personal computer safety

GTRI_B-1filename - 1

Personal Computer Safety

Les Smee

Georgia Tech Research Institute

GTRI_B-2filename - 2

Quiz

http://www.alwaysuseprotection.com/quiz.aspx

GTRI_B-3filename - 3

Famous Hacking

Claim to fame: Figured out how to make free phone calls using a plastic prize whistle he found in a cereal box. Cap'n Crunch introduced generations of hackers to the glorious concept of phone "phreaking."

John DraperHandle: Cap'n Crunch

GTRI_B-4filename - 4

Famous Hacking

Robert MorrisHandle: rtm

Claim to fame:

The son of the chief scientist at the National Computer Security Center part of the National Security Agency (NSA) this Cornell University graduate student introduced the word "hacker" into the vernacular when he accidentally unleashed an Internet worm in 1988. Thousands of computers were infected and subsequently crashed.

GTRI_B-5filename - 5

Famous Hacking

Kevin MitnickHandle: Condor

Claim to fame:

The first hacker to have his face immortalized on an FBI "Most Wanted" poster. His status as a repeat offender, a teenage hacker who couldn't grow up, earned Mitnick the nickname "The Lost Boy of Cyberspace." Inspired the movie “War Games” by hacking NORAD.

GTRI_B-6filename - 6

Computer Updates

• Update Operating System

• Automatic

• Manual

• Update individual Applications

• Usually Notified

• Update Virus and Spyware Programs

GTRI_B-7filename - 7

Operating Systems

• Maintain updates

• The more common the OS the more vulnerable

• Windows

• Less common/vulnerable

• Linux, Mac OSX

GTRI_B-8filename - 8

Viruses

• Run without intention or permission

• Have the ability to "infect" or modify other files or disk structures

• Replicate so it can spread to other files or systems

• Does NOT have to be malicious

GTRI_B-9filename - 9

Virus Types

• Boot Sector Infectors – attaches to boot program, runs when computer is started

• File Infectors – attack file (.exe) and change code

• Macro Viruses – use programming language built into applications like Microsoft Word

GTRI_B-10filename - 10

Virus-like

• Worms – doesn’t infect other files/programs, completely self-contained

• Trojan Horses – software intentionally written to do something it is not intended to do

• Bugs – unintentional coding that cause a program to misbehave

GTRI_B-11filename - 11

Virus Hoaxes and Myths

• Often Spread via email

• Threaten grave consequences

• http://hoaxbusters.ciac.org/ (HoaxBusters)

• Cannot get a virus simply from reading an email

GTRI_B-12filename - 12

Virus Prevention

• More connections = more vulnerability

• Pirated Software more likely to contain viruses than legitimate software

• Control access to PCs

• Scan removable media

• Disable booting from removable media

• Can disable it’s use completely

GTRI_B-13filename - 13

Virus Detection

• Use Anti-Virus software

• Norton

• McAfee

• AVG (free)

• Keep AV program up to date (Virus Definitions)

• Auto updates

• Regular Checks

• Weekly Scans

• File Scanning

GTRI_B-14filename - 14

Firewall

• Definition: Hardware and/or software that limits access to your computer from the outside world

• Cannot stop you from download malicious software

• Virus, trojan, etc.

• Can be configured to allow or disallow specific types of traffic (ports)

GTRI_B-15filename - 15

Firewalls

• Hardware

• Can be combined with other product (switch, router)

• Dlink, Linksys, Netgear

• Software

• Many have free version for personal use

• Zonealarm, Norton, Windows

• Need to get updates

GTRI_B-16filename - 16

Testing Firewalls

• Port Probe

• DSLReports

• http://www.pcflank.com/scanner1.htm

GTRI_B-17filename - 17

Why not backup?

• Not important

• No Time

• Don’t know how

• No routine (forget)

GTRI_B-18filename - 18

Causes of Data Loss

• Hardware Failure

• Software Failure

• File System Corruption

• Accidental Deletion

• Virus

• Theft

• Sabotage

• Natural Disaster

GTRI_B-19filename - 19

Backup Methods

• Medium

• Tape

• CD/DVD

• Removable Drive

• Internal duplicate drive

• Backup Specific Files

• Windows Backup

GTRI_B-20filename - 20

Backups

• Make backing up routine (set reminder)

• Store backups in safe location

• One set on site and one set off

• Destroy old backups

GTRI_B-21filename - 21

Browsing

• Get browser updates

• Try alternative browsers (Firefox)

• Verify addresses in address bar

• Regularly delete stored data

• Cookies

• Block pop-ups

GTRI_B-22filename - 22

Online Shopping

• Look for padlock or https://

• Use credit cards

• Single use

• Research Company

• (www.bbb.org) or (www.naag.org)

• Know return policy

• Look at URL closely

• Print or save order confirmation

GTRI_B-23filename - 23

Email

• Generally not secure

• Beware of Phishing

• Don’t trust attachments

• Avoid Spam

• HTML email can be bad

• Some mail programs allow you to turn off html

GTRI_B-24filename - 24

Email Don’ts

• Use full name as sender

• Give out passwords

• Use primary email for posting in public forums

• Respond to spam unsubscribe address

• Buy from spammers

• Include name in address

GTRI_B-25filename - 25

Avoiding Spam

• How do spammer get your address?

