SlideShare uma empresa Scribd logo

Digital Self Defense (RRLC version)

Ben Woelk, CISSP, CPTC
Ben Woelk, CISSP, CPTC

Digital Self Defense workshop presented to Rochester Regional Library Conference on 10/25/10

Tecnologia
1 de 57
RIT Information Security 585.475.4122 infosec@rit.edu digital self defense
2 Copyright and Reuse • The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-Non-Commercial-No Derivative Works 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. To request permission for other purposes, contact infosec@rit.edu. • The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-Non-Commercial-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. To request permission for other purposes, contact infosec@rit.edu.
3 What we’ll talk about today • Basic information and computer security • Identity Theft, Phishing and Scams • Safe social networking
4/10 Symantec Internet Threat Report How Bad is it? In 2009: • The education sector accounted for 20 percent of data breaches that could lead to identity theft during this period, more than any other sector • Financial was the top sector for identities exposed, accounting for 60 percent of the total • Theft or loss of computer or other data-storage medium was the cause of 20% of data breaches • Hacking was the cause of 60% • 2,895,802 new malicious code signatures, 51% of all- time total.
General Trends • Malicious activity has become Web- based and is shifting to developing countries – Malicious PDFs 49% of web-based attacks • Attackers targeting end users instead of computers • Underground economy consolidates and matures • Lowered barriers to entry—crimeware kits
6 Everyone is a target • You have access to financial resources – Lines of credit – Bank accounts • You have access to information resources – Personal confidential information – Employer confidential information • You have access to network resources – High-bandwidth connections – Computing power
7 How Could I Become a Victim? Attacks are complex • Software vulnerabilities/configuration errors – 4,392 ―easily exploitable‖ vulnerabilities in 2008* • Malicious Software/Malware – Viruses, worms, spyware, etc. • Social Engineering Attacks – Phishing scams – Target sensitive private information *4/09 Symantec Internet Threat Report
Malware • Keyloggers – Steal usernames, passwords, etc. • Rootkits and bot software – Attackers can remotely control computers – Botnets used to send out spam and phishing • Spyware and adware – Monitor your web activity 8 Copyright 2003 D. Seah Bigger than Cheese
9 Botnets & Zombie PCs Large number of ―zombie‖ computers infected with remote control software • Send out spam, phishing, malware, in extremely large volumes • 75,158 active bot-infected computers daily High-volume attacks • Target insecure computers • ―Low-hanging fruit‖ Botnet illustration. Retrieved 18 July 2007. www.symantec.com *4/09 Symantec Internet Threat Report
Avert Labs Malware Research 10 Retrieved July 24, 2009 from: http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
Social Engineering Aside from malware, people may also try to steal your private information using: • E-mails • Instant messages • Fake websites • Phone calls • Text messages • Face-to-face 11
12 A Layered Defense • Strong Passwords • Patching • Anti-Virus Protection • Firewall • Anti-Spyware Protection • Physical Security • Paranoia & Common sense
Passwords • Weak passwords can be guessed – Automated programs – Personal details • Use different passwords – How many accounts can be accessed with just one of your passwords? – Password vaults 13
14 Passphrases • Series of words or a sentence • Examples – MyT1gerIs0range – Ritch1eTh3Tiger Advantages: • Easier to remember • More secure than short complex passwords
15 RIT Desktop Standard Desktop and Portable Computer Standard requires: • Patching/Updating (automatic) • Anti-Virus (automatic) • Firewall • Anti-Spyware Lock on keyboard graphic. Retrieved 18 July 2007. http://images.jupiterimages.com/common/detail/43/73/22847343.jpg
But I own a Mac… In 2008: • Mac OS X had more disclosed vulnerabilities than any other OS* • Apple Safari web browser had the longest wait for updates out of all major browsers** • Macs are not immune to online threats 16 *IBM Internet Security Systems X-Force 2008 Trend & Risk Report **Symantec Internet Security Threat Report
Patching *4/08 Symantec Internet Threat Report • 2,134 vulnerabilities in the second half of 2007.* – 73% were ―easily exploitable‖ • Patches close these vulnerabilities,
18 Patching/Updating Patching: • Fixes ―vulnerabilities‖ in software You need to: • Turn on auto-updating (Windows, Mac OS X) • Check regularly for application updates (Adobe, Microsoft Office, etc.)
