Академический Документы
Профессиональный Документы
Культура Документы
Email allowed for spread of virus SPAM lured people Worms are able to spread themselves Trojans bring in malicious payload Malware infected websites installing programs on PC Zero-Day attacks Key Loggers Root Kits Phishing and Whaling Encrypted payloads that are polymorphic
I am Running a Firewall
So how come someone can send you an Instant
Message? How can someone SKYPE you? How can you connect to you computer running Go To My PC? Did you configure your Firewall or just plug and play? Anyone use BitTorent (aka backdoor)? Dont you think Google runs a firewall?
How about TJ Max, NASA?
malicious patches that were automatically propagated to clients all over the world Apple does not sign ANY updates Ubuntu has patches as often or more than Microsoft Apples browser is one of the weakest Apple and Linux users dont need antivirus
Soft Target
Passwords are usually not strong SSID broadcast does not matter Hotel WiFi easy to intercept Neighbors can see what you surf, read your emails Starbucks, McDonalds, Panera Bread, Hotels = YIKES!
Someone is Watching
Keep the computer clean, be a minimalist Patching Antivirus Email Passwords Firewall/filtering Setup Secure WiFi Backups Advanced or Radical Changes Other good ideas
http://download.cnet.com/Malwarebytes-Anti-Malware/30008022_4-10804572.html
Spybot Search and Destroy good for immunizing your PC http://www.safer-networking.org/en/home/index.html Ccleaner removes remnants of uninstalled programs and
http://www.ccleaner.com/
time
Printer software
GotoMyPC Firefox
Chrome
BitTorrent Acrobat Windows Update Opera VNC Router
Antivirus
Though its effectiveness has diminished over the years,
The popular vendors are not always the best Checkout www.av-test.org You dont need to pay for it Microsoft Security Essentials Avast Antivirus AVG
Antivirus (cont)
Watch out for free flash drives, scan them!
Enable SMTP or IMAP scan if you use mail client Scheduled Scans are required Run On-Access scans Yes there is a performance hit Update everyday as often as possible Do you need antispyware, antiphishing,
antibacterial???
It does not hurt, but stay tuned..
Email
Not all email uses encryption, watch out for HTTPSHTTP switch Gmail accounts are free Setup your own domain for you and your family Get two of them Bus-name@gmail.com Per-name@gmail.com Dedicate one to family, friends Check this out emails Dedicate the other to Business, dont give this one out Bank, Online Trading, Shopping This can help with phishing attacks; SPAM Watch out for unsubscribe May want a third for subscribing to sites
Email (cont)
Gmail www.gmail.com tracks your email content Big Brother Gmail anonymizes you and the sender, be careful Great SPAM and AV protection in Gmail If you ever leave your ISP, your email stays the same Uses HTTPS at all times Treat email like your home, you dont recognize it, DONT
LET IT IN!!! Your bank will NEVER use email for personal info Phishing, Spamming, Whaling, very sophisticated
Spoofing makes this very dangerous
Passwords
Passwords need to be strong Usually means hard to remember Every account should have a unique password Banks, Email, Amazon, Instant Messenger.. NEVER click Remember my password Trivial to steal if you are compromised Use a password manager http://KeePass.info Auto generate passwords for you Complex password One password unlocks all of them Cut and Paste Encrypted storage On-screen keyboard ideal for typing Master Password
Password Manager
Passwords (cont)
Banks are using RSA Two Factor
http://www.nytimes.com/2004/12/24/technology/24online.html?_r=1&pagewanted=
2&oref=login
Online Games are using Two Factor World of Warcraft Credit Cards are offering one time numbers
http://www.creditcards.com/credit-card-news/online-payment-with-virtual-
account-numbers-1273.php
Firewalls
Dont confuse NAT with Firewall functionality Run both a software and hardware based firewall Software firewall imperative if you travel or use public WiFi Windows Vista or higher firewall pretty good Zone Alarm free www.zonealarm.com/security/en-us/zonealarm-pc-securityfree-firewall.htm Software based You need a firewall that warns/tells you when OUTBOUND connections are taking place ALWAYS have a router/firewall between your home
Linksys BEFSX41
Netgear Prosafe
Firewalls (cont)
Use a complex password to manage Always use HTTPS to manage hardware device Do not allow WiFi clients to access Firewall Dont use port forwarding if you can help it
If you need remote access use Logmein and Phone Factor If you are a gamer, then learn DD-WRT and isolate system or
Want a real firewall for free? Very Powerful close to what is used in the enterprise
Filtering
DNS is the Achilles Heal DNSsec is gaining support Time Warner and Host Servers setting up as we speak Use OpenDNS www.opendns.com Free reliable DNS Can provide filtering to reduce the chance of your machine from going to bad sites Good approach to keep your kids from wandering off the reservation Block known sites that are known attack vectors Setup the IP address of OpenDNS in your router
Filtering (cont)
Your browser can provide filtering
Internet Explorer SmartScreen Filter Good filter to prevent you from going to malicious site Dynamically updated Checked in realtime Firefox has filters Updated almost 48xs per day Can check legitimacy of website
Secure WiFi
The bottom line if WiFi is dangerous in public Trivial to use as a method of penetration Secure it WPA2 AES with PSK (Pre-Shared Key)
Setup Infrastructure mode only Change the default SSID!!!! Change the Admin password Setup MAC Filtering Disable wireless to wireless communication use wired NAS to share files Disable SSID Beaconing/Broadcast Let the password generator create your PSK Reduce Power Output if you have that option
Backups
When things go south, you want to protect your data Perform regular backups USB Hard Drive or DVDs Use online backup service to do it for you Mozy or iDrive are my favorites
www.mozy.com www.idrive.com
Encrypted backups and very affordable Automated, no need to remember to do it Can backup your Blackberry, Android and iPhone Can perform alternate restores if needed
Radical Approach
There is another way if you choose to accept your
mission May not cost you money or very little if it does What if I told you that recent advances in science have shown a new method that can save you money, time and may improve your quality of life You are right, there is no such thing! But lets take a look at what we can do.
www.vmware.com/products/server/
Ubuntu Linux is FREE www.ubuntu.com/getubuntu/download Surprisingly easy to use to surf the web Firefox only no Internet Explorer Takes very little resources to run Microsoft Virtual PC is FREE www.microsoft.com/downloads/details.aspx?FamilyId=04D264023199-48A3-AFA2-2DC0B40A73B6&displaylang=en But Windows software is not free If you bought Windows 7 Pro you are covered
machine gets infectedfor now Only use your physical machine to logon to sites where personal data or financial transactions are taking place The Virtual Machine is just a single file
Copy this file, and restore it from time to time if you think your VM has been infected Brand new PC/load in under 30 seconds
This approach can protect your Host PC from Zero-Day attacks You current PC should be able to run Virtual Computer
Alternate Approach
Check craigslist and buy a cheap laptop Heck, new ones can be bought for $300.00 Make a rule in the house, the laptop is the High
Security Zone
banking
Insurance Business email
Shopping
keep in mind
Get a paper shredder for your home
Always wipe your hard drive before selling or throwing out your PC
Encrypt your Flash drive (Free) or buy Iron Key Password protect the BIOS of your laptop and disable boot from
USB and CD Encrypt laptop hard drive with trucrypt If the HTTPS certificate does not match DO NOT USE IT!!!!
Questions.