Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Scotiabank Credit Card Application Online - PowerPoint

VIEWS: 28 PAGES: 114

Scotiabank Credit Card Application Online document sample

More Info
									            Chapter 13
             Network Security
            CST 246 Data COM
            Dr. Roger G. Clery
              February 2007


8/11/2011                        1
            Business Impact

• $10 billion of data stolen annually
• 60,000 credit and calling card numbers
• ½ of all computer crimes committed by
  current & former employees
• Companies reluctant to publicly discuss
  security breaches


8/11/2011                                   2
Introduction
While computer systems today have some of the best security
systems ever, they are also more vulnerable than ever before.
This vulnerability stems from world-wide access to computer
systems via the Internet.
Computer and network security comes in many forms including
encryption algorithms, access to facilities, digital signatures,
and using fingerprints and face scans as passwords.



 8/11/2011                                                      3
             Basic Security Measures
The basic security measures for computer systems fall into eight
categories:
External security                    Operational security
Surveillance                         Passwords
Auditing                             Access rights
Standard system attacks              Viruses




 8/11/2011                                                     4
External Security
Protection from environmental damage such as floods,
earthquakes, and heat.
Physical security such as locking rooms, locking down
computers, keyboards, and other devices.
Electrical protection from power surges.
Noise protection from placing computers away from devices
that generate electromagnetic interference.



 8/11/2011                                                  5
Operational Security
Deciding who has access to what.
Limiting time of day access.
Limiting day of week access.
Limiting access from a location, such as not allowing a user to
use a remote login during certain periods or any time.




 8/11/2011                                                        6
8/11/2011   7
Surveillance
Proper placement of security cameras can deter theft and
vandalism.
Cameras can also provide a record of activities.
Intrusion detection is a field of study in which specialists try to
prevent intrusion and try to determine if a computer system has
been violated.




 8/11/2011                                                        8
Passwords and ID Systems
Passwords are the most common form of security and the most
abused.
Simple rules help support safe passwords, including:
• Change your password often.
• Pick a good, random password (minimum 8 characters, mixed
symbols).
• Don’t share passwords or write them down.
• Don’t select names and familiar objects as passwords.

 8/11/2011                                                9
            Data Communications and Computer Networks
                                             Chapter 13




8/11/2011                                                 10
Passwords and ID Systems
Many new forms of “passwords” are emerging (biometrics):
• Fingerprints
• Face prints
• Retina scans and iris scans
• Voice prints
• Ear prints


 8/11/2011                                                 11
Auditing
Creating a computer or paper audit can help detect wrongdoing.
Auditing can also be used as a deterrent.
Many network operating systems allow the administrator to
audit most types of transactions.
Many types of criminals have been caught because of
computer-based audits.




 8/11/2011                                                  12
8/11/2011   13
Access Rights
Two basic questions to access rights: who and how?
Who do you give access rights to? No one, group of users,
entire set of users?
How does a user or group of users have access? Read, write,
delete, print, copy, execute?
Most network operating systems have a powerful system for
assigning access rights.



 8/11/2011                                                    14
8/11/2011   15
                 Virus

• Most common microcomputer
  security breach
• Most companies have the problem
  on a regular basis
• Costly and time consuming to
  recover


8/11/2011                           16
             Virus Behaviors

•   Time bomb
•   Logic bomb
•   Trojan horse
•   Macro based




8/11/2011                      17
Guarding Against Viruses
There are many different types of viruses, such as parasitic,
boot sector, stealth, polymorphic, and macro.
A Trojan Horse virus is a destructive piece of code that hides
inside a harmless looking piece of code.
Sending an e-mail with a destructive attachment is a form of a
Trojan Horse virus.




 8/11/2011                                                       18
Guarding Against Viruses
Signature-based scanners look for particular virus patterns or
signatures and alert the user.
Terminate-and-stay-resident programs run in the background
constantly watching for viruses and their actions.
Multi-level generic scanning is a combination of antivirus
techniques including intelligent checksum analysis and expert
system analysis.