Anti-Virus Software • Use an anti-virus software such as McAfee, Norton, Avast, AVG, etc. • Check with your ISP. They may provide security software, including anti-virus.
What Anti-Virus Protects Against • Viruses – Self-replicating software that attaches itself to other programs and files – Moves from program to program, replacing each one with an infected version • Worms – Self-replicating software that does not need to attach itself to other programs and files – Moves from computer to computer over a network, searching for vulnerable hosts • Trojans – Software that appears to be something harmless (like a game or screen saver), but actually contains malicious code
21 Firewalls Firewalls • Monitor and protect network ports • Prevent unauthorized connections You must use a firewall • Windows XP and Mac OS built-in firewalls • Third-party products Graphic of fire. Retrieved 18 July 2007. http://www.adrenalin.bc.ca/lazer/pix/firewall_2.jpg
Choosing a Firewall • Windows XP Firewall – Default with SP2 – Does not block outgoing connections • ZoneAlarm Personal Firewall – A little more sophisticated – Free license for personal use only • Router/Wireless Router – Does not block outgoing connections – Must change wireless router settings to make it secure
23 Anti-Spyware Spyware is: ―tracking software deployed without adequate notice, consent or control for the user.‖ You need to: • Update and scan weekly – Automatic-updating and scheduling • Use multiple programs – http://security.rit.edu/students.html Computer ‘Spy’. Retrieved 18 July 2007. http://www.afcea.org/signal/articles/articlefiles/248- HSK_Spyware_computer-spy.jpg
24 How do You Get Spyware? • Browser Vulnerabilities – Links to malicious sites – Following common search terms • Bundled with software • Malware – Disguised as anti-spyware programs or other popular freeware Stressed woman photo. Retrieved 18 July 2007. http://www.computermediconcall.com/images/computer-frustration.jpg
Limited User Accounts Administrative/root user accounts • Unnecessary level of access Limited user accounts can prevent: • Many types of malware and spyware/adware • Configuration changes – Malicious or accidental 25 Recommended
26 Physical Protection • Never leave your computer or mobile device unattended • Lock or log out – Set a screensaver password • Don’t let others use without supervision – Know what devices are registered to your name Computer protection image. Retrieved 18 July 2007. http://www.allsquareinc.com/downloads/Love%20My%20Computer.jpg
27 Know Your Computer! Has your computer been acting different than usual? • Run anti-virus and antispyware • Ask for help
28 Paranoia and Common Sense
Identity Theft • What’s the problem with this picture? 29
30 Phishing • Purpose – ―verify/confirm/authorize‖ account or personal information • Source – Appear to come from PayPal, banks, ISPs, IT departments, other official or authoritative sources • Tone – Appeals to fear, greed, urgency, sympathy
31 Targeted Phishing • Sent to a specific community • May include personal details • Appears official – Identical logos, graphics, layout, content, etc.
32 How to Spot and Avoid Phishing • Does it seem credible? – Misspellings, bad grammar, formatting errors • File attachments – Is it expected? If not, ignore it! • Never respond directly to e-mail requests for private information – Verify with company – Don’t click on links • Type in the web address as you normally would
Phishing 33
34 Phishing Samples (APWG)
35 Phishing Website Tricks • Similar names – www.eday.com, www.ebay-secure.com, www.paipall.com, www.yafoo.com • Use of @ in URLs – www.ebay.com/upd@aw-confirm.us/upd • Masked URLs – http://www.myspace.com/
Solutions • Education and awareness – Because social engineering such as phishing relies on tricking consumers, awareness education is a key component in reducing consumer losses to phishing. – A number of government and private entities have created web sites designed to educate consumers about the threats of phishing. These sites include • FTC OnGuard Online. • Anti-Phishing Working Group • MillerSmiles 36
Solutions • Safe computing practices provide a strong defense against phishing: – Never click on links directly from an email. – Use File/Properties to find out which website you are really on. – Look for the proper symbol to indicate you’re on a secure web site. • Secure web sites use a technique called SSL (Secure Socket Layer) that ensures the connection between you and the web site is private. • This is indicated by “https://” instead of “http://” at the beginning of the address AND by a padlock icon which must be found either at the right end of the address bar or in the bottom right-hand corner of your browser window. • A padlock appearing anywhere else on the page does not represent a secure site. 37
