Personal security
Download
1 / 52

- PowerPoint PPT Presentation


  • 445 Views
  • Updated On :

Personal Security Security Tips for Home Internet Users Securing your home computer Accessing the Internet from home Convenient Abundance of information Exposes your computer Can be costly or damaging Overview Internet access Why Should I be concerned with Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - liam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Personal security l.jpg

Personal Security

Security Tips for Home Internet Users


Securing your home computer l.jpg
Securing your home computer

  • Accessing the Internet from home

    • Convenient

    • Abundance of information

    • Exposes your computer

    • Can be costly or damaging


Overview l.jpg
Overview

  • Internet access

  • Why Should I be concerned with Security

  • What are the most common vulnerabilities

  • What security tools are available

  • Where can I find more information


Internet l.jpg
Internet

  • Complex system of attached networks

  • Designed to distribute data geographically at high speeds in a short period of time

  • Data is distributed in a variety of formats

    • Examples: PDF, JPEG, MOV, MP3, Text

  • Information is stored or viewed locally on your computer


Broadband l.jpg
Broadband

  • High speed access to the home user

  • Types

    • DSL

    • Cable Modem


Slide6 l.jpg
DSL

  • Digital Subscriber Line

  • Typically ADSL

    • Asymmetric Digital Subscriber Line

  • Offers dedicated bandwidth

  • Speed

    • 384 kbps downstream

    • 128 kbps upstream

    • Up to 1.5 Mbps down 800 kbps up

    • Varies depending on service level and distance from CO (Central Office)

    • Maximum distance varies 14000 – 17500 ft


Dsl configuration l.jpg
DSL Configuration

  • DSL Modem

  • DSL Splitter and Filters

  • DSLAM

    • Digital Subscriber Line Access Multiplexer

  • ISP

    • Internet Service Provider


Cable modem l.jpg
Cable Modem

  • Shared bandwidth

  • Speed per channel

    • 27 Mbps shared download

    • 10 Mbps Upload

  • Connects to CMTS (Cable Modem Transmission System) at cable company

    • Provides packet filtering, and traffic shaping


What about security l.jpg
What about security?

  • Why should I be concerned?

  • What are the vulnerabilities?

  • What can I do to protect myself?

  • How do I recover from an attack?


Why should i be concerned l.jpg
Why should I be Concerned

  • You lose crucial data

  • You spend time and money on recovery

  • You feel violated, helpless and foolish

  • You risk propagating the attack to your peers and others

  • Your peers and others know how foolish you are


Vulnerabilities l.jpg
Vulnerabilities

  • Viruses

  • Hacks

  • Data Capturing

  • Lack of contingency planning


Virus l.jpg
Virus

  • 60,000 Variations in circulation

  • Types of Viruses

  • Antivirus Software

  • Best Practices


Types of viruses l.jpg
Types of Viruses

  • Viruses are Segments of code or complete programs that can damage your system or degrade system performance.

    • Trojan Horse

    • Worm

    • Hoax


Trojan horses l.jpg
Trojan Horses

  • A program disguised as having a desired purpose while subversively performing an unwanted action on your system.

  • Often open backdoor access to your system

  • Notorious Trojan Horses

    • Simpson's

    • Backdoor

    • Sub7

    • BackOrafice

    • NetBus


Slide15 l.jpg
Worm

  • Self Propagating independent program that adversely affects your computer performance or damages your computer

  • Hall of fame

    • Melissa

    • Nimda

    • LoveLetter

    • Anna Kournikova

    • CodeRed

    • SirCam


Slide16 l.jpg
Hoax

  • An unsubstantiated virus alert intended to cause panic

  • Typically warning of the most damaging or dangerous virus

  • Examples

    • BudweiserFrogs

    • A virtual card for you

    • !0000 – Stop mass mailings

    • Wobbler

    • Win a holiday


Best practice virus prevention l.jpg
Best Practice: Virus prevention

  • Always verify your antivirus software is running and Update your antivirus software


