Get documents about "Microsoft PowerPoint - C-SAFE 4-hour w Networks Jan 2008 Upload to
Document Sample
Countermeasures Defense in Depth
Layered Security
Be Cyber Savvy with C-SAFE 47
Due Diligence
The process of checking and verifying
information
Anti-Malware
48 Be Cyber Savvy with C-SAFE
Anti-Virus Software Use Anti-Virus (AV) Software
Software installed on a computer to prevent • Run an AV scan on a regular basis
the introduction of malware. It will also
• Make sure the program is configured
detect the presence of malware and repair
properly and runs all file types
or remove many infected files
• Keep the signatures up-to-date
Install and use anti-virus software
50 51
1
Virus Signature
A unique string of programming that is
found in malware
The signature is like a fingerprint in that it
can be used to detect and identify specific
malware
Anti-virus software uses the signature to
scan for the presence of malware
52 http://free.grisoft.com 53
Due Diligence
www.avast.com/eng/download-avast-home.html
54 55
Use Anti-Spyware Tools Anti-Spyware Tools
Spyware removal tools work like
anti-virus software
• Configure them properly
• Run them regularly
• Keep the signatures
up to date
Remember to use more than one!
57 58
2
Patches
A patch is a piece of code that is inserted
into a program to fix a vulnerability or to
increase the functionality of the product
Necessary for all software, on all platforms:
Operating systems
Anti-Virus
Patches Firewall software
Web browsers
Games
Be Cyber Savvy with C-SAFE 60
Why isn’t software perfect? Turning on automatic updates
• Modularity click
Right-
• Failure of testing
• Nobody can think
of everything
The more complex the product,
the bigger the risk
61 62
Go to
Start >
Control Panel >
System >
63 www.WindowsUpdate.com 64
3
Windows vs. Mac
Mono-culturalism
• 91% Windows users
• 6% Mac users
• 3% others
www.Apple.com/Support/Downloads
65 66
Firewalls
A combination of hardware and software,
used to protect a network from unwelcome traffic
by enforcing an access control policy between
the local network and the Internet .
Firewalls
Be Cyber Savvy with C-SAFE 68
Purpose of a Firewall Firewalls are good in preventing…
• Blocks hackers
Network intrusions
• Screens outgoing traffic
Denial of service attacks
A hardware firewall can make a Many worm-based attacks
network appear to be a single device
69 70
4
Firewalls are NOT good in
Firewalls: Take Note
preventing…
Connecting your new PC to the Internet
Attacks introduced through email without using a firewall … is like leaving
the keys in the ignition of your new,
Internal attacks
unlocked, sporty convertible – if you're
lucky nothing will happen, but it's risky.
–McAfee Security
71 72
Backups
73 Be Cyber Savvy with C-SAFE
Why bother with backups? Back up suggestions
• Back-up media
• Patch failure – Hard drives
• Natural disaster – CDs
• File corruption – DVDs
• Electrical spike
• Hard drive crash or power failure • Make sure your backup allows you to
• Accidental deletion restore properly
• Store your backup copy away from
your computer
75 76
5
Passwords Passwords
• The most common way to prove who you
are is with a password
• YOU decide how strong your password
will be
• It takes only one weak
password to compromise
a system!
Be Cyber Savvy with C-SAFE 79
Create Strong Passwords Got WAY too many passwords?
A strong password is one that has at least Manage your passwords by putting them
eight characters including letters, numbers, into categories
and other non-alphanumeric characters
Nuisance – Anything will do for websites that
require a password to access content
A strong password can’t be
A strong password can’t be
guessed and is very time-
guessed and is very time- Sensitive – Something stronger here for
consuming to crack
consuming to crack moderate privacy
Critical – Unique passwords for websites like
banking or sensitive work accounts
80 81
How Most Passwords Get Hacked How to have a strong password
• Get you to tell them (social engineering) • Make it moderately long (8 – 20)
• See it written down somewhere • Don’t use your username
• “Shoulder surfing” • Don’t make it anything guessable
• Guess (from what they know about you)
• Don’t store it out in the open…
• Dictionary attacks or under your keyboard or mouse pad!
• Brute force hacking • Use a “pass-phrase”
It looks random…but it makes sense to you
82 83
6
Strong Password: Example Other Password Examples
Example: 1st&Gont8YL
(First and goal on the eight yard line)
A&Bh3cnJ,P,&E. Otr&ttw,2G’shwg
(Over the river and through the woods, to
Ann and Bob have three children named grandmother’s house we go)
Jason, Paul, and Elizabeth.
B:1’maDR,naB
(Bones: I’m a doctor, not a bricklayer)
n1T+P0g=tW1
(Pronounceable nonsense words)
84 85
Password Hints Changing Passwords
If you can’t remember all your passwords, Even the strongest passwords can be
write down a HINT: cracked…so change them regularly
n
A&Bh3cnJ,P,&E. – “family” You ca Have a few “pass phrases” that you can
ut
even p t use
in
B:1’maDR,naB – “Trek” your h
icky
on a st
n
note o
your
r!
monito
86 87
Password Protected
Screensavers
• An additional line of defense
• Locks the screen after a few minutes of
inactivity
• Requires the user to type in the password
before the computer can be used again
• Can deter an intruder when the user is not in
the immediate area
89 91
7
92
8