Solutions • Software – Although avoiding phishing attempts is typically a matter of following safe practices, there are a number of browser helpers available to help warn you of suspicious web sites. – Browser helpers normally work as another toolbar in your browser. Use one or more for your protection. – Internet Explorer 8 and Firefox 3 also provide limited protection by denying access to many known phishing sites. – Spam filters may also intercept many phishing attempts. 38
Browser extensions • Netcraft Anti-Phishing toolbar (for IE & FF) • Firefox extensions – Adblock – Noscript (only trusted domains) 39
Netcraft http://toolbar.netcraft.com/ • Giant neighborhood watch scheme – Blocks reported URLs, it is blocked for community members as they subsequently access the URL. – Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner. • The toolbar also: – Traps suspicious URLs containing characters which have no common purpose other than to deceive. – Enforces display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls. – Clearly displays sites' hosting location, including country, helping you to evaluate fraudulent URLs (e.g. the real citibank.com or barclays.co.uk sites are unlikely to be hosted in the former Soviet Union). 40
41
42 Other Phish/Scams • Disaster events – Hurricane Katrina – Va. Tech shootings • Celebrity/popular events – Michael Jackson funeral • Nigerian 419 Schemes (Advance Fee Fraud) – Mutually beneficial business transactions – Unclaimed funds – Craigslist – Lottery schemes
43 Student Identity Theft The 18-29 age group reports more identity theft than any other • Shred sensitive documents • Thieves want credit, not cash • Check your credit rating – www.ftc.gov/freereports – www.annualcreditreport.com • www.ed.gov/misused
44 If You Think You’re a Victim… Reporting identity theft: • Law enforcement • Your financial institutions • Credit bureaus • FTC Web site – www.idtheft.gov
45 Safer Social Networking Do you use any social networking or blogging websites such as Facebook or MySpace?
46 It’s Harmless, Right? What kinds of things do people typically post? • Class schedule • New cell phone number • Details of upcoming vacation • Complaints about a co-worker or manager • Story about last weekend’s party
47 Who Else Uses Social Networking? • Employers – Estimated that up to 75% of employers regularly ―google‖ or ―facebook‖ applicants • Identity Thieves – Names, birthdays, phone #’s, addresses, etc. • Online Predators – Schedules, whereabouts, weekend/vacation plans, etc. •Facebook Stalker (http://www.youtube.com/watch?v=wCh9bmg0zGg)
48 What You Post Can Be Used To… • Make judgments about your character • Impersonate you to financial institutions • Monitor what you do and where you go – Theft – Harassment – Assault
49 Not YourSpace Would I be comfortable if this were posted on a billboard? The Internet is public space! • Search results • Photo ―tagging‖
50 Use Social Networks Safely Do: • Make friends • Use privacy settings • Be conscious of the image you project Don’t: • Post personal information • Post schedules or whereabouts • Post inappropriate photos
51 Paranoia or Common Sense? Guard your personal information! – Even less sensitive information can be exploited by an attacker! – Don’t post it in public places – Know to whom you’re giving it • Watch out for Facebook Applications!! – A 2008 study found that 90.7% of apps had access to private user data (only 9.3% actually used the data) Macbook. Retrieved 18 July 2007. http://s7v1.scene7.com/is/image/JohnLewis/230407880?$product$
Phishing on Social Network Sites http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf 52
Is this really your friend? When ―friends‖ ask for money online • Do they speak/write like your friend? • Do they know any details about you or themselves that do NOT appear on Facebook profile pages? • Do they refuse other forms of help, phone call requests, etc.? Just because it is your friend’s account does not mean that it’s your friend! 53
The First Line of Defense Stay alert—you will be the first to know if something goes wrong – Are you receiving odd communications from someone? – Is your computer sounding strange or slower than normal? – Has there been some kind of incident or warning in the news? Do something about it! – Run a scan – Ask for help
For more information • Information Security web page http://security.rit.edu • RIT Information Security Facebook page • Staysafeonline.info
Online Phishing Quiz • http://www.sonicwall.com/phishing/ 56
Questions & Comments infosec@rit.edu http://security.rit.edu

