Internet security for your computer and protecting your privacy
Download
1 / 34

SecurityPrivacy Presentation - PowerPoint PPT Presentation


  • 227 Views
  • Updated On :

INTERNET SECURITY FOR YOUR COMPUTER AND PROTECTING YOUR PRIVACY. BOB COOK DOAI WEBMASTER ©2010. PC INFECTION RATES. 25% of Business PC’s infected 60% of all PC’s infected Vast majority of users are unaware More security attacks in 2009 than all previous years combined Source: Sophos.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SecurityPrivacy Presentation' - Philip


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet security for your computer and protecting your privacy l.jpg
INTERNET SECURITY FOR YOUR COMPUTERANDPROTECTING YOUR PRIVACY

  • BOB COOK

  • DOAI WEBMASTER

  • ©2010


Pc infection rates l.jpg
PC INFECTION RATES

  • 25% of Business PC’s infected

  • 60% of all PC’s infected

  • Vast majority of users are unaware

  • More security attacks in 2009 than all previous years combined

  • Source: Sophos


Project aurora l.jpg
PROJECT AURORA

  • Google and 30 other top companies were recently attacked and data stolen using sophisticated malware techniques

  • These attacks were not against Google servers....they were targeted at individual laptops which were then used to get “inside” access

  • And you think you are safe?


Security vulnerabilities l.jpg
SECURITY VULNERABILITIES

  • Windows (XP, Vista, Windows 7)

  • Applications

  • (Browser, Excel, Powerpoint, PDF, ZIP, JAVA, JavaScript)

  • Hardware Drivers

  • (Computer, Printer, Scanner, etc)

  • Must keep them all updated!

  • But the biggest vulnerability is YOU!


How are vulnerabilties exploited l.jpg
HOW ARE VULNERABILTIES EXPLOITED?

  • First, they have to get on your computer:

  • Open email attachments, click on links

  • Downloading Files (Programs, Pictures, PDF’s, ZIP files, etc)

  • Just VISITING a website, perhaps through a poisoned Google SEO search result

  • Just VISITING a “good” website that has been hacked

  • (such as US Treasury, reported May, 2010)

  • In some cases, just RECEIVING an email, no action required


Seo poisoning example l.jpg
SEO POISONING EXAMPLE

  • Four of top five hits are links to poisoned sites (Underlined in Red)

  • Downloaded malware submitted to VT

  • Only 24% detection rate!



First line of defense get the updates l.jpg
FIRST LINE OF DEFENSEGET THE UPDATES

  • WINDOWS - Windows Update

  • Note - SP3 is only version supported for XP

  • APPLICATIONS - Secunia PSI

  • DRIVERS - Computer / Hardware Vendor,

    • Device Doctor


Second line of defense practice safe computing l.jpg
SECOND LINE OF DEFENSEPRACTICE SAFE COMPUTING

  • Never log in as Administrator when on Internet

  • Keep confidential files on external drive that is only connected when you need it

  • Encrypt confidential files (or keep on external drive)

  • Don’t open attachments

  • Don’t download or share files

  • Don’t click on shortened URL’s

  • Turn off scripting (not a viable alternative)

  • Use a more secure browser (Chrome)

  • Turn off HTML email, turn off preview


Third line of defense l.jpg
THIRD LINE OF DEFENSE

  • Use an AntiVirus program and keep it updated

  • OK, I did all that stuff (well, maybe not all of it). But why do I still get infected? Why won’t my AV program protect me?


Malware facts l.jpg
MALWARE FACTS

  • Malware testing results are mostly bogus, driven by advertising dollars

  • Six different kinds of rootkits, most AV only catch one (the easiest)

  • Malware author tests his product against AV software ($Billion business)

  • Timeline between discovered malware and patch can be months - in the meantime, you are vulnerable


Slide12 l.jpg

  • Heuristics and activity-based detection catch at most 40% of “new” malware (optimistic)

  • Rootkits, Bootkits, File Infectors big problems that defy detection and mostly not used by testing labs to report AV “success” rates

  • Most malware testing is done against a published set of malware, allowing vendor “optimization” of results.

