Safe Computing At Home And Work


Published on

Some considerations and resources from understanding online threats and avoiding them or reducing their impact.

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Safe Computing At Home And Work

    1. 1. Safe Computing at Home and WorK John Steensen Spatial Dynamics Corporation BYU Management Society – East Bay Chapter
    2. 2. Topics <ul><li>What we will cover </li></ul><ul><ul><li>Enough information to make informed choices </li></ul></ul><ul><ul><li>Where you can find more information </li></ul></ul><ul><li>What we will not cover </li></ul><ul><ul><li>In-depth technical questions </li></ul></ul><ul><li>Questions and Answers </li></ul><ul><ul><li>Answers will be kept short until the end </li></ul></ul><ul><ul><li>Many of the diagrams and definitions are from Wikipedia, CERT and NIST </li></ul></ul>
    3. 3. What is a Network? <ul><li>A set of interconnected devices </li></ul><ul><li>Often connecting to the “Internet” </li></ul>
    4. 4. “Hard-wired” vs “Wireless” <ul><li>Hardwired – connected by CAT-5 cables </li></ul><ul><li>Wireless – connected by radio waves </li></ul><ul><li>Security vs Convenience </li></ul>
    5. 5. What is an IP Address? <ul><li>IP (Internet Protocol) addresses are assigned to devices on the internet </li></ul><ul><li>Each address can only be used once </li></ul><ul><li>IPV4 vs IPV6 </li></ul>
    6. 6. What is a Private IP Address? <ul><li>These are IP addresses that can be used within a private network as long as they are not exposed to the internet </li></ul><ul><li>All IP addresses not defined as private are public </li></ul>
    7. 7. What is a Router? <ul><li>A router is a networking device that routes or directs information packets according to the IP addresses in those packets </li></ul><ul><li>A router provides: </li></ul><ul><ul><li>IP address routing </li></ul></ul><ul><ul><li>network address translation (NAT) </li></ul></ul><ul><ul><li>DHCP functions </li></ul></ul><ul><ul><li>firewall functions </li></ul></ul><ul><ul><li>LAN connectivity like a network switch </li></ul></ul>
    8. 8. What is a Firewall? <ul><li>The term &quot;firewall&quot; originally meant a wall to confine a fire or potential fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. </li></ul><ul><li>A network firewall protects your devices from “bad things” on the other side of the firewall. </li></ul><ul><li>Those “bad things” are usually attempts to gain unauthorized access to your systems </li></ul>
    9. 9. What is DHCP? <ul><li>Dynamic Host Configuration Protocol </li></ul><ul><li>IP addresses expire and are renewed periodically </li></ul><ul><li>Usually assign private IP addresses at home or SOHO </li></ul><ul><li>A typical DHCP session </li></ul><ul><li>DHCP often runs in router </li></ul>
    10. 10. What is a VPN? <ul><li>A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) as opposed to running across a single private network. </li></ul><ul><li>VPN’s are usually encrypted to protect the traffic between specific access points. </li></ul>
    11. 11. What is a Virus? <ul><li>A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. </li></ul><ul><li>A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, or USB drive. </li></ul><ul><li>Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. </li></ul>
    12. 12. What is Not a Virus? <ul><li>The term &quot;virus&quot; is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability. </li></ul><ul><li>Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. </li></ul><ul><li>Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. </li></ul>
    13. 13. What was the first Virus? <ul><li>In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues[citation needed] that read: “We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames.” </li></ul>
    14. 14. What is a Worm? <ul><li>A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. </li></ul><ul><li>Unlike a virus, it does not need to attach itself to an existing program. A worm can spread itself to other computers without needing to be transferred as part of a host. </li></ul>
    15. 15. What is a Trojan Horse? <ul><li>A Trojan horse is a program that appears harmless but has a hidden agenda. </li></ul><ul><li>Examples: </li></ul><ul><ul><li>Flash module </li></ul></ul><ul><ul><li>Online game </li></ul></ul><ul><ul><li>Zipped file </li></ul></ul><ul><ul><li>Word or Excel file </li></ul></ul><ul><ul><li>PDF </li></ul></ul>
    16. 16. How Do Viruses Get Into Computers? <ul><li>Viruses take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread. </li></ul>
