1 / 74

Hands-on Computer Security

Hands-on Computer Security. Thursday, 11 March 2010, 1:15 – 2:45 pm. Don Riggs Schenectady County Community College Schenectady, NY Department of Math, Science and Technology riggsd@sunysccc.edu. Computer Security – Typical User. Computer security??.

Download Presentation

Hands-on Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hands-on Computer Security Thursday, 11 March 2010, 1:15 – 2:45 pm Don Riggs Schenectady County Community College Schenectady, NY Department of Math, Science and Technology riggsd@sunysccc.edu

  2. Computer Security – Typical User Computer security??

  3. A Typical Approach to Computer Security I’m alright!

  4. Why Hands-on? A quote, widely attributed to William Glasser, informs us that we learn: • 10% of what we read • 20% of what we hear • 30% of what we see • 50% of what we see and hear • 70% of what we discuss with others • 80% of what we experience personally! • 95% of what we teach others Source: Dr. Shirlee Dufort (Doctoral dissertation, used with permission)

  5. Why Hands-on? • Lecturing is not the best way to teach • Listening is not the best way to learn • Doing makes the material come alive for our students • Sometimes, we even reach students who would otherwise remain disaffected

  6. Hands-on Password Security • Most users choose easy to remember passwords • Most users choose very weak passwords • According to a recent New York Times article, RockYou.com’s users logged on with these passwords: Source: http://www.nytimes.com/2010/01/21/technology/21password.html

  7. Common Passwords - All Dangerously WeakSome things never change Source: http://www.nytimes.com/2010/01/21/technology/21password.html

  8. Hands-on Password Check • Microsoft Password Checker • Check Your Password Here Source: https://www.microsoft.com/protect/fraud/passwords/checker.aspx Source: http://www.webwizny.com/password/

  9. Hands-on Password Security Strong Passwords: So secure, no one can remember them! • https://www.grc.com/passwords.htm • Without a password safe, they are probably not useful, except to illustrate the tension between strong passwords and easily remembered passwords

  10. Hands-on Password Security Let’s create a good password • Use a mixture of letters, numbers and non-alphanumeric symbols (! @ # $ % ^ & * } |). • At least 12 characters long • Memorable, but not present in a dictionary • Think of a familiar quote, for example, • “Two roads diverged in a wood, and I - I took the one less traveled by” http://www.americanpoems.com/poets/robertfrost/12074

  11. Hands-on Password Security Some possible passwords: • password1 (24.3) • 2Rdi@w&I (26.3) • 2Rdi@w&I-Itt1ltb (59.9) • 2roadsdivergedin@Wood&I (78.3) • tworoadsdivergedinawoodandI (86.3)

  12. Hands-on Password Security Bad Passwords • All short passwords are vulnerable • Why? Let’s do some math • Brute force attack • Dictionary attack

  13. Hands-on Anti-VirusHow long has it been since that free anti-virus trialware subscription ended? Most of my students, who experience problems with viruses or other malware, do not have up-to-date anti-virus software running on their computers They also have children Consider recommending • a free online scan with Trend Micro – House Call • Avira AntiVir software (free)

  14. Hands-on Computer Viruses Students have fanciful ideas about what exactly a computer virus is. Some conceive of a virus as an organic entity and actually dispose of their computer to be rid of the infection, thereby exposing themselves to hidden danger because of the information contained on the infected computer’s hard drive

  15. Hands-on Computer Viruses • The term “computer virus” is often employed as a generic expression for malware in general, including viruses, worms, spyware, Trojan horses, adware, etc. • All malware exists in the form of computer code but spreads from computer to computer in a variety of ways • Let’s look more closely at a well-known virus

  16. Hands-on Computer Viruses Melissa – A notorious computer virus • In its original form, once in place, Melissa e-mailed itself to the first 50 entries in the infected computer’s address book • As it spread, one infection became 50, 50 became 2,500, 2,500 became 125,000, 125,000 became 6,250,000 . . . • Some e-mail servers were overwhelmed by the volume of e-mail traffic

  17. Hands-on Computer Viruses What you received in the mail when Melissa arrived and you opened your e-mail • Subject: Important Message From (infected sender’s name) • Body Text: Here is that document you asked for... don't show anyone else ;-) • Attachment: list.doc (virus embedded in Word document)

  18. Here is the Code (part 1) Send a copy to the first 50 people in the infected computer’s address book Subject: Important Message From (infected user’s name) Body Text: Here is that document you asked for... don't show anyone else ;-)

  19. Here is the Code (part 2) Infection process: Melissa virus is part of an attached Word document

  20. Here is the Code (part 3) Notes from the author of the virus

  21. Hands-on Firewalls Why do I need a firewall? A properly configured firewall • provides protection against unauthorized data flowing in or out of a computer • makes your computer invisible to port scanners seeking vulnerable targets

  22. Hands-on Firewalls Port Scanners – just a free download away Source: http://www.radmin.com/images/screenshots/pts/ptscan13_Main_Window.gif

  23. Hands-on Firewalls Test your firewall • Even with a properly configured firewall installed, your computer divulges a certain amount of information about itself when you are online • Let’s see what others can see • ShieldsUp by Gibson research • Panopticlick

