SECURITY ON THE INTERNET - PowerPoint PPT Presentation

Loading...

PPT – SECURITY ON THE INTERNET PowerPoint presentation | free to download - id: f43c-MTZkM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

SECURITY ON THE INTERNET

Description:

I use AVG AntiVirus (free version) for stopping viruses. ... http://www.grisoft.com/doc/10/lng/us/tpl/tpl01 (AVG-generally free) ... – PowerPoint PPT presentation

Number of Views:88
Avg rating:3.0/5.0
Slides: 62
Provided by: jcol52
Category:
Tags: internet | security | the | avg | free

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: SECURITY ON THE INTERNET


1
SECURITY ON THE INTERNET
  • Did you know others have likely attacked your
    computer already??

6/2003, 10/2004, 10/2005, 7/2006, Joe Collins
2
Q1 How quickly is a new computer infected
when first connected to the Internet?
  • 20 minutes
  • 24 hours
  • 1 week
  • 4 weeks
  • 3 months

3
A1 How fast is a new computer infected when
first connected to the Internet?
  • ANSWER TWENTY MINUTES
  • More than ever, Windows buyers need to make sure
    that they equip their new machines with an array
    of tools to fend off attacks and malicious
    software
  • Even on a brand-new Windows machine, you should
    immediately obtain an arsenal of security
    programs, and keep them updated. One recent test
    showed that a brand-new, unprotected Windows
    machine became infected with viruses in just 20
    minutes on the Internet.
  • You should have a firewall, an antivirus
    program, an antispyware program and an antispam
    program. The built-in Windows firewall and
    Windows' new Security Center aren't enough to
    protect you.
  • Reference Wall Street Journal 9/30/2004, page
    B1

4
Q2 What of computers have a security breach of
some sort?
  • 7
  • 17
  • 30
  • 50
  • 70

5
A2 What of computers have a security Breach of
some sort?
  • ANSWER 70
  • Some 70 of all computers have suffered a
    security breach of some sort (virus, spyware,
    keylogger, hijacked browser etc). Investors
    Business Daily, October 1st, 2004, page A4
  • Another source says 90 of computers have
    security breaches.
  • DirectRevenue alone has breached nearly 100
    million computers (business week 7/2006, page 41).

6
Q3 How many different computer viruses as of
August 2005?
  • 14
  • 143
  • 194
  • 11,157
  • over 200,000

7
A3 How many different viruses as of August 2005?
  • ANSWER 200,000
  • Authentium, Inc (West Palm Beach, FL) reports
    there are 200,000 individual computer viruses as
    of August 2005 and the number doubles every year.
  • Dealing with viruses, spyware, PC theft and other
    computer-related crimes costs U.S. businesses a
    staggering 67.2 billion a year (FBI, January
    2006).
  • The I Love You Virus (in 2000) cost 10 billion
    dollars alone as it hit 45 million personal
    computers.

8
SO IS THERE ANY INTERNET SECURITY??
9
OUR TOPICS FOR DISCUSSION
  • SPAM EMAIL
  • VIRUSES
  • KEYLOGGERS
  • POPUP/BANNER ADS
  • COOKIES
  • SHOPPING ONLINE
  • SPYWARE
  • HOAXES/PHISHING
  • PORT SCANNING
  • YOUR OLD COMPUTER
  • ROUTERS
  • PUBLIC COMPUTERS
  • TRENDS
  • SOLUTIONS
  • WHAT I USE
  • QUESTIONS

10
THE INTERNET
  • IT IS TRULY A 2 WAY STREET.
  • YOU READ EMAIL, BROWSE THE WEB, TRAVERSING
    HUNDREDS OF COMPUTERS IN THE PROCESS.
  • OTHERS PUT PROGRAMS ON YOUR COMPUTER TO SPY ON
    YOU, RECORD YOUR KEYSTROKES, HJACK YOUR BROWSER
    OR WORSE.

11
SPAM EMAIL
  • Over 60 billion emails (of all types) projected
    to be sent DAILY by 2006.
  • Why do spammers use email? Far cheaper than
    printing up colorful newspaper inserts or mailing
    you ads via the US Post Office.
  • To mail 1,000 flyers cost some 300, just in
    postage. To email 1,000,000 people cost you
    nothing. Scott Richter (of Colorado) sends over
    100 million spam emails PER DAY!
  • Some 70-75 of all EMAIL is now spam, it was 50
    April (2003). AOL blocked 2.3 Billion spam emails
    per day in April 2003.
  • MICROSOFT and others have sued 20 SPAMMERS,
    responsible for 2 billion spam emails.
  • Some 80 of spam comes from China (WSJ 3/19/2004)
  • SPAM email costs you and I real money.
  • SPAM email sometimes includes virus attachments.

