SECURITY

Document Sample
SECURITY Powered By Docstoc
					           SECURITY ON THE INTERNET

                                          Did you know others
                                          have likely attacked
                                          your computer
                                          already??




6/2003, 10/2004, 10/2005, 7/2006, Joe Collins
Q1: How quickly is a new computer infected
 when first connected to the Internet?

1.   20 minutes
2.   24 hours
3.   1 week
4.   4 weeks
5.   3 months
A1: How fast is a new computer infected
when first connected to the Internet?

ANSWER:             TWENTY MINUTES

   “More than ever, Windows buyers need to make sure that they equip their new
    machines with an array of tools to fend off attacks and malicious software”

   “Even on a brand-new Windows machine, you should immediately obtain an
    arsenal of security programs, and keep them updated. One recent test
    showed that a brand-new, unprotected Windows machine became
    infected with viruses in just 20 minutes on the Internet.”

   “You should have a firewall, an antivirus program, an antispyware program and
    an antispam program. The built-in Windows firewall and Windows' new Security
    Center aren't enough to protect you.”

   Reference: Wall Street Journal – 9/30/2004, page B1
Q2: What % of computers have a security
breach of some sort?

1.   7%
2.   17%
3.   30%
4.   50%
5.   70%
A2: What % of computers have a
security Breach of some sort?

ANSWER:       70%

   Some 70% of all computers have suffered a security
    breach of some sort (virus, spyware, keylogger,
    hijacked browser etc). Investors Business Daily,
    October 1st, 2004, page A4
   Another source says 90% of computers have
    security breaches.
   DirectRevenue alone has breached nearly 100
    million computers (business week 7/2006, page 41).
Q3: How many different computer
viruses as of August 2005?

1.   14
2.   143
3.   194
4.   11,157
5.   over 200,000
A3: How many different viruses as of
August 2005?

ANSWER: 200,000+
 Authentium, Inc (West Palm Beach, FL) reports there
  are 200,000 individual computer viruses as of
  August 2005 and the number doubles every year.
 Dealing with viruses, spyware, PC theft and other
  computer-related crimes costs U.S. businesses a
  staggering $67.2 billion a year (FBI, January 2006).
 The “I Love You” Virus (in 2000) cost $10 billion
  dollars alone as it hit 45 million personal computers.
SO IS THERE ANY INTERNET
       SECURITY??
OUR TOPICS FOR DISCUSSION
   SPAM EMAIL
   VIRUSES
   KEYLOGGERS
   POPUP/BANNER ADS
   COOKIES
   SHOPPING ONLINE
   SPYWARE
   HOAXES/PHISHING
   PORT SCANNING
   YOUR OLD COMPUTER
   ROUTERS
   PUBLIC COMPUTERS
   TRENDS
   SOLUTIONS
   WHAT I USE
   QUESTIONS
THE INTERNET

   IT IS TRULY A 2 WAY STREET.

   YOU READ EMAIL, BROWSE THE WEB,
    TRAVERSING HUNDREDS OF COMPUTERS IN
    THE PROCESS.

   OTHERS PUT PROGRAMS ON YOUR COMPUTER
    TO SPY ON YOU, RECORD YOUR KEYSTROKES,
    HJACK YOUR BROWSER OR WORSE.
SPAM EMAIL
   Over 60 billion emails (of all types) projected to be sent DAILY by 2006.
   Why do spammers use email? Far cheaper than printing up colorful
    newspaper inserts or mailing you ads via the US Post Office.
   To mail 1,000 flyers cost some $300+, just in postage. To email 1,000,000
    people cost you nothing. Scott Richter (of Colorado) sends over 100
    million spam emails PER DAY!
   Some 70-75% of all EMAIL is now spam, it was 50% April (2003). AOL
    blocked 2.3 Billion spam emails per day in April 2003.
   MICROSOFT and others have sued 20+ SPAMMERS, responsible for 2
    billion spam emails.
   Some 80% of spam comes from China (WSJ 3/19/2004)
   SPAM email costs you and I real money.
   SPAM email sometimes includes virus attachments.
My Spammed email account:
Daily spam emails sent

