391 likes | 599 Vues
Network Security. Security and Safety. Security controls access to your data. Who can see it Who can change it Safety guarantee’s availability of your data Your data is available. When you go to a Web Site What “Personal” Info is Transmitted. The Client’s (Your) IP address.
E N D
Security and Safety • Security controls access to your data. • Who can see it • Who can change it • Safety guarantee’s availability of your data • Your data is available
When you go to a Web Site What “Personal” Info is Transmitted • The Client’s (Your) IP address. • The server’s IP address • Your O/S • Your Browser • Many more items
Cookies • A cookie is a text file stored on your computer by a Web site that you visit • Cookies are good • The web site can be customized for you. • They can remember usernames and passwords • Cookies are bad • Cookies can be set by Web sites that you didn’t visit and can be used to track your Internet browsing habits.
Cookies (continued) • Some Web sites will not function well without Cookies (my.scranton.edu) • In fact my.scranton.edu will not function correctly if pop-ups are disables • Cookies expire (and will automatically be removed) after a certain amount of time (determined by the cookie setter). • Cookies can be manually removed by the user. • Your cookies can be read by anyone who has physical access to your computer. • Web sites that put cookies on your computer should have privacy policies that you can read if you’re worried.
Intermediate Computers • As data is moved across the internet from one computer to another, it almost always goes through other computers on its route. • These intermediate computers read the message headers and will pass on messages not intended for them. • BUT these computers can be configured to save copies of files • If you are transmitting sensitive data then the transmission should be encrypted • https is a secure protocol
Securing Your Computer Files. • Username/Password • On many systems the username is mandated so there is no choice for what to choose. • Don’t make easy to guess passwords. • Don’t make your password your username. • Don’t tell your friends your password. • Don’t write your password down and leave it near your computer. • Make it long.
Passwords (continued) • Some places (such as banks) have requirements for passwords, typically at least one letter, at least one digit, at least 6 characters long, no punctuation marks.
Dr. Sidbury’sPassword Rules • Make it long (at least 10 characters). • Use both letters and digits. If the password is case sensitive then use both upper and lower case letters. If allowed use special symbols. • My favorite is to use the first letters of words: • tb0ntbt1tQ (to be or not to be …) • P=2*(L+w) (perimeter is twice the length plus width. • There are several sites that will check the quality of a password.
XKCD.com’s password suggestion • http://www.xkcd.com/936/ • Vitaminwindowalmondpig and iif you put some capital letters in and a few symbls then it goes off the chart.
More on Passwords • Since passwords are needed to log into networks the username/password combinations must be stored on the computer somewhere. • On older windows systems the password files were plaintext. Most systems have encrypted password systems so even if the password file is compromised the system is secure. • The system manager account has special abilities so if that account is cracked then the whole system is vulnerable. • Passwords can also protect files.
Encryption • Encryption is the process of scrambling data so that it can’t be recognized. See social issues tab. • Information Literacy Concepts • NrjsvqexmtrPmxivegcGsrgitxw • Real computerized encryption is more complicated than a Caesar cypher but this gives a general flavor.
Firewalls • A firewall monitors traffic into and out of a network. • Firewalls can reside on your computer or on your network gateway or on your home server if you have one. • Firewalls are configured with rules to determine what traffic is permitted and what traffic is not.
Firewall Rules • Messages are sent in packets. • Each packet has a header. • The header information is used to evaluate firewall rules. • Basically, if the packet header contains the “right” information then the packet may pass through the firewall. If it does not, then the packet is not passed.
Firewall Rules (continued) • Format of firewall rules: • Allow everything to pass except… • Allow nothing to pass except...
Firewall Port Rules • A port (in this context) is a number that represents a logical connection to a program. • Port 80 is for http (and therefore for a browser) • Port 21 is for ftp (and therefore for filezilla for example) • Port 25 is for mail • A firewall rule that did not allow traffic to port 80 would effectively prohibit a computer from using its browser.
Location Rules • A location is a domain name or an IP address • If a firewall had a rule denying all connections except 134.198.168.8 then the only web site that could be reached would be www.cil.cs.scranton.edu.
Application Rules • An application rule specifies rules pertaining to a particular application • If port 21 were denied to all applications except filezilla then only filezilla would be able to do ftp even if you had other ftp programs.
Compound Firewall Rules • These rules combine several types of rules. • You could allow address 134.198168.8 to only Firefox. This would essentially mean that you could use Firefox to access the literacy server but could not access the literacy server from Internet Explorer or Safari.
Little Snitch • Little Snitch is the program on my Macbook pro that keeps putting up a window asking my permission to send data somewhere. So it’s part of a firewall doing interactive monitoring of outgoing signals. I have the ability to allow a given export connection forever, only this time, or not at all. • I have Little Snitch configured this way so that I can see whenever software decides to “phone home” when it should normally not be doing so.
Anti-virus • A virus is a program that is unwanted which runs on your computer normally without your knowledge. • Typically it will damage your computer, degrade its performance or make your computer perform unwanted tasks.
How Does Your Computer Get a Virus? • From e-mail attachments, macro files located in Word, excel or other documents, from files that you download from the Internet. • Viruses are programs so a virus designed for windows will not run on OS X and viruses designed for a mac will not run on windows.
How Does Anti-Virus Software Work? • It checks files to see if they contain viruses. • It checks your computer to see if it’s already running a virus. • It checks your computer to see if there’s a virus when the system boots up.
How is a Virus Recognized? • Viruses have characteristic patterns called signatures. • Anti-virus software looks at files to see if they contain these signatures. • Brand new viruses may have signatures that are not on file with the AV program • AV programs can also run general tests to see if a program behaves in a way that viruses behave even if they do not contain such a signature.
What if a File has a Virus? • The virus is removed from the file if possible. • If this is not possible, and typically for modern viruses it isn’t, then the file is “quarantined” • The quarantine folder can periodically be cleared and the infested files can be replaced by clean versions of said files.
How does AV Software Perform its Processes • AV software consists of two parts: • An engine • A database • The engine is the program that tests for viruses • The database contains the signatures to be checked against. • Both the engine and the database should be updated periodically
Updating AV Software • Typically AV software automatically checks to see if there is new data for the database on a regular basis. • The engine is also checked for updates regularly but typically less often.
DO NOT USE TWO ANTI-VIRUS PROGRAMS AT THE SAME TIME!!!!! • This will typically cause your computer to freeze and you will have to reboot and disable one of the two programs.
Subscriptions • AV programs are typically sold with a subscription • This means that when the subscription is over you will not be entitled to free updates of either the software or the database. • Renewing your subscription (at an additional cost) will give you full power
Windows Anti-Virus • On MY windows computers, I use Microsoft Security Essentials. • It’s free from MicroSoft and has no expiration date (so far). • Previously I used avast! Free edition. • MS Security Essentials is not licensed for non-personal use. • Anti-virus software does not protect you from all malware. • PEBKAC
Macintosh Anti-virus • So far, viruses are not a problem for macintosh computers. However, malware can still infect your machine. • Since the U requires you to have anti-virus software on your machine, I recommend clamav. It is free and is innocuous. • As with windows, watch out for PEBKAC
File (and folder) Permissions • Permissions allow the operating system to set up rules about files and folders and how they can be handled. • There are three actions: Read, Write, eXecute • There are three users: Owner, Group, World • Discuss the ramifications of this.