12
My Spammed email account
13
Daily spam emails sent
As measured at Ryerson University, California
14
SPAM EMAIL
  • HOW DID THEY FIND YOUR EMAIL ADDRESS?
  • Online Shopping, Web Forms, Usenet, forums
  • HOW MANY DO YOU GET PER DAY?
  • Average persons email is 70-75 spam
  • SPAM MAY INCLUDE ATTACHED VIRUSES
  • Beware of email from strangers and even
    companies you deal with, i.e. Valley National
    Bank, Ebay etc!
  • Never open an email unless you are CERTAIN it is
    legitmate.
  • HOW TO HIDE FROM THE SPAMMERS
  • Keep 2 email accounts one public one private.
  • Give private email account to friends and family
    ONLY.
  • Use public email account for everything else.

15
COMPUTER VIRUSES/WORMS
  • WHAT THEY ARE
  • Rogue computer programs that damage computers.
  • THE DAMAGE THEY CAN DO
  • Wipe out your hard drive, damage files, change
    numbers in files, install programs, record your
    keystrokes.
  • HOW WE GET VIRUSES
  • Attached to email or imbedded in downloaded
    programs
  • Thousands of new viruses appear every month
  • The Samy Virus (October 4, 2005) hit over one
    million users within 24 hours of release.
  • HOW TO MINIMIZE THE RISK
  • Never download a program unless you check it
    carefully before using it.
  • NEVER open an email from a stranger (see next 2
    slides)
  • Be careful of email from others, very careful
  • Run software to detect/remove these rogue
    programs.
  • I use AVG AntiVirus (free version) for stopping
    viruses.
  • ALWAYS--check a new program with your anti-virus
    software before you install it ALWAYS.

16
Virus detected
17
(No Transcript)
18
Keyloggers
  • Hidden programs that record your every
    keystroke.
  • Capturing your passwords, credit cards and so on
  • They then send this back to their source via the
    Internet.
  • Now that unknown person or company has your
    passwords and credit card numbers!!
  • Visit this site to stay current on the latest
    list of nasty software, including keyloggers
  • http//research.pestpatrol.com/Lists/TopTenPestsB
    yType.asp

19
POP UP ADS
  • YOU ENTER OR EXIT A WEB PAGE and...
  • YOU START SEEING POPUP ADS
  • Usually done with JavaScript programming in the
    web page itself. DirectRevenue uses this approach
    to pop up 30 ads per day on 100 million
    computers.
  • WHY THEY DO IT
  • Get your attention since people usually ignore
    banner ads.
  • HOW TO STOP THEM
  • Use software to disable the pop-ups. Google does
    a good job of stopping popups and Panicwares
    popup stopper is also good.

20
POPUPS BANNER ADS
  • ON MOST WEB PAGES (on the top or on the side)
  • ARE THEY SAFE? NOT REALLY!
  • May track your clicks and thus learn your
    preferences.
  • These same banner ads then report back to some
    unknown company on which web sites you visit, a
    new form of stalking!
  • DirectRevenue is one company that does this and
    routinely will
  • bombard you with some 30 popups per day. They
    are paid by Priceline.Com, Delta Airline,
    Cingular Wireless,Travelocity.com and other major
    corporations.
  • HOW TO PROTECT YOURSELF
  • Monitor cookies frequently or just erase them
    weekly. In Internet Explorer Tools-Internet
    Options-General-Delete Cookies.
  • Use software to convert cookies to session only,
    i.e. CookieCop or a program like it.

21
EXAMPLE OF TRACKING YOUR USE OF THE INTERNET.
22
EXAMPLE OF POPUPS BANNER ADS
23
COOKIES
  • WHAT ARE THEY?
  • Small files web pages place on your computer.
  • Remembers your preferences.
  • WHY THEY ARE USEFUL
  • Remembers your id and password for web pages you
    visit.
  • Remembers your preferences as well.
  • THE GOOD AND THE BAD
  • Sets preferences when you load web pages but some
    companies will then closely track which web pages
    you visit.
  • HOW TO MANAGE THEM
  • Get software to block most cookies (or) erase
    them weekly.
  • They are found in the Cookies subdirectory for
    your logon id (for Windows XP users).

