation for Consumer CounselingCopyright 2012 – AmigOmega Publishing
    • 100. 8.6 Finding a date on-line • According to datingsitesreviews.com, there are 54 million singles in the United States and 5.5 million (10%) of those use dating services • Online Dating Magazine estimates that 120,000 U.S. couples who marry each year met online • The Better Business Bureau in the US said in 2009 they received 2,660 complaints about dating services, and the number has been rising • Experts warn on-line daters to look out for their financial as well as physical safety when using the sites • You should not trust the profile you find of someone on a dating web site. You can use the Internet to investigate your next date • Don’t ever send money to someone you have never met in personCopyright 2012 – AmigOmega Publishing
    • 101. 8.7 Finding a job on-line • Scams are rampant everywhere, but sadly, criminals are specifically targeting those looking for jobs • You should never have to pay for a job or give money upfront to get one • Pay attention to email addresses. A legitimate company will not use a hotmail.com or gmail.com mail server • Do your research. Investigate a potential employer and read about popular online job scams • Guard your personal information. Contact the HR department of a hiring company to ensure they are for real before providing personal details • As internet crime has increased, there has been a rise in scams involving unauthorized money transfers from hacked online bank accounts by ―money mules,‖ which are people hired through work-at-home scams to help cyber criminals overseas launder moneyCopyright 2012 – AmigOmega Publishing
    • 102. 9. Lowest risk activities 1. Introduction 2. Using search engines 3. Banking on-line 4. Shopping on-line 5. Voice communications on-line 6. Following the news on-line 7. Accessing entertainment and education on-lineCopyright 2012 – AmigOmega Publishing
    • 103. 9.1 Introduction • In the LOW risk category are activities that involve: • Visiting sites you regularly go to • Visiting sites that offer secure communicationsCopyright 2012 – AmigOmega Publishing
    • 104. 9.2 Using search engines • Popular search topic = opportunity for criminals • Avoid porn or anything else that is popular and you will avoid many malicious websites. Criminals create sites that use popular search keywords to draw traffic. • Even an Image search can take you were you don’t want to go.Copyright 2012 – AmigOmega Publishing
    • 105. What’s in a word or a cause • Terms such as earthquake, Android, app store, Chicago Bears, UFC fight card, bracket, and Daytona 500 all match popular or timely events. • Of the top 100 results for each of the daily top search terms: • 1.2 percent of search results in the quarter led to a malicious site • 49 percent of the terms led to malicious sites • On average, each of these poisoned result pages contained more than two malicious links. • Only two hours after the Japanese earthquake and tsunami struck, the first potential scam donation site was spotted. • During the few next hours more than 500 malicious domains or URLs with • the terms Japan, tsunami, or earthquake in their titles appeared. Most were created in association with spam campaigns, false news sites to distribute malware, and especially fake charity actions. • This behavior will never go away. Source: McAfee Threats Report: First Quarter 2011Copyright 2012 – AmigOmega Publishing
    • 106. 9.3 Banking on-line • Don’t go to your banking site when using a public computer • Avoid doing so on a public network, and take recommended precautions • Close your browser and clear the cache. Reopen a new browser session, do you banking, and then exit again, clearing the cache • Don’t open other web sites while in the same session • Go there only from your bookmarks, preferably those stored within your password manager • Confirm the address before entering your log-in credentialsCopyright 2012 – AmigOmega Publishing
    • 107. 9.4 Shopping on-line • Shop only with reputable online merchants. Look for logos, such as TRUSTe and BBBOnline, on the site • Before shopping on an unfamiliar site, research its complaint record (Google) • Make sure you are on the real site, not a bogus one • Before you buy, ensure you have an encrypted connection (see encrypted communications) • Pay through a service like PayPal, or use a credit card, not a debit card • Don’t allow sites to save your credit card information for future use • You won’t do this, but we need to say it anyway: Read a site’s privacy policy to learn how it will use your informationCopyright 2012 – AmigOmega Publishing
    • 108. 9.5 Using voice communications on-line • VOIP = Voice Over Internet Protocol • Skype, the most well known service, is used world-wide • Safe, except for file transfer features (viruses may be included)Copyright 2012 – AmigOmega Publishing
    • 109. 9.6 Following the news on-line • Most news reading has gone online, and advertising too • Many more channels, including bloggers • Perhaps good for the planet (fewer trees used for paper) • Cause of further polarization of opinions – since you can choose to read only what you agree withCopyright 2012 – AmigOmega Publishing
    • 110. 9.7 Accessing entertainment and education on-line • Commercially produced content on-line • Citizen produced content on-line – probably safe but for the content • Educational institutions continue to resist the InternetCopyright 2012 – AmigOmega Publishing
