Cyber Security Lesson 1

Document Sample
Cyber Security Lesson 1 Powered By Docstoc
					SeniorNet
Introduction to
Cyber Security



Lesson One: General Computer Security
and Identity Theft
This may be your first introduction to Cyber Security. In this lesson you will
become familiar with some of the main threats to online security and your
computer including viruses, bugs, spam, identity theft and more. You will also
learn how to create secure passwords and store them safely.

In this lesson we will cover:
     How your computer is compromised
     What is broadcast when you are online
     Identity theft
     E-mail security risks
     Spamming schemes
     Trojan horses, viruses, and worms
     Choosing passwords
                                                                          Lesson One



Identity Theft
Identity theft is currently the fastest growing crime in the world today costing
billions of dollars to consumers each month. The information below is from the
U.S. Department of Justice and provides key details on how to help prevent
yourself from being victimized by this crime.
What are identity theft and identity fraud?
Identity theft and identity fraud are terms used to refer to all types of crime in
which someone wrongfully obtains and uses another person's personal data in
some way that involves fraud or deception, typically for economic gain. Unlike
your fingerprints, which are unique to you and cannot be given to someone else
for their use, your personal data especially your Social Security number, your
bank account or credit card number, and other valuable identifying data can be
used, if they fall into the wrong hands, to personally profit at your expense. In the
United States many people have reported that unauthorized persons have taken
funds out of their bank or financial accounts, or, in the worst cases, taken over
their identities altogether, running up vast debts using the victims' names.
What are the most common ways to commit identity theft or fraud?
Many people do not realize how easily criminals can obtain our personal data
without having to break into our homes. In public places, for example, criminals
may engage in "shoulder surfing" watching you from a nearby location as you
punch in your credit card number or listen in on your conversation if you give
your credit-card number over the telephone to a hotel or rental car company.
If you receive applications for "preapproved" credit cards in the mail, but discard
them without tearing up the enclosed materials, criminals may retrieve them and
try to activate the cards for their use without your knowledge. (Some credit card
companies, when sending credit cards, have adopted security measures that allow
a card recipient to activate the card only from his or her home telephone number
but this is not yet a universal practice.)
In recent years, the Internet has become an appealing place for criminals to obtain
identifying data, such as passwords or even banking information. In their haste to
explore the exciting features of the Internet, many people respond to "spam"
unsolicited E-mail that promises them some benefit but requests identifying data,
without realizing that in many cases, the requester has no intention of keeping his
promise. In some cases, criminals reportedly have used computer technology to
obtain large amounts of personal data.


Introduction to Cyber Security           1.2                                   3/31/08
                                                                         Lesson One



With enough identifying information about an individual, a criminal can take over
that individual's identity to conduct a wide range of crimes: for example, false
applications for loans and credit cards, fraudulent withdrawals from bank
accounts, or obtaining other goods or privileges which the criminal might be
denied if he were to use his real name. If the criminal takes steps to ensure that
bills for the falsely obtained credit cards, or bank statements showing the
unauthorized withdrawals, are sent to an address other than the victim's, the victim
may not become aware of what is happing until the criminal has already inflicted
substantial damage on the victim's assets, credit, and reputation.
How to avoid being victimized by identity theft
To reduce or minimize the risk of becoming a victim of identity theft or fraud,
there are some basic steps you can take.
Avoid about giving out your personal information to others unless you have a
reason to trust them, regardless of where you are. Start by adopting a "need to
know" approach to your personal data. Your credit card company may need to
know your mother's maiden name, so that it can verify your identity when you call
to inquire about your account. A person who calls you and says he's from your
bank, however, doesn't need to know that information if it's already on file with
your bank; the only purpose of such a call is to acquire that information for that
person's personal benefit. Also, the more information that you have printed on
your personal bank checks -- such as your Social Security number or home
telephone number -- the more personal data you are routinely handing out to
people who may not need that information.
If someone you don't know calls you on the telephone and offers you the chance to
receive a "major" credit card, a prize, or other valuable item, but asks you for
personal data -- such as your Social Security number, credit card number or
expiration date, or mother's maiden name -- ask them to send you a written
application form. If they won't do it, tell them you're not interested and hang up.
If they will, review the application carefully when you receive it and make sure it's
going to a company or financial institution that's well-known and reputable. The
Better Business Bureau can give you information about businesses that have been
the subject of complaints.
If you're traveling, have your mail held at your local post office, or ask someone
you know well and trust another family member, a friend, or a neighbor to collect
and hold your mail while you're away.