24
SHOPPING ONLINE
  • THE RISKS
  • You enter credit card and other personal
    information on a web page.
  • WHEN IS IT SAFE?
  • Does the web page employ SSL technology to
    encrypt this information when you send it?
  • HOW DO YOU KNOW IT IS SAFE?
  • The web page usually signals you when they
    encrypt responses.

25
(No Transcript)
26
SHOPPING ONLINE
  • Latest trends
  • Single-use Credit Card Numbers
  • Citibank
  • Discover Card
  • MBNA
  • Only on ONE computer (so if stolen, will not
    work)
  • VISA
  • Iron-clad online guarantee (see their web page)
  • American Express

27
SPYWARE!
  • There are some 78,000 different spyware programs
    impacting computer users!
  • WHAT THEY SPY ON
  • How you use the computer, your programs, scan
    your email addresses or inbox, what web pages you
    visit, etc.
  • HOW THEY PUT IT ON YOUR COMPUTER
  • Often arrives in some other innocent email or
    downloaded program.
  • WHAT THEY USE IT FOR
  • Track what you do and report back to someone.
  • Can learn your preferences and more.

28
Detecting/Removing Spyware
  • I use four software tools to detect/remove
    spyware/viruses and I run these weekly
  • Lavasofts Ad-aware (free download)
  • Spybot (free download)
  • Spysweeper (free download, 29/yr subscription)
  • AVG Antivirus (free download)
  • All four are needed to do a fairly complete job.
    It is far better to prevent them than to try to
    remove them.

29
HOAXES (also known as) Phishing
  • Emails that masquerade as coming from someone
    else, i.e. IRS, Discover card, Microsoft, Ebay,
    Paypal and others. The email can look very
    legitimate!
  • Over 70 million Americans have received them thus
    far.
  • The masquerading email asks you to confirm your
    credit card or other personal information.
  • Do NOT trust these emails!
  • More details at
  • http//www.msnbc.com/news/884810.asp
  • http//hoaxbusters.ciac
  • Examples follow this slide.

30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
Was it Paypal?
  • That first link directed me NOT to Paypal but to
    this link
  • http//la.znet.nethere.net/marie/cgi_bin/webscr
    cmd_home/
  • That web page looks identical to Paypal but
    simply collects your logon id and password and
    thus they can then withdraw money from your
    account.
  • I reported this person to their ISP and they
    promptly shut her down.
  • Be careful! Always inspect the web page address
    before you trust it. I use the tool Spoofstick
    which tells me the real web address on web pages
    I visit. Very helpful.

34
HOAXES/Phishing
  • As you can see, spammers etc have now forged
    other email addresses so as to look very
    legitimate.
  • They also send official looking emails to you
    asking you to run a program or give them personal
    information.
  • They even hide the program in a zip file so
    your virus software cannot detect it!
  • BE CAREFUL! Rarely trust an email from the
    government or a corporation. Contact them via
    telephone or their web page to be sure it is a
    legitimate email (which is very unlikely).
  • Report Phishing attempts to the US Government
    spam_at_uce.gov

35
PORT SCANNING
  • Outsiders may do a port scan, looking to enter
    your computer, masquerading as an FTP connection
    or a Web Browser link or TELNET .
  • I have been getting 1-2 attempts PER DAY!
  • More likely if you have DSL or CABLE access.
  • Keep your ports locked up or monitor closely
  • Use IceSword to monitor ports (http//find.pcworld
    .com/53710)
  • Use ZoneAlarm to shut down your ports
    (http//zonelabs.com)
  • More details at
  • http//www.dslreports.com/faq/security?r878
  • You should test your computer security at
  • http//www.dslreports.com/scan
  • http//www.securitymetrics.com/portscan.adp

36
EXAMPLE OF PORT SCANNING
Attempt traced back to New Delhi India
37
ANOTHER EXAMPLE
Attempt Traced back to Yokohama Japan
38
Your old computer
  • Did you throw it out? Was the hard drive still in
    it?
  • What thieves may have done with your old hard
    drive! They can recover the contents!!
  • What the impact can be
  • Get your passwords, your email, your personal
    files
  • How to minimize your risk
  • Get a wipedisk program (WIPEDISK, BCWIPE,
    U-WIPE) and thoroughly erase that hard drive
    BEFORE you throw it out. I drive a nail through
    my old harddrives!

