SlideShare une entreprise Scribd logo

Fear of Hoping Your Computer is Secure

Télécharger en tant que PPTX, PDF
Cengage Learning
Cengage Learning

This document discusses various cybersecurity threats and best practices for protection. It begins by defining key cybersecurity terminology. It then describes the spectrum of cyber threats from personal to global levels, including viruses, worms, Trojans, and types of hacking like phishing, spoofing and hacktivism. Examples of cyberwarfare and its purposes are provided. The document recommends developing literacy about threats, protecting vulnerabilities in devices, software and user behavior, and describes approaches for secure environments like backups and system updates. Cyber threats targeting students are also outlined.

1  sur  46
Compusecuraphobia the fear of HOPING your computer is secure
Syllabus Objectives • Describe the broad spectrum of cyber threats and how they affect you and your students. • Define essential terminology used in discussing cyber security. • Through discussion, participants will share their experiences concerning data security. • Identify to students using lecture, lab or discussion, three or more data security risks they may encounter. • Describe 3 “best practices” you can use to limit risk from a cyber threat. • Create anti-matter (no… not really). Upon completing this presentation, you shall be able to:
Spectrum of threat Personal Global  Virus on my PC  Tracking people  My data stolen Work National  Ineffective/slow computer  Resource usage  Corporate data  Intellectual Property  Infra-structure  Privacy (Personal & Corporate)  Economic impact, piracy, intelligence  Cyberwarfare  Hacktivisim  Financial
Purpose of Cyberwarefare attacks • Disable websites and networks • Disrupt or disable essential services • Steal or alter classified data • Cripple financial systems (source: searchsecurity.techtarget.com) Cyberwarfare is Internet-based conflict involving politically motivated attacks on information and information systems.
Global Cyberwarefare Examples • Iranian nuclear espionage Stuxnet (June 2010) – ruined appox. 1/5 of their centrifuge systems. (Wikipedia, n.d.); (globalresearch) • "GhostNet“, a spy network, accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world. • In 2007, in Estonia, a botnet of over a million computers brought down government, business and media websites. (searchsecurity.techtarget.com)
Hacktivism – “hack” & “activism” • Defacing websites who oppose their ideology. • Development of PGP was in response to bill permitting government to obtain plain text content. (Wikipedia, n.d.) … the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. (source)
Hacktivism examples • During the 2009 Iranian election protests, Anonymous played a role in disseminating information to and from Iran by setting up the website Anonymous Iran; they also released a video manifesto to the Iranian government. • Anonymous - Message to the American People https://www.youtube.com/watc h?v=HrXyLrTRXso • Google helped SayNow and Twitter to provide communications for the Egyptian people in response to the government sanctioned internet blackout during the 2011 protests. The result, Speak To Tweet, was a service in which voicemail left by phone was then tweeted via Twitter with a link to the voice message on Google's SayNow.
Domestic Cyber threats • Intellectual Property theft from both government and businesses. (Source: The Dragon and the Computer: Why Intellectual Property Theft is Compatible with Chinese Cyber-Warfare Doctrine) • Infra-structure – electrical grid, water systems, communications, transportation.
Malware stories • Target cyber attack – "memory-parsing" software known as a "RAM scraper," -- it steals the transaction data from a credit or debit card's magnetic strip during a brief unencrypted moment in the transaction process . (AP Photo/Steven Senne)
Data Security – Surveillance? Privacy? • NSA wireless transmitter NSA’s malware program, codenamed QUANTUM. Uses a secretly installed radio transmitter. Affected computers do not need to be connected to the Internet.
Data Security Examples • FBI could remotely and secretly activate video cameras on devices. (From a web article that cites a Washington Post report.) • Students at John Hopkins discovered how to disable the LED on a Mac so that the camera could take pictures without indicating it was on. • Student doctoral research details how he accessed network through a CISCO VoIP phone.
Business attacks • Taking over web sites – To harm reputation – To redirect customers – To capture login credentials or financial information • Stealing Intellectual Property or Trade Secrets • Disruption operations both internally and externally, such as with a Distributed Denial of Service (DDoS)
Schools & Colleges Data Security • Grade and transcripts modifications Blackboard - Dutch company Online24 reports vulnerability that student could alter grades. (http://www.utwente.nl/onderwijssystemen/nieuwsarchief/ni euwsberichten/blackboard_veiligheid_eng/) • Changes to financial records Unauthorized access to student records
Targeting your Devices & Information Motivation for creating malware Outcome Computer action “bragging rights” / name recognition System access or proliferation of malware Obtaining personal data Identity theft / social engineering attacks / account access Using / Controlling computer E-mail SPAM campaigns; DDoS attacks; bot-nets Financial benefit Directs user to buy software to repair / recover Spying / Voyeurism Secretly listen or watch people
Description Purposes to create another copy of itself as part of its function. It must be run or executed as code by exploiting a weakness in the OS, a program or trick the user. Analogy As implied by the name, a molecular virus attaches to a healthy cell and injects its viral nucleic acids so that the healthy cell regenerates the virus cell. Malware explained - Viruses
