Home PC Security

What PC Users and Law Enforcement

Should KnowPrinting with “Notes” enabled with provide a script for each

slideBob Samson

11/20/2004

What is the Problem? Hardware architecture of a PC Complexity of computer software

Anonymity of the Internet High speed connections Dial up connections Wireless connections

Hardware Architecture of a PC

There are 65,535 open ports on every Intel-based PC Only a few ports are probably necessary for the

average home user Port 25 – SMTP Simple Mail Transport Protocol is used for

sending email Port 53 – DNS Domain Name Server translates URLs into IP

Addresses Port 67/68 - When an ISP uses DHCP (Dynamic Host

Configuration Protocol) to assign IP addresses when you logon Port 80 - Your main Internet Connection Port 110 – POP3 Post Office Protocol version 3 for retrieving

email Games, the use of instant messaging, or other business

uses all may add a few additional ports to this list

Complexity of Computer Software

Windows has about 40 million lines of code (instructions)

By the year 2010, Windows is projected to grow to 100 million lines of code

A Carnegie Mellon University study found that a programmer makes an error every 1,000 lines of code.

That means just in Windows, there are probably 40,000 errors. If you consider all of the other application software that runs on the average PC, there are hundreds of thousands of errors that can be exploited by computer hackers so that they can gain entry into your computer

Anonymity of the Internet

When you are connected to the Internet, you are only known by a numeric Internet Protocol address

IP Addresses are not a reliable source of identification (they can easily be changed)

There is no way to identify a physical location from an IP address

Since the Internet is a network of millions of interconnected computers, it is easy to hide one’s “trail” behind the numerous points of interconnection

There are three sources of hackers: geeks; socially deprived intellects; terrorists - all pose a threat

High Speed Connections DSL and cable connections pose a greater risk than telephone

modems because they process data more quickly Without a firewall, anyone in the world can gain access to

your computer [easily!] If you have more than one computer and share files between

them, every file may also shared with the world unless you have a firewall

Peer-to-Peer programs like Kazaa, Gnutella used to swap music files can share more than you intended such as password files

Leave your computer open to the world wide web, add a few web pages to your files and you can easily find your private files indexed and accessible through search engines such as Google

Dial Up Connections Dial up connections or modems

have risks associated with them Risks include the hijacking of

one’s telephone for generating bogus long distance charges Be thoroughly familiar with spyware

and how to avoid it Never leave your PC on unattended

while connected to your modem

Wireless Connections If you can connect without a wire, your neighbor’s

high school computer wizard can also connect to your computer and your Internet connection

A wireless network must have: Encryption of the signal/connection Data encryption may also be required for additional

protection Strong log in and password rules for your computer are a

must Don’t let children use the wireless feature to hide

and connect to the Internet - use it to keep them in the accompaniment of an adult

What you risk when connected

Personal Information Reputation Financial resources (Identity Theft)

Personal Information Surfing habits can be tracked so a profile of your

interests developed for marketing purposes Your address book and the email addresses of all

your friends can be copied Financial information like bank records, tax

records, social security numbers, etc. can be stolen

Information can be corrupted or deleted by a virus

Read those Privacy Policies - you could be giving up your personal information

Reputation Your computer can be used to send Spam email

without your knowledge Your address book containing all of your

contacts can be emailed pornographic content

Financial Resources $53 billion dollars was lost in 2003 through

identity theft 27.3 million Americans in the last 5 years

reported that personal information was stolen [Identity Theft]

The cost to victims for recovery of their good name in 2003 was $5 million

In the last year, nearly 2 million Americans had their checking accounts raided by criminals

No One is Safe

Even the unborn and the dead can be victims of identity theft

What can you do? Use anti-virus software Use a firewall Learn about patch management

Change your behavior Be careful with online purchases

Anti-virus Software Purchase an anti-virus application to protect

your computer Update frequently - better yet, use anti-virus

software that will update automatically Stay alert to virus trends - the media is an

excellent source of pending attacks

Use a Firewall At a minimum, use a software firewall (port

blocker) Use a hardware firewall if you connect to the

Internet via a cable modem or DSL Both a software and hardware firewall together

offer the best protection Block as many ports as you can - this may mean

that you cannot play some Internet Games

Learn About Patch Management

Patch management means updating software frequently with the changes that manufactures add to improve security