Introduction to Cyber Security           1.3                                  3/31/08
                                                                          Lesson One



Check your financial information regularly, and look for what should be there and
what shouldn't.
What should be there:
    1. If you have bank or credit card accounts, you should be receiving monthly
       statements that list transactions for the most recent month or reporting
       period.
    2. If you're not receiving monthly statements for the accounts you know you
       have, call the financial institution or credit card company immediately and
       ask about it.
    3. If you're told that your statements are being mailed to another address that
       you haven't authorized, tell the financial institution or credit card
       representative immediately that you did not authorize the change of address
       and that someone may be improperly using your accounts. In that situation,
       you should also ask for copies of all statements and debit or charge
       transactions that have occurred since the last statement you received.
       Obtaining those copies will help you to work with the financial institution
       or credit card company in determining whether some or all of those debit or
       charge transactions were fraudulent.
What shouldn't be there:
    1. If someone has gotten your financial data and made unauthorized debits or
       charges against your financial accounts, checking your monthly statements
       carefully may be the quickest way for you to find out. Too many of us give
       those statements, or the enclosed checks or credit transactions, only a quick
       glance, and don't review them closely to make sure there are no
       unauthorized withdrawals or charges.
    2. If someone has managed to get access to your mail or other personal data,
       and opened any credit cards in your name or taken any funds from your
       bank account, contact your financial institution or credit card company
       immediately to report those transactions and to request further action.

Ask periodically for a copy of your credit report. Your credit report should list all
bank and financial accounts under your name, and will provide other indications
of whether someone has wrongfully opened or used any accounts in your name.


Introduction to Cyber Security           1.4                                   3/31/08
                                                                           Lesson One



Maintain careful records of your banking and financial accounts. Even though
financial institutions are required to maintain copies of your checks, debit
transactions, and similar transactions for five years, you should retain your
monthly statements and checks for at least one year, if not more. If you need to
dispute a particular check or transaction especially if they purport to bear your
signatures your original records will be more immediately accessible and useful to
the institutions that you have contacted.
Where is there more information about identity theft And fraud?
A number of government and private organizations have information about
various aspects of identity theft and fraud: how it can occur, what you can do
about it, and how to guard your privacy. To learn more you can do a Google
Search on “Identity Theft” or even search for “Identity Theft” on some of the
websites of organizations listed below:
Government:
   Federal Bureau of Investigation
     Federal Trade Commission
Non-Government
   American Association of Retired Persons (AARP)
     Better Business Bureau
     National Consumers League
     National Fraud Information Center
     Privacy Rights Clearinghouse

Protecting Your Computer Against Bugs, Worms and Viruses
What is a Bug?
                                 Bugs are not viruses or invaders but software
                                 program errors that often are only discovered after
                                 the product has been on the market for awhile. All
                                 programs contain bugs. For this reason it is
                                 important to remember to regularly update your
                                 operating system, web browser, and other key
                                 software by using the manufacturer’s update
                                 features. As the manufacturers of these programs

Introduction to Cyber Security             1.5                                  3/31/08
                                                                        Lesson One



discover the problems, they often offer updates, patches, or service packs that can
be downloaded from the manufacturer’s web site.

How to Resolve Bugs on a PC
In older versions of Windows XP “auto-update utility” was turned on when
Service Pack 2 was installed. If you recently installed Windows XP you will
probably find that Service Pack 2 with Windows Update was included in the
software. If you are using Windows Vista on your machine updates will be
released by Microsoft periodically to help fix many of the major bugs that were
discovered upon Vista’s initial release.

To check and see if your machine has the most recent Service Pack software you
can visit the Windows Update website at: www.update.microsoft.com through
Internet Explorer. Once you have connected with the Windows Update web site,
Microsoft will examine your computer to see what patches or critical updates are
needed. Once your computer system has been scanned, Microsoft will advise you
how to proceed. Microsoft will also present you with a list of non-critical updates,
utilities or programs. Examine these items carefully and download only those that
you need. With Windows auto update Windows will automatically check for
updates every so often and download new critical updates as they become
available.