                         As measured
                         at: Ryerson
                         University,
                         California
SPAM EMAIL
   HOW DID THEY FIND YOUR EMAIL ADDRESS?
    –   Online Shopping, Web Forms, Usenet, forums
   HOW MANY DO YOU GET PER DAY?
    –   Average person‟s email is 70-75% spam
   SPAM MAY INCLUDE ATTACHED VIRUSES
    –   Beware of email from strangers and even companies you
        deal with, i.e. Valley National Bank, Ebay etc!
    –   Never open an email unless you are CERTAIN it is legitmate.
   HOW TO “HIDE” FROM THE SPAMMERS
    –   Keep 2 email accounts: one public & one private.
    –   Give private email account to friends and family ONLY.
    –   Use public email account for everything else.
COMPUTER VIRUSES/WORMS
   WHAT THEY ARE
     –  Rogue computer programs that damage computers.
   THE DAMAGE THEY CAN DO
     –  Wipe out your hard drive, damage files, change numbers in files, install programs, record
        your keystrokes.
   HOW WE GET VIRUSES
     –  Attached to email or imbedded in downloaded programs
     –  Thousands of new viruses appear every month
     –  The Samy Virus (October 4, 2005) hit over one million users within 24 hours of release.
   HOW TO MINIMIZE THE RISK
     –   Never download a program unless you check it carefully before using it.
     –   NEVER open an email from a stranger (see next 2 slides)
     –   Be careful of email from others, very careful
     –   Run software to detect/remove these rogue programs.
     –   I use AVG AntiVirus (free version) for stopping viruses.
     ALWAYS--check a new program with your anti-virus software before you install it – ALWAYS.
Virus detected:
Keyloggers

   „Hidden‟ programs that record your every keystroke.
   Capturing your passwords, credit cards and so on
   They then send this back to their source via the Internet.
   Now that unknown person or company has your passwords and
    credit card numbers!!
   Visit this site to stay current on the latest list of nasty software,
    including keyloggers:
    http://research.pestpatrol.com/Lists/TopTenPestsByType.asp
POP UP ADS

   YOU ENTER OR EXIT A WEB PAGE and...
    YOU START SEEING POPUP ADS
     – Usually done with JavaScript programming in the web page
       itself. DirectRevenue uses this approach to pop up 30 ads
       per day on 100 million computers.
   WHY THEY DO IT
     – Get your attention since people usually ignore banner ads.
   HOW TO STOP THEM
     – Use software to disable the pop-ups. Google does a good
       job of stopping popups and Panicware‟s popup stopper is
       also good.
POPUPS & BANNER ADS
   ON MOST WEB PAGES (on the top or on the side)
   ARE THEY SAFE? NOT REALLY!
    –   May track your „clicks‟ and thus learn your preferences.
    –   These same banner ads then report back to some unknown
        company on which web sites you visit, a new form of stalking!
    –   DirectRevenue is one company that does this and routinely will
        bombard you with some 30 popups per day. They are paid by
        Priceline.Com, Delta Airline, Cingular Wireless,Travelocity.com
        and other major corporations.
   HOW TO PROTECT YOURSELF
    –   Monitor „cookies‟ frequently or just erase them weekly. In Internet
        Explorer: Tools->Internet Options->General-Delete Cookies.
    –   Use software to convert cookies to session only, i.e. CookieCop or
        a program like it.
EXAMPLE OF TRACKING YOUR USE
OF THE INTERNET.
EXAMPLE OF POPUPS & BANNER ADS
COOKIES
   WHAT ARE THEY?
    –   Small files web pages place on your computer.
    –   Remembers your preferences.
   WHY THEY ARE USEFUL
    –   Remembers your id and password for web pages you visit.
    –   Remembers your preferences as well.
   THE GOOD AND THE BAD
    –   Sets preferences when you load web pages but some companies
        will then closely track which web pages you visit.
   HOW TO MANAGE THEM
    –   Get software to block most cookies (or) erase them weekly.
    –   They are found in the „Cookies‟ subdirectory for your logon id (for
        Windows XP users).
SHOPPING ONLINE

   THE RISKS
     – You enter credit card and other personal
       information on a web page.
   WHEN IS IT SAFE?
     – Does the web page employ SSL technology to
       encrypt this information when you send it?
   HOW DO YOU KNOW IT IS SAFE?
     – The web page usually signals you when they
       encrypt responses.
SHOPPING ONLINE

Latest trends…
 Single-use Credit Card Numbers
    –   Citibank
    –   Discover Card
    –   MBNA
   Only on ONE computer (so if stolen, will not work)
    –   VISA
   Iron-clad online guarantee (see their web page):
    –   American Express
SPYWARE!