Software updates are usually free Microsoft provides automatic updates as a

service to their customers If you are using Windows 95 or older, stop and

upgrade - the older versions are no longer supported and leave you vulnerable

If you have to re-install software for any reason, you must update it again because the patches will be missing

Change Your Behavior Don’t use illegal copies of software - it can be loaded with

viruses and spyware and besides it is wrong to steal! Don’t surf questionable web sites - Pornographic sites are

one of the biggest sources for web bugs and spyware Update your software frequently (patch management) Never send credit card data in an email - Emails should

always be considered unsecured Don’t open email attachments without understanding that

these are the largest cause of viruses - Even opening an attachment from a trusted email address is not safe (your friend could have been infected and had their address book stolen)

Dangerous Email Extensions ADE Microsoft Access Project

Extension MDB Microsoft Access Application ADP Microsoft Access Project MDE Microsoft Access MDE Database BAS Visual Basic® Class Module MSC Microsoft Common Console

Document BAT Batch File MSI Windows Installer

Package CHM Compiled HTML Help File MSP Windows Installer Patch CMD Windows NT® Command Script MST Visual Test Source File COM MS-DOS® Application PCD Photo CD Image CPL Control Panel Extension PIF Shortcut to MS-DOS Program CRT Security Certificate REG Registration Entries EXE Application

SCR Screen Saver HLP Windows® Help File SCT Windows Script Component HTA HTML Applications SHS Shell Scrap Object INF Setup Information File URL Internet Shortcut (Uniform

Resource Locator) INS Internet Communication

Settings VB VBScript File ISP Internet Communication Settings VBE VBScript Encoded Script File JS JScript® File VBS VBScript Script File JSE JScript Encoded Script File WSC Windows Script Component LNK Shortcut WSF Windows Script File WSH Windows Scripting Host

Settings File ZIP Compressed File Format

Watch Out for Phishing Emails from legitimate companies are copied to trick

consumers into providing confidential information Passwords Credit card numbers and expiration dates Banking account numbers

Even experts cannot tell by looking at the messages or the web site that you are directed to that this message is a forgery

Understand that no legitimate company ever asks you to validate personal information via an email in this way

Never respond, even if you do business with the company. If you are concerned, call them first!

Do Not Join Social Networks

“Social Networks” are services joined to help you remember addresses and phone numbers

Some companies are Plaxo, Friendster, Tickle and others

You risk your personal information, privacy and the information contained in your own computer’s address book

Remember, joining free services will expose your information and possibly the information stored on your computer to misuse and theft

Change Your Behavior continued

Make backups of important information stored on your computer

Don’t download browser add-ons and other software from unknown sources - this is an easy way to give your personal information to anyone through spyware or adware

Set your browser’s security and privacy settings to protect you from 3rd party cookies - these are used to track you

Be careful of HTML email - it can contain web bugs and spyware

Learn how to identify a “secured” web page - Never send your personal information over an unsecured web page

AND… Don’t click on “Unsubscribe” links

Change Your Behavior continued

Disable Java and ActiveX in your browser - These can be used to steal information from your computer

For Windows XP users, don’t log in with ADMINISTRATIVE RIGHTS

Use complex passwords created from phrases Example: MwaiJ10 (My wedding anniversary is June

10th) Example: Gmlogmd1775 (Give me liberty or give me

death 1775) Learn how to tell if a web page is secure

What About SPAM? Two Thirds of all email is SPAM One of the largest sources of SPAM is infected

home computers Trojan programs hijacking computers to send others

SPAM (zombies) Beware of spyware/adware and Trojan programs

Disguised as free programs, they track your surfing activities

Don’t use music download sites like KaZaA, GrokSter, Imesh

Free Screen Savers are a source of spyware If your computer becomes infected, your Internet

Service Provider may turn off your email capability until you fix it

Be Smart About Online Purchases

Selling or purchasing online through groups like eBay carry risks 40% of all credit card fraud is committed by

criminals overseas The top five offending countries are:

Yugoslavia Nigeria Romania Pakistan Indonesia

Many con artists hide the real country of origin Use protection services Never pay with a check card or debit card - only true

credit cards with online protection

Where to go for help Your local computer store Microsoft’s web site A knowledgeable and trusted friend Community Services

Senior community centers Community college classes State and Federal fraud assistance web sites

Your local police department (when you suspect that a crime has been committed)

Remember

If you don’t bother to protect your computer, your privacy and your information, you are a victim just waiting for the crime to happen.