Description Appearing as a legitimate program, a Trojan infection installs unwanted, often harmful additional program. Trojans are not self-replicating like viruses. Trojans drop a ‘payload’ – keyloggers, Remote Access Trojans (RATs), back- doors, Internet Relay Chats (IRC). Can be used to create bot-nets. Analogy The threat from the classical “Trojan Horse” was not the horse, but the armies that were inside and released. Malware explained - Trojans
Description Worms, similar to viruses, make copies of themselves. However, worm infections do not attach to other programs, requiring you to “run” them. Often Worms will replicate through networks using e-mails. Analogy Tapeworm eggs eaten by flea larvae, in turn create a cyst in flea, ingested by dog during grooming, eggs excreted by dog and cycles again. Malware explained - Worms
Spoofing Impersonating another person or web site in an effort to trick someone into giving up information or install some form of malware. Entire web sites have been duplicated and their domain redirected to the false site. Spoofing
Phishing Here the sender is targeting a person to give up sensitive information. An e-mail that asks the user to click on a link and verify their login information, but the link is to a spoofed web site. A phone call where the support agent reports that he is with Microsoft and they have detected a problem with the computer and want you to allow them a remote support session to fix it. Phishing
Aurora Botnet Fake Malware Alerts Virus repair utility is actually a dropper that creates a bot-net. Description of how the “Aurora Botnet” infected and used other systems. https://blog.damballa.com/archives/tag /aurora-botnet
Literacy – learn about the threats; how to minimize exposure; and how to fix if infected. Protect three areas of vulnerabilities 1. Access to your devices – both physically and electronically. 2. Use of security software – Firewall, AV, encryption, backup, system updates, etc. 3. Realize the YOU can be the “weakest link” Register devices; use location apps like “find iPhone” Protection & Solutions
Access to your devices • Keep device(s) with you; in a locked/secure area when you are not using them. • Know about the networks you are using – wired, wireless, or both. • Follow “good practices” with regard to passwords. And for sensitive/confidential data, consider multi-factor authentication.
Security Software • Anti-Virus – Free ones are good; consider one for mobile devices; Mac and iPhone have low risk, but viruses are possible. • Anti-Spyware – spyware can slow down a computer; threats are not usually as severe.
What is a Firewall and why do I need it? Simplify the function of your firewall to be that of a security guard at the entrance to a community. Your cars get a sticker which tells the guard it is OK to let you by. And perhaps there is the local pizza guy or a friend can come in, but you need to let the guard know and provide him a name or number. The security would not work if you agreed to mail out access stickers to someone who sent you an email saying they wanted to drop off a package. Data traffic uses TCP/IP communication protocols with port numbers to communicate with software services. The firewall uses rules and, at times, behaviors to determine which connections should be allowed.
Backup (Most ignored advice) • Malware attacks quite often result in a loss of data. Either the files are deleted or infected or the drive needs to be erased to fully clean the system. • Backup strategies that work best involve: – Automated scheduled backups… local or in the cloud. – Periodic full backups to an alternate location (to protect against corrupt backups being unusable). – Password protect and for sensitive data; encrypt.
Encrypting Data • Making data unreadable except by the encryptor • Used for data “in transit” (being transferred) or “at rest” (stored) • cryptographic algorithms (you may see these along the way – only a sampling) – AES (Advanced Encryption Standard) – SHA (Secure Hash Algorithm) – DSS (Digital Signature Standard)
Encryption basics • A cipher is used in an algorithm to code the message. As a simple example, shift three letters down the alphabet. • “Hello” becomes “Khoor” • The cipher is the key.
Using encryption keys • Send your lock to me open; I put my stuff in, lock it, and send it back to you. You use your key to open and access. • The process: – Two “keys” are made, one public; one private. – Files can be encrypted with the public one. – Only the holder of the private key can decrypt.
Public Key - aka Asymmetric cryptography  It is "impossible" (computationally unfeasible) for a properly generated private key to be determined from its corresponding public key.  Keys are used to encrypt files or validate digital signatures.
Digital signatures • Validates the originator or the sender – ensures three aspects of data security: – Authentication Verifies the identity of the sender. – Non-repudiation One cannot claim the data has changed. – Integrity Message was not altered in transit.
Internet Protocol Security (IPSec ) • IPSec is a general-purpose security technology (protocol) that can be used to help secure network traffic in many scenarios. • Operates below the “application” layer in the protocol stack at the Internet Layer. Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH) operate in the “Application” layer. • Handles authenticating and encryptingeach IP packet of a communication session. • Establishes mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. • IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1] • Applications do not need to be specifically designed to use Ipsec because they sit “a top”. (Source: Wikipedia.org)
System Updates • Windows Updates. • Virus Database updates. • Application updates and patches.
Protecting you from… you • Getting tricked by phishing scams. • Opening malware in e- mails. • Downloading & installing “free” software or utilities. • Poor passwords management. • Securely disposing of old equipment. • Not aware of or ensuring use of secure protocols (e.g. https, SSL, SSH) • Backup strategy missing or weak.