What is a Virus?
A virus is malicious software planted expressly to cause
disruption and damage to computers. How does it get into
your computer? In the 1980s, viruses were passed on by
trading floppy disks. The next trend was the transport of
viruses through e-mail attachments. The newest danger comes
from mass-mailing (often called “spam”), which can contain
"worms." Worms are self-replicating, mutating viruses that can
penetrate your address book, and thus send themselves, randomly, to multiple
recipients.

One should be aware that Microsoft Outlook Express (OE) users are much more
vulnerable to virus attacks than users of Netscape, Eudora, Mozilla Firefox, or
even AOL.



Introduction to Cyber Security          1.6                                  3/31/08
                                                                        Lesson One



What is a virus checker or virus protection?
A virus checker or virus protection is a program that runs continuously whenever
your computer is on. It monitors the contents of e-mail attachments as well as
programs that run on your computer. It detects and disarms viruses and prevents
damage to your computer before they start trouble.

Be careful to purchase a virus protection program that matches your operating
system. If you use a Mac, make sure to buy a virus protection program made
especially for Macintosh computers. If you use Windows, select a program that
was written specifically for your operating system. For example, don't try to use a
virus protection program that was written for Windows XP on a Windows Vista
machine.

Why do you need virus protection?
Individuals need a virus checker program to prevent corruption of personal data
and software. The program will also catch a virus attached to an e-mail. In any
given month, hundreds of viruses are actively floating around – some harmless or
simply annoying and others malicious and destructive. Your computer will almost
certainly be corrupted sometime if you don’t have a virus protection program,
which is updated regularly with new virus definitions.

How do you select and maintain a virus checker?
Virus checkers have an automatic update feature that will keep your virus checker
current. Because new viruses are constantly being created, these protection
programs use a virus data-reference file that resides on your hard drive. Setting
the automatic update feature will enable the virus checker to keep this file up-to-
date without your intervention. In most cases, this automatic update is the best
way to protect your computer from viral invasion.

Some websites to download and/or buy virus checkers/scanners:
www.symantec.com (Norton Anti-Virus)
www.mcafee.com
www.webroot.com
www.pctools.com
*numerous others also available




Introduction to Cyber Security          1.7                                  3/31/08
                                                                         Lesson One



You’ve Got Spam!
Unwanted e-mail, referred to as “spam,” has become a major problem for
everyone using e-mail. Oftentimes you can’t stop spam completely; but there are
some things you can do to dramatically reduce the amount of spam you receive.
We offer the following suggestions with our thanks to the September 2004 issue of
Consumer Reports Magazine:

Seven Ways to Curb Spam

     Use two (or more) separate e-mail addresses. Use one for family and
      friends and the other for everyone else (public mail). Set up your “public
      mail” account through a web service like Hotmail, Gmail, or Yahoo so you
      don’t automatically download spam to your computer. If too much spam is
      being received, abandon your address and get a new one.
     Don’t buy anything promoted in a spam message. All that does is
      encourage more spam.
     Don’t reply to spam or click on its “unsubscribe” link.
     If you are using Microsoft Outlook disable your e-mail preview window so
      it will not report back that your address is active.
     Your email provider should be filtering your e-mail. Check its filtering
      features with competitors to see if another service will do a better job.
     Forward spam to spam@uce.gov, the Federal Trade Commission’s spam
      control center.
     Don’t post your e-mail address on a publicly accessible web page. If you
      need to put your address on a web page use “at” in place of the “@” so
      harvesters will not recognize it as an e-mail address.


Choosing Secure Passwords
When you are setting-up your web access to your bank account, e-mail account, or
other sites that require special secure access, you will need to establish a password
so when you return to that site you are able to re-access your account. It is
important that you choose a password that another person cannot guess at, or use a
computer program to determine, for the purpose of accessing your personal
accounts.


Introduction to Cyber Security           1.8                                  3/31/08
                                                                         Lesson One



Choosing a Good Password
For the most secure password you might be able to use special characters (*!$+)
mixed with letters and numbers at some sites. You can always use mixed upper-
and lower-case letters. You also might consider using punctuation characters
mixed with letters and numbers or nonsense words that are easy to pronounce but
aren't in any dictionary. No matter what password you use, make sure it has six or
more characters.