8/11/2011                                                    19
                   Information Security Awareness




Virus Protection
•What is a computer Virus?
Generally speaking……
     A virus is a computer program, usually
     disguised as something else, (mail, game, joke)
     that is designed to automatically spread itself to
     other computer users.
     Clogs networks by spreading itself
     Creates great expense in cleanup and downtime




8/11/2011                                                 20
                Information Security Awareness




Virus Protection
•Most common Computer Virus
delivery at schools:

     –An email with an attachment
     that appears to have been
     intentionally sent by someone
     you regularly communicate with




8/11/2011                                        21
                     Information Security Awareness




How do computers get “infected”?
           Opening Email Attachments
How does it work?
     1.     Open a bad attachment
     2.     Actually a disguised program that does 2
            things:
                 a. creates an email server on your
                    computer
                 b. uses your address book to email
                    itself to everyone you know, thus
                    it looks like its from you!
                 Your friend opens it too and the cycle
8/11/2011
                    continues…..                          22
                   Information Security Awareness




•What can I do to prevent this?
  Use care when opening attachments
  You should never open an attachment unless you
  can answer “YES” to all three of the following
  conditions:

            I know exactly what this file is
            I have scanned this file with my virus scan AND I have
            ensured that my virus scan was recently updated
            I have verified the identity of the sender and their
            intentions via email or phone call.

8/11/2011                                                             23
            What Virus Protection Can Do


• Detect Virii transmitted via e-mail,
  downloads, floppy disks, etc. before you get
  infected
• Clean valid data files infected with a virus.
• Detect delayed payload virii that are sitting
  on your hard drive or floppies.


8/11/2011                                     24
        What Virus Protection Can’t Do

• Recover files deleted by a virus.
• Restore system files modified, damaged, or
  deleted by a virus.
• Turn a virus-only file into useable data.
• Remove some system and boot record
  infectors.


8/11/2011                                      25
                 Virus Hoaxes

    Often you will see e-mails warning of some new virus that
    is making the rounds and erasing people’s hard drives, or
    doing some other terrible damage. Odds are it’s a hoax.
    Forwarding these warnings to “everyone you know” only
    propagates misinformation, and causes unnecessary panic.




8/11/2011                                                   26
             Standard System Attacks
Denial of service attacks, or distributed denial of service
attacks, bombard a computer site with so many messages that
the site is incapable of answering valid requests.
In e-mail bombing, a user sends an excessive amount of
unwanted e-mail to someone.
Smurfing is a nasty technique in which a program attacks a
network by exploiting IP broadcast addressing operations.
Ping storm is a condition in which the Internet Ping program is
used to send a flood of packets to a server.




 8/11/2011                                                    27
Standard System Attacks
Spoofing is when a user creates a packet that appears to be
something else or from someone else.
Trojan Horse is a malicious piece of code hidden inside a
seemingly harmless piece of code.
Stealing, guessing, and intercepting passwords is also a tried
and true form of attack.




 8/11/2011                                                       28
8/11/2011   29
                   Information Security Awareness


Spyware

     Spyware is software that is installed on a computer to covertly
     gather information through your internet connection.
            -used by Advertisers and Market Researchers




8/11/2011                                                          30
                                      Information Security Awareness

Spyware
Spyware lurks on as many as 80% of computers nationwide, according to
the National Cyber Security Alliance, a trade group.

In a recent survey, 31% of online shoppers said they were buying less than
before because of security issues.

“Fed up over problems stemming from viruses and spyware, some
computer users are giving up or curbing their use of the Web”
-LA Times article http://www.latimes.com/business/la-fi-fedup14jan14,0,111456.story?coll=la-home-headlines


.
8/11/2011                                                                                                    31
             Information Security Awareness



Spyware vs. Viruses
Viruses: Mostly designed to propagate itself and damage
network and computer performance

Spyware: Designed to gain information from your computer
by running unnoticed or providing some other service.
.

8/11/2011                                                  32
                 Information Security Awareness


I have an anti-virus
program. Will this stop
spyware?
Some spyware is detected by anti-virus
products such as McAffee and Norton,
but for the most part this is not the
case.




8/11/2011                                         33
  Spyware has the potential to
share personal information with
   third parties without your
     knowledge or consent.




8/11/2011                    34
                   Information Security Awareness



•Increasing threat level!
•Spyware type attack gains financial information:
(http://www.eweek.com/article2/0,1759,1619842,00.asp)

     An attack in June of 2004 which had the ability to monitor web traffic for the
     purposes of gaining account numbers and passwords for victims online
     banking accounts.