Social Engineering • social engineering hacker— someone who tries to gain unauthorized access to your computer systems • Tailgates past security door. • Distracts user away from computer so that malware can be installed. • Collects organizational information to engage in credible discussions about getting access.
How to remove threats • Turn-off or disconnect to prevent further loss (consider backing up data before repairs) • Using another device, “Google” symptoms • Boot off a Rescue CD or USB (free downloads) • Safest is to recover, restore image or reinstall.
Approaches to secure environments • Use of UAC on a PC and other security settings. • Browser security settings. • Use of a “sandbox” and/or virtual machines. • Programs that reboot to stored image – Deep Freeze. (Mac & PC) • Boot from IDP or utility CD/DVD, Linux OS; does not mount C: drive; support Internet. • Monitor updates of virus protection and system. • Periodically scan from rescue CD. • Regularly create a System Images along with any needed support files. • Test your “Restore” process – many backup programs create proprietary files and incremental files.
Security Essentials for Students • Cloud apps and storage – Their data is outside their control, on another device – Typically not encrypted • Being connected is a MUST - trying to get Internet access often leads one to compromise good practices. • Using public wi-fi. It can be easily monitored, “sniffed”. • Use trusted software and utilities. Avoid temptation to download “free” – programs, utilities, movies, music, etc.
Students continued • College security and use policies can be restrictive – students may get frustrated or inadvertently violate. • Class requirements, downloads. Are the class downloads virus free? • Practice safe sex computing – a practical comparison. • USB passed around or left in the classroom – was it left on purpose for someone to think they got a free USB? • Phones can make an unsecured ‘hotspot’.
Can a Mac get a Virus? • Good article on Macs and viruses. (Jan 5, 2013) http://www.speedupmypcfree.com/blog/should-you- install-antivirus-on-your-mac/ • Do I need virus protection on a Mac? Most users do not need antivirus software on their Mac.
Past Apple Troubles • Apple admits to infections http://www.speedupmypcfree.com/blog/apple-finally-admits- defeat-acknowledges-that-pc-viruses-can-infect-macs/ • Flashback virus – The Flashback virus was able to steal the personal data of many of these Mac users by redirecting them to malicious websites on search engine results pages.
Smartphone malware • The malware targeting mobile devices mirrors the malware commonly found on infected desktops and laptops – backdoors, Trojans and Trojan- Spies. The one exception is SMS-Trojan programs – a category exclusive to smartphones. • The threat isn’t just growing in volume. We’re seeing increased complexity too. In June we analyzed the most sophisticated mobile malware Trojan we’ve seen to-date, a Trojan named Obad. This threat is multi-functional: it sends messages to premium rate numbers, downloads and installs other malware, uses Bluetooth to send itself to other devices and remotely performs commands at the console. This Trojan is also very complex. The code is heavily obfuscated and it exploits three previously unpublished vulnerabilities. Not least among these is one that enables the Trojan to gain extended Device Administrator privileges – but without it being listed on the device as one of the programs that has these rights. This makes it impossible for the victim to simply remove the malware from the device. It also allows the Trojan to block the screen. It does this for no more than 10 seconds, but that’s enough for the Trojan to send itself (and other malware) to nearby devices – a trick designed to prevent the victim from seeing the Trojan’s activities. • Obad also uses multiple methods to spread. We’ve already mentioned the use of Bluetooth. In addition, it spreads through a fake Google Play store, by means of spam text messages and through redirection from cracked sites. On top of this, it’s also dropped by another mobile Trojan – Opfake. • The cybercriminals behind Obad are able to control the Trojan using pre-defined strings in text messages. The Trojan can perform several actions. including sending text messages, pinging a specified resource, operating as a proxy server, connecting to a specified address, downloading and installing a specified file, sending a list of apps installed on the device, sending information on a specific app, sending the victim’s contacts to the server and performing commands specified by the server. • The Trojan harvests data from the device and sends it to the command-and-control server – including the MAC address of the device, the operating name, the IMEI number, the account balance, local time and whether or not the Trojan has been able to successfully obtain Device Administrator rights. All of this data is uploaded to the Obad control-and-command server: the Trojan first tries to use the active Internet connection and, if no connection is available, searches for a nearby Wi-Fi connection that doesn’t require authentication.
Smartphone & Tablets • Android – 98.05% of mobile malware found this year targets this platform. (Source) • Only download from a trusted store.
Protecting windows 8 • Microsoft link to protecting your PC • PCWorld article on anti-virus for Windows 8 • Bitdefender Antivirus comparison list http://share.inpwrd.com/r9jo Generally much of the same topics already presented. (I wanted to include the links in the presentation stack.)
Did we meet the objectives?  Survey of cyber threats.  Essential terminology.  Discussion of experiences.  Advice to give students for data security.  “best practices” to reduce risk and resolve issues.
Contact Information for Andrew Pond COLLEGE: PALM BEACH STATE COLLEGE PONDA@PALMBEACHSTATE.EDU BUSINESS: PRECEPTS EDUCATION CORP. & PRECEPTS COMPUTING APOND@PRECEPTSCOMPUTING.COM