  • Matousec testing is most comprehensive


Matousec test results l.jpg
MATOUSEC TEST RESULTS “new” malware (optimistic)


A better av alternative l.jpg
A BETTER AV ALTERNATIVE “new” malware (optimistic)

  • Almost all malware depends on memory corruption (usually as a result of a buffer overflow that allows the malware to load and execute)

  • - eEye Blink Personal is an excellent alternative since it prevents against memory corruption attacks generically (no need for scanner or heuristics

  • Blink includes three AV scanners to detect malware you unintentionally install


Slide15 l.jpg

  • If you have been paying attention, you realize that - even if you are 100% diligent, you are still highly at risk!

  • This is why Project Aurora and other targeted attacks are successful, in spite of traditional protection measures.

  • You need a way for your computer to magically return itself to a pristine state every time you turn it on, ridding itself of any malware it may have contracted.


Virtualization l.jpg
VIRTUALIZATION if you are 100% diligent, you are still highly at risk!

  • A program that allows you to run your browser and any other applications you choose in a “sandbox”, completely separate from your “host” computer.

  • Empty the sandbox, and everything you did disappears, including all traces of malware you may have contracted - and nothing ever touched your host computer. Its like getting a new clean computer every day!


Sandboxie easy virtualization l.jpg
SANDBOXIE if you are 100% diligent, you are still highly at risk!EASY VIRTUALIZATION

  • SandboxIE will allow you to easily run your browser, email program, and any other programs you choose in a sandbox.

  • Anything that happens in the sandbox does not affect your computer.

  • Empty the sandbox, and everything disappears. Works with all versions of Windows.


Learn how to use sandboxie l.jpg
LEARN HOW TO USE SANDBOXIE if you are 100% diligent, you are still highly at risk!

  • Updates and downloads must be done outside of the sandbox

  • Consider using web-based email and bookmarks

  • Malware not caught by your AV suite will run in the sandbox until you empty it

  • Empty browser sandbox each time before you visit a confidential site - eliminates anything bad that got by your AV software


Disk imaging l.jpg
DISK IMAGING if you are 100% diligent, you are still highly at risk!

  • Just in case bad things happen....

  • Create a Disk Image of your OS and a rescue CD

  • Completely restore your HD, apps and OS, in 15 minutes

  • - crashed HD, corrupted registry, etc

  • - Malware that snuck by

  • - Use to repair 95% of your computer problems, avoid frustration and service charge

  • Easeus Disk Copy, Acronis TrueImage, DriveImageXML,

  • Comodo Time Machine


Protecting your privacy l.jpg
PROTECTING YOUR PRIVACY if you are 100% diligent, you are still highly at risk!

  • Your privacy / identity is at risk:

    • 1. Information others have about you

    • 2. Personal records you lose / theft

    • 2. Your computer usage

      • Sandboxing and your AV/AS will not completely protect your privacy


Info others have l.jpg
INFO OTHERS HAVE if you are 100% diligent, you are still highly at risk!

  • Over 350MM data records lost by businesses since 2005 (Source: privacyrights.org)

  • Your doctor, dentist, insurance company, gov’t agency all have enough info for someone to steal your identity

  • You are at risk even if you never use a computer

  • It is up to you to protect your identity / credit


Identity theft defense l.jpg
IDENTITY THEFT DEFENSE if you are 100% diligent, you are still highly at risk!

  • Best defense is to freeze your credit at all three national credit reporting agencies (Equifax, TransUnion, Experian)

  • Each state regulates terms and cost

  • Cost usually $10 or less for each freeze/thaw

  • If you need credit, initiate thaw at only the reporting agency your creditor will use


Other threats l.jpg
OTHER THREATS if you are 100% diligent, you are still highly at risk!

  • Debit Cards - burden of proof on you

  • Cell Phone

  • - Wipe data before disposal

  • www.recellular.com

  • - turn off Bluetooth when not using

  • - Lock access with passcode

  • - Smartphone apps may be malware

  • - Turn off location services unless needed


Slide24 l.jpg

  • Be careful what you post, it will be cached if you are 100% diligent, you are still highly at risk!