     While this attack also depended on other elements to be successful, it
     represents a disturbing trend for spyware toward increasingly invasive and
     disturbing attacks.




8/11/2011                                                                         35
                  Information Security Awareness


Spyware                 two kinds: voluntary vs involuntary
Voluntary:
         Programs installed intentionally to server a purpose that also report
         personal information to a third party
                   browser toolbars
                   browser help windows
                   free screensavers
                   internet speed optimizers
                   Anti-spyware programs


8/11/2011                                                                        36
                  Information Security Awareness

Spyware
Voluntary Examples:
                 Weatherbug
                 Webshots
                 Marketscore
     How to avoid this?
        1. Google new things before installing
        2. Read your EULA

     NUMEROUS ANTI-SPYWARE PRODUCTS ARE ACTUALLY
     SPYWARE!!

8/11/2011                                          37
            Anti-Spyware




8/11/2011                  38
     Basic Encryption and Decryption
               Techniques

Cryptography is the study of creating and using encryption and
decryption techniques.
Plaintext is the data before any encryption has been performed.
Ciphertext is the data after encryption has been performed.
The key is the unique piece of information that is used to create
ciphertext and decrypt the ciphertext back into plaintext.


8/11/2011                                                      39
            Code Verses Cipher

• Technically (correctly) Code is a word by
  word substitution usually with a code book
• Cipher is a letter by letter substitution /
  transformation




8/11/2011                                       40
8/11/2011   41
Monoalphabetic Substitution-based
Ciphers
Monoalphabetic substitution-based ciphers replace a character
or characters with a different character or characters, based
upon some key.
Replacing:    abcdefghijklmnopqrstuvwxyz
With:         POIUYTREWQLKJHGFDSAMNBVCXZ
The message: how about lunch at noon
encodes into EGVPO GNMKN HIEPM HGGH


 8/11/2011                                                  42
Polyalphabetic Substitution-based Ciphers
Similar to monoalphabetic ciphers except multiple alphabetic
strings are used to encode the plaintext.
For example, a matrix of strings, 26 rows by 26 characters or
columns can be used.
A key such as COMPUTERSCIENCE is placed repeatedly over
the plaintext.
COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER
thisclassondatacommunicationsisthebest


 8/11/2011                                                      43
Polyalphabetic Substitution-based Ciphers
To encode the message, take the first letter of the plaintext, t,
and the corresponding key character immediately above it, C.
Go to row C column t in the 26x26 matrix and retrieve the
ciphertext character V.
Continue with the other characters in the plaintext.




 8/11/2011                                                          44
8/11/2011   45
Transposition-based Ciphers
In a transposition-based cipher, the order of the plaintext is not
preserved.
As a simple example, select a key such as COMPUTER.
Number the letters of the word COMPUTER in the order they
appear in the alphabet.
1 4 3 5 8 7 2 6
C O M P U T E R


 8/11/2011                                                       46
Transposition-based Ciphers
Now take the plaintext message and write it under the key.
1 4 3 5 8 7 2 6
C O M P U T E R
t h i s i s t h
e b e s t c l a
s s i h a v e e
v e r t a k e n


 8/11/2011                                                   47
Transposition-based Ciphers
Then read the ciphertext down the columns, starting with the
column numbered 1, followed by column number 2.
TESVTLEEIEIRHBSESSHTHAENSCVKITAA




8/11/2011                                                      48
Public Key Cryptography and Secure
Sockets Layer
Very powerful encryption technique in which two keys are
used: the first key (the public key) encrypts the message while
the second key (the private key) decrypts the message.
Not possible to deduce one key from the other.
Not possible to break the code given the public key.
If you want someone to send you secure data, give them your
public key, you keep the private key.
Secure sockets layer on the Internet is a common example of
public key cryptography.
 8/11/2011                                                    49
                            DES
Data Encryption Standard
Created in 1977 and in operation into the 1990s, the data
encryption standard took a 64-bit block of data and subjected it
to 16 levels of encryption.
The choice of encryption performed at each of the 16 levels
depends on the 56-bit key applied.
Even though 56 bits provides over 72 quadrillion combinations,
a system using this standard has been cracked (in 1998 by
Electronic Frontier Foundation in 3 days).