Recommandé

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System ThreatsDrishti Bhalla
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 

Recommandé

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System ThreatsDrishti Bhalla
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
Firewall
FirewallFirewall
Firewallsajeena81
 
New internet security
New internet securityNew internet security
New internet securityuniversity of mumbai
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Netiquette
NetiquetteNetiquette
Netiquettesajeena81
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePace IT at Edmonds Community College
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Presentation1
Presentation1Presentation1
Presentation1Rachel Lasotas
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paperImaging Network Technology, LLC
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 

Contenu connexe

Tendances

Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 

Tendances (20)

Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer System
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
 
Firewall
FirewallFirewall
Firewall
 
New internet security
New internet securityNew internet security
New internet security
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Netiquette
NetiquetteNetiquette
Netiquette
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime types
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
Presentation1
Presentation1Presentation1
Presentation1
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Computer security
Computer securityComputer security
Computer security
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 

Similaire à Fear of Hoping Your Computer is Secure

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Information security
Information security Information security
Information securityJin Castor
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.pptAsif Raza
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryrryrsyd
 

Similaire à Fear of Hoping Your Computer is Secure (20)

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Information security
Information security Information security
Information security
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
System Security
System SecuritySystem Security
System Security
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
 

Plus de Cengage Learning

Discovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionDiscovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionCengage Learning
 
Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Cengage Learning
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and OutcomesCengage Learning
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical MindsCengage Learning
 
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenGoogle Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenCengage Learning
 
Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Cengage Learning
 
Mind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningMind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningCengage Learning
 
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Cengage Learning
 
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeTaming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeCengage Learning
 
Decimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathDecimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathCengage Learning
 
Game it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathGame it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathCengage Learning
 
Overcoming Textbook Fatigue
Overcoming Textbook FatigueOvercoming Textbook Fatigue
Overcoming Textbook FatigueCengage Learning
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Cengage Learning
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...Cengage Learning
 
What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?Cengage Learning
 
The ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationThe ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationCengage Learning
 
Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Cengage Learning
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Cengage Learning
 
Creating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCreating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCengage Learning
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success Cengage Learning
 

Plus de Cengage Learning (20)

Discovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionDiscovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper Collection
 
Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
 
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenGoogle Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
 
Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...
 
Mind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningMind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage Learning
 
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
 
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeTaming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
 
Decimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathDecimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental Math
 
Game it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathGame it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental Math
 
Overcoming Textbook Fatigue
Overcoming Textbook FatigueOvercoming Textbook Fatigue
Overcoming Textbook Fatigue
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...
 
What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?
 
The ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationThe ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and Implementation
 
Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old?
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes
 
Creating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCreating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of Work
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success
 

