T20WC2016
-
Upload
tania-agni -
Category
Documents
-
view
214 -
download
0
Transcript of T20WC2016
-
8/20/2019 T20WC2016
1/24
Security
Chapter 12
-
8/20/2019 T20WC2016
2/24
2
What Should I Ask Santa
Claus For? e-mail spoofing: fraudulent e-mail activity inwhich the sender address and other parts of
the e-mail header are altered to appear as
though the e-mail originated from a differentsource
-
8/20/2019 T20WC2016
3/24
3
Phishing
phishing: scam by
which an e-mail user is
duped into revealing
sensitive informationsuch as passwords and
credit card details
Link might go to another
website (links are easy to
spoof); hover mouse over
links to see where they lead
-
8/20/2019 T20WC2016
4/24
4
What Can Be Done About
Phishing? Never respond to requests for personal informationlike passwords via e-mail (or phone!" #egitimate businesses do not request such information this
way"
$isit web sites of companies with which you have
business by manually typing the company %"
'o not click on links in unepected e-mails because theycan be spoofed"
)long the same lines* do not call phone numbers found in
those e-mails"
-
8/20/2019 T20WC2016
5/24
5
What Can Be Done About
Phishing? +e leery of %s that do not have the companyname directly before the top-level domain" ,or eample* bankofamerica"com is the correct %*
bankofamerica"pp"com is questionable"
&outinely review your credit card and bankstatements for unusual activity" http:annualcreditreport"com
.&ecogni/ing 0hishing cams and ,raudulent oa3mail. http:www"microsoft"comprotectyourself
phishingidentify"msp
http://annualcreditreport.com/http://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://annualcreditreport.com/
-
8/20/2019 T20WC2016
6/24
6
How Oten Should !ou Change !our Passwords? https:uwnetid"washington"edumanage
Can4t an attacker (perhaps using a computer
program! keep guessing passwords5 Computer systems usually impose a time-out of several
seconds after a number (e"g" three! failed attempts"
.6op 17 8ost Common 0asswords. http:modernl"comarticletop-17-most-common-passwords
-
8/20/2019 T20WC2016
7/24
7
Social "ngineering
social engineering: the act of manipulating
people into performing actions or divulging
confidential information
-
8/20/2019 T20WC2016
8/24
8
Password Insecurity
ource: .0alin 3-8ail acker ays 9t as 3asy. http:blog"wired"com2;bstrokepalin-e-mail-
ha"html
.)s detailed in the postings* the 0alin hack didn4trequire any real skill" 9nstead* the hacker simplyreset 0alin4s password using her birthdate* ?90 codeand information about where she met her spouse --
the security question on her @ahoo account* whichwas answered (asilla igh! by a simple Aooglesearch".
-
8/20/2019 T20WC2016
9/24
9
#alware
malware (malicious software!: softwaredesigned to infiltrate or damage a computersystem without the owner4s informed consent
computer virus: catch-all phrase to includeall types of malware* including true viruses
Bther terms for baddies: troan horse* worm*adware* spyware
-
8/20/2019 T20WC2016
10/24
10
How #alware S$reads
ome malware can be secretly installed ust
by visiting infected web sites"
Bthers require human intervention to
propagate (e"g" clicking on an e-mail
attachment or installing infected software!
-
8/20/2019 T20WC2016
11/24
11
How #alware S$reads
%+ drives can be carriersof computer viruses"
indow that pops up whenyou insert an infected %+drive looks similar to thatwhen inserting a clean %+drive" Clicking icon infects the
computer" 6o prevent further infection*
click the D on the top right" owever clean drives can
still be infected ust by usingthe %+ drive with aninfected computer"
-
8/20/2019 T20WC2016
12/24
12
What%s &he Worst &hat CouldHa$$en? keylogger : software that can capture and record
user keystrokes
backdoor : hidden method for bypassing normalcomputer authentication systems
zombie: computer attached to the 9nternet that has
been compromised
denial-of-service attack (DoS attack!: attempt tomake a computer resource unavailable
-
8/20/2019 T20WC2016
13/24
13
Pre'entati'e &i$s
how hidden files" 9f you do not know what afile is for* look it up on the web" http:www"microsoft"comwindowspusinghelpan
dsupportlearnmoretipshiddenfiles"msp
'o not open unepected e-mail attachments"
+e wary of pop-up windows that ask you toinstall something (like anti-virus software! ifyou are ust surfing the web"
-
8/20/2019 T20WC2016
14/24
14
Pre'entati'e &i$s
Eeep your system up-to-date" Newer
systems automatically update" $erify that your computer automatically updates or
make sure to manually update every so often" http:windowsupdate"microsoft"com
9f you must use 93* use the latest version"
-
8/20/2019 T20WC2016
15/24
15
(seul Sotware) Firewall
firewall: software which inspects network
traffic passing through it* and denies or
permits passage based on a set of rules 8ost systems have firewalls installed"
-
8/20/2019 T20WC2016
16/24
16
(seul Sotware
.0rotecting your computer from viruses. http:www"washington"educomputingvirus"html
Contains link to anti-virus software for both 8ac
and indows
)dditional indows oftware
)d-)ware pybot F earch G 'estroy
)$A )nti-$irus
-
8/20/2019 T20WC2016
17/24
17
An Ongoing Battle*
-
8/20/2019 T20WC2016
18/24
18
Cleaning +iruses
)nti-virus software is only good if you keep it up-to-date" New viruses are coming out all the time"
9n certain cases* you may have to clean a virusmanually" 6ry to find respectable directions on the web" 6he process
can be very tedious"
Computer $et http:www"washington"educomputingcomputervet
-
8/20/2019 T20WC2016
19/24
19
For !our Security
'on4t save important passwords in your
browser" hat if someone steals your computer5
-
8/20/2019 T20WC2016
20/24
20
Secure Protocols
yperte!t "ransfer
#rotocol Secure
(""#S!: combination
of 660 and a network
security protocol % begins with https:
lock indicates
secure website
notice the $s$
-
8/20/2019 T20WC2016
21/24
21
S$a,-
spam: unsolicited or undesired electronic
messages %sually sent by /ombie computers"
-
8/20/2019 T20WC2016
22/24
22
Is Anyone Du,b "nough &o.es$ond &o S$a,? Bne study showed that the hit rate for
pharmaceutical spam is about 1 in 12 million"
ource: .pamalytics: )n 3mpirical )nalysis
of pam 8arketing Conversion. http:www"icsi"berkeley"edupubsnetworking277=
-ccs-spamalytics"pdf pam 6argets: HI;*J>7*H=>
%ser Conversions: 2= (7"77777=1K!
http://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdf
-
8/20/2019 T20WC2016
23/24
23
Pre'enting S$a,
%"%&: %ompletely
&utomated #ublic
"uring test to tell
%omputers and
umans &part
-
8/20/2019 T20WC2016
24/24
24
"/,ail
ome e-mail programs do not show certain
images in the e-mail unless you press
another button" hy5
6his concern images that have to be downloadedfrom another source (vs" ust being attached to the
e-mail!"
,etching images can alert the sender that the e-
mail address is valid" o what5 pammers love valid e-mail addresses