  • Social networking sites are a haven for malware and social engineering attacks

  • Don’t broadcast you are not home

  • Don’t use real password hint answers

  • Don’t use real personal info

  • Many cordless phones are easily eavesdropped, so are VOIP calls

  • Even your car spies on you - computer tracks your speed, braking, steering, etc


Protecting your computer privacy l.jpg
PROTECTING YOUR COMPUTER PRIVACY if you are 100% diligent, you are still highly at risk!


Cookies privacy l.jpg
COOKIES & PRIVACY if you are 100% diligent, you are still highly at risk!

  • HTML cookies mostly safe. Used to identify you as you browse a website. Easily deleted by your browser

  • “Zombie” (aka Browser Helper Objects) are another matter.

  • - May be persistent

  • - Can’t delete via browser

  • - Can turn on your microphone or webcam


Zombie cookies l.jpg
ZOMBIE COOKIES if you are 100% diligent, you are still highly at risk!

  • Manage at:

  • http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html


Many ways to steal your personal info online l.jpg
MANY WAYS TO STEAL YOUR PERSONAL INFO ONLINE if you are 100% diligent, you are still highly at risk!

  • Pfishing

  • Clickjacking

  • Keyloggers

  • Hijacking

  • TabPhishing

  • “Social Engineering”, and the list goes on


Best defenses l.jpg
BEST DEFENSES if you are 100% diligent, you are still highly at risk!

  • Don’t visit porn or other questionable sites (Web of Trust browser add-on or OpenDNS client)

  • Use a password manager (LastPass) and let it choose secure passwords

  • Financial websites

  • Use two-factor authentication (Token, SMS, call, etc)

  • Empty you sandbox and close your browser

  • Use Site-Specific Browser


Slide30 l.jpg

  • Maybe LOTS of info on your computer’s hard drive. Nuke the HD or destroy it if you are disposing of an old computer. Remove all confidential data from HD if taking it in for service.

  • Keep confidential info on external drive that is not connected to your computer unless you need it.

  • Encrypt confidential information on your hard drive and on your external or flash drive using a program such as TrueCrypt

  • Crossing the border? Homeland Security gives them the right to seize any electronic equipment

  • Backup your data and keep one copy off-site


Credit card use on web l.jpg
CREDIT CARD USE ON WEB the HD or destroy it if you are disposing of an old computer. Remove all confidential data from HD if taking it in for service.

  • OK to use at major sites

  • Make sure SSL is enabled (https)

  • For best security, check your credit card vendor for one-time-use option

  • PayPal - pay via your credit card, not your bank account

  • Use PayPal for unfamiliar sites, NOT a credit card (they may steal your number)


Slide32 l.jpg
WIFI the HD or destroy it if you are disposing of an old computer. Remove all confidential data from HD if taking it in for service.

  • AT HOME:

  • Use WPA2 encryption

  • Change router default login and password

  • Don’t allow others to connect to your network (LAN or WIFI) unless you provide them with a separate router

  • Or, get a router that allows separate Guest Access that completely isolates the guest

  • Or, just turn off all your computers until guest is done and disconnected


Public wifi lan l.jpg
PUBLIC WIFI / LAN the HD or destroy it if you are disposing of an old computer. Remove all confidential data from HD if taking it in for service.

  • Simple software allows anyone to capture your session on unencrypted/Shared Key WIFI

  • Email login and password may be sent “in the clear”

  • YahooMail (and others) has secure login, but messages are not encrypted

  • General web browsing done “in the clear”

  • Best Defense - use HotSpot Shield

  • Free service - www.hotspotshield.com

  • Always use a software firewall

  • Ensure file sharing is disabled

  • Turn off WiFi and Bluetooth when not using


Additional hints l.jpg
ADDITIONAL HINTS the HD or destroy it if you are disposing of an old computer. Remove all confidential data from HD if taking it in for service.

  • Inventory possessions for insurance (include pictures, receipts, serial numbers, model numbers, date purchased, etc)

  • Keep updated list of all impt info (credit card numbers and contact info, medical/prescription info, banking, insurance, vehicle license/serial numbers, insurance info, etc) KEEP ONE COPY OFFSITE, ENCRYPTED

  • Don’t carry your checkbook with you


ad