 8/11/2011                                                    50
8/11/2011   51
Triple-DES
A more powerful data encryption standard.
Data is encrypted using DES three times: the first time by the
first key, the second time by a second key, and the third time by
the first key again. (Can also have 3 unique keys.)
While virtually unbreakable, triple-DES is CPU intensive.
With more smart cards, cell phones, and PDAs, a faster (and
smaller) piece of code is highly desirable.




8/11/2011                                                     52
Advanced Encryption Standard (AES)
Selected by the U.S. government to replace DES.
National Institute of Standards and Technology selected the
algorithm Rijndael (pronounced rain-doll) in October 2000 as
the basis for AES.
AES has more elegant mathematical formulas, requires only
one pass, and was designed to be fast, unbreakable, and able to
support even the smallest computing device.




 8/11/2011                                                     53
Advanced Encryption Standard (AES)
Key size of AES: 128, 192, or 256 bits.
Estimated time to crack (assuming a machine could crack a
DES key in 1 second) : 149 trillion years.
Very fast execution with very good use of resources.
AES should be widely implemented by 2004.




 8/11/2011                                                  54
                   Digital Signatures

Document to be signed is sent through a complex mathematical
computation that generates a hash.
Hash is encoded with the owner’s private key.
To prove future ownership, the hash is decoded using the
owner’s public key and the hash is compared with a current
hash of the document.
If the two hashes agree, the document belongs to the owner.
The U.S. has just approved legislation to accept digitally signed
documents as legal proof.
8/11/2011                                                     55
            Digital Signature




8/11/2011                       56
            Public Key  Private Key

•   Method of encryption
•   Private key must be kept secret
•   Public key can be given to everyone
•   Encrypt with public decrypt with private
•   Encrypt with private decrypt with public



8/11/2011                                      57
                  Example
• A Encrypts Secret Message with A’s private key
  and then Bs public key
• Message is sent to B
• B Decrypts with Bs private key and then A’s
  public key
• Secret Message is now plaintext
• B Encrypts Secret Message with B’s Private Key
  then A’s public key
• Message is sent to A
• A Decrypts with A’s private Key then B’s public
  key
8/11/2011                                           58
                 Result

• Messages are safe
• We have some security about who is
  sending message




8/11/2011                              59
Public Key Infrastructure
The combination of encryption techniques, software, and
services that involves all the necessary pieces to support digital
certificates, certificate authorities, and public key generation,
storage, and management.
A certificate, or digital certificate, is an electronic document,
similar to a passport, that establishes your credentials when you
are performing transactions.




 8/11/2011                                                       60
Public Key Infrastructure
A digital certificate contains your name, serial number,
expiration dates, copy of your public key, and digital signature
of certificate-issuing authority.
Certificates are usually kept in a registry so other users may
check them for authenticity.




 8/11/2011                                                       61
Public Key Infrastructure
Certificates are issued by a certificate authority (CA). A CA is
either specialized software on a company network or a trusted
third party.
Let’s say you want to order something over the Internet. The
web site wants to make sure you are legitimate, so the web
server requests your browser to sign the order with your private
key (obtained from your certificate).




 8/11/2011                                                     62
Public Key Infrastructure
The web server then requests your certificate from the third
party CA, validates that certificate by verifying the third party’s
signature, then uses that certificate to validate the signature on
your order.
The user can do the same procedure to make sure the web
server is not a bogus operation.
A certificate revocation list is used to “deactivate” a user’s
certificate.




 8/11/2011                                                       63
Public Key Infrastructure
Applications that could benefit from PKI:
• World Wide Web transactions
• Virtual private networks
• Electronic mail
• Client-server applications
• Banking transactions



 8/11/2011                                  64
                         Firewalls
A system or combination of systems that supports an access
control policy between two networks.
A firewall can limit the types of transactions that enter a
system, as well as the types of transactions that leave a system.
Firewalls can be programmed to stop certain types or ranges of
IP addresses, as well as certain types of TCP port numbers
(applications).