Recomendados

Security and privacy
Security and privacySecurity and privacy
Security and privacy
Mohammed Adam
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
System failure
System failureSystem failure
System failure
chrispaul8676
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 

Recomendados

Security and privacy
Security and privacySecurity and privacy
Security and privacy
Mohammed Adam
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
System failure
System failureSystem failure
System failure
chrispaul8676
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
yaminohime
 
Internet security
Internet securityInternet security
Internet security
Mohammed Adam
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Staying safe on the internet
Staying safe on the internetStaying safe on the internet
Staying safe on the internet
Arthur Landry
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
SecureDocs
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
Md Abu Syeem Dipu
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11
Anna Stirling
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
Saqib Raza
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
Bryley Systems Inc.
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer System
Faruk_Hossen
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
malik1972
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
Hemant Nagwekar
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
NetWatcher
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
yaminohime
 
The SR Group - Corporate Responsibility & Diversity - 2015
The SR Group - Corporate Responsibility & Diversity - 2015The SR Group - Corporate Responsibility & Diversity - 2015
The SR Group - Corporate Responsibility & Diversity - 2015
Anthony Davies
 
Investor Presentation 3rd Quarter 2015
Investor Presentation 3rd Quarter 2015Investor Presentation 3rd Quarter 2015
Investor Presentation 3rd Quarter 2015
First Financial Bankshares, Inc.
 

Mais conteúdo relacionado

Mais procurados

BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
Md Abu Syeem Dipu
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
malik1972
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
Hemant Nagwekar
 

Mais procurados (20)

Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
 
Internet security
Internet securityInternet security
Internet security
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Staying safe on the internet
Staying safe on the internetStaying safe on the internet
Staying safe on the internet
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Bryley - mobility in the work place
Bryley - mobility in the work placeBryley - mobility in the work place
Bryley - mobility in the work place
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer System
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
 

Destaque

Tm webinar apr-skeptics-28apr16
Tm webinar apr-skeptics-28apr16Tm webinar apr-skeptics-28apr16
Tm webinar apr-skeptics-28apr16
Stephen Shinnan
 
Resume Wightman - Modified - June 1, 2016
Resume Wightman - Modified - June 1, 2016Resume Wightman - Modified - June 1, 2016
Resume Wightman - Modified - June 1, 2016
John Wightman
 
The Phoenix Works - EV Overview - V1.4
The Phoenix Works - EV Overview - V1.4The Phoenix Works - EV Overview - V1.4
The Phoenix Works - EV Overview - V1.4
Thomas Newby
 
Infographie "Les Français, la consommation locale et le digital : perceptions...
Infographie "Les Français, la consommation locale et le digital : perceptions...Infographie "Les Français, la consommation locale et le digital : perceptions...
Infographie "Les Français, la consommation locale et le digital : perceptions...
Graines de Changement
 