Fear of Hoping Your Computer is Secure

  • 1. Compusecuraphobia the fear of HOPING your computer is secure
  • 2.
  • 3. Syllabus Objectives • Describe the broad spectrum of cyber threats and how they affect you and your students. • Define essential terminology used in discussing cyber security. • Through discussion, participants will share their experiences concerning data security. • Identify to students using lecture, lab or discussion, three or more data security risks they may encounter. • Describe 3 “best practices” you can use to limit risk from a cyber threat. • Create anti-matter (no… not really). Upon completing this presentation, you shall be able to:
  • 4. Spectrum of threat Personal Global  Virus on my PC  Tracking people  My data stolen Work National  Ineffective/slow computer  Resource usage  Corporate data  Intellectual Property  Infra-structure  Privacy (Personal & Corporate)  Economic impact, piracy, intelligence  Cyberwarfare  Hacktivisim  Financial
  • 5. Purpose of Cyberwarefare attacks • Disable websites and networks • Disrupt or disable essential services • Steal or alter classified data • Cripple financial systems (source: searchsecurity.techtarget.com) Cyberwarfare is Internet-based conflict involving politically motivated attacks on information and information systems.
  • 6. Global Cyberwarefare Examples • Iranian nuclear espionage Stuxnet (June 2010) – ruined appox. 1/5 of their centrifuge systems. (Wikipedia, n.d.); (globalresearch) • "GhostNet“, a spy network, accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world. • In 2007, in Estonia, a botnet of over a million computers brought down government, business and media websites. (searchsecurity.techtarget.com)
  • 7. Hacktivism – “hack” & “activism” • Defacing websites who oppose their ideology. • Development of PGP was in response to bill permitting government to obtain plain text content. (Wikipedia, n.d.) … the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. (source)
  • 8. Hacktivism examples • During the 2009 Iranian election protests, Anonymous played a role in disseminating information to and from Iran by setting up the website Anonymous Iran; they also released a video manifesto to the Iranian government. • Anonymous - Message to the American People https://www.youtube.com/watc h?v=HrXyLrTRXso • Google helped SayNow and Twitter to provide communications for the Egyptian people in response to the government sanctioned internet blackout during the 2011 protests. The result, Speak To Tweet, was a service in which voicemail left by phone was then tweeted via Twitter with a link to the voice message on Google's SayNow.
  • 9. Domestic Cyber threats • Intellectual Property theft from both government and businesses. (Source: The Dragon and the Computer: Why Intellectual Property Theft is Compatible with Chinese Cyber-Warfare Doctrine) • Infra-structure – electrical grid, water systems, communications, transportation.
  • 10. Malware stories • Target cyber attack – "memory-parsing" software known as a "RAM scraper," -- it steals the transaction data from a credit or debit card's magnetic strip during a brief unencrypted moment in the transaction process . (AP Photo/Steven Senne)
  • 11. Data Security – Surveillance? Privacy? • NSA wireless transmitter NSA’s malware program, codenamed QUANTUM. Uses a secretly installed radio transmitter. Affected computers do not need to be connected to the Internet.
  • 12. Data Security Examples • FBI could remotely and secretly activate video cameras on devices. (From a web article that cites a Washington Post report.) • Students at John Hopkins discovered how to disable the LED on a Mac so that the camera could take pictures without indicating it was on. • Student doctoral research details how he accessed network through a CISCO VoIP phone.
  • 13. Business attacks • Taking over web sites – To harm reputation – To redirect customers – To capture login credentials or financial information • Stealing Intellectual Property or Trade Secrets • Disruption operations both internally and externally, such as with a Distributed Denial of Service (DDoS)
  • 14. Schools & Colleges Data Security • Grade and transcripts modifications Blackboard - Dutch company Online24 reports vulnerability that student could alter grades. (http://www.utwente.nl/onderwijssystemen/nieuwsarchief/ni euwsberichten/blackboard_veiligheid_eng/) • Changes to financial records Unauthorized access to student records
  • 15. Targeting your Devices & Information Motivation for creating malware Outcome Computer action “bragging rights” / name recognition System access or proliferation of malware Obtaining personal data Identity theft / social engineering attacks / account access Using / Controlling computer E-mail SPAM campaigns; DDoS attacks; bot-nets Financial benefit Directs user to buy software to repair / recover Spying / Voyeurism Secretly listen or watch people
  • 16. Description Purposes to create another copy of itself as part of its function. It must be run or executed as code by exploiting a weakness in the OS, a program or trick the user. Analogy As implied by the name, a molecular virus attaches to a healthy cell and injects its viral nucleic acids so that the healthy cell regenerates the virus cell. Malware explained - Viruses
  • 17. Description Appearing as a legitimate program, a Trojan infection installs unwanted, often harmful additional program. Trojans are not self-replicating like viruses. Trojans drop a ‘payload’ – keyloggers, Remote Access Trojans (RATs), back- doors, Internet Relay Chats (IRC). Can be used to create bot-nets. Analogy The threat from the classical “Trojan Horse” was not the horse, but the armies that were inside and released. Malware explained - Trojans
