1 / 61

SECURITY ON THE INTERNET

SECURITY ON THE INTERNET. Did you know others have likely attacked your computer already ??. 6/2003, 10/2004, 10/2005, 7/2006, Joe Collins. Q1: How quickly is a new computer infected when first connected to the Internet?. 20 minutes 24 hours 1 week 4 weeks 3 months.

louisa
Télécharger la présentation

SECURITY ON THE INTERNET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY ON THE INTERNET Did you know others have likely attacked your computer already?? 6/2003, 10/2004, 10/2005, 7/2006, Joe Collins

  2. Q1: How quickly is a new computer infected when firstconnected to the Internet? • 20 minutes • 24 hours • 1 week • 4 weeks • 3 months

  3. A1: How fast is a new computer infected when first connected to the Internet? ANSWER:TWENTY MINUTES • “More than ever, Windows buyers need to make sure that they equip their new machines with an array of tools to fend off attacks and malicious software” • “Even on a brand-new Windows machine, you should immediately obtain an arsenal of security programs, and keep them updated. One recent test showed that a brand-new, unprotected Windows machine became infected with viruses in just 20 minutes on the Internet.” • “You should have a firewall, an antivirus program, an antispyware program and an antispam program. The built-in Windows firewall and Windows' new Security Center aren't enough to protect you.” • Reference: Wall Street Journal – 9/30/2004, page B1

  4. Q2: What % of computers have a security breach of some sort? • 7% • 17% • 30% • 50% • 70%

  5. A2: What % of computers have a security Breach of some sort? ANSWER: 70% • Some 70% of all computers have suffered a security breach of some sort (virus, spyware, keylogger, hijacked browser etc). Investors Business Daily, October 1st, 2004, page A4 • Another source says 90% of computers have security breaches. • DirectRevenue alone has breached nearly 100 million computers (business week 7/2006, page 41).

  6. Q3: How many different computer viruses as of August 2005? • 14 • 143 • 194 • 11,157 • over 200,000

  7. A3: How many different viruses as of August 2005? ANSWER: 200,000+ • Authentium, Inc (West Palm Beach, FL) reports there are 200,000 individual computer viruses as of August 2005 and the number doubles every year. • Dealing with viruses, spyware, PC theft and other computer-related crimes costs U.S. businesses a staggering $67.2 billion a year (FBI, January 2006). • The “I Love You” Virus (in 2000) cost $10 billion dollars alone as it hit 45 million personal computers.

  8. SO IS THERE ANY INTERNET SECURITY??

  9. OUR TOPICS FOR DISCUSSION • SPAM EMAIL • VIRUSES • KEYLOGGERS • POPUP/BANNER ADS • COOKIES • SHOPPING ONLINE • SPYWARE • HOAXES/PHISHING • PORT SCANNING • YOUR OLD COMPUTER • ROUTERS • PUBLIC COMPUTERS • TRENDS • SOLUTIONS • WHAT I USE • QUESTIONS

  10. THE INTERNET • IT IS TRULY A 2 WAY STREET. • YOU READ EMAIL, BROWSE THE WEB, TRAVERSING HUNDREDS OF COMPUTERS IN THE PROCESS. • OTHERS PUT PROGRAMS ON YOUR COMPUTER TO SPY ON YOU, RECORD YOUR KEYSTROKES, HJACK YOUR BROWSER OR WORSE.

  11. SPAM EMAIL • Over 60 billion emails (of all types) projected to be sent DAILY by 2006. • Why do spammers use email? Far cheaper than printing up colorful newspaper inserts or mailing you ads via the US Post Office. • To mail 1,000 flyers cost some $300+, just in postage. To email 1,000,000 people cost you nothing. Scott Richter (of Colorado) sends over 100 million spam emails PER DAY! • Some 70-75% of all EMAIL is now spam, it was 50% April (2003). AOL blocked 2.3 Billion spam emails per day in April 2003. • MICROSOFT and others have sued 20+ SPAMMERS, responsible for 2 billion spam emails. • Some 80% of spam comes from China (WSJ 3/19/2004) • SPAM email costs you and I real money. • SPAM email sometimes includes virus attachments.

  12. My Spammed email account:

  13. Daily spam emails sent As measured at: Ryerson University, California

  14. SPAM EMAIL • HOW DID THEY FIND YOUR EMAIL ADDRESS? • Online Shopping, Web Forms, Usenet, forums • HOW MANY DO YOU GET PER DAY? • Average person’s email is 70-75% spam • SPAM MAY INCLUDE ATTACHED VIRUSES • Beware of email from strangers and even companies you deal with, i.e. Valley National Bank, Ebay etc! • Never open an email unless you are CERTAIN it is legitmate. • HOW TO “HIDE” FROM THE SPAMMERS • Keep 2 email accounts: one public & one private. • Give private email account to friends and family ONLY. • Use public email account for everything else.