Destaque (9)

The SR Group - Corporate Responsibility & Diversity - 2015
The SR Group - Corporate Responsibility & Diversity - 2015The SR Group - Corporate Responsibility & Diversity - 2015
The SR Group - Corporate Responsibility & Diversity - 2015
 
Investor Presentation 3rd Quarter 2015
Investor Presentation 3rd Quarter 2015Investor Presentation 3rd Quarter 2015
Investor Presentation 3rd Quarter 2015
 
Tm webinar apr-skeptics-28apr16
Tm webinar apr-skeptics-28apr16Tm webinar apr-skeptics-28apr16
Tm webinar apr-skeptics-28apr16
 
Chinese in Boston
Chinese in BostonChinese in Boston
Chinese in Boston
 
Resume Wightman - Modified - June 1, 2016
Resume Wightman - Modified - June 1, 2016Resume Wightman - Modified - June 1, 2016
Resume Wightman - Modified - June 1, 2016
 
Levelling Up - Five Real World Examples of Incremental Maturity
Levelling Up - Five Real World Examples of Incremental MaturityLevelling Up - Five Real World Examples of Incremental Maturity
Levelling Up - Five Real World Examples of Incremental Maturity
 
The Phoenix Works - EV Overview - V1.4
The Phoenix Works - EV Overview - V1.4The Phoenix Works - EV Overview - V1.4
The Phoenix Works - EV Overview - V1.4
 
El color en la odontologia
El color en la odontologiaEl color en la odontologia
El color en la odontologia
 
Infographie "Les Français, la consommation locale et le digital : perceptions...
Infographie "Les Français, la consommation locale et le digital : perceptions...Infographie "Les Français, la consommation locale et le digital : perceptions...
Infographie "Les Français, la consommation locale et le digital : perceptions...
 

Semelhante a Digital Self Defense (RRLC version)

What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
nexxtep
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 

Semelhante a Digital Self Defense (RRLC version) (20)

Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Network security
Network securityNetwork security
Network security
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usage
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
9 - Security
9 - Security9 - Security
9 - Security
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
CyberSecurity.ppt
CyberSecurity.pptCyberSecurity.ppt
CyberSecurity.ppt
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 

Mais de Ben Woelk, CISSP, CPTC

We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
Ben Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
Ben Woelk, CISSP, CPTC
 

Mais de Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Building a Culture of Digital Self Defense
Building a Culture of Digital Self DefenseBuilding a Culture of Digital Self Defense
Building a Culture of Digital Self Defense
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Digital Self Defense (RRLC version)