    17. 17. What is an Anti-virus? <ul><li>Anti-virus software (or anti-virus) is computer software used to identify and remove computer viruses, as well as many other types of harmful computer software, collectively referred to as malware. While the first anti-virus software was designed exclusively to combat computer viruses (hence &quot;anti-virus&quot;), modern anti-virus software can protect computer systems against a wide range of malware, including worms, rootkits, and Trojans. </li></ul>
    18. 18. Popular Anti-virus Programs <ul><li>avast! </li></ul><ul><li>Avira </li></ul><ul><li>AVG Anti-Virus </li></ul><ul><li>BitDefender </li></ul><ul><li>BullGuard </li></ul><ul><li>CA Anti-Virus </li></ul><ul><li>Cisco Security Agent </li></ul><ul><li>DriveSentry (antivirus, antispyware and HIPS technologies) </li></ul><ul><li>eSafe </li></ul><ul><li>Fortinet FortiClient End Point Security </li></ul><ul><li>F-PROT </li></ul><ul><li>F-Secure </li></ul><ul><li>G DATA Software </li></ul><ul><li>Graugon AntiVirus Pro </li></ul><ul><li>Kaspersky Anti-Virus </li></ul><ul><li>LinuxShield </li></ul><ul><li>McAfee VirusScan </li></ul><ul><li>nProtect </li></ul><ul><li>NOD32 </li></ul><ul><li>Norman ASA </li></ul><ul><li>Norton AntiVirus/Norton 360 </li></ul><ul><li>Panda Security </li></ul><ul><li>PC Tools AntiVirus </li></ul><ul><li>Rising AntiVirus </li></ul><ul><li>Sophos Anti-Virus </li></ul><ul><li>Trend Micro Internet Security </li></ul><ul><li>Vba32 AntiVirus </li></ul><ul><li>Windows Live OneCare </li></ul><ul><li>ZoneAlarm </li></ul>
    19. 19. Free Anti-virus Programs <ul><li>Avira AntiVir Personal - Free Antivirus (nagware - home use only) </li></ul><ul><li>AVG Anti-Virus Free (registerware/nagware) </li></ul><ul><li>avast! Home Edition (registerware - home use only) </li></ul><ul><li>BitDefender Free (lacks an on-access scanner) </li></ul><ul><li>Comodo AntiVirus (home and business use) </li></ul><ul><li>DriveSentry (some paid features) </li></ul><ul><li>F-PROT for Linux, FreeBSD, MS-DOS </li></ul><ul><li>Graugon AntiVirus </li></ul><ul><li>Malwarebytes AntiMalware (on-demand scanner is free; real-time protection is one-time fee) </li></ul><ul><li>PC Tools AntiVirus Free Edition </li></ul><ul><li>Rising Antivirus Free Edition </li></ul>
    20. 20. What is a Rootkit? <ul><li>A rootkit is malware which consists of a program (or combination of several programs) designed to hide or obscure the fact that a system has been compromised. </li></ul><ul><li>Rootkits may also install a 'backdoor' in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination which in turn allows an attacker to access the system regardless of changes to the actual accounts on the system. </li></ul>
    21. 21. How is a Rootkit Installed? <ul><li>In 2005, Sony BMG caused a scandal by including rootkit software on music CDs that, in an attempt to enforce DRM, opened a backdoor that allowed root access to anyone aware of the rootkit's installation. The scandal raised the public's awareness of rootkits, while the public relations fallout for Sony was compared by one analyst to the Tylenol scare. </li></ul><ul><li>Just putting the Sony CD in your PC to play the music installed the rootkit. </li></ul>
    22. 22. What is “Clickjacking”? <ul><li>Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. </li></ul><ul><li>A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. </li></ul><ul><li>Clickjacking, also known as UI Redressing, is possible not because of a software bug, but because seemingly harmless features of web pages can perform unexpected actions. </li></ul><ul><li>A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The user thinks they are clicking the visible buttons, while they are actually performing actions on the hidden page. </li></ul>
    23. 23. What are Digital Signatures? <ul><li>A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. </li></ul><ul><li>Digital signatures can also provide non-repudiation , meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret. </li></ul>
    24. 24. What is PKI? <ul><li>The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. </li></ul><ul><li>In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. </li></ul><ul><li>The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. </li></ul><ul><li>The PKI role that assures this binding is called the Registration Authority (RA) . </li></ul><ul><li>For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA. </li></ul>
    25. 25. How does PKI Work?