39
A harddrive with a nail hole in it
Below is a harddrive I destroyed. I do the same
to CDROMs also, i.e. I break them into pieces
before throwing them out.
40
IN THE CLEAR
  • Email contents can be read by many others as it
    goes from computer to computer. Be careful what
    you put in an email. Others will see it.
  • Your (ftp) id and password, are also visible to
    others.
  • What does this mean? Others can copy it use it
    for their own purposes.
  • Never put anything personal in an email, i.e. no
    birthdates, account numbers, social security
    numbers and so on.

41
HiJacked Browsers
  • Does your Internet Browser act strange?
  • Does it always take you to a strange web site?
  • Can you change the default home page?
  • If not, your browser may have been hijacked!!
  • Might not be easy to fix as the hijacker has
    modified your computer (if you had administrative
    privileges).
  • Usually you need to reboot in SAFE MODE and then
    delete the offending files and also likely need
    to make risky registry changes!
  • It is ar better to NOT run with administrative
    privileges to prevent it in the first place.
  • Use another browser instead, i.e. Netscape,
    Mozilla Firefox (which I use) instead of Internet
    Explorer which hackers target,
  • Note Cool Web Search is very nasty and very hard
    to remove!

42
Dangerous programs
  • Smiley Central
  • KAZAA
  • Cool Web Search
  • HotBar
  • Bonzi Buddy
  • Speedblaster
  • MemoryMeter
  • Best Offers
  • See also http//www.pchell.com/support/spyware.sh
    tml

43
Administrator Userid
  • Your logon userid on a new computer defaults to
    Administrator privileges so you can install
    programs.
  • But spyware/viruses/keyloggers will also install
    their programs while you have these same
    Administrative privileges!
  • Solution
  • Create a user account (non-privileged) and use
    that account for email, web browsing, etc.
  • Rename your Administrator account to another name
    and keep it logged off and also use an obscure
    password for it
  • See next two slides to see how to do it.

44
(No Transcript)
45
(No Transcript)
46
ROUTERS
  • A router allows multiple computers to easily
    share one internet connection.
  • May allow port blocking to stop port scanning
  • Hides your real IP address via NAT NAT native
    address translation. Some also use SPI or
    Stateful Packet Inspection
  • as an added benefit.
  • Thus a router functions as a simple firewall.
  • I use the Linksys BEFSR41 4 Port Wired Router
    which costs about 50 or so, as well as wireless
    routers.
  • I reset it weekly, i.e. turn it off for 15
    minutes and then back on. I do the same to the
    modem also. This changes the IP address that
    others will see.

47
My Router Connection (simplified)
48
The primary router I use
49
Wireless routers
  • Not very secure.anyone can use it, even from the
    street. Do this to increase security
  • Change the default router password and default
    SSID (Service Set Identifier) name.
  • Disable SSID broadcasting.
  • Enable the firewall software, encryption and MAC
    filtering (Media Access Control)
  • Read your router manual for details on the above
    variations on this.

50
Using computers in public places
  • Never save your password locally
  • Never save your user-id after you are done, type
    in anyone_at_hotmail.com or something like it in the
    user-id field so the next user sees that and not
    your real email address.
  • Always assume the public computer has a virus or
    spyware.
  • Use for browsing or simple emailing only
  • Erase the cookies on that computer when you are
    done and also clear out your internet history
    (tools- internet options
  • -general then click each of these clear
    history, delete cookies, delete files)

51
Microsoft Outlook
  • Spyware, Viruses may target Microsoft Outlook to
    send their programs to everyone in your contacts
    file, thus spreading rapidly on the Internet.
  • Keep Outlooks Inbox password-protected so that
    Outlook will not work unless you know the
    password. Set the password this way in Outlook
  • File-Data File Management-Settings.
  • These steps reduce the chance of spyware and
    viruses spreading.
  • I use Mozillas Thunderbird email program and it
    works fine and is somewhat safer to use.

52
TRENDS
  • People are now targeting AOL users, smart cell
    phones and wireless PDAs.
  • They also remotely turn on your attached webcam
    and may literally watch you as you work or walk
    around the room.
  • The latest is to capture banking information by
    installing a program on your computer and
    capturing banking passwords (RATRemote Access
    Trojan) see next slide.

53
(No Transcript)
54
Trends, continued
  • Last month, an agency detected 170 distinct
    Trojan programs used to steal bank data.  In
    January, there were only about 30, he said.
  • 10 of all connected computers have these RAT
    trojans installed and running.
  • The risk is high these people are gaining access
    to your online banking accounts!