  15. COMPUTER VIRUSES/WORMS • WHAT THEY ARE • Rogue computer programs that damage computers. • THE DAMAGE THEY CAN DO • Wipe out your hard drive, damage files, change numbers in files, install programs, record your keystrokes. • HOW WE GET VIRUSES • Attached to email or imbedded in downloaded programs • Thousands of new viruses appear every month • The Samy Virus (October 4, 2005) hit over one million users within 24 hours of release. • HOW TO MINIMIZE THE RISK • Never download a program unless you check it carefully before using it. • NEVERopen an email from a stranger (see next 2 slides) • Be careful of email from others, very careful • Run software to detect/remove these rogue programs. • I use AVG AntiVirus (free version) for stopping viruses. ALWAYS--check a new program with your anti-virus software before you install it –ALWAYS.

  16. Virus detected:

  17. Keyloggers • ‘Hidden’ programs that record your every keystroke. • Capturing your passwords, credit cards and so on • They then send this back to their source via the Internet. • Now that unknown person or company has your passwords and credit card numbers!! • Visit this site to stay current on the latest list of nasty software, including keyloggers: http://research.pestpatrol.com/Lists/TopTenPestsByType.asp

  18. POP UP ADS • YOU ENTER OR EXIT A WEB PAGE and... YOU START SEEING POPUP ADS • Usually done with JavaScript programming in the web page itself. DirectRevenue uses this approach to pop up 30 ads per day on 100 million computers. • WHY THEY DO IT • Get your attention since people usually ignore banner ads. • HOW TO STOP THEM • Use software to disable the pop-ups. Google does a good job of stopping popups and Panicware’s popup stopper is also good.

  19. POPUPS & BANNER ADS • ON MOST WEB PAGES (on the top or on the side) • ARE THEY SAFE? NOT REALLY! • May track your ‘clicks’ and thus learn your preferences. • These same banner ads then report back to some unknown company on which web sites you visit, a new form of stalking! • DirectRevenue is one company that does this and routinely will bombard you with some 30 popups per day. They are paid by Priceline.Com, Delta Airline, Cingular Wireless,Travelocity.com and other major corporations. • HOW TO PROTECT YOURSELF • Monitor ‘cookies’ frequently or just erase them weekly. In Internet Explorer: Tools->Internet Options->General-Delete Cookies. • Use software to convert cookies to session only, i.e. CookieCop or a program like it.

  20. EXAMPLE OF TRACKING YOUR USE OF THE INTERNET.

  21. EXAMPLE OF POPUPS & BANNER ADS

  22. COOKIES • WHAT ARE THEY? • Small files web pages place on your computer. • Remembers your preferences. • WHY THEY ARE USEFUL • Remembers your id and password for web pages you visit. • Remembers your preferences as well. • THE GOOD AND THE BAD • Sets preferences when you load web pages but some companies will then closely track which web pages you visit. • HOW TO MANAGE THEM • Get software to block most cookies (or) erase them weekly. • They are found in the ‘Cookies’ subdirectory for your logon id (for Windows XP users).

  23. SHOPPING ONLINE • THE RISKS • You enter credit card and other personal information on a web page. • WHEN IS IT SAFE? • Does the web page employ SSL technology to encrypt this information when you send it? • HOW DO YOU KNOW IT IS SAFE? • The web page usually signals you when they encrypt responses.

  24. SHOPPING ONLINE Latest trends… • Single-use Credit Card Numbers • Citibank • Discover Card • MBNA • Only on ONE computer (so if stolen, will not work) • VISA • Iron-clad online guarantee (see their web page): • American Express

  25. SPYWARE! • There are some 78,000 different spyware programs impacting computer users! • WHAT THEY SPY ON • How you use the computer, your programs, scan your email addresses or inbox, what web pages you visit, etc…. • HOW THEY PUT IT ON YOUR COMPUTER • Often arrives in some other innocent email or downloaded program. • WHAT THEY USE IT FOR • Track what you do and report back to someone. • Can learn your preferences and more.

  26. Detecting/Removing Spyware • I use four software tools to detect/remove spyware/viruses and I run these weekly: • Lavasoft’s Ad-aware (free download) • Spybot (free download) • Spysweeper (free download, $29/yr subscription) • AVG Antivirus (free download) • All four are needed to do a fairly complete job. It is far better to prevent them than to try to remove them.

  27. HOAXES (also known as) Phishing • Emails that masquerade as coming from someone else, i.e. IRS, Discover card, Microsoft, Ebay, Paypal and others. The email can look very legitimate! • Over 70 million Americans have received them thus far. • The masquerading email asks you to confirm your credit card or other personal information. • Do NOT trust these emails! • More details at: • http://www.msnbc.com/news/884810.asp • http://hoaxbusters.ciac • Examples follow this slide….