  24. Hands-on Firewalls Consider recommending a free firewall to your students • Turn on the Windows firewall Additionally, use • Comodo Internet Security, or • Zone Alarm Free Firewall

  25. Hands-on Restore Points • Have you ever set a restore point? • Do you use Restore Points before attempting critical operations? • To set a restore point with Windows XP • Start • Programs • Accessories • System Tools • System Restore

  26. Hands-on Restore Points

  27. Hands-on Restore Points

  28. Hands-on Restore Points

  29. Hands-on Restore Points • To set a restore point with Vista or Windows 7 • Start • Computer • Properties • System Protection • Create

  30. Hands-on Backups • Everybody knows important files should be backed up • After losing important files, we all promise to make good backups from now on • Natural and manmade disasters teach us that onsite backups may not be sufficient to preserve valuable data

  31. Hands-on Backups • To backup files and folders with Windows XP • Start • Programs • Accessories • System Tools • Backup

  32. Hands-on Backups

  33. Hands-on Backups

  34. Hands-on Backups

  35. Hands-on Backups • Automated task scheduling makes it easier to keep backups up-to-date • External drives provide a convenient location for backups

  36. Hands-on Backups • Backing up by synchronizing • Microsoft provides a free application called SyncToy, which synchronizes files and folders between different computers • Each computer acts as a backup for the other • SyncToy 2.1

  37. Hands-on Backups Cloud backup Source: http://aws.amazon.com/s3/

  38. Hands-on Backups Cloud backup Source: http://www.jungledisk.com/

  39. Hands-on Backups Cloud backup Source: https://www.dropbox.com/tour

  40. Hands-on Look at Social Networking Source: http://royal.pingdom.com/2009/03/13/battle-of-the-sizes-social-network-users-vs-country-populations/

  41. Hands-on Look at Social Networking • Social networking users willingly provide abundant information about themselves • Look at what can be discovered about you, or someone you know, in seconds • http://www.webmii.us/ • Think about (not) leaving footprints

  42. Hands-on Look at Social Networking • Social networking sites are infested with online quizzes, enticing unwitting users to eagerly part with personal information in the guise of discovering their personality • Let’s look at CheckMyPersonality.com • http://checkmypersonality.com/ • And, in particular, let’s look at their privacy policy

  43. Hands-on Look at Social Networking “We collect personally identifiable information about our registrants based on information collected at the time of registration, registrant interaction and response to subsequent electronic mailings and web site use, information provided by our clients and information appended from data aggregators. Information collected may include name, email address, postal address, gender, birth date, telephone number, cell number, secondary phone number, activities, interests, user behavior and other demographic information. This information enables us to better tailor our content to registrants' needs and to help our clients promote and sell their products and services.” Who wants to read this?

  44. Hands-on Look at Social Networking • “We collect personally identifiable information about . . . • name • email address • postal address • gender • birth date • telephone number • cell number • secondary phone number • activities • interests • user behavior • and other demographic information.”

  45. Hands-on Look at Social Networking • “This information enables us . . . to help our clients promote and sell their products and services.” • “Additionally, pages on CheckMyPersonality may contain • Internet tags • pixel tags • and clear GIFs. ” • “These devices allow third parties to obtain information such as • the IP address of the computer that downloaded the page on which the device appears, • the URL of the page on which the device appears, • the time the page containing the device was viewed, • the type of browser used to view the page, • and the information in cookies set by the third party. • We use log files to store the data that is collected through these devices.”

  46. Hands-on Look at Social Networking • “By agreeing to these terms, you hereby consent to the disclosure of any record or communication to any third party when CheckMyPersonality, in its sole discretion, determines the disclosure to be appropriate.” • “The information that we collect from you may be transferred to, stored at and processed at a destination outside of the U.S. By submitting your personal information, you willingly agree to this transfer, storage and processing.” Source: http://checkmypersonality.com/privacy.html

  47. Hands-on Cookies Here is a very accessible overview from Lifehacker of what cookies are . . . and aren’t • About cookies • A Firefox Add On • View Cookies

  48. Locally Shared Objects (LSO) - Flash Cookies • Never expire • Can store up to 100 KB of information compared to a text cookie’s 4 KB. • Internet browsers are not aware of those cookies. • LSO’s usually cannot be removed by browsers. • Using Flash they can access and store highly specific personal and technical information (system, user name, files,…). • Can send the stored information to the appropriate server, without user’s permission. • Flash applications do not need to be visible. • There is no easy way to tell which flash-cookie sites are tracking you. • Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application • No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome. • Many domains and tracking companies make extensive use of flash-cookies. • Source: http://billmullins.wordpress.com/2010/01/04/invasive-web-sites-flash-cookies-revisited/

  49. Locally Shared Objects (LSO) - Flash Cookies • Protect yourself • Better Privacy - a Firefox add on

  50. Hands-0n Cookies • A simple cookie that “remembers” your choice of background color when viewing a web site • Dim ColorChoice As HttpCookie = New HttpCookie(“ColorChoice”) • ColorChoice.Expires = DateTime.Now.AddMonths(2)

More Related