55
Software Solutions
  • POPUP STOPPER
  • http//www.panicware.com (free) download the
    basic version
  • http//www.popupcop.com (30day free trial)
  • SPY WARE
  • http//www.safer-networking.org (free)
  • http//www.lavasoftusa.com (free)
  • http//www.webroot.com/consumer/products/spysweepe
    r/index.html (30)
  • http//www.pestpatrol.com (40)
  • http//www.sunbelt-software.com/CounterSpy.cfm
    (20)
  • FIREWALL SOFTWARE
  • http//www.zonelabs.com (free version, 40 for
    improved version)
  • COOKIE COP
  • http//www.pcmag.com/article2/0,4149,6244,00.asp
    (free)
  • VIRUS SOFTWARE
  • http//www.symantec.com/product/ (50, sometimes
    cheaper)
  • http//www.grisoft.com/doc/10/lng/us/tpl/tpl01
    (AVG-generally free)

56
Software Solutions, continued
  • TEST YOUR COMPUTERS SECURITY
  • http//gemal.dk/browserspy/
  • https//grc.com/x/ne.dll?bh0bkyd2
  • MORE SECURITY TOOLS SOFTWARE
  • http//www.pacific.net/secpriv.html
  • http//epic.org/privacy/tools.html
  • http//www.pgpi.org/products/pgp/versions/freeware
    /
  • http//blog.tech-security.com/?p16 (IceSword
    tool!)
  • MORE INFORMATION
  • http//www.bestsearchers.com/best-websites/compute
    rs-security.html
  • http//blog.tech-security.com/?p16 (IceSword
    tool!)
  • REPORTING SCAMS
  • http//www.IFCCFBI.gov (or) enforcement_at_sec.gov

57
WHAT DO I USE AT HOME?
  • I have a LINKSYS 4 port ROUTER, model BEFSR41,
    providing internet sharing and NAT (blocks
    inbound attempts)
  • We also run a BELKIN wireless router but we keep
    encryption enabled to block intruders.
  • I use ZoneAlarm to monitor hacking attempts and
    outbound traffic.
  • I use Panicwares popup stopper.
  • I use CookieCop to block tracking cookies (I set
    them to session only)
  • I use Adaware, Spybot and SpySweeper weekly.
  • I also run AVG Antivirus weekly and also against
    all downloads I may do. I update its virus
    definitions weekly.
  • My main windows login is as a limited user, not
    as an administrator.
  • I never open unknown emails. Never.
  • I use PGP for securing my USB flashdrive in case
    I lose it.
  • I back up my computer every month to another
    harddrive.

58
In Summary
  • Purchase a router that has NAT installed to block
    intruders.
  • Download Zonealarm and install it.
  • Purchase AntiVirus Software and keep its virus
    definitions current.
  • Never run a program you download or are given to
    by a friend unless you first check it with a
    current antivirus program. (AVG, McAfee, Norton,
    etc)
  • Never open an email from a stranger or reply to
    any emails you dont personally know. Ignore all
    emails asking for personal information.
  • Be wary of screensavers, Activex, Javascript
    they may install software without you knowing it
    (if you have administrative privileges).
  • Do not use an account with Administrative
    privileges.
  • Delete cookies periodically or use CookieCop or
    similar to manage them.
  • Reset your modem weekly, i.e. turn it off for 15
    minutes or more, forcing a new IP address every
    time.
  • Run SpyBot, AdAware, SpySweeper and your Virus
    software weekly this is what I do every week.

59
IN CLOSING, WHAT WE DISCUSSED
  • SPAM EMAIL
  • VIRUSES
  • KEYLOGGERS
  • POPUP/BANNER ADS
  • COOKIES
  • SHOPPING ONLINE
  • SPYWARE
  • HOAXES
  • PORT SCANNING
  • YOUR OLD COMPUTER
  • ROUTERS
  • PUBLIC COMPUTERS
  • TRENDS
  • SOLUTIONS
  • WHAT I USE
  • QUESTIONS

60
IT IS WORTH REPEATING AT THIS POINT
  • One recent test showed that a brand-new,
    unprotected Windows machine became infected with
    viruses in just 20 minutes on the Internet.
    9/30/2004, Wall Street Journal, page B1

61
QUESTIONS?
  • How to reach me
  • joec_49_at_hotmail.com
  • This complete handout is available online at
  • http//www.collins-consulting.org/download.html
  • Another good overview of personal computer
    security
  • http//safecomputing.umn.edu/studentchecklist.htm
    l
About PowerShow.com