 8/11/2011                                                      65
8/11/2011   66
Firewalls
A packet filter firewall is essentially a router that has been
programmed to filter out or allow in certain IP addresses or
TCP port numbers.
A proxy server is a more advanced firewall that acts as a
doorman into a corporate network. Any external transaction
that requests something from the corporate network must enter
through the proxy server.
Proxy servers are more advanced but make external accesses
slower.

8/11/2011                                                        67
8/11/2011   68
              Cost of Security
• Time , money and effort
• A ship in harbor is safe, but that is not what
  ships are built for."
     – Shedd, John A.
• Balance cost and risk




8/11/2011                                      69
            6 Steps of Security Policy
                  Development
•   Identify assets
•   Identify threats
•   Identify vulnerabilities
•   Consider risks
•   Identify risk domains
•   Take protective measures

8/11/2011                                70
                     Asset

• Anything of value in the information system
     – Data
     – Programming




8/11/2011                                   71
                  Threats

• Process and people that present a potential
  danger to an asset
• Intentional or unintentional
• Natural or man-made




8/11/2011                                       72
             Vulnerabilities

• The manner or path a threat uses to attack
  an asset
• Intentional or unintentional
• Natural or man-made




8/11/2011                                      73
                      Risk

• Probability that a particular threat will
  attach a particular asset through a particular
  vulnerability
• Risk Domain
     – Network systems sharing common business
       functions and exposures



8/11/2011                                        74
              Protective measures

• Implement measures to prevent a specific
  threat to a specific asset through a specific
  vulnerability
   –   Virus protection
   –   Firewall
   –   Authentication
   –   Encryption
   –   Intrusion detection
• Use Risk to determine which protective
  measures to implement first
 8/11/2011                                        75
                         What to Protect

• Physical security
            •   Computing resources
            •   Storage (live and backups)
            •   Communications and remote access
            •   Support (power and cooling)
• Cryptographic security
            • Hiding content
            • Authenticating parties
            • Protection against replays and man-in-the-middle
• Code execution and permissions
            • Open source code (patches)
            • Execution space and account structure
            • Social engineering

8/11/2011                                                        76
                        What to Protect

• Define tight perimeters
            • Physical: secure rooms, not buildings
            • People: delete old accounts, manage permissions
• Compartmentalize
            • Firewalls: one per class of device
            • Code: executes chroot with own uid
            • Permissions: role accounts, sudo
• Modularize
            •   Code: auditable building-blocks, not monoliths
            •   People: cross-train and understand overall goals
            •   Physical: standard components, spares, images
            •   Firewalls: central management of rulesets, namespace
8/11/2011                                                              77
                     What to Allow

• Differential threshold of difficulty to
  authorized and unauthorized users

• How to authenticate?
            • “Something you have and something you know.”
            • Password, phrase, PIN, or challenge-response
            • Key, token, modulator, or biometric property



8/11/2011                                                    78
                      What to Allow

• Permissions depend upon context
     – Temporal:
            • Some hours of the day or days of the week
            • While they’re employed or contracted
     – Physical:
            • While they’re present in a facility
            • Together with another user
     – Complex:
            • Depending upon pattern of prior actions

8/11/2011                                                 79
                   Types of Attacks

• Physical:
     –      Infrastructure destruction
     –      Theft of components
     –      Wiretapping and eavesdropping
     –      Vandalism




8/11/2011                                   80
                   Types of Attacks

• Communications:
     –      Man-in-the-middle
     –      Denial of service
     –      Port scanning
     –      Stepping-stones and impersonation




8/11/2011                                       81
                   Types of Attacks

• Code:
     –      Incompetence and DoS against labor
     –      Buffer overflows
     –      Permissions bootstrapping
     –      Worms and self-replication
     –      Virus and Trojan horses
     –      Zombies and ownership


8/11/2011                                        82
                   Types of Attacks

• People:
     –      Social engineering
     –      Co-option
     –      Moles or plants
     –      Inside jobs




8/11/2011                             83
            Control Spreadsheet




8/11/2011                         84
            What Can You Do?