    26. 26. What is a Certificate Authority? <ul><li>In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes. </li></ul><ul><li>There are many commercial CAs that charge for their services. There are also several providers issuing digital certificates to the public at no cost. Institutions and governments may have their own CAs. </li></ul>
    27. 27. What is Social Networking? <ul><li>A social network service focuses on building online communities of people who share interests and/or activities, or who are interested in exploring the interests and activities of others. Most social network services are web based and provide a variety of ways for users to interact, such as e-mail and instant messaging services. </li></ul>
    28. 28. Social Networking Sites <ul><li>MySpace </li></ul><ul><li>FaceBook </li></ul><ul><li>LinkedIn </li></ul><ul><li>Plaxo </li></ul><ul><li>Xing </li></ul><ul><li>Twitter </li></ul>
    29. 29. Rubbing the Wrong Elbows
    30. 30. Who is China’s 50-cent Army? <ul><li>300,000 paid posters </li></ul><ul><li>Paid 50-cents Chinese (about 7 cents US) per “correct” posting </li></ul><ul><li>Intended to promote Chinese government’s political positions in the social networks of the world </li></ul>
    31. 31. What are Web Browsers? <ul><li>A Web browser is a software application which enables a user to display and interact with text, images, videos, music, games and other information typically located on a Web page at a Web site on the World Wide Web or a local area network. Text and images on a Web page can contain hyperlinks to other Web pages at the same or different Web site. </li></ul><ul><li>Web browsers allow a user to quickly and easily access information provided on many Web pages at many Web sites by traversing these links. </li></ul><ul><li>Web browsers format HTML information for display, so the appearance of a Web page may differ between browsers. </li></ul>
    32. 32. Popular Web Browsers
    33. 33. What is “Phishing”? <ul><li>Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. </li></ul><ul><li>Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication it requires skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. </li></ul><ul><li>Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization. </li></ul>
    34. 34. What is E-mail? <ul><li>Electronic mail, often abbreviated as e-mail, email, or eMail, is any method of creating, transmitting, or storing primarily text-based human communications with digital communications systems. </li></ul><ul><li>Modern e-mail systems are based on a store-and-forward model in which e-mail computer server systems, accept, forward, or store messages on behalf of users, who only connect to the e-mail infrastructure with their personal computer or other network-enabled device for the duration of message transmission or retrieval to or from their designated server. Rarely is e-mail transmitted directly from one user's device to another's. </li></ul>
    35. 35. How does E-mail Work?
    36. 36. What is Instant Messaging (IM)? <ul><li>Instant messaging (IM) is a form of real-time communication between two or more people based on typed text. The text is conveyed via devices connected over a network such as the Internet. </li></ul>
    37. 37. Using Instant Messaging (IM) at Work <ul><li>Instant messaging has proven to be similar to personal computers, e-mail, and the World Wide Web, in that its adoption for use as a business communications medium was driven primarily by individual employees using consumer software at work, rather than by formal mandate or provisioning by corporate information technology departments. </li></ul><ul><li>In response to the demand for business-grade IM and the need to ensure security and legal compliance, a new type of instant messaging, called &quot;Enterprise Instant Messaging&quot; (&quot;EIM&quot;) was created when Lotus Software launched IBM Lotus Sametime in 1998. Microsoft followed suit shortly thereafter with Microsoft Exchange Instant Messaging, later created a new platform called Microsoft Office Live Communications Server. </li></ul>
    38. 38. What are the Risks of IM? <ul><li>Although instant messaging delivers many benefits, it also carries with it certain risks and liabilities, particularly when used in workplaces. Among these risks and liabilities are: </li></ul><ul><ul><li>Security risks (e.g. IM used to infect computers with spyware, viruses, trojans, worms) </li></ul></ul><ul><ul><li>Compliance risks (over 10,000 U.S. laws and regulations related to electronic messaging and records retention) </li></ul></ul><ul><ul><li>Inappropriate use </li></ul></ul><ul><ul><li>Intellectual property leakage </li></ul></ul><ul><li>Crackers (malicious &quot;hacker&quot; or black hat hacker) have consistently used IM networks as vectors for delivering phishing attempts, &quot;poison URL's&quot;, and virus-laden file attachments from 2004 to the present, with over 1100 discrete attacks listed by the IM Security Center. </li></ul>
    39. 39. What are Chat Rooms? <ul><li>A chat-room is an electronic gathering place for groups of people. Online chat is a way of communicating by sending text messages to people in the same chat-room in real-time. Some chat rooms such as Yahoo! use both text and voice simultaneously. </li></ul>
    40. 40. Chat-rooms can be Dangerous <ul><li>“ Most of these cases, involve a similar tactic. The perpetrator lurks in a public chat room looking for a child he thinks is vulnerable. I use “he” because most sexual predators are male; however, there have been cases of adult women using the Internet to solicit underage boys & girls. When he finds someone who seems susceptible, he invites the child into a private area of the chat room to get better acquainted. Next comes private chat via instant messaging followed by e-mail, phone and finally, an in person meeting.” </li></ul><ul><li>National Center for Missing and Exploited Children’s (NCMEC) </li></ul>
    41. 41. What is VoIP? <ul><li>Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks. </li></ul><ul><li>Skype, Comcast, Astound, etc. </li></ul><ul><li>Usually cheaper than Public Switched Telephone Network (PSTN) </li></ul>
    42. 42. How does VoIP Work?