   There are some 78,000 different spyware programs impacting
    computer users!
   WHAT THEY SPY ON
     – How you use the computer, your programs, scan your email
       addresses or inbox, what web pages you visit, etc….
   HOW THEY PUT IT ON YOUR COMPUTER
     – Often arrives in some other innocent email or downloaded
       program.
   WHAT THEY USE IT FOR
     – Track what you do and report back to someone.
     – Can learn your preferences and more.
Detecting/Removing Spyware

   I use four software tools to detect/remove
    spyware/viruses and I run these weekly:
    –   Lavasoft‟s Ad-aware (free download)
    –   Spybot (free download)
    –   Spysweeper (free download, $29/yr subscription)
    –   AVG Antivirus (free download)
   All four are needed to do a fairly complete
    job. It is far better to prevent them than to try
    to remove them.
HOAXES (also known as) Phishing

   Emails that masquerade as coming from someone else, i.e.
    IRS, Discover card, Microsoft, Ebay, Paypal and others. The
    email can look very legitimate!
   Over 70 million Americans have received them thus far.
   The masquerading email asks you to confirm your credit card or
    other personal information.
   Do NOT trust these emails!
   More details at:
    –   http://www.msnbc.com/news/884810.asp
    –   http://hoaxbusters.ciac
   Examples follow this slide….
    Was it Paypal?

   That first link directed me NOT to Paypal but to this link:
    http://la.znet.nethere.net/~marie/cgi_bin/webscr=cmd=_home/
   That web page looks identical to Paypal but simply collects
    your logon id and password and thus they can then
    withdraw money from your account.
   I reported this person to their ISP and they promptly shut
    her down.
   Be careful! Always inspect the web page address before
    you trust it. I use the tool Spoofstick which tells me the real
    web address on web pages I visit. Very helpful.
HOAXES/Phishing

   As you can see, spammers etc have now „forged‟ other email
    addresses so as to look very legitimate.
   They also send official looking emails to you asking you to run
    a program or give them personal information.
   They even „hide‟ the program in a zip file so your virus software
    cannot detect it!
   BE CAREFUL! Rarely trust an email from the government or a
    corporation. Contact them via telephone or their web page to be
    sure it is a legitimate email (which is very unlikely).
   Report Phishing attempts to the US Government:
    spam@uce.gov
PORT SCANNING
   Outsiders may do a port scan, looking to enter your computer,
    masquerading as an FTP connection or a Web Browser link or
    TELNET .
   I have been getting 1-2 attempts PER DAY!
   More likely if you have DSL or CABLE access.
   Keep your ports locked up or monitor closely
     –   Use IceSword to monitor ports (http://find.pcworld.com/53710)
     –   Use ZoneAlarm to shut down your ports (http://zonelabs.com)
   More details at:
     –   http://www.dslreports.com/faq/security?r=878
   You should test your computer security at:
     –   http://www.dslreports.com/scan
     –   http://www.securitymetrics.com/portscan.adp
EXAMPLE OF PORT SCANNING



                       Attempt
                       traced
                       back to
                       New Delhi
                       India
ANOTHER EXAMPLE


                  Attempt
                  Traced
                  back to
                  Yokohama
                  Japan
Your old computer

   Did you throw it out? Was the hard drive still in it?
   What thieves may have done with your old hard
    drive! They can recover the contents!!
   What the impact can be
    –   Get your passwords, your email, your personal files
   How to minimize your risk
    –   Get a “wipedisk program (WIPEDISK, BCWIPE, U-WIPE)
        and thoroughly erase that hard drive BEFORE you throw it
        out. I drive a nail through my old harddrives!
A harddrive with a nail hole in it:

Below is a harddrive I destroyed. I do the same to CDROMs
also, i.e. I break them into pieces before throwing them out.
IN THE CLEAR

