190 likes | 504 Views
CIT 380: Securing Computer Systems. PC Security. Encrypt Sensitive Files. Windows XP Encrypting File System (EFS) for encrypting files GnuPG for encrypting files and email messages. Windows XP Encrypting File System (EFS). EFS is not available with XP Home Edition
E N D
CIT 380: Securing Computer Systems PC Security CIT 380: Securing Computer Systems
Encrypt Sensitive Files • Windows XP Encrypting File System (EFS) for encrypting files • GnuPG for encrypting files and email messages CIT 380: Securing Computer Systems
Windows XP Encrypting File System (EFS) • EFS is not available with XP Home Edition • Reference: Microsoft Windows XP Inside Out – Chapter 14 • Right Click in Windows Explorer on the folder • Choose Properties | General Tab | Advanced Button | Encrypt contents to secure data CIT 380: Securing Computer Systems
Windows XP Encrypting File System (EFS) • File names are green in Window Explorer CIT 380: Securing Computer Systems
truecrypt • Encase, computer forensic tool, can break EFS • Free open source - http://www.truecrypt.org/ • http://www.truecrypt.org/docs/ • Beginner’s tutorial • Plausible Deniability – Hidden Volume CIT 380: Securing Computer Systems
GnuPG • GnuPG is an open-source encryption tool for Windows and Linux • Complete and free replacement for PGP (www.gnupg.org) • http://wolfram.org/writing/howto/gpg.html • (CD: gpg.html) • Install Windows Privacy Tray (WinPT) CIT 380: Securing Computer Systems
Enigmail • Install Thunderbird mail client from www.mozilla.org • Download Enigmail extension from www.mozilla.org • Add a menu item to encrypt and decrypt email using GnuPG CIT 380: Securing Computer Systems
Backup your system regularly • “Hard Disk Quality and Reliability”, http://www.pcguide.com/ref/hdd/perf/qual/index.htm (see quotes from the article) • “While the technology that hard disks use is very advanced, and reliability today is much better than it has ever been before, the nature of hard drives is that every one will, some day, fail.” CIT 380: Securing Computer Systems
Backup your system regularly • “full recovery usually starts at a few hundred dollars and proceeds from there.” CIT 380: Securing Computer Systems
Ntbackup utility • Find ntbackup.exe • Start | Programs | Accessories | System Tools Or • C:\dell\Tech Tools\System Tools\ Backup Or • Run C:\WINDOWS\system32\ntbackup.exe • Run the Backup/Restore Wizard • Choose a place to save your backup • C:\temp\Backup • Creates a file Backup.bkf CIT 380: Securing Computer Systems
Create Backup CD • Run your CD creator • Make a data CD • Add Backup.bkf to the CD CIT 380: Securing Computer Systems
Simple Quick Backup Copy My Documents folder to a CD or USB CIT 380: Securing Computer Systems
Safe use of public PCs • Kinko's Case Highlights Internet Risks • (CD: Kinko.htm) • “For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. ” CIT 380: Securing Computer Systems
Keyloggers • Capture keystrokes • Can steal passwords and credit card numbers • Can email or ftp the file containing the keystrokes • Keyghost (http://www.keyghost.com ) • Keyloggers are difficult to detect • Look at an ordinary system process CIT 380: Securing Computer Systems
Public PCs • Kinko’s • Cyber cafes • Public Libraries • Hotels CIT 380: Securing Computer Systems
Using Public PCs • Avoid using important accounts (bank, etc.) • Remove web browser data • Cache, history, cookies, form data. • Remove temporary files • Start | Search | All files and folders | when it was modified? | today • Empty recycle bin CIT 380: Securing Computer Systems
References • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. • Thomas C. Greene, Computer Security for the Home and Small Office, Apress • Andrew Conry-Murray & Vincent Weafer, The Symantec Guide to Home Internet Security, Addison Wesley CIT 380: Securing Computer Systems