Best practice virus prevention 2 l.jpg
Best Practice: Virus prevention 2

  • When receiving email do not open attachments unless you are expecting them

  • Take virus alerts seriously

  • Sources of alerts

    • Institutional Notification

    • News Media alerts

    • Word of mouth


Virus recovery l.jpg
Virus recovery

  • Use antivirus software and tools to clean system

    • http://www.mcafee.com

    • http://www.symantec.com

  • Find manual steps for virus removal

  • Reinstall your system from scratch


Hacks l.jpg
Hacks

  • Hacking

    • What is hacking

    • How does hacking happen

  • Types of attacks

  • Prevention methods


Hacking l.jpg
Hacking

  • Gaining unauthorized access to computer systems for malicious purposes


How hacking happens l.jpg
How Hacking Happens

  • System information is collected

    • Footprinting

    • Scanning

    • Probing

    • Enumeration

  • Software vulnerabilities are exploited

  • System passwords are guessed or not employed


Types of attacks l.jpg
Types of Attacks

  • Interference

  • Interception

  • Impersonation


Interference l.jpg
Interference

  • Attacks that render objects or services unusable

    • Denial of service

    • Distributed Denial of service

    • System alteration


Interception l.jpg
Interception

  • Captures Data through monitoring or redirection

    • Monitoring

      • Wire taps

      • Network Monitoring

    • Redirection

      • Alteration of DNS servers

      • Man in the middle


Impersonation l.jpg
Impersonation

  • When the attacker assumes the identity of a trusted source

    • Spoof attacks

      • Using the IP source address of a trusted source computer

    • Password attacks

      • Password enumeration


Prevention methods l.jpg
Prevention Methods

  • Know your system

  • Tools to help protect your system

  • Watch for and apply security patches

  • Contingency planning


Know your system l.jpg
Know your system

  • Inventory your system

  • Baseline system and network performance

  • Identify vulnerabilities


Inventory your system l.jpg
Inventory your system

  • Software Inventory

    • Running Software

    • File and printer sharing

    • Startup Software

    • Installed Software

    • Software Keys

    • Software Licensing

  • Hardware

    • Installed components

    • Vendor specific device drivers


Inventory tools l.jpg
Inventory Tools

  • Microsoft

    • System Information 98

    • Manage Computer System summary

    • Windows NT Diagnostics


Inventory tools 2 l.jpg
Inventory Tools 2

  • Belarc Advisor


System baseline l.jpg
System Baseline

  • Task manager

    • Memory Utilization

    • Process Utilization

  • Performance monitor

    • Log low use system state

    • Log high use system state


Network baseline l.jpg
Network Baseline

  • Check Internet Bandwidth speed

    • McAfee Speedometer

      • http://promos.mcafee.com/speedometer/test_0150.asp

    • Ftp Large Files

      • Hash

      • Download Statistics


Network baseline 2 l.jpg
Network Baseline 2

  • Use traceroute

    • Check TTL stats

  • Use performance monitor to check utilization

    • Network Utilization


Identify vulnerablilities l.jpg
Identify Vulnerablilities

  • Filesharing

    • Opens access to your files remotely

    • Should be turned off if not used

    • Protected with security device and used with complex passwords

  • Web Browsing

    • Personal information is accessible via cookie files

    • ActiveX components can launch Visual Basic Application components included in Microsoft Office

    • Disable ActiveX components unless necessary


Security boundries l.jpg
Security Boundries

  • Personal Computer

  • Local Network Security

  • Internet Security


Internet protocol ip l.jpg
Internet Protocol (IP)

  • Address your computer on the network and where your computer can be reached

  • 32 Bit numeric device address.

  • Dotted Decimal Notation

    • Ex: 192.168.99.32

  • Consists of network and host address.

  • Determined by subnet mask

    • 255.255.255.0

    • Network 192.168.99.0

    • Host 0.0.0.32


Network security l.jpg
Network Security

  • Dynamic Addressing

    • IP address changes over scheduled time

  • Private Addressing

    • Reserved address range by IANA

    • 10.0.0.0

    • 192.168.0.0

    • 172.16.0.0

  • Encryption


Encryption l.jpg
Encryption

  • Method of repackaging data into cyphertext in order to keep observers from viewing data and preserve data integrity