• Define clear and specific policy
     – 90% of security is human resources
     – 9% is host configuration
     – 1% is firewalls

• Only create policy which can be followed
• Only create policy which can be enforced

8/11/2011                                    85
                General “Good Ideas”

•    Eliminate unused software & hardware
•    Block all but essential traffic
•    Outsource Web hosting
•    Route and IP filter
•    Keep security software/hardware up to date
•    Protect most sensitive resources first


    8/11/2011                                     86
            General “Good Ideas”

• Implement physical security plan
• Monitor logs & other monitoring reports
• Implement simple, effective, enforceable
  security policy
• Use proxy and firewall technology
• Disable unused TCP resources

8/11/2011                                    87
            Why CEOs Must Lead

• Most serious security compromises come from
  within the organization.
• Most are failures of morale, alertness, or moral
  fiber on the part of employees.
• These problems can only be solved through good
  corporate culture.
• CEOs set the moral and ethical example which
  guide the corporation’s culture.
8/11/2011                                            88
Security Policy Design Issues
What is the company’s desired level of security?
How much money is the company willing to invest in security?
If the company is serious about restricting access through an
Internet link, what about restricting access through all other
entry ways?
The company must have a well-designed security policy.




 8/11/2011                                                       89
Network Security In Action: Banking and
PKI
If you want to perform online banking transactions, how does
the system know you are a legitimate user?
ScotiaBank uses a PKI system designed by Entrust.
Each customer is assigned a digital certificate.
Whenever a customer wants to perform an online transaction,
they “present” their certificate.


 8/11/2011                                                     90
Securing Your Computer
       Checklist




8/11/2011            91
  Securing Your Computer Checklist

      Personal Awareness
      Physical Security
      Account/Password Management
      Anti-Virus Software
      Software Update Management
      Personal Firewall Software
      Anti-Spyware Software
      Avoid Risky Behavior
      Disable Un-necessary Services
8/11/2011                              92
               Personal Awareness:
                   Action Items
  INFORMATION SECURITY BEGINS WITH
               YOU! (#1)

• You’re Responsible For Your Own Security.

• Become Aware – http://www.staysafeonline.org

• Stay Up To Date Regarding Carnegie Mellon
  Information Security – http://www.cmu.edu/iso
   8/11/2011                                      93
           Physical Security

     PHYSICAL ACCESS + TIME =
    KISS YOUR SECURITY GOODBYE
                (#2)

• Password reset/cracking tools exist for all
  major software

• Security bypass tools exist for all major
8/11/2011                                       94
     software
            Physical Security:
               Action Item


       ONLY LET TRUSTED
     INDIVIDUALS USE YOUR
         COMPUTER (#3)


8/11/2011                        95
     Account/Password Management:
          Password Cracking
Password Cracking Tools Guess Passwords:

     – That are all numeric
     – Contain only one or more dictionary words
     – Contain a dictionary word with a number pre-
       pended or appended
     – That are commonly found proper names


8/11/2011                                             96
     Account/Password Management:
           Strong Passwords
Strong Passwords:

     – Need to be easy to type
     – Must be easy to remember
     – Contain at least 8 characters
     – Contain mixed case alphabetics, digits, and
       punctuation
     – Should NOT be a dictionary word alone

8/11/2011                                            97
     Account/Password Management:
          Action Items (1 of 2)


• USE STRONG PASSWORDS WHEN
  POSSIBLE AND CHANGE THEM
  REGULARLY (#4)

• MAINTAIN SEPARATE ADMIN AND
  NON-ADMIN EVERYDAY USE
  ACCOUNTS (#5)
8/11/2011                           98
     Account/Password Management:
          Action Items (2 of 2)


• MAKE ACCOUNTS ONLY FOR
  TRUSTED INDIVIDUALS AND
  DISABLE THEM WHEN DONE (#6)

• DON’T GIVE EVERYONE ADMIN
  ACCESS (#7)

8/11/2011                           99
              Anti-Virus Software:
            How Does It Work? (1 of 2)


• Every time a piece of malware is
  discovered, anti-virus publishers record
  footprints called “signatures” and update
  their databases

• Scans search for traces of malware with the
  help of a signatures database
8/11/2011                                     100
              Anti-Virus Software:
            How Does It Work? (2 of 2)
• Full Disk Scans
     – Scan through every file on the disk(s)
• Quick Scans
     – Scan through files that are currently in use and
       automatically loaded on boot
• Real-time Monitoring
     – Scan files as they are used

8/11/2011                                             101
            Anti-Virus Software:
             When Does It Fail?