    • 111. Web services – “cloud computing” Vs. • Web based apps only make sense if you are on-line most of the time, and if your Internet connection is fast and reliable • Web based apps provide a number of advantages • Files are more easily shared and collaboration is easy • The service provider provides app maintenance, and data backup • You MUST, however, ensure your account password is strong • You also should consider that data is often not encryptedCopyright 2012 – AmigOmega Publishing
    • 112. 10. Call to action 1. Introduction 2. Setup your system 3. Perform scheduled system maintenance 4. Perform scheduled account and credit monitoring 5. Teach your children well 6. Prepare for emergency data access 7. A look into the future of scams and securityCopyright 2012 – AmigOmega Publishing
    • 113. 10.1 Introduction • If you are head of household, family data security is your responsibility • If you are not, nag the person who is and offer to help • Remember: Seek help from a nerdy family member, friend, or professional if you need it – but get it doneCopyright 2012 – AmigOmega Publishing
    • 114. 10.2 Setup your system 1. Seek help from a nerdy family member, friend, or professional if you need it 2. Determine if your existing computer supports the latest OS 3. Get the gear (upgrades, external drives) 4. Make the move (relocate static data to external drive) 5. Back it up 6. Get the tools (software) 7. Install them 8. Configure them 9. Back it up again, and you are done with setupCopyright 2012 – AmigOmega Publishing
    • 115. 10.3 Perform scheduled system maintenance • Daily • Update anti-virus definitions • Weekly • Run virus scan • System backup • Data backup • Apply software maintenance • Clean system • Monthly • Take a copy of backups to an off-site locationCopyright 2012 – AmigOmega Publishing
    • 116. Data breaches are a risk you can’t control In the first 9 months of 2011, the nonprofit Privacy Rights Clearinghouse has tracked 313 corporate breaches involving nearly 23 million sensitive records, more than twice as much as for the whole of 2010.Copyright 2012 – AmigOmega Publishing
    • 117. Organizations you hope will protect your data Your data, in the hands of others • With your employer • With the government and utilities • With your credit providers • With places you shop (in person or online) • With your health-care providers • With your insurance company • With your ESP (Email service provider) and SNP (Social network provider) • With your DNS and Search providers • And everyone else they share it with, intentionally or otherwiseCopyright 2012 – AmigOmega Publishing
    • 118. 10.4 Perform scheduled account and credit monitoring • Daily • Save charge and debit card receipts • Weekly, bi-weekly, or monthly • Compare debit and credit purchases to on-line records • Note discrepancies and address • Clean system • Three times a year • Obtain free copy of credit report and examine for mistakes and new accounts you did not openCopyright 2012 – AmigOmega Publishing
    • 119. 10.5 Teach your children well • They will not likely learn this in school • Share what you have learned in this presentation and book • They will make mistakes that an adult would know to avoid • Over-sharing on Social Networks • Bullying other children • Being bullied by other children • Predators • Limit advertising, just like on TV • Beware the impact of constant interruption on growth and performanceCopyright 2012 – AmigOmega Publishing
    • 120. 10.6 Prepare for emergency data access • What if you have an accident, and: • You end up in a coma? • You end up dead? • Does you family know: • Where you bank? • What insurance policies you have? • Whom to notify? • What your wishes are? • Can they access accounts to pay bills: • Do they know your log-in credentials? • Do they have the keys to decrypt your data files?Copyright 2012 – AmigOmega Publishing
    • 121. What you need • A Personal Affairs Record • Everything your family needs to know to carry on • A database with encryption: • Store and encrypt the PAR information before syncing • Choice of tool depends on your computer platform • A data syncing service: • Enables access to most current information • Dropbox is a good, free service • A means of emergency access: • Your family can securely obtain encryption keys in an emergencyCopyright 2012 – AmigOmega Publishing
    • 122. Your consolidated security calendar • The technical stuff • Backups • Updating and cleaning • Periodic review / replacement of security software • The breach awareness stuff • Monitoring financial accounts • Monitoring credit • Monitoring health care accounts • The emergency access stuff • UpdatesCopyright 2012 – AmigOmega Publishing
    • 123. 10.7 A look into the future of scams and security • Scams will increase • Tough economic times • Impact of globalization • Volume will increase • Sophistication will increase • Security will be more difficult to implement • More mobile devices • Flood of untested apps • Privacy will continue to erode • Continued onslaught of social networks • People willing to give up too much • Inaction by governmentCopyright 2012 – AmigOmega Publishing
    • 124. End of presentation
    • 125. About the author • 30 years in the computer business • Technical, sales, marketing, and executive positions • Training development experience • Advanced degrees in computer science and business • Experience maintaining software for mainframes, minicomputers, personal computers, tablet computers, and smartphones – dealing with over a dozen operating systemsCopyright 2012 – AmigOmega Publishing