Cais

626 views

Published on

My presentation from IJET-19 on computer and information security

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
626
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cais

  1. 1. Computer and Information Security Protecting yourself and your clients in the wild and wooly online world
  2. 2. To protect your computer and information assets…
  3. 3. … buy a Mac!
  4. 4. The End
  5. 5. Mac Hacked Via Safari Browser in Pwn-2-Own Contest <ul><li>A zero-day vulnerability … Macaulay pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user … was infected with malware, without clicking on anything within the site . </li></ul><ul><li>-- eWeek Security Watch </li></ul>
  6. 6. Vectors for getting “pwned” <ul><li>Physical access </li></ul><ul><ul><li>Theft </li></ul></ul><ul><ul><li>Seizure </li></ul></ul><ul><ul><li>Attack of opportunity </li></ul></ul><ul><li>Network access </li></ul><ul><ul><li>Browsing the Web </li></ul></ul><ul><ul><li>Using email </li></ul></ul><ul><ul><li>Using a wireless connection </li></ul></ul><ul><ul><li>… </li></ul></ul>
  7. 7. Physical protection <ul><li>Leave sensitive information at home </li></ul><ul><li>Separate data from hardware </li></ul><ul><li>Use encryption </li></ul><ul><li>Use strong passwords </li></ul><ul><li>Eliminate sensitive information </li></ul><ul><li>Log out when not using </li></ul>
  8. 8. Cracking passwords <ul><li>Single word found in dictionary: ~ 1 s </li></ul><ul><ul><li>Example: “translator” </li></ul></ul><ul><li>7 random lowercase letters: ~ 45 m </li></ul><ul><ul><li>Example: “uklahva” </li></ul></ul><ul><li>10 random characters: ~ 632,860 years! </li></ul><ul><ul><li>Example: “4pRte!ai@3” </li></ul></ul><ul><ul><li>(With Moore’s Law: 30 years) </li></ul></ul><ul><ul><li>Source: Wikipedia (Password strength) </li></ul></ul>
  9. 9. Network vulnerabilities
  10. 10. Internet & email <ul><li>Cross-site scripting (XSS) </li></ul><ul><li>Phishing (social engineering) </li></ul><ul><li>Viruses </li></ul><ul><li>… </li></ul>
  11. 11. On a network: batten the hatches <ul><li>Filter </li></ul><ul><li>Block </li></ul><ul><li>Ignore </li></ul>
  12. 12. Internet
  13. 13. Firefox <ul><li>Safer </li></ul><ul><li>Cross-platform </li></ul><ul><li>Free/Libre </li></ul><ul><li>Add-ins </li></ul><ul><li>All the cool kids are using it! </li></ul>
  14. 14. Vital Firefox Add-ins <ul><li>Web of Trust </li></ul><ul><li>NoScript </li></ul>
  15. 15. Web of Trust <ul><li>Warns users about risky websites that try to scam visitors, deliver malware, or send spam. </li></ul>
  16. 16. ginstrom…
  17. 17. warez…
  18. 18. NoScript <ul><li>Allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice. </li></ul>
  19. 20. Scripts from 15 sites!
  20. 21. Safer Email <ul><li>View email as plain text </li></ul><ul><li>Beware of phishing </li></ul><ul><li>Spam filtering </li></ul>
  21. 22. Example: MS Outlook
  22. 26. SpamBayes <ul><li>http://spamassassin.apache.org/ </li></ul>SpamAssassin <ul><li>http:// spambayes.sourceforge.net / </li></ul>
  23. 27. Stay Safe! <ul><li>http://ginstrom.com/ijet-19/ </li></ul>

×