  • 18. Description Worms, similar to viruses, make copies of themselves. However, worm infections do not attach to other programs, requiring you to “run” them. Often Worms will replicate through networks using e-mails. Analogy Tapeworm eggs eaten by flea larvae, in turn create a cyst in flea, ingested by dog during grooming, eggs excreted by dog and cycles again. Malware explained - Worms
  • 19. Spoofing Impersonating another person or web site in an effort to trick someone into giving up information or install some form of malware. Entire web sites have been duplicated and their domain redirected to the false site. Spoofing
  • 20. Phishing Here the sender is targeting a person to give up sensitive information. An e-mail that asks the user to click on a link and verify their login information, but the link is to a spoofed web site. A phone call where the support agent reports that he is with Microsoft and they have detected a problem with the computer and want you to allow them a remote support session to fix it. Phishing
  • 21. Aurora Botnet Fake Malware Alerts Virus repair utility is actually a dropper that creates a bot-net. Description of how the “Aurora Botnet” infected and used other systems. https://blog.damballa.com/archives/tag /aurora-botnet
  • 22. Literacy – learn about the threats; how to minimize exposure; and how to fix if infected. Protect three areas of vulnerabilities 1. Access to your devices – both physically and electronically. 2. Use of security software – Firewall, AV, encryption, backup, system updates, etc. 3. Realize the YOU can be the “weakest link” Register devices; use location apps like “find iPhone” Protection & Solutions
  • 23. Access to your devices • Keep device(s) with you; in a locked/secure area when you are not using them. • Know about the networks you are using – wired, wireless, or both. • Follow “good practices” with regard to passwords. And for sensitive/confidential data, consider multi-factor authentication.
  • 24. Security Software • Anti-Virus – Free ones are good; consider one for mobile devices; Mac and iPhone have low risk, but viruses are possible. • Anti-Spyware – spyware can slow down a computer; threats are not usually as severe.
  • 25. What is a Firewall and why do I need it? Simplify the function of your firewall to be that of a security guard at the entrance to a community. Your cars get a sticker which tells the guard it is OK to let you by. And perhaps there is the local pizza guy or a friend can come in, but you need to let the guard know and provide him a name or number. The security would not work if you agreed to mail out access stickers to someone who sent you an email saying they wanted to drop off a package. Data traffic uses TCP/IP communication protocols with port numbers to communicate with software services. The firewall uses rules and, at times, behaviors to determine which connections should be allowed.
  • 26. Backup (Most ignored advice) • Malware attacks quite often result in a loss of data. Either the files are deleted or infected or the drive needs to be erased to fully clean the system. • Backup strategies that work best involve: – Automated scheduled backups… local or in the cloud. – Periodic full backups to an alternate location (to protect against corrupt backups being unusable). – Password protect and for sensitive data; encrypt.
  • 27. Encrypting Data • Making data unreadable except by the encryptor • Used for data “in transit” (being transferred) or “at rest” (stored) • cryptographic algorithms (you may see these along the way – only a sampling) – AES (Advanced Encryption Standard) – SHA (Secure Hash Algorithm) – DSS (Digital Signature Standard)
  • 28. Encryption basics • A cipher is used in an algorithm to code the message. As a simple example, shift three letters down the alphabet. • “Hello” becomes “Khoor” • The cipher is the key.
  • 29. Using encryption keys • Send your lock to me open; I put my stuff in, lock it, and send it back to you. You use your key to open and access. • The process: – Two “keys” are made, one public; one private. – Files can be encrypted with the public one. – Only the holder of the private key can decrypt.
  • 30. Public Key - aka Asymmetric cryptography  It is "impossible" (computationally unfeasible) for a properly generated private key to be determined from its corresponding public key.  Keys are used to encrypt files or validate digital signatures.
  • 31. Digital signatures • Validates the originator or the sender – ensures three aspects of data security: – Authentication Verifies the identity of the sender. – Non-repudiation One cannot claim the data has changed. – Integrity Message was not altered in transit.
  • 32. Internet Protocol Security (IPSec ) • IPSec is a general-purpose security technology (protocol) that can be used to help secure network traffic in many scenarios. • Operates below the “application” layer in the protocol stack at the Internet Layer. Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH) operate in the “Application” layer. • Handles authenticating and encryptingeach IP packet of a communication session. • Establishes mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. • IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1] • Applications do not need to be specifically designed to use Ipsec because they sit “a top”. (Source: Wikipedia.org)
  • 33. System Updates • Windows Updates. • Virus Database updates. • Application updates and patches.
  • 34. Protecting you from… you • Getting tricked by phishing scams. • Opening malware in e- mails. • Downloading & installing “free” software or utilities. • Poor passwords management. • Securely disposing of old equipment. • Not aware of or ensuring use of secure protocols (e.g. https, SSL, SSH) • Backup strategy missing or weak.
  • 35. Social Engineering • social engineering hacker— someone who tries to gain unauthorized access to your computer systems • Tailgates past security door. • Distracts user away from computer so that malware can be installed. • Collects organizational information to engage in credible discussions about getting access.
