|
1
|
- Instructor: Christopher White
- Email: security@fezam.com
|
|
2
|
- Introduction
- Information Form
- Why Should You Care?
- Steps in Securing your PC
- Browsers
- Anti-Virus
- Patching
- Email
- Firewalls (hardware and software)
|
|
3
|
- Steps in Securing your PC (cont)
- Backups
- Passwords
- Downloading Software
- Spyware
- Social Engineering
- Wireless Networking
- Windows Services
- References
- Questions and Answers
|
|
4
|
- Working in IT for ten years
- Graduated from U of M in 1999
- Work with UNIX and Windows
|
|
5
|
- Please fill out the form so that I can get
- an understanding of each person’s
- computer habits. If you don’t
know an
- answer, please put a question mark on
- that line.
|
|
6
|
- Property has its duties as well as its rights
- Thomas Drummond (1797-1840)
- http://www.geo.ed.ac.uk/scotgaz/people/famousfirst134.html
|
|
7
|
- Protect your sensitive information
- Credit Card and Bank Info
- Private emails
- Documents saved on your PC, such as tax records, wills, or that novel
you’ve been working on
|
|
8
|
- Helping yourself helps others, which in turn helps you again
- Prevent Financial Loss
|
|
9
|
- Remember:
- Security is a Process, not a Product
|
|
10
|
- You don’t need to have the most secure computer in the world….
- You only need to be more secure than your neighbor!
|
|
11
|
- Browser: A program that allows a user to find, view, hear, and interact
with material on the World Wide Web.
|
|
12
|
- Internet Explorer has many security problems:
- http://news.bbc.co.uk/2/hi/technology/3840101.stm
- “Users are being told to avoid using Internet Explorer until Microsoft
patches a serious security hole in it.”
- http://www.securitytracker.com/alerts/2004/Feb/1009067.html
- “A remote user can cause arbitrary code to be executed on the target
user's computer”
- http://www.joeyday.com/2003/12/12/new-ie-security-exploit
- “Are you still using Internet Explorer? You should really consider
switching.”
|
|
13
|
- Mozilla (http://www.mozilla.org)
- Web browser
- Mail client (aka: Thunderbird)
- Chat client
- Text/HTML Editor
- Firefox (http://www.mozilla.org)
- Opera (http://www.opera.com)
|
|
14
|
- Mozilla and Firefox have plugins to enhance your browsing experience
- Some recommendations:
- http://themes.mozdev.org (themes)
- http://optimoz.mozdev.org (mouse gestures)
- http://extensionroom.mozdev.org/more-info/tbe (tabbed browsing
extentions)
|
|
15
|
- Virus: A program that infects a computer by attaching itself to another
program, and propagating itself when that program is executed. All computer viruses are man-made.
|
|
16
|
- Always leave it running
- Update definitions daily
- Run full scans weekly
|
|
17
|
- AVG Anti-Virus – Free
- Symantec Anti-Virus
- McAfee Anti-Virus
|
|
18
|
- If an Anti-Virus program detects a virus on your system, it will usually
give you the option to either quarantine the file or delete it.
|
|
19
|
- Check for patches to your system frequently – for the Operating System
as well as applications such as your word processor.
- http://windowsupdate.microsoft.com
- Windows “Automatic Update”
|
|
20
|
- Three types of Email threats:
- Social Engineering to get your info
- Worms/Viruses in mail or attachments
- Checks to determine if address is active
|
|
21
|
- Keep Anti-Virus up-to-date!
- Never open email from people you don’t know.
- Never open attachments unless you’re expecting them.
- Never click on sites from within an email – manually type in links to
Citibank and the like in the browser.
|
|
22
|
- Examples of Spam:
- Sender Subject
- Award Dept.Claim Your Free iPod.
