8/20/2019 T20WC2016

1/24

 

Security

Chapter 12

8/20/2019 T20WC2016

2/24

  2

What Should I Ask Santa

Claus For? e-mail spoofing: fraudulent e-mail activity inwhich the sender address and other parts of

the e-mail header are altered to appear as

though the e-mail originated from a differentsource

8/20/2019 T20WC2016

3/24

  3

Phishing

phishing: scam by

which an e-mail user is

duped into revealing

sensitive informationsuch as passwords and

credit card details

Link might go to another

website (links are easy to

spoof); hover mouse over

links to see where they lead

8/20/2019 T20WC2016

4/24

  4

What Can Be Done About

Phishing? Never respond to requests for personal informationlike passwords via e-mail (or phone!" #egitimate businesses do not request such information this

way"

$isit web sites of companies with which you have

business by manually typing the company %"

'o not click on links in unepected e-mails because theycan be spoofed"

 )long the same lines* do not call phone numbers found in

those e-mails"

8/20/2019 T20WC2016

5/24

  5

What Can Be Done About

Phishing? +e leery of %s that do not have the companyname directly before the top-level domain" ,or eample* bankofamerica"com is the correct %*

bankofamerica"pp"com is questionable"

&outinely review your credit card and bankstatements for unusual activity" http:annualcreditreport"com

.&ecogni/ing 0hishing cams and ,raudulent oa3mail. http:www"microsoft"comprotectyourself

phishingidentify"msp

http://annualcreditreport.com/http://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://www.microsoft.com/protect/yourself/phishing/identify.mspxhttp://annualcreditreport.com/

8/20/2019 T20WC2016

6/24

  6

How Oten Should !ou Change !our Passwords? https:uwnetid"washington"edumanage

Can4t an attacker (perhaps using a computer

program! keep guessing passwords5 Computer systems usually impose a time-out of several

seconds after a number (e"g" three! failed attempts"

.6op 17 8ost Common 0asswords. http:modernl"comarticletop-17-most-common-passwords

8/20/2019 T20WC2016

7/24

  7

Social "ngineering

social engineering: the act of manipulating

people into performing actions or divulging

confidential information

8/20/2019 T20WC2016

8/24

  8

Password Insecurity

ource: .0alin 3-8ail acker ays 9t as 3asy. http:blog"wired"com2;bstrokepalin-e-mail-

ha"html

.)s detailed in the postings* the 0alin hack didn4trequire any real skill" 9nstead* the hacker simplyreset 0alin4s password using her birthdate* ?90 codeand information about where she met her spouse --

the security question on her @ahoo account* whichwas answered (asilla igh! by a simple Aooglesearch".

8/20/2019 T20WC2016

9/24

  9

#alware

malware (malicious software!: softwaredesigned to infiltrate or damage a computersystem without the owner4s informed consent

computer virus: catch-all phrase to includeall types of malware* including true viruses

Bther terms for baddies: troan horse* worm*adware* spyware

8/20/2019 T20WC2016

10/24

  10

How #alware S$reads

ome malware can be secretly installed ust

by visiting infected web sites"

Bthers require human intervention to

propagate (e"g" clicking on an e-mail

attachment or installing infected software!

8/20/2019 T20WC2016

11/24

  11

How #alware S$reads

%+ drives can be carriersof computer viruses"

indow that pops up whenyou insert an infected %+drive looks similar to thatwhen inserting a clean %+drive" Clicking icon infects the

computer" 6o prevent further infection*

click the D on the top right" owever clean drives can

still be infected ust by usingthe %+ drive with aninfected computer"

8/20/2019 T20WC2016

12/24

  12

What%s &he Worst &hat CouldHa$$en? keylogger : software that can capture and record

user keystrokes

backdoor : hidden method for bypassing normalcomputer authentication systems

zombie: computer attached to the 9nternet that has

been compromised

denial-of-service attack (DoS attack!: attempt tomake a computer resource unavailable

8/20/2019 T20WC2016

13/24

  13

Pre'entati'e &i$s

how hidden files" 9f you do not know what afile is for* look it up on the web" http:www"microsoft"comwindowspusinghelpan

dsupportlearnmoretipshiddenfiles"msp

'o not open unepected e-mail attachments"

+e wary of pop-up windows that ask you toinstall something (like anti-virus software! ifyou are ust surfing the web"

8/20/2019 T20WC2016

14/24

  14

Pre'entati'e &i$s

Eeep your system up-to-date" Newer

systems automatically update" $erify that your computer automatically updates or

make sure to manually update every so often" http:windowsupdate"microsoft"com

9f you must use 93* use the latest version"

8/20/2019 T20WC2016

15/24

  15

(seul Sotware) Firewall

firewall: software which inspects network

traffic passing through it* and denies or

permits passage based on a set of rules 8ost systems have firewalls installed"

8/20/2019 T20WC2016

16/24

  16

(seul Sotware

.0rotecting your computer from viruses. http:www"washington"educomputingvirus"html

Contains link to anti-virus software for both 8ac

and indows

 )dditional indows oftware

 )d-)ware pybot F earch G 'estroy

 )$A )nti-$irus

8/20/2019 T20WC2016

17/24

  17

 An Ongoing Battle*

8/20/2019 T20WC2016

18/24

  18

Cleaning +iruses

 )nti-virus software is only good if you keep it up-to-date" New viruses are coming out all the time"

9n certain cases* you may have to clean a virusmanually" 6ry to find respectable directions on the web" 6he process

can be very tedious"

Computer $et http:www"washington"educomputingcomputervet

8/20/2019 T20WC2016

19/24

  19

For !our Security

'on4t save important passwords in your

browser" hat if someone steals your computer5

8/20/2019 T20WC2016

20/24

  20

Secure Protocols

yperte!t "ransfer

#rotocol Secure 

(""#S!: combination

of 660 and a network

security protocol % begins with https:

lock indicates

secure website

notice the $s$

8/20/2019 T20WC2016

21/24

  21

S$a,-

spam: unsolicited or undesired electronic

messages %sually sent by /ombie computers"

8/20/2019 T20WC2016

22/24

  22

Is Anyone Du,b "nough &o.es$ond &o S$a,? Bne study showed that the hit rate for

pharmaceutical spam is about 1 in 12 million"

ource: .pamalytics: )n 3mpirical )nalysis

of pam 8arketing Conversion. http:www"icsi"berkeley"edupubsnetworking277=

-ccs-spamalytics"pdf  pam 6argets: HI;*J>7*H=>

%ser Conversions: 2= (7"77777=1K!

http://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdfhttp://www.icsi.berkeley.edu/pubs/networking/2008-ccs-spamalytics.pdf

8/20/2019 T20WC2016

23/24

  23

Pre'enting S$a,

%"%&: %ompletely

&utomated #ublic

"uring test to tell

%omputers and

umans &part

8/20/2019 T20WC2016

24/24

24

"/,ail

ome e-mail programs do not show certain

images in the e-mail unless you press

another button" hy5

6his concern images that have to be downloadedfrom another source (vs" ust being attached to the

e-mail!"

,etching images can alert the sender that the e-

mail address is valid" o what5 pammers love valid e-mail addresses