For security purposes it is best not use any of the following for a password:
    Your name (first, middle or last) or your initials
    Your social security number
    Names of friends, family or pets
    Birthdays, phone numbers, or current addresses
    Any other personal information that could be guessed at
    Words from the dictionary (English or foreign)
    Your username or login name
    Repetition of the same letter or number
    Sequences of keyboard keys such as "12345" or "qwerty"

One suggestion: you might use an old home address. For convenience sake don’t
make the password too long. Long passwords increase the chance of typing
errors. To increase security, consider mixing upper and lower case letters (most
sites are case sensitive) and including symbols.
Some examples:
     4220walnUt
     reA157baD
     hOt*tea!

Activity—Open a new email account through Yahoo!
Using the information above you are going to open a new web email account that
can be used for “public” email and e-commerce transactions. Since this is a web-
based email account information will not automatically be downloaded onto your
machine, and you will not risk starting to receive spam in the email account used
by your family and friends. Web email accounts can also be accessed from any PC
or Mac machine anytime. You will also be using the password tips above to create
a secure password.

1       Connect to your ISP if necessary and open Internet Explorer.

Introduction to Cyber Security           1.9                                    3/31/08
                                                                            Lesson One




2       Click in the address box, type www.yahoomail.com and press Enter.

3       Under Don’t have a Yahoo! ID? click Sign Up.

4       On the following screen fill in your personal information and select your
        Yahoo! username. Your username should be something you can easily
        remember – it can also be the same as other email accounts you have.
        (Please note you can click on “Check” to see if the username you are
        requesting is available.)

5       Use the information in the password section above to create a secure
        password. You will also notice that Yahoo has a meter showing how safe
        your password is when you enter it. When you have chosen a password
        record this information somewhere safe that you can access it again. (In the
        next section we will learn about how you can safely store passwords.)

6       You will also need to fill in an alternative email address. Please fill this in
        with a correct email address as Yahoo will send a message to that account
        which you will need to open and verify. Yahoo will not spam you.

7       Fill in any remaining sections of the Yahoo! email sign up page and click
        Create my Account at the bottom of the webpage.

8       If your page was filled out correctly you should now see a confirmation
        page detailing your new email account. Make sure to note the details of
        this account for future use. (To login to your yahoo! account in the future
        you will visit www.yahoomail.com and sign in with the username and
        password you just created.)

9       Click on Continue to go directly to your new email account.

10      Take a few minutes to familiarize yourself with the yahoo email account as
        it may be different than email accounts you have used in the past.
        Remember, this account can be accessed from any computer at any time
        because the system is web-based.



Introduction to Cyber Security            1.10                                   3/31/08
                                                                          Lesson One



Storing and protecting your passwords
PassKeeper (www.passkeeper.com)
PassKeeper is a Windows utility that allows you to keep a list of accounts with
usernames, passwords, and notes. This list is stored and encrypted.

PassKeeper was developed in order to keep track of the many different "accounts"
one can have across the Net. Many services on the Web, for example, require you
to register and give out a username and password, which you are often allowed to
pick out yourself, but not always. Examples of such services include HotWired,
Pathfinder, and Amazon.com. You can download PassKeeper for free on your
home computer at www.passkeeper.com.

1       In your browser window type www.passkeeper.com.

2       You will not download this service now, as you will want it downloaded to
        your home computer, but take a few minutes to familiarize yourself with
        the website and ask your instructor any questions you may have on
        downloading the program at home.

How Can You Protect Your Password?
Now that you've chosen a password that's difficult to guess, you have to make sure
not to leave it someplace for people to find. Writing it down and leaving it in your
desk, next to your computer, or, worse, taped to your computer, makes it easy for
someone to find who has physical access to your office. Don't share your
passwords, and watch for attackers trying to trick you through phone calls or email
messages requesting that you reveal your passwords. Legitimate companies will
never ask for this information via phone or email.
Also, many programs offer the option of "remembering" your password, but these
programs have varying degrees of security protecting that information. Some
programs, such as email clients, store the information in clear text in a file on your
computer. This means that anyone with access to your computer can discover all
of your passwords and can gain access to your information.
For this reason, always remember to log out when you are using a public computer
(at the library, an Internet cafe, or even a shared computer at your office). Other
programs, such as Apple's Keychain and Palm's Secure Desktop, use strong


Introduction to Cyber Security           1.11                                  3/31/08
                                                                         Lesson One



encryption to protect the information. These types of programs may be viable
options for managing your passwords if you find you have too many to remember.
There's no guarantee that these techniques will prevent an attacker from learning
your password, but they will make it more difficult.
Safeguarding your Data - How can you protect your personal
and work-related data?
**The list below is courtesy of the United States Computer Emergency Readiness
Team. Many of the items below will be covered in greater detail later in the
course.
     Use and maintain anti-virus software and a firewall - Protect yourself
      against viruses and Trojan horses that may steal or modify the data on your
      own computer and leave you vulnerable by using anti-virus software and a
      firewall. Make sure to keep your virus definitions up-to-date.