  • SSL – Secure Sockets Layer

    • Encrypts Communication between web browsers and web servers over the internet

    • Uses Public and private key exchange

  • VPN – Virtual Private Networking

    • Secure Tunnel

    • Key Encryption

      • Symmetric

      • Asymmetric

    • Encryption Algorithms

      • SHA – Secure Hashing Algorithm

      • DES – Data Encryption Standard


What your isp does for you l.jpg
What your ISP does for you


Security tools l.jpg
Security Tools

  • Routers

  • Proxy Servers

  • Firewalls

    • Application

    • Circuit Switching

  • Scanners


Routers l.jpg
Routers

  • ACL Filter packets

    • Deny or Allow

    • Destination or Source

  • Separate Networks

    • Gateway

    • Private Network


Proxy server l.jpg
Proxy Server

  • Resides between web sites and web browser

  • Takes Request from client

  • Issues request to web server

  • Caches web content locally

    • Improves network performance


Firewalls l.jpg
Firewalls

  • Separates untrusted external network with trusted internal network.

  • Types of Firewalling

  • Personal Firewall

  • Network Firewall


Types of firewalling l.jpg
Types of Firewalling

  • ACL – Access Control Lists

    • Filters Packets

  • Application Firewalling

    • Verifies command legitimacy

    • Can be performance intensive

  • Proxying

  • Circuit Switching

    • Allows data sessions by request


Personal firewall l.jpg
Personal Firewall

  • Installed on local Computer

  • Rules Based

  • Alerts to system intrusion

  • Accounting Logs events for network forensics

  • Risky can affect stability of your computer

    • Personal firewalls replace operating system kernel components and can conflict with other applications

  • Vendors

    • Sygate Personal Firewall – http://www.sygate.com

    • Black Ice Defender – http://www.networkice.com

    • McAfee Personal Firewall – http://www.mcafee.com

    • Norton Personal Firewall – http://www.symantec.com

    • Zone Alarm – http://www.zonelabs.com


Network firewalls l.jpg
Network Firewalls

  • DSL Cable Routers

    • Filter Packets

    • Separates Network

      • Uses Private Addressing

  • Vendors

  • Linksys DSL/Cable Router

    • http://www.linksys.com

  • Dlink Home Gateway Internet Sharing and Firewall

    • http://www.dlink.com

  • Proxim – Netline Gateway

    • http://www.proxim.com

  • SMC Barricade

    • http://www.smc.com


Port scanners l.jpg
Port Scanners

  • Scans IP Port numbers for available services

  • Gibson Research Center

    • http://www.grc.com


Contingency l.jpg
Contingency

  • Backup your data

  • Often

  • Use Rotation schedule

  • Store software, license and key information in a safe convenient place.

  • Software includes device drivers, application software, and operating system


Who can i turn to l.jpg
Who can I turn to?

  • [email protected]

  • System Administration Networking Security

    • http://www.sans.org

  • Carnegie Mellon - Computer Emergency Response Center

    • http://www.cert.org

  • FBI – Internet Fraud Complaint Center

    • http://www.fbi.gov/interagency/ifcc/filingcomplaint.htm


Links l.jpg
Links

  • Broadband

    • http://www.cable-modem.net/gc/questions.html

    • http://www.dslreports.com/

  • Antivirus

    • http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/default.asp

    • http://www.symantec.com/avcenter/index.html

  • System Inventory

    • http://www.belarc.comPersonal Firewalls

    • http://www.zonelabs.com

    • http://www.symantec.com

    • http://www.mcafee.com

    • http://www.networkice.com

    • http://www.sygate.com


Links 2 l.jpg
Links 2

  • Network Firewalls/Routers

    • http://www.linksys.com

    • http://www.dlink.com

    • http://www.proxim.com

    • http://www.smc.com

  • System and Port Scanners

    • http://www.grc.com

    • http://security1.norton.com/us/home.asp

    • http://www.mcafee.com/support/system_req/browser_test.asp

    • http://www.microsoft.com/technet/mpsa/start.asp

  • Agencies

    • http://www.ciac.org/ciac/

    • http://www.sans.org

    • http://www.fbi.gov/interagency/ifcc/filingcomplaint.htm

    • Report abuse to any ISP. Ex [email protected]

  • This Presentation

    • http://homepage.smc.edu/rojas_dan


ad