  • 2. 2 Copyright and Reuse • The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-Non-Commercial-No Derivative Works 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. To request permission for other purposes, contact infosec@rit.edu. • The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-Non-Commercial-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. To request permission for other purposes, contact infosec@rit.edu.
  • 3. 3 What we’ll talk about today • Basic information and computer security • Identity Theft, Phishing and Scams • Safe social networking
  • 4. 4/10 Symantec Internet Threat Report How Bad is it? In 2009: • The education sector accounted for 20 percent of data breaches that could lead to identity theft during this period, more than any other sector • Financial was the top sector for identities exposed, accounting for 60 percent of the total • Theft or loss of computer or other data-storage medium was the cause of 20% of data breaches • Hacking was the cause of 60% • 2,895,802 new malicious code signatures, 51% of all- time total.
  • 5. General Trends • Malicious activity has become Web- based and is shifting to developing countries – Malicious PDFs 49% of web-based attacks • Attackers targeting end users instead of computers • Underground economy consolidates and matures • Lowered barriers to entry—crimeware kits
  • 6. 6 Everyone is a target • You have access to financial resources – Lines of credit – Bank accounts • You have access to information resources – Personal confidential information – Employer confidential information • You have access to network resources – High-bandwidth connections – Computing power
  • 7. 7 How Could I Become a Victim? Attacks are complex • Software vulnerabilities/configuration errors – 4,392 ―easily exploitable‖ vulnerabilities in 2008* • Malicious Software/Malware – Viruses, worms, spyware, etc. • Social Engineering Attacks – Phishing scams – Target sensitive private information *4/09 Symantec Internet Threat Report
  • 8. Malware • Keyloggers – Steal usernames, passwords, etc. • Rootkits and bot software – Attackers can remotely control computers – Botnets used to send out spam and phishing • Spyware and adware – Monitor your web activity 8 Copyright 2003 D. Seah Bigger than Cheese
  • 9. 9 Botnets & Zombie PCs Large number of ―zombie‖ computers infected with remote control software • Send out spam, phishing, malware, in extremely large volumes • 75,158 active bot-infected computers daily High-volume attacks • Target insecure computers • ―Low-hanging fruit‖ Botnet illustration. Retrieved 18 July 2007. www.symantec.com *4/09 Symantec Internet Threat Report
  • 10. Avert Labs Malware Research 10 Retrieved July 24, 2009 from: http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
  • 11. Social Engineering Aside from malware, people may also try to steal your private information using: • E-mails • Instant messages • Fake websites • Phone calls • Text messages • Face-to-face 11
  • 12. 12 A Layered Defense • Strong Passwords • Patching • Anti-Virus Protection • Firewall • Anti-Spyware Protection • Physical Security • Paranoia & Common sense
  • 13. Passwords • Weak passwords can be guessed – Automated programs – Personal details • Use different passwords – How many accounts can be accessed with just one of your passwords? – Password vaults 13
  • 14. 14 Passphrases • Series of words or a sentence • Examples – MyT1gerIs0range – Ritch1eTh3Tiger Advantages: • Easier to remember • More secure than short complex passwords
  • 15. 15 RIT Desktop Standard Desktop and Portable Computer Standard requires: • Patching/Updating (automatic) • Anti-Virus (automatic) • Firewall • Anti-Spyware Lock on keyboard graphic. Retrieved 18 July 2007. http://images.jupiterimages.com/common/detail/43/73/22847343.jpg
  • 16. But I own a Mac… In 2008: • Mac OS X had more disclosed vulnerabilities than any other OS* • Apple Safari web browser had the longest wait for updates out of all major browsers** • Macs are not immune to online threats 16 *IBM Internet Security Systems X-Force 2008 Trend & Risk Report **Symantec Internet Security Threat Report
  • 17. Patching *4/08 Symantec Internet Threat Report • 2,134 vulnerabilities in the second half of 2007.* – 73% were ―easily exploitable‖ • Patches close these vulnerabilities,
  • 18. 18 Patching/Updating Patching: • Fixes ―vulnerabilities‖ in software You need to: • Turn on auto-updating (Windows, Mac OS X) • Check regularly for application updates (Adobe, Microsoft Office, etc.)
  • 19. Anti-Virus Software • Use an anti-virus software such as McAfee, Norton, Avast, AVG, etc. • Check with your ISP. They may provide security software, including anti-virus.
