Top 10 cyber threats for mac users v1.0


Published on

A presentation used at a Cleveland, Ohio area Mac user group delivered by our IT security expert, Tom Suhadolnik.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Top 10 cyber threats for mac users v1.0

  1. 1. •••••••
  2. 2. Passwords should be complex • Best practice 5 years ago minimum 8 characters length • Best practice today is minimum 15 characters length • Use punctuation, number, upper and/or lower casePasswords should not be used at multiple sitesFinancial passwords should only be used onceDo not write down passwordsDo not store passwords with user namesPasswords should be changed regularlySimple passwords should be saltedStore your passwords in an password manager• You don’t need to remember your passwords• LastPass, 1Password, RoboformUse tough security questions
  3. 3. password sunshine123456 master12345678 123123abc123 welcomeqwerty shadowmonkey ashleyletmein footballdragon jesus111111 michaelbaseball ninjailoveyou mustangtrustno1 password11234567 computer
  4. 4. password thomas tigerPassword Thomas REDtigerPassw0rd Thom@s REDtiger7194Passw0rdRED! Thom@sRED!
  5. 5. Open the pod bay door please Hal OpenThePodBayDoorPleaseHal Open!The@Pod#Bay$Door%Please^Hal 0pen!The@P0d#Bay$D00R%Please^Hal0pen!The@P0d#Bay$D00R%Please^Hal&2042
  6. 6. Image Based versus File BasedOnsite verses OffsiteFree Backups• Timemachine• WindowsBackup• Windows System RestoreCloud Based Backup for SOHO• Carbonite• Crashplan• MozyCloud Based Backups for SMB• ShadowProtect• WindowsBackup• TimeMachineCloud based options do not replace local backups• If you cannot afford both store a USB drive at offsite
  7. 7. Encryption “scrambles” or “shreds” the contents of a disk or fileEncryption algorithms use a key to encrypt and decrypt the data• Key needs to be strong to prevent dictionary attacksEncryption is reversibleFree Encryption Tools• GNU Privacy• True Crypt• Diskutility(Mac only)• 7 Zip (PC only)• AX Crypt (PC only)Advanced Encryption Standard (AES 128 Bit and AES 256 Bit)• Virtually unbreakableLoss of key makes data unusableEncryption is like compression - it will slow the computer
  8. 8. Types of resets• Soft• HardBattery backup is time dependent on load• Don’t put printers on battery backup• Don’t put old CRT monitors on battery backup• Measured in Amp-Hours (Ah or Ahr) for detailsLaptops should be connected to surge protectorsUnplug all cables from your devices in severe weather
  9. 9. Do not host your own mail• Relatively expensive when considering TCO• Very insecure• Not worth the effortBigger is better with respect to emailReal Time Blacklist (RBL)You get what you pay for• Don’t build a business on a free email account• If you do use a “free” service buy a domainIf you do host your own email use a smarthost• Socketlabs, GFI, Jangomail• Inbound stops viruses, malware, phishing and spam• Outbound will keep you off an RBL
  10. 10. PCs are still more susceptible to virus outbreaks than MacsMacs are not inherently more secure• PCs have a larger attack surfaceRecommended PC AV software as of 2/2013• Vipre is my recommended choice• AVG, AVAST, NOD32 ESET good too• Symantec, Trend, MacAfee are not recommendedSuggested Mac AV software as of 2/2013• ClamXav is first choice – uses ClamAV engine• Avast, Avira, Sophos, AviraFree is OK in a multi-layered environmentNot recommending Mac AV for our non-regulated clientsTwo or more AV programs can make your computer very slowGood email hosts have anti virus protection built in
  11. 11. Criminal in natureMostly effect PCsCommon PC types• Ransomware/Scareware• Browser Hijackers• Banking Viruses • Gauss (Stuxnet) • FlameCommon PC anti-malware software• Malwarebytes is recommended• CCleaner is recommended• Most others are snakeoilNo Mac anti-malware
  12. 12. Becoming number one threat to individual usersTargeted, non-technical attackPrimary targets• Cellphone accounts• Email accountsSecondary targets• Bank accounts• Trading accounts• Utility accountsTwo factor authentication as a defense• Something you know? • Personal Questions• Something you have? • Cellphone • RSA TokenSuspect all inbound communication
  13. 13. Limit use of account with administrative privileges• “Root” accounts• “Admin” accountsRegularly delete or disable old accountsDisable features• If you do not use WordPress Editor disable itUninstall unused tools
  14. 14. Open Source Software has a large attack surfaceKeep your OS, software and servers patched• Java, Adobe and Firefox ASAP• PC’s should install patches as soon as availableBe careful what and how you download• Don’t trust driver download sites• Don’t click next-next-done without reading• Only download from trusted sites • OEM • CNET• Do not host your own servers • FTP and SQL servers are notoriously vulnerableWordPress Users• Watch Dre Armeda’s Videos
  15. 15. Use hardware firewalls for the perimeter of your network• Most cable and DSL modems come with adequate firewall• Leave them alone and they will work fineUse software firewalls when connected to an untrusted network• All networks should be considered untrusted
  16. 16. Wireless standards• 802.11g and 802.11n• Wimax• Bluetooth PANEncryption Standards Matter• WEP is bad• WPA and WPA2 is good