Transcript E-Chalkboard

Home PC Security
What PC Users and Law
Enforcement Should Know
Printing with “Notes” enabled with provide a script for each slide
Bob Samson
11/20/2004
What is the Problem?
Hardware architecture of a PC
 Complexity of computer software
 Anonymity of the Internet
 High speed connections
 Dial up connections
 Wireless connections

Hardware Architecture of a PC


There are 65,535 open ports on every Intel-based PC
Only a few ports are probably necessary for the average home user






Port 25 – SMTP Simple Mail Transport Protocol is used for sending email
Port 53 – DNS Domain Name Server translates URLs into IP Addresses
Port 67/68 - When an ISP uses DHCP (Dynamic Host Configuration
Protocol) to assign IP addresses when you logon
Port 80 - Your main Internet Connection
Port 110 – POP3 Post Office Protocol version 3 for retrieving email
Games, the use of instant messaging, or other business uses all may
add a few additional ports to this list
Complexity of Computer Software




Windows has about 40 million lines of code (instructions)
By the year 2010, Windows is projected to grow to 100 million lines
of code
A Carnegie Mellon University study found that a programmer makes
an error every 1,000 lines of code.
That means just in Windows, there are probably 40,000 errors. If
you consider all of the other application software that runs on the
average PC, there are hundreds of thousands of errors that can be
exploited by computer hackers so that they can gain entry into your
computer
Anonymity of the Internet
When you are connected to the Internet, you are only known by a
numeric Internet Protocol address
 IP Addresses are not a reliable source of identification (they can
easily be changed)
 There is no way to identify a physical location from an IP address
 Since the Internet is a network of millions of interconnected
computers, it is easy to hide one’s “trail” behind the numerous points
of interconnection
 There are three sources of hackers: geeks; socially deprived
intellects; terrorists - all pose a threat

High Speed Connections
DSL and cable connections pose a greater risk than telephone
modems because they process data more quickly
 Without a firewall, anyone in the world can gain access to your
computer [easily!]
 If you have more than one computer and share files between them,
every file may also shared with the world unless you have a firewall
 Peer-to-Peer programs like Kazaa, Gnutella used to swap music files
can share more than you intended such as password files
 Leave your computer open to the world wide web, add a few web
pages to your files and you can easily find your private files indexed
and accessible through search engines such as Google

Dial Up Connections


Dial up connections or modems have risks
associated with them
Risks include the hijacking of one’s telephone
for generating bogus long distance charges


Be thoroughly familiar with spyware and how to
avoid it
Never leave your PC on unattended while
connected to your modem
Wireless Connections


If you can connect without a wire, your neighbor’s high school
computer wizard can also connect to your computer and your
Internet connection
A wireless network must have:




Encryption of the signal/connection
Data encryption may also be required for additional protection
Strong log in and password rules for your computer are a must
Don’t let children use the wireless feature to hide and connect to
the Internet - use it to keep them in the accompaniment of an adult
What you risk when connected
Personal Information
 Reputation
 Financial resources (Identity Theft)

Personal Information





Surfing habits can be tracked so a profile of your interests
developed for marketing purposes
Your address book and the email addresses of all your friends can
be copied
Financial information like bank records, tax records, social security
numbers, etc. can be stolen
Information can be corrupted or deleted by a virus
Read those Privacy Policies - you could be giving up your personal
information
Reputation


Your computer can be used to send Spam email without your
knowledge
Your address book containing all of your contacts can be emailed
pornographic content
Financial Resources




$53 billion dollars was lost in 2003 through identity theft
27.3 million Americans in the last 5 years reported that personal
information was stolen [Identity Theft]
The cost to victims for recovery of their good name in 2003 was $5
million
In the last year, nearly 2 million Americans had their checking
accounts raided by criminals
No One is Safe
Even the unborn and the dead can be victims of identity theft
What can you do?
Use anti-virus software
 Use a firewall
 Learn about patch management
 Change your behavior
 Be careful with online purchases

Anti-virus Software



Purchase an anti-virus application to protect your computer
Update frequently - better yet, use anti-virus software that will
update automatically
Stay alert to virus trends - the media is an excellent source of
pending attacks
Use a Firewall




At a minimum, use a software firewall (port blocker)
Use a hardware firewall if you connect to the Internet via a cable
modem or DSL
Both a software and hardware firewall together offer the best
protection
Block as many ports as you can - this may mean that you cannot
play some Internet Games
Learn About Patch Management