   Email contents can be read by many others as it
    goes from computer to computer. Be careful what
    you put in an email. Others will see it.
   Your (ftp) id and password, are also visible to others.
   What does this mean? Others can copy it & use it for
    their own purposes.
   Never put anything personal in an email, i.e. no
    birthdates, account numbers, social security
    numbers and so on.
HiJacked Browsers
   Does your Internet Browser act strange?
 Does it always take you to a strange web site?
 Can you change the default home page?
If not, your browser may have been hijacked!!
 Might not be easy to fix as the hijacker has modified your computer (if
    you had administrative privileges).
 Usually you need to reboot in SAFE MODE and then delete the
    offending files and also likely need to make risky registry changes!
 It is ar better to NOT run with administrative privileges to prevent it in
    the first place.
 Use another browser instead, i.e. Netscape, Mozilla Firefox (which I
    use) instead of Internet Explorer which hackers target,
 Note: Cool Web Search is very nasty and very hard to remove!
Dangerous programs

 Smiley Central
 KAZAA
 Cool Web Search
 HotBar
 Bonzi Buddy
 Speedblaster
 MemoryMeter
 Best Offers
See also: http://www.pchell.com/support/spyware.shtml
Administrator Userid

 Your logon userid on a new computer defaults to Administrator
  privileges so you can install programs.
 But spyware/viruses/keyloggers will also install their programs
  while you have these same Administrative privileges!
Solution:
 Create a user account (non-privileged) and use that account for
  email, web browsing, etc.
 Rename your Administrator account to another name and keep
  it logged off and also use an obscure password for it
 See next two slides to see how to do it.
ROUTERS
   A router allows multiple computers to easily share one internet
    connection.
   May allow port blocking to stop port scanning
   Hides your real IP address via NAT; NAT = native address
    translation. Some also use SPI or Stateful Packet Inspection
    as an added benefit.
   Thus a router functions as a simple firewall.
   I use the Linksys BEFSR41 4 Port Wired Router which costs
    about $50 or so, as well as wireless routers.
   I reset it weekly, i.e. turn it off for 15 minutes and then back on.
    [I do the same to the modem also]. This changes the IP
    address that others will see.
My Router Connection (simplified)
The primary router I use…
Wireless routers

    Not very secure….anyone can use it, even from
     the street. Do this to increase security:
1.   Change the default router password and default
     SSID (Service Set Identifier) name.
2.   Disable SSID broadcasting.
3.   Enable the firewall software, encryption and MAC
     filtering (Media Access Control)
4.   Read your router manual for details on the above &
     variations on this.
Using computers in public places

   Never save your password locally
   Never save your user-id; after you are done, type in
    anyone@hotmail.com or something like it in the user-id field so
    the next user sees that and not your real email address.
   Always assume the public computer has a virus or spyware.
   Use for browsing or simple emailing only
   Erase the cookies on that computer when you are done and
    also clear out your internet history (tools-> internet options
    ->general; then click each of these: clear history, delete
    cookies, delete files)
Microsoft Outlook

   Spyware, Viruses may target Microsoft Outlook to
    send their programs to everyone in your contacts
    file, thus spreading rapidly on the Internet.
   Keep Outlook‟s Inbox password-protected so that
    Outlook will not work unless you know the password.
    Set the password this way in Outlook:
          File->Data File Management->Settings.
   These steps reduce the chance of spyware and
    viruses spreading.
   I use Mozilla‟s Thunderbird email program and it
    works fine and is somewhat safer to use.
TRENDS

   People are now targeting AOL users, smart
    cell phones and wireless PDAs.
   They also remotely turn on your attached
    webcam and may literally watch you as you
    work or walk around the room.
   The latest is to capture banking information
    by installing a program on your computer and
    capturing banking passwords (RAT=Remote
    Access Trojan) – see next slide.
Trends, continued