- Helpful Health Newsletter Something she can't refuse
- Unique Health Newsletter Women change your life
- Brandy Re: Re: To clarify the situation
- Alice A. Walker Norton AntiVirus 2004 - 75% OFF
|
|
23
|
- Firewall: A system designed to protect a computer network from
unauthorized access, especially via the Internet.
|
|
24
|
- Two types of Firewalls
- Hardware based (you can touch them)
- Software based (program on your PC)
- Hardware is most important
- Linksys BEFW11S4 (802.11b wireless)
- Linksys BEFSX41 (hardwired)
|
|
25
|
- Software firewall adds layering
- Windows Firewall (free with WinXP)
- Norton Internet Security (www.norton.com)
- Sygate Personal Firewall (www.sygate.com)
- Zone Alarm (http://www.zonelabs.com)
- Free version is firewall only, bundled version has anti-virus as well
|
|
26
|
- Backups: The process of copying files to a safe place to keep in case of
corruption or loss of the original files
|
|
27
|
- You should always have multiple copies of your important data!
- Manually burn copies to CDs or DVDs
- Make copies to external hard drive
- Automatically copy between internal hard drives
- I recommend “Second Copy 2000” (http://www.centered.com) for $29.95
|
|
28
|
- Important Files to think about:
- Word/Excel documents
- Quicken backup files
- Digital Pictures
- Tax Returns
- Home Movies
|
|
29
|
- Keep track of where your files are!
- “My Documents” is easiest
|
|
30
|
- Password: A series of characters that enable a user to access a file,
computer or program. Ideally, the password should be something that
nobody can guess.
|
|
31
|
- Passwords should be impossible to guess!
- Do not use ANY word that can be found in ANY dictionary! This includes French words, medical
terms, Latin, etc.
- Always include letters, numbers, and symbols!
- Never write down a password
- Good passwords use pneumatics:
- Good password: Tyvm4tsc!
- Thank you very much 4 this security class!
|
|
32
|
- You should have two classes
- General – used for websites that require logins but don’t contain
sensitive information such as address.
- Secure – Used for any website that requires your credit card info,
address, etc.
|
|
33
|
- Never store your passwords in your browser.
- Easy to steal
- You will forget your own password
|
|
34
|
- Download: To transfer a file from another computer to your computer.
Opposite of Upload.
|
|
35
|
- Be careful where you download from
- Use only respected download sites such as http://www.download.com, http://www.tuwcows.com,
or a company’s website (like Microsoft.com or mozilla.org)
- Peer-to-Peer networks can be useful, but can also be harmful. Be careful what you download!
|
|
36
|
- Spyware: A technology that assists in gathering information about a
person or organization without their knowledge. On the Internet,
"spyware is programming that is put in someone's computer to
secretly gather information about the user and relay it to advertisers
or other interested parties."
|
|
37
|
- Install anti-spyware software:
- AdAware
- http://www.lavasoftusa.com/software/adaware/
- Spybot Search and Destroy
- http://www.safer-networking.org/en/download/index.html
|
|
38
|
- Social Engineering: Term used among crackers for exploiting weaknesses
in people, rather than software--tricking someone into giving out
information like passwords that will compromise system security.
|
|
39
|
- There is no software that can protect you from social engineering. You need to evaluate whether someone
really needs the information that they’re asking for.
- NEVER give your password out to anyone (including family members!)
|
|
40
|
- Wireless Networking: A type of network that uses high-frequency radio
waves rather than wires to communicate between nodes. Security on these
networks is often done using WEP.
|
|
41
|
- Similar to a cordless phone
- Neighbors can hear your conversations
- Use WEP (Wired Equivalent Privacy)
- Weak encryption, but better than nothing
- Change WEP key every 30 days or less
- Enable MAC address security
- Might be an advanced feature of your wireless router
- Disable router broadcasting
|
|
42
|
- There are many things running that you don’t need.
- Start|Programs|Administrative Tools|Services
- http://www.blackviper.com/WinXP/servicecfg.htm
|
|
43
|
- How IE can drain your bank account
- http://reviews.cnet.com/4520-3513_7-5142439-1.html
- Computer Security: A Handbook for Ordinary Users
- http://www.theregister.com/2004/07/09/computer_security_review/
- Tools and Resources
- http://basicsec.org/tools.html
- Home Computer Security
- http://www.cert.org/homeusers/HomeComputerSecurity/
|
|
44
|
- http://www.cert.org
- http://www.sans.org
- http://www.cisecurity.org/
- http://www.snopes.com
|
|
45
|
- Any questions?
- If you have questions later, feel free to email me!
- I also offer consulting services if you need extra help with your PC.
|
|
46
|
- Thank you for coming and good luck!
|
Notes