• Spambot or Scraper to crawl the web looking for addresses

• Trick people into submitting their addresses

• Pick and domain and send thousands of emails

GTRI_B-26filename - 26

Avoiding Spam

• Use disposable addresses

• Watch for “Yes I want to receive …” checkboxes

• Disguise email address on blogs, chatrooms, etc

• Joeblow@YAdelete_thisHOO.COM

• joeblow@ yahoo.com

• Use unguessable email address

• Don’t respond to spam, even to unsubscribe

GTRI_B-27filename - 27

Wireless Security

• Easy to intercept wireless packets

• Airsnort, Aircrack

• http://www.wi-foo.com/index-3.html

• Change defaults

• SSID (Broadcast)

• Encryption

• Mac Filtering

GTRI_B-28filename - 28

Wireless Security

• OK to use unencrypted wireless on encrypted sites

• Banking

• Shopping

GTRI_B-29filename - 29

Passwords

• Use different for secure and non-secure sites

• Ideally use different for each site dealing with money

• Change regularly

• Use combination of letters, numbers, symbols

• Don’t allow programs to “remember” critical passwords

GTRI_B-30filename - 30

Spyware

• Virtually all internet connected computers get spyware

• Symptoms of spyware

• Endless pop-ups

• Redirected to websites you didn’t enter

• New icons in tasktray

• New toolbars in browser

• Computer is suddenly slow when accessing/saving files

GTRI_B-31filename - 31

Spyware Detection/Removal

• Run checks weekly

• Some antivirus programs check

• Free stand alone programs

• Spybot

• Adaware

GTRI_B-32filename - 32

Chatting Safely

• Don’t give out identifying info

• Name

• Phone

• Location/School

• Email

• Remember people do lie

• Choose non-identifiable screen name

• Don’t meet people offline (if you do make it very public)

• Know how to save conversations and report problems

• Don’t open/except files sent to you

GTRI_B-33filename - 33

Chatting for Kids

• Only use monitored rooms

• Don’t allow private chats

• Observe who kids talk with

• Choose rooms appropriate for age level

• Parents check out sites first

• Limit or don’t allow webcam use

GTRI_B-34filename - 34

Child safety

• Keep computer in family area

• Spend time with child online

• Tell child how to end/report situations where he/she feels uncomfortable

• Give feedback to ISPs about what you like/dislike/expect

• Use time limits

• Ask child to sign online agreement

GTRI_B-35filename - 35

GTRI_B-36filename - 36

Communal Sites

• Examples

• FaceBook

• MySpace

• Default security is low

• Assumes you want everyone to know everything

• What happens here stays here … FOREVER

• Friends may not have same privacy concerns

• Upload pictures

• Pictures/sites used in court

GTRI_B-37filename - 37

Communal Sites

• Sites portray themselves as safe

• Based on the assumption that everyone is honest

• Some create profiles “for” other people

• People often alter themselves positively in an online profile

• Third parties using information

• Police

• School administrators

• Spouses

GTRI_B-38filename - 38

Mobiles (phone)

• FaceBook and Myspace plan to extend to mobiles

• Will be able to post to web pages directly

• Can search for other users emails and numbers

• Chat already on mobiles

• Yahoo, AOL, MSN

• Ability to send/receive photos and video

GTRI_B-39filename - 39

Health Concerns

• Heat From laptop

• Carpal Tunnel Syndrome

• Proper Desk Setup

• Monitor height

• Chair height (feet flat)

• Get up every hour

GTRI_B-40filename - 40

Keeping Kids Safe Onlinehttp://www.ou.edu/oupd/kidtool.htm

SafeKids Websitehttp://www.safekids.com/

Safekids Quizhttp://www.safekids.com/quiz/

Another Internet Safety Quizhttp://iol.ie/~dromore/safety/quiz/quiz.htm

MySpace Safetyhttp://www.wiredsafety.org/internet101/myspaceguide.html

Safety on Communal Siteshttp://www.twu.edu/o-sl/Counseling/SelfHelp066.html

Software Downloadshttp://www.download.com/