  • 20. What Anti-Virus Protects Against • Viruses – Self-replicating software that attaches itself to other programs and files – Moves from program to program, replacing each one with an infected version • Worms – Self-replicating software that does not need to attach itself to other programs and files – Moves from computer to computer over a network, searching for vulnerable hosts • Trojans – Software that appears to be something harmless (like a game or screen saver), but actually contains malicious code
  • 21. 21 Firewalls Firewalls • Monitor and protect network ports • Prevent unauthorized connections You must use a firewall • Windows XP and Mac OS built-in firewalls • Third-party products Graphic of fire. Retrieved 18 July 2007. http://www.adrenalin.bc.ca/lazer/pix/firewall_2.jpg
  • 22. Choosing a Firewall • Windows XP Firewall – Default with SP2 – Does not block outgoing connections • ZoneAlarm Personal Firewall – A little more sophisticated – Free license for personal use only • Router/Wireless Router – Does not block outgoing connections – Must change wireless router settings to make it secure
  • 23. 23 Anti-Spyware Spyware is: ―tracking software deployed without adequate notice, consent or control for the user.‖ You need to: • Update and scan weekly – Automatic-updating and scheduling • Use multiple programs – http://security.rit.edu/students.html Computer ‘Spy’. Retrieved 18 July 2007. http://www.afcea.org/signal/articles/articlefiles/248- HSK_Spyware_computer-spy.jpg
  • 24. 24 How do You Get Spyware? • Browser Vulnerabilities – Links to malicious sites – Following common search terms • Bundled with software • Malware – Disguised as anti-spyware programs or other popular freeware Stressed woman photo. Retrieved 18 July 2007. http://www.computermediconcall.com/images/computer-frustration.jpg
  • 25. Limited User Accounts Administrative/root user accounts • Unnecessary level of access Limited user accounts can prevent: • Many types of malware and spyware/adware • Configuration changes – Malicious or accidental 25 Recommended
  • 26. 26 Physical Protection • Never leave your computer or mobile device unattended • Lock or log out – Set a screensaver password • Don’t let others use without supervision – Know what devices are registered to your name Computer protection image. Retrieved 18 July 2007. http://www.allsquareinc.com/downloads/Love%20My%20Computer.jpg
  • 27. 27 Know Your Computer! Has your computer been acting different than usual? • Run anti-virus and antispyware • Ask for help
  • 29. Identity Theft • What’s the problem with this picture? 29
  • 30. 30 Phishing • Purpose – ―verify/confirm/authorize‖ account or personal information • Source – Appear to come from PayPal, banks, ISPs, IT departments, other official or authoritative sources • Tone – Appeals to fear, greed, urgency, sympathy
  • 31. 31 Targeted Phishing • Sent to a specific community • May include personal details • Appears official – Identical logos, graphics, layout, content, etc.
  • 32. 32 How to Spot and Avoid Phishing • Does it seem credible? – Misspellings, bad grammar, formatting errors • File attachments – Is it expected? If not, ignore it! • Never respond directly to e-mail requests for private information – Verify with company – Don’t click on links • Type in the web address as you normally would
  • 35. 35 Phishing Website Tricks • Similar names – www.eday.com, www.ebay-secure.com, www.paipall.com, www.yafoo.com • Use of @ in URLs – www.ebay.com/upd@aw-confirm.us/upd • Masked URLs – http://www.myspace.com/
  • 36. Solutions • Education and awareness – Because social engineering such as phishing relies on tricking consumers, awareness education is a key component in reducing consumer losses to phishing. – A number of government and private entities have created web sites designed to educate consumers about the threats of phishing. These sites include • FTC OnGuard Online. • Anti-Phishing Working Group • MillerSmiles 36
  • 37. Solutions • Safe computing practices provide a strong defense against phishing: – Never click on links directly from an email. – Use File/Properties to find out which website you are really on. – Look for the proper symbol to indicate you’re on a secure web site. • Secure web sites use a technique called SSL (Secure Socket Layer) that ensures the connection between you and the web site is private. • This is indicated by “https://” instead of “http://” at the beginning of the address AND by a padlock icon which must be found either at the right end of the address bar or in the bottom right-hand corner of your browser window. • A padlock appearing anywhere else on the page does not represent a secure site. 37