   Last month, an agency detected 170 distinct
    Trojan programs used to steal bank data. In
    January, there were only about 30, he said.
   10% of all connected computers have these
    RAT trojans installed and running.
   The risk is high these people are gaining
    access to your online banking accounts!
Software Solutions
POPUP STOPPER
   http://www.panicware.com (free); download the basic version
   http://www.popupcop.com (30day free trial)
SPY WARE
   http://www.safer-networking.org (free)
   http://www.lavasoftusa.com (free)
   http://www.webroot.com/consumer/products/spysweeper/index.html ($30)
   http://www.pestpatrol.com ($40)
   http://www.sunbelt-software.com/CounterSpy.cfm ($20)
FIREWALL SOFTWARE
   http://www.zonelabs.com (free version, $40 for improved version)
COOKIE COP
   http://www.pcmag.com/article2/0,4149,6244,00.asp (free)
VIRUS SOFTWARE
   http://www.symantec.com/product/ ($50, sometimes cheaper)
   http://www.grisoft.com/doc/10/lng/us/tpl/tpl01 (AVG-generally free)
Software Solutions, continued
TEST YOUR COMPUTERS SECURITY:
• http://gemal.dk/browserspy/
• https://grc.com/x/ne.dll?bh0bkyd2
MORE SECURITY TOOLS & SOFTWARE:
• http://www.pacific.net/secpriv.html
• http://epic.org/privacy/tools.html
• http://www.pgpi.org/products/pgp/versions/freeware/
• http://blog.tech-security.com/?p=16 (IceSword tool!)
MORE INFORMATION:
• http://www.bestsearchers.com/best-websites/computers-security.html
• http://blog.tech-security.com/?p=16 (IceSword tool!)
REPORTING SCAMS:
  http://www.IFCCFBI.gov (or) enforcement@sec.gov
WHAT DO I USE AT HOME?
   I have a LINKSYS 4 port ROUTER, model BEFSR41, providing
    internet sharing and NAT (blocks inbound attempts)
   We also run a BELKIN wireless router but we keep encryption enabled
    to block intruders.
   I use ZoneAlarm to monitor hacking attempts and outbound traffic.
   I use Panicwares‟ popup stopper.
   I use CookieCop to block tracking cookies (I set them to session only)
   I use Adaware, Spybot and SpySweeper weekly.
   I also run AVG Antivirus weekly and also against all downloads I may
    do. I update its virus definitions weekly.
   My main windows login is as a „limited user‟, not as an administrator.
   I never open unknown emails. Never.
   I use PGP for securing my USB flashdrive in case I lose it.
   I back up my computer every month to another harddrive.
In Summary
   Purchase a router that has NAT installed to block intruders.
   Download Zonealarm and install it.
   Purchase AntiVirus Software and keep its virus definitions current.
   Never run a program you download or are given to by a friend unless you first
    check it with a current antivirus program. (AVG, McAfee, Norton, etc)
   Never open an email from a stranger or reply to any emails you don‟t
    personally know. Ignore all emails asking for personal information.
   Be wary of screensavers, Activex, Javascript; they may install software without
    you knowing it (if you have administrative privileges).
   Do not use an account with Administrative privileges.
   Delete cookies periodically or use CookieCop or similar to manage them.
   Reset your modem weekly, i.e. turn it off for 15 minutes or more, forcing a new
    IP address every time.
   Run SpyBot, AdAware, SpySweeper and your Virus software weekly – this is
    what I do every week.
IN CLOSING, WHAT WE DISCUSSED…

   SPAM EMAIL
   VIRUSES
   KEYLOGGERS
   POPUP/BANNER ADS
   COOKIES
   SHOPPING ONLINE
   SPYWARE
   HOAXES
   PORT SCANNING
   YOUR OLD COMPUTER
   ROUTERS
   PUBLIC COMPUTERS
   TRENDS
   SOLUTIONS
   WHAT I USE
   QUESTIONS
IT IS WORTH REPEATING AT THIS POINT:



 “One recent test showed that a
 brand-new, unprotected Windows
 machine became infected with
 viruses in just 20 minutes on the
 Internet.” 9/30/2004, Wall Street
 Journal, page B1
                    QUESTIONS?

How to reach me:
 joec_49@hotmail.com

This complete handout is available online at:
  http://www.collins-consulting.org/download.html


Another good overview of personal computer security:
  http://safecomputing.umn.edu/studentchecklist.html

				
DOCUMENT INFO