Security for the Home Computer User

Download Report

Transcript Security for the Home Computer User 

Home PC Security & Internet
Browser Tips
Todd W. Jorns
Senior Director for Educational Technology
Illinois Community College Board
Topics

User Accounts

Passwords

Windows Updates

Anti-Virus Software

Anti-Spyware Software

Email

Browsers
Logging On to Windows

Do not run Windows as an Administrator

Increases vulnerabilities
Trojan Horse: a program that does something
else than it appears to do
 May reformat your hard drive, delete files, create
another user with administrative control


Instead:

Create a User Account
Creating a User
Passwords
Pick a good password for all accounts—
it’s your first and sometimes only
defense
 Password dangers:

Cracking
 Social Engineering

Passwords: Good Characteristics

Length



Number of characters
Longer is better and harder to guess
Width


Types of characters
Should include at least three of





Uppercase letters
Lowercase letters
Numbers
Special characters (e.g. ? ! @ #)
Depth

Challenging meaning


Phonetic: Imukat2 for I’m a cat, too
Mnemonic: FM2tM for Fly Me to the Moon
Update Windows: Early & Often

Updates close known vulnerabilities that
are targeted by hackers

Options for updates:


Automatically download and install

Manually download and install
To configure:

Control Panel | System | Automatic Updates
Check Office Updates
MS makes updates available on its web
page
 Users should check here at least once
per month:


http://office.microsoft.com/en-us/officeupdate/default.aspx
Anti-Virus Software


A virus is:

Program or programming code that replicates;

Transmitted as attachments to an e-mail note or in
a downloaded file, or may be present on a diskette,
CD, or thumb drive.
A virus might:

Immediately affect you or lie dormant;

Be benign and playful or devastatingly harmful.
Anti-Virus Software: Key issues

Most AV software can be configured to
automatically update itself




Scan your computer automatically



Daily is best if possible
After expiration, no updates will occur
Why? New viruses every day!
Configure the software to run at a time when no one
will be on the computer
At least once a week
If you use IM, try to find software that
scans for IM viruses
Anti-Virus: Free software


Online:

Housecall - http://housecall.trendmicro.com/

Panda ActiveScan http://www.pandasoftware.com/activescan/
Downloadable:

AVG Free - http://free.grisoft.com/doc/2/lng/us/tpl/v5

avast! Home Edition http://www.avast.com/eng/down_home.html
Spyware: What is it?

Strictly defined, spyware consists of
computer software that gathers and
reports information about a computer
user without the user's knowledge or
consent.

From Wikipedia, the free encyclopedia
Spyware: Problems



Installs without user’s informed consent
Invades privacy and steals bandwidth
Often causes system instability




Crashes
Hanging
Slowing
May modify shared files



Causing other applications to fail
Making spyware difficult to remove
Interrupting Internet connectivity
Spyware: Remedies

Numerous Anti-spyware programs and
removal tools

Spybot Search and Destroy:


Adaware:


http://www.lavasoftusa.com/software/adaware/
MS Anti-Spyware:


http://www.safer-networking.org/en/index.html
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Various Anti-Virus programs
Spyware: Prevention

Spyblaster:

http://www.javacoolsoftware.com/spywareblaster.html

Disabling Active-X

Using only reputable sources for software

Updating Software to fix known
vulnerabilities

Windows operating systems

Browser software
E-mail

Most frequently used tool

One of the most vulnerable tools “out of
the box”

Issues

HTML

Attachments
E-mail: Attachments

Never open any unsolicited attachments
 Do not trust attachments from known
parties
 Scan all attachments



Executable code
Macros
Never open attachments that are programs
(.bat, .chm, .cmd, .com, .exe, .hta, .ocx, .pif,
.scr, .shs, .vbe, .vbs, or .wsf).
How to see file extensions

In ME, 2000, and XP:

Open My Computer

Choose Tools | Folder Options

Choose the View Tab

Uncheck: Hide file extensions for known file
types

Click OK
Email: Spam

Never respond to spam

Signals a “live” e-mail address

May be added to list and sold

Consequence: MORE spam!
E-mail: Phishing

The act of sending an e-mail to a user falsely
claiming to be an established legitimate
enterprise in an attempt to scam the user into
surrendering private information that will be
used for identify theft

Microsoft, your bank, AOL, PayPal will never
send you announcements about updates---and
neither will most businesses. If unsure, use
the telephone!
Web: The World Wide Web
World Wide Web brought color, pictures,
and motion to the Internet
 Browser: Software application used to
access the World Wide Web

Internet Explorer
 Firefox
 Opera


Popularity of WWW means that it’s a
favorite for malicious activities
Web: Making it safer

Consider disabling AutoComplete



anyone at your computer will be able to easily see
where you've been on the Web
worse yet, anyone at your computer will be able to
easily impersonate you at Web sites that require
you to input information
In IE



Select Tools and choose "Internet Options ..."
Click the "Advanced" tab.
Scroll down and uncheck the box next to "Use
inline AutoComplete for Web addresses".
Web: Signals of secure site

Look for a site that uses a secure
channel for transmission of credit card
information

Key clues:

https

Locked padlock
Test Browser Security

Jason’s Toolbox:

Online test of browser security

Leads you through each step

http://www.jasonstoolbox.com/BrowserSecurity/
The Internet: A huge network

When you connect to the Internet, your
computer is connected to all the other
computers---and the good and bad users
behind them

Understanding a little about that
communication will help you to understand
the need for something called a Firewall
IP Addresses


IP or Internet addresses are like addresses
for buildings

If you know the address of a building, you can
locate it and send it information

If you know the address for a computer, you can
send it information
Fortunately, we don’t have to remember the
numbers because of an Internet service
called Domain Name System which
translates for us!
Firewalls: Filters for packets

A firewall is a piece of software or
hardware, which stands between two
networks or computers and controls access
between them

Controls the traffic flow in and out of
networks or computers based on IP
Addresses and Port numbers
Router (Hardware )

Hides your computer from the Internet

Internet address is given to your router

Computer receives a private Internet address

The harder you are to find, the harder it will be for
someone—or something—to hurt you!

A must for broadband (cable/dsl) Internet
connections

Key: Change the default password!
Personal Firewalls (software)

Watches information going in and out of the
computer – but you decide

Will allow you to monitor programs


Allow only programs of which you are sure

Watch for outgoing programs (e.g.,spyware)
Know how to shutdown Internet
connectivity
Personal Firewalls - Software

Zone Alarm


http://www.zonelabs.com/store/content/company/pr
oducts/znalm/freeDownload.jsp
Sygate Personal Firewall

http://smb.sygate.com/products/spf_standard.htm
Test Your System

HackerWacker:


http://hackerwhacker.com:4000/freetools.php
ShieldsUp:

http://www.grc.com/default.htm
Online Resource

www.iccb.org/pchelp
Questions
Todd W. Jorns
(217) 785-0144
[email protected]