Patch management means updating software frequently with the
changes that manufactures add to improve security
Software updates are usually free
 Microsoft provides automatic updates as a service to their
customers
If you are using Windows 95 or older, stop and upgrade - the older
versions are no longer supported and leave you vulnerable
If you have to re-install software for any reason, you must update it
again because the patches will be missing
Change Your Behavior





Don’t use illegal copies of software - it can be loaded with viruses
and spyware and besides it is wrong to steal!
Don’t surf questionable web sites - Pornographic sites are one of
the biggest sources for web bugs and spyware
Update your software frequently (patch management)
Never send credit card data in an email - Emails should always be
considered unsecured
Don’t open email attachments without understanding that these are
the largest cause of viruses - Even opening an attachment from a
trusted email address is not safe (your friend could have been
infected and had their address book stolen)
Dangerous Email Extensions




















ADE Microsoft Access Project Extension
MDB Microsoft Access Application
ADP Microsoft Access Project
MDE Microsoft Access
MDE Database
BAS Visual Basic® Class Module
MSC Microsoft Common Console Document
BAT Batch File MSI Windows Installer Package
CHM Compiled
HTML Help File
MSP Windows Installer Patch
CMD Windows NT® Command Script
MST Visual Test Source File
COM MS-DOS® Application
PCD Photo CD Image
CPL Control Panel Extension
PIF Shortcut to MS-DOS Program
CRT Security Certificate
REG Registration Entries
EXE Application



















SCR Screen Saver
HLP Windows® Help File
SCT Windows Script Component
HTA HTML Applications
SHS Shell Scrap Object
INF Setup Information File
URL Internet Shortcut (Uniform Resource
Locator)
INS Internet Communication Settings
VB VBScript File
ISP Internet Communication Settings
VBE VBScript Encoded Script File
JS JScript® File
VBS VBScript Script File
JSE JScript Encoded Script File
WSC Windows Script Component
LNK Shortcut
WSF Windows Script File
WSH Windows Scripting Host Settings File
ZIP Compressed File Format
Watch Out for Phishing

Emails from legitimate companies are copied to trick consumers into
providing confidential information






Passwords
Credit card numbers and expiration dates
Banking account numbers
Even experts cannot tell by looking at the messages or the web site
that you are directed to that this message is a forgery
Understand that no legitimate company ever asks you to validate
personal information via an email in this way
Never respond, even if you do business with the company. If you
are concerned, call them first!
Do Not Join Social Networks




“Social Networks” are services joined to help you
remember addresses and phone numbers
Some companies are Plaxo, Friendster, Tickle and
others
You risk your personal information, privacy and the
information contained in your own computer’s
address book
Remember, joining free services will expose your
information and possibly the information stored on
your computer to misuse and theft
Change Your Behavior






continued
Make backups of important information stored on your computer
Don’t download browser add-ons and other software from unknown
sources - this is an easy way to give your personal information to
anyone through spyware or adware
Set your browser’s security and privacy settings to protect you from
3rd party cookies - these are used to track you
Be careful of HTML email - it can contain web bugs and spyware
Learn how to identify a “secured” web page - Never send your
personal information over an unsecured web page
AND… Don’t click on “Unsubscribe” links
Change Your Behavior



Disable Java and ActiveX in your browser - These can be used to
steal information from your computer
For Windows XP users, don’t log in with ADMINISTRATIVE
RIGHTS
Use complex passwords created from phrases



continued
Example: MwaiJ10 (My wedding anniversary is June 10th)
Example: Gmlogmd1775 (Give me liberty or give me death 1775)
Learn how to tell if a web page is secure
What About SPAM?


Two Thirds of all email is SPAM
One of the largest sources of SPAM is infected home
computers


Beware of spyware/adware and Trojan programs




Trojan programs hijacking computers to send others SPAM
(zombies)
Disguised as free programs, they track your surfing activities
Don’t use music download sites like KaZaA, GrokSter, Imesh
Free Screen Savers are a source of spyware
If your computer becomes infected, your Internet Service
Provider may turn off your email capability until you fix it
Be Smart About Online Purchases

Selling or purchasing online through groups like eBay carry risks
 40% of all credit card fraud is committed by criminals overseas
 The top five offending countries are:








Yugoslavia
Nigeria
Romania
Pakistan
Indonesia
Many con artists hide the real country of origin
Use protection services
Never pay with a check card or debit card - only true credit cards
with online protection
Where to go for help




Your local computer store
Microsoft’s web site
A knowledgeable and trusted friend
Community Services




Senior community centers
Community college classes
State and Federal fraud assistance web sites
Your local police department (when you suspect that a crime has
been committed)
Remember
If you don’t bother to protect
your computer, your privacy and
your information, you are a victim
just waiting for the crime to
happen.