    43. 43. VoIP Issues <ul><li>Security </li></ul><ul><ul><li>Calls can be intercepted/recorded </li></ul></ul><ul><li>911 is different </li></ul><ul><ul><li>No power – no phone </li></ul></ul><ul><li>Voice quality can vary </li></ul><ul><ul><li>Internet busy may reduce quality </li></ul></ul>
    44. 44. What is “SPAM”? <ul><li>Spam is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, internet forum spam, junk fax transmissions, and file sharing network spam. </li></ul>
    45. 45. Cost of SPAM <ul><li>The California legislature found that spam cost United States organizations alone more than $13 billion in 2007, including lost productivity and the additional equipment, software, and manpower needed to combat the problem. </li></ul>
    46. 46. What is E-mail “Spoofing”? <ul><li>E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. </li></ul>
    47. 47. What are Sender Lists? <ul><li>Safe Sender List </li></ul><ul><ul><li>Messages from safe senders will not be sent to the junk e-mail folder. </li></ul></ul><ul><li>Blocked Sender List </li></ul><ul><ul><li>Messages from blocked senders are automatically deleted. </li></ul></ul>
    48. 48. What Regulations Govern E-mail? <ul><li>Federal </li></ul><ul><ul><li>C ontrolling the A ssault of N on- S olicited P ornography A nd M arketing Act of 2003 (CAN-SPAM Act of 2003). </li></ul></ul><ul><li>California </li></ul><ul><ul><li>Business and Professions Code Section 17538.4 and Section 17538.45 </li></ul></ul>
    49. 49. What are “Appropriate Use Policies (AUPs)?” <ul><li>An acceptable use policy (AUP; also sometimes acceptable usage policy) is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners often to reduce the potential for legal action that may be taken by a user. </li></ul><ul><li>Acceptable use policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. </li></ul>
    50. 50. What is a “Privacy Policy”? <ul><li>A privacy policy is a legal document that is dealing with the information related to customers' and merchants' private profiles. Such examples could be the instance of a website providing information about the use of personal information - particularly personal information collected via the website - by the website owner. Privacy policies usually contain details of what personal information is collected, how the personal information may be used, the persons to whom the personal information may be disclosed, the security measures taken to protect the personal information, and whether the website uses cookies and/or web bugs. </li></ul>
    51. 51. What is DNS/Domain Hijacking? <ul><li>DNS hijacking is the practice of hijacking the resolution of DNS names to IP addresses by the use of rogue DNS servers. </li></ul><ul><li>Domain hijacking is the process by which internet domain names are stolen from the rightful registrant. </li></ul>
    52. 52. When to use Encryption? <ul><li>Data in Motion </li></ul><ul><ul><li>Protects information moving through the internet (emails, attachments, logins) </li></ul></ul><ul><ul><li>Examples: Encryptomatic, WinZip </li></ul></ul><ul><li>Data at Rest </li></ul><ul><ul><li>Protect data stored on your PC’s, laptops and PDAs </li></ul></ul><ul><ul><li>Examples: Microsoft BitLocker Drive Encryption, TrueCrypt </li></ul></ul>
    53. 53. Helpful Sites <ul><li>United States Computer Emergency Readiness Team ( ) </li></ul>
    54. 54. Helpful Sites <ul><li>National Institute of Standards and Technology Computer Security Resource Center ( / ) </li></ul>
    55. 55. Questions and Answers <ul><li>Contact info: </li></ul><ul><ul><li>John Steensen </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>925-413-6379 </li></ul></ul>