  • 36. How to remove threats • Turn-off or disconnect to prevent further loss (consider backing up data before repairs) • Using another device, “Google” symptoms • Boot off a Rescue CD or USB (free downloads) • Safest is to recover, restore image or reinstall.
  • 37. Approaches to secure environments • Use of UAC on a PC and other security settings. • Browser security settings. • Use of a “sandbox” and/or virtual machines. • Programs that reboot to stored image – Deep Freeze. (Mac & PC) • Boot from IDP or utility CD/DVD, Linux OS; does not mount C: drive; support Internet. • Monitor updates of virus protection and system. • Periodically scan from rescue CD. • Regularly create a System Images along with any needed support files. • Test your “Restore” process – many backup programs create proprietary files and incremental files.
  • 38. Security Essentials for Students • Cloud apps and storage – Their data is outside their control, on another device – Typically not encrypted • Being connected is a MUST - trying to get Internet access often leads one to compromise good practices. • Using public wi-fi. It can be easily monitored, “sniffed”. • Use trusted software and utilities. Avoid temptation to download “free” – programs, utilities, movies, music, etc.
  • 39. Students continued • College security and use policies can be restrictive – students may get frustrated or inadvertently violate. • Class requirements, downloads. Are the class downloads virus free? • Practice safe sex computing – a practical comparison. • USB passed around or left in the classroom – was it left on purpose for someone to think they got a free USB? • Phones can make an unsecured ‘hotspot’.
  • 40. Can a Mac get a Virus? • Good article on Macs and viruses. (Jan 5, 2013) http://www.speedupmypcfree.com/blog/should-you- install-antivirus-on-your-mac/ • Do I need virus protection on a Mac? Most users do not need antivirus software on their Mac.
  • 41. Past Apple Troubles • Apple admits to infections http://www.speedupmypcfree.com/blog/apple-finally-admits- defeat-acknowledges-that-pc-viruses-can-infect-macs/ • Flashback virus – The Flashback virus was able to steal the personal data of many of these Mac users by redirecting them to malicious websites on search engine results pages.
  • 42. Smartphone malware • The malware targeting mobile devices mirrors the malware commonly found on infected desktops and laptops – backdoors, Trojans and Trojan- Spies. The one exception is SMS-Trojan programs – a category exclusive to smartphones. • The threat isn’t just growing in volume. We’re seeing increased complexity too. In June we analyzed the most sophisticated mobile malware Trojan we’ve seen to-date, a Trojan named Obad. This threat is multi-functional: it sends messages to premium rate numbers, downloads and installs other malware, uses Bluetooth to send itself to other devices and remotely performs commands at the console. This Trojan is also very complex. The code is heavily obfuscated and it exploits three previously unpublished vulnerabilities. Not least among these is one that enables the Trojan to gain extended Device Administrator privileges – but without it being listed on the device as one of the programs that has these rights. This makes it impossible for the victim to simply remove the malware from the device. It also allows the Trojan to block the screen. It does this for no more than 10 seconds, but that’s enough for the Trojan to send itself (and other malware) to nearby devices – a trick designed to prevent the victim from seeing the Trojan’s activities. • Obad also uses multiple methods to spread. We’ve already mentioned the use of Bluetooth. In addition, it spreads through a fake Google Play store, by means of spam text messages and through redirection from cracked sites. On top of this, it’s also dropped by another mobile Trojan – Opfake. • The cybercriminals behind Obad are able to control the Trojan using pre-defined strings in text messages. The Trojan can perform several actions. including sending text messages, pinging a specified resource, operating as a proxy server, connecting to a specified address, downloading and installing a specified file, sending a list of apps installed on the device, sending information on a specific app, sending the victim’s contacts to the server and performing commands specified by the server. • The Trojan harvests data from the device and sends it to the command-and-control server – including the MAC address of the device, the operating name, the IMEI number, the account balance, local time and whether or not the Trojan has been able to successfully obtain Device Administrator rights. All of this data is uploaded to the Obad control-and-command server: the Trojan first tries to use the active Internet connection and, if no connection is available, searches for a nearby Wi-Fi connection that doesn’t require authentication.
  • 43. Smartphone & Tablets • Android – 98.05% of mobile malware found this year targets this platform. (Source) • Only download from a trusted store.
  • 44. Protecting windows 8 • Microsoft link to protecting your PC • PCWorld article on anti-virus for Windows 8 • Bitdefender Antivirus comparison list http://share.inpwrd.com/r9jo Generally much of the same topics already presented. (I wanted to include the links in the presentation stack.)
  • 45. Did we meet the objectives?  Survey of cyber threats.  Essential terminology.  Discussion of experiences.  Advice to give students for data security.  “best practices” to reduce risk and resolve issues.
  • 46. Contact Information for Andrew Pond COLLEGE: PALM BEACH STATE COLLEGE PONDA@PALMBEACHSTATE.EDU BUSINESS: PRECEPTS EDUCATION CORP. & PRECEPTS COMPUTING APOND@PRECEPTSCOMPUTING.COM