  28. Was it Paypal? • That first link directed me NOT to Paypal but to this link: http://la.znet.nethere.net/~marie/cgi_bin/webscr=cmd=_home/ • That web page looks identical to Paypal but simply collects your logon id and password and thus they can then withdraw money from your account. • I reported this person to their ISP and they promptly shut her down. • Be careful! Always inspect the web page address before you trust it. I use the tool Spoofstick which tells me the real web address on web pages I visit. Very helpful.

  29. HOAXES/Phishing • As you can see, spammers etc have now ‘forged’ other email addresses so as to look very legitimate. • They also send official looking emails to you asking you to run a program or give them personal information. • They even ‘hide’ the program in a zip file so your virus software cannot detect it! • BE CAREFUL! Rarely trust an email from the government or a corporation. Contact them via telephone or their web page to be sure it is a legitimate email (which is very unlikely). • Report Phishing attempts to the US Government: spam@uce.gov

  30. PORT SCANNING • Outsiders may do a port scan, looking to enter your computer, masquerading as an FTP connection or a Web Browser link or TELNET . • I have been getting 1-2 attempts PER DAY! • More likely if you have DSL or CABLE access. • Keep your ports locked up or monitor closely • Use IceSword to monitor ports (http://find.pcworld.com/53710) • Use ZoneAlarm to shut down your ports (http://zonelabs.com) • More details at: • http://www.dslreports.com/faq/security?r=878 • You should test your computer security at: • http://www.dslreports.com/scan • http://www.securitymetrics.com/portscan.adp

  31. EXAMPLE OF PORT SCANNING Attempt traced back to New Delhi India

  32. ANOTHER EXAMPLE Attempt Traced back to Yokohama Japan

  33. Your old computer • Did you throw it out? Was the hard drive still in it? • What thieves may have done with your old hard drive! They can recover the contents!! • What the impact can be • Get your passwords, your email, your personal files • How to minimize your risk • Get a “wipedisk program (WIPEDISK, BCWIPE, U-WIPE) and thoroughly erase that hard drive BEFORE you throw it out. I drive a nail through my old harddrives!

  34. A harddrive with a nail hole in it: Below is a harddrive I destroyed. I do the same to CDROMs also, i.e. I break them into pieces before throwing them out.

  35. IN THE CLEAR • Email contents can be read by many others as it goes from computer to computer. Be careful what you put in an email. Others will see it. • Your (ftp) id and password, are also visible to others. • What does this mean? Others can copy it & use it for their own purposes. • Never put anything personal in an email, i.e. no birthdates, account numbers, social security numbers and so on.

  36. HiJacked Browsers • Does your Internet Browser act strange? • Does it always take you to a strange web site? • Can you change the default home page? If not, your browser may have been hijacked!! • Might not be easy to fix as the hijacker has modified your computer (if you had administrative privileges). • Usually you need to reboot in SAFE MODE and then delete the offending files and also likely need to make risky registry changes! • It is ar better to NOT run with administrative privileges to prevent it in the first place. • Use another browser instead, i.e. Netscape, Mozilla Firefox (which I use) instead of Internet Explorer which hackers target, • Note: Cool Web Search is very nasty and very hard to remove!

  37. Dangerous programs • Smiley Central • KAZAA • Cool Web Search • HotBar • Bonzi Buddy • Speedblaster • MemoryMeter • Best Offers See also: http://www.pchell.com/support/spyware.shtml

  38. Administrator Userid • Your logon userid on a new computer defaults to Administrator privileges so you can install programs. • But spyware/viruses/keyloggers will also install their programs while you have these same Administrative privileges! Solution: • Create a user account (non-privileged) and use that account for email, web browsing, etc. • Rename your Administrator account to another name and keep it logged off and also use an obscure password for it • See next two slides to see how to do it.

  39. ROUTERS • A router allows multiple computers to easily share one internet connection. • May allow port blocking to stop port scanning • Hides your real IP address via NAT; NAT = native address translation. Some also use SPI or Stateful Packet Inspection as an added benefit. • Thus a router functions as a simple firewall. • I use the Linksys BEFSR41 4 Port Wired Router which costs about $50 or so, as well as wireless routers. • I reset it weekly, i.e. turn it off for 15 minutes and then back on. [I do the same to the modem also]. This changes the IP address that others will see.

  40. My Router Connection (simplified)

  41. The primary router I use…

  42. Wireless routers • Not very secure….anyone can use it, even from the street. Do this to increase security: • Change the default router password and default SSID (Service Set Identifier) name. • Disable SSID broadcasting. • Enable the firewall software, encryption and MAC filtering (Media Access Control) • Read your router manual for details on the above & variations on this.

  43. Using computers in public places • Never save your password locally • Never save your user-id; after you are done, type in anyone@hotmail.com or something like it in the user-id field so the next user sees that and not your real email address. • Always assume the public computer has a virus or spyware. • Use for browsing or simple emailing only • Erase the cookies on that computer when you are done and also clear outyour internet history (tools-> internet options ->general; then click each of these: clear history, delete cookies, delete files)

More Related