  • 38. Solutions • Software – Although avoiding phishing attempts is typically a matter of following safe practices, there are a number of browser helpers available to help warn you of suspicious web sites. – Browser helpers normally work as another toolbar in your browser. Use one or more for your protection. – Internet Explorer 8 and Firefox 3 also provide limited protection by denying access to many known phishing sites. – Spam filters may also intercept many phishing attempts. 38
  • 39. Browser extensions • Netcraft Anti-Phishing toolbar (for IE & FF) • Firefox extensions – Adblock – Noscript (only trusted domains) 39
  • 40. Netcraft http://toolbar.netcraft.com/ • Giant neighborhood watch scheme – Blocks reported URLs, it is blocked for community members as they subsequently access the URL. – Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner. • The toolbar also: – Traps suspicious URLs containing characters which have no common purpose other than to deceive. – Enforces display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls. – Clearly displays sites' hosting location, including country, helping you to evaluate fraudulent URLs (e.g. the real citibank.com or barclays.co.uk sites are unlikely to be hosted in the former Soviet Union). 40
  • 41. 41
  • 42. 42 Other Phish/Scams • Disaster events – Hurricane Katrina – Va. Tech shootings • Celebrity/popular events – Michael Jackson funeral • Nigerian 419 Schemes (Advance Fee Fraud) – Mutually beneficial business transactions – Unclaimed funds – Craigslist – Lottery schemes
  • 43. 43 Student Identity Theft The 18-29 age group reports more identity theft than any other • Shred sensitive documents • Thieves want credit, not cash • Check your credit rating – www.ftc.gov/freereports – www.annualcreditreport.com • www.ed.gov/misused
  • 44. 44 If You Think You’re a Victim… Reporting identity theft: • Law enforcement • Your financial institutions • Credit bureaus • FTC Web site – www.idtheft.gov
  • 45. 45 Safer Social Networking Do you use any social networking or blogging websites such as Facebook or MySpace?
  • 46. 46 It’s Harmless, Right? What kinds of things do people typically post? • Class schedule • New cell phone number • Details of upcoming vacation • Complaints about a co-worker or manager • Story about last weekend’s party
  • 47. 47 Who Else Uses Social Networking? • Employers – Estimated that up to 75% of employers regularly ―google‖ or ―facebook‖ applicants • Identity Thieves – Names, birthdays, phone #’s, addresses, etc. • Online Predators – Schedules, whereabouts, weekend/vacation plans, etc. •Facebook Stalker (http://www.youtube.com/watch?v=wCh9bmg0zGg)
  • 48. 48 What You Post Can Be Used To… • Make judgments about your character • Impersonate you to financial institutions • Monitor what you do and where you go – Theft – Harassment – Assault
  • 49. 49 Not YourSpace Would I be comfortable if this were posted on a billboard? The Internet is public space! • Search results • Photo ―tagging‖
  • 50. 50 Use Social Networks Safely Do: • Make friends • Use privacy settings • Be conscious of the image you project Don’t: • Post personal information • Post schedules or whereabouts • Post inappropriate photos
  • 51. 51 Paranoia or Common Sense? Guard your personal information! – Even less sensitive information can be exploited by an attacker! – Don’t post it in public places – Know to whom you’re giving it • Watch out for Facebook Applications!! – A 2008 study found that 90.7% of apps had access to private user data (only 9.3% actually used the data) Macbook. Retrieved 18 July 2007. http://s7v1.scene7.com/is/image/JohnLewis/230407880?$product$
  • 52. Phishing on Social Network Sites http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf 52
  • 53. Is this really your friend? When ―friends‖ ask for money online • Do they speak/write like your friend? • Do they know any details about you or themselves that do NOT appear on Facebook profile pages? • Do they refuse other forms of help, phone call requests, etc.? Just because it is your friend’s account does not mean that it’s your friend! 53
  • 54. The First Line of Defense Stay alert—you will be the first to know if something goes wrong – Are you receiving odd communications from someone? – Is your computer sounding strange or slower than normal? – Has there been some kind of incident or warning in the news? Do something about it! – Run a scan – Ask for help
  • 55. For more information • Information Security web page http://security.rit.edu • RIT Information Security Facebook page • Staysafeonline.info
  • 56. Online Phishing Quiz • http://www.sonicwall.com/phishing/ 56