• ANTI-VIRUS
  SOFTWARE
  ONLY DETECTS
  POPULAR
  MALWARE –
  DON’T RELY ON
  IT ALONE (#8)
8/11/2011                          102
         Anti-Virus Software:
             Action Items
• ANTI-VIRUS
  SOFTWARE IS
  USELESS
  WITHOUT
  UPDATES –
  UPDATE IT (#9)

• EXPIRED ANTI-
     VIRUS SOFTWARE
     IS USELESS –
     REPLACE IT (#10)
8/11/2011                       103
   Software Update Management:
    Why Are Updates Needed?


• HUMANS MAKE MISTAKES –>
  HUMANS WRITE SOFTWARE –>
  SOFTWARE CONTAINS MISTAKES
  (#11)

• Software Bug that allows unauthorized
     access =
8/11/2011                                    104
      Security Hole (a.k.a. vulnerability)
       Software Update Management:
               Action Items


• UPDATE ALL YOUR SOFTWARE
  REGULARLY, ESPECIALLY YOUR
  OPERATING SYSTEM (#12)

• USE AUTOMATIC UPDATE
  MECHANISMS WHEN POSSIBLE
  (#13)
8/11/2011                            105
                Personal Firewall Software:
                How Does It Work? (1 of 2)
AIM Server                       My Computer               Email Server



               Port   AIM                        IMAP   Port
               5190                 Port                993
                                    5190

                             AIM File Transfer

                      AIM                        IMAP




                      My Buddy

   8/11/2011                                                   106
            Personal Firewall Software:
            How Does It Work? (2 of 2)
                            Your Computer
                        Personal Firewall
                               Listening      Application
                                 Ports         Servers
                                       Personal Web Server
                                 80
                                             (PWS)

Internet                         139
                                       Windows File & Printer
                                          Sharing Server

                                            Microsoft SQL
                                1433
                                               Server

                                           Unknown Email
                                XXX
                                               Trojan




8/11/2011                                                       107
            Personal Firewall Software:
                   Action Items


• INSTALL/ENABLE A
  PERSONAL FIREWALL (#14)

• DON’T OPEN FIREWALL PORTS
  UNLESS ABSOLUTELY NECESSARY
  AND CLOSE THEM WHEN DONE
  (#15)
8/11/2011                                 108
            Anti-Spyware Software:
            What Is Spyware? (1 of 2)

  Software that secretly gathers
  information about the user, makes
  potentially unwanted changes, and
  possibly relays it to advertisers or
  other interested parties.



8/11/2011                                109
       Anti-Spyware Software:
       What Is Spyware? (2 of 2)
          Not Just Pop-Up Ads

• System Monitors
   Record passwords, IMs, emails, SSNs,
   financial account numbers (bank, credit,
   etc…)

• Trojan Horses & Rootkits
      Remote control your computer without
      your consent
8/11/2011                                     110
            Anti-Spyware Software:
                 Action Items


• INSTALL ANTI-SPYWARE
  SOFTWARE AND UPDATE IT
  REGULARLY (#16)

• THINK BEFORE YOU CLICK –
  READ THE FINE PRINT FOR
  FREE SOFTWARE OFFERS (#17)
8/11/2011                            111
            Avoid Risky Behavior:
                Action Items
    • DO NOT OPEN EMAIL ATTACHMENTS
      FROM UNKNOWN SOURCES (#18)

    • DO NOT INSTALL SOFTWARE FROM
      UNTRUSTED SOURCES (#19)

    • PASSWORD PROTECT & LOCK DOWN
      YOUR FILE SHARES (#20)

    • DO NOT ILLEGALLY DISTRIBUTE
      COPYRIGHTED MATERIAL (#21)

8/11/2011                             112
        Disable Un-necessary Services:
                 Action Item
ANY SERVICE NOT NEEDED FOR DAY TO
  DAY USE SHOULD BE DISABLED (#22)

 – Disabling or removing these services reduces the
   attack surface for viruses/hackers

 – For example: Web servers, database servers, file
   sharing servers, etc…

 8/11/2011                                            113
             end




8/11/2011   114

								
To top