     Regularly scan your computer for spyware - Spyware or adware hidden
      in software programs may affect the performance of your computer and
      give attackers access to your data. Use a legitimate anti-spyware program to
      scan your computer and remove any of these files.

     Keep software up to date - Install software patches so that attackers
      cannot take advantage of known problems or vulnerabilities. Many
      operating systems offer automatic updates. If this option is available, you
      should turn it on.

     Evaluate your software's settings - The default settings of most software
      enable all available functionality. However, attackers may be able to take
      advantage of this functionality to access your computer. It is especially
      important to check the settings for software that connects to the internet
      (browsers, email clients, etc.). Apply the highest level of security available
      that still gives you the functionality you need.

     Avoid unused software programs - Do not clutter your computer with
      unnecessary software programs. If you have programs on your computer
      that you do not use, consider uninstalling them.




Introduction to Cyber Security           1.12                                 3/31/08
                                                                         Lesson One



     Consider creating separate user accounts - If there are other people using
      your computer, you may be worried that someone else may accidentally
      access, modify, and/or delete your files. Most operating systems (including
      Windows XP and Vista, Mac OS X, and Linux) give you the option of
      creating a different user account for each user, and you can set the amount
      of access and privileges for each account. You may also choose to have
      separate accounts for your work and personal purposes. While this
      approach will not completely isolate each area, it does offer some
      additional protection.

     Establish guidelines for computer use - If there are multiple people using
      your computer, especially children, make sure they understand how to use
      the computer and internet safely. Setting boundaries and guidelines will
      help to protect your data.

     Use passwords and encrypt sensitive files - Passwords and other security
      features add layers of protection if used appropriately. By encrypting files,
      you ensure that unauthorized people can't view data even if they can
      physically access it. You may also want to consider options for full disk
      encryption, which prevents a thief from even starting your laptop without a
      passphrase. When you use encryption, it is important to remember your
      passwords and passphrases; if you forget or lose them, you may lose your
      data.

     Follow corporate policies for handling and storing work-related
      information - If you use your computer for work-related purposes, make
      sure to follow any corporate policies for handling and storing the
      information. These policies were likely established to protect proprietary
      information and customer data, as well as to protect you and the company
      from liability.

     Dispose of sensitive information properly - Simply deleting a file does
      not completely erase it. To ensure that an attacker cannot access these files,
      make sure that you adequately erase sensitive files.

Activity—“Google” yourself
Have you ever wondered if you are on the internet? The amount of information
currently on the internet is astounding. You actually may already be on the

Introduction to Cyber Security          1.13                                  3/31/08
                                                                          Lesson One



internet and not even know it. Your name being on the internet is not a security
risk, but it does show the amount of information available to anyone who takes the
time to look.

1       Click in the address box, type www.google.com and press Enter.

2       In the search box type your full name. (If you are a married woman
        you can do two different searches under both your maiden and married
        name if you would like.)

3       If you have a very common name (i.e. John Smith) you may want to
        include another detail in the search such as your hometown.

4       Click Enter to see the search results.

5       See if any matches appear pertaining to you. You may also take a few extra
        minute to Google friends or family, or even a favorite celebrity using the
        steps above.

End the session
1       Click the X on the title bar of any open windows to close them.

2       Disconnect from your ISP if necessary.

Now you can . . .
   Protect yourself from many common identity theft and fraud scams.
   Identify spam and minimize the effects it will have on your machine.
   Choose and utilize a secure password.
   Store your passwords though Passkeeper.

You now are familiar with identity theft, bugs, worms, and viruses. You also
understand the value of virus protection software. You have learned the benefits of
using multiple email addresses and how to utilize secure passwords and store them
safely.

In Lesson Two you will learn about further online scams, pop-ups and cookies.



Introduction to Cyber Security           1.14                                 3/31/08

				
DOCUMENT INFO