740 likes | 894 Views
Hands-on Computer Security. Thursday, 11 March 2010, 1:15 – 2:45 pm. Don Riggs Schenectady County Community College Schenectady, NY Department of Math, Science and Technology riggsd@sunysccc.edu. Computer Security – Typical User. Computer security??.
E N D
Hands-on Computer Security Thursday, 11 March 2010, 1:15 – 2:45 pm Don Riggs Schenectady County Community College Schenectady, NY Department of Math, Science and Technology riggsd@sunysccc.edu
Computer Security – Typical User Computer security??
A Typical Approach to Computer Security I’m alright!
Why Hands-on? A quote, widely attributed to William Glasser, informs us that we learn: • 10% of what we read • 20% of what we hear • 30% of what we see • 50% of what we see and hear • 70% of what we discuss with others • 80% of what we experience personally! • 95% of what we teach others Source: Dr. Shirlee Dufort (Doctoral dissertation, used with permission)
Why Hands-on? • Lecturing is not the best way to teach • Listening is not the best way to learn • Doing makes the material come alive for our students • Sometimes, we even reach students who would otherwise remain disaffected
Hands-on Password Security • Most users choose easy to remember passwords • Most users choose very weak passwords • According to a recent New York Times article, RockYou.com’s users logged on with these passwords: Source: http://www.nytimes.com/2010/01/21/technology/21password.html
Common Passwords - All Dangerously WeakSome things never change Source: http://www.nytimes.com/2010/01/21/technology/21password.html
Hands-on Password Check • Microsoft Password Checker • Check Your Password Here Source: https://www.microsoft.com/protect/fraud/passwords/checker.aspx Source: http://www.webwizny.com/password/
Hands-on Password Security Strong Passwords: So secure, no one can remember them! • https://www.grc.com/passwords.htm • Without a password safe, they are probably not useful, except to illustrate the tension between strong passwords and easily remembered passwords
Hands-on Password Security Let’s create a good password • Use a mixture of letters, numbers and non-alphanumeric symbols (! @ # $ % ^ & * } |). • At least 12 characters long • Memorable, but not present in a dictionary • Think of a familiar quote, for example, • “Two roads diverged in a wood, and I - I took the one less traveled by” http://www.americanpoems.com/poets/robertfrost/12074
Hands-on Password Security Some possible passwords: • password1 (24.3) • 2Rdi@w&I (26.3) • 2Rdi@w&I-Itt1ltb (59.9) • 2roadsdivergedin@Wood&I (78.3) • tworoadsdivergedinawoodandI (86.3)
Hands-on Password Security Bad Passwords • All short passwords are vulnerable • Why? Let’s do some math • Brute force attack • Dictionary attack
Hands-on Anti-VirusHow long has it been since that free anti-virus trialware subscription ended? Most of my students, who experience problems with viruses or other malware, do not have up-to-date anti-virus software running on their computers They also have children Consider recommending • a free online scan with Trend Micro – House Call • Avira AntiVir software (free)
Hands-on Computer Viruses Students have fanciful ideas about what exactly a computer virus is. Some conceive of a virus as an organic entity and actually dispose of their computer to be rid of the infection, thereby exposing themselves to hidden danger because of the information contained on the infected computer’s hard drive
Hands-on Computer Viruses • The term “computer virus” is often employed as a generic expression for malware in general, including viruses, worms, spyware, Trojan horses, adware, etc. • All malware exists in the form of computer code but spreads from computer to computer in a variety of ways • Let’s look more closely at a well-known virus
Hands-on Computer Viruses Melissa – A notorious computer virus • In its original form, once in place, Melissa e-mailed itself to the first 50 entries in the infected computer’s address book • As it spread, one infection became 50, 50 became 2,500, 2,500 became 125,000, 125,000 became 6,250,000 . . . • Some e-mail servers were overwhelmed by the volume of e-mail traffic
Hands-on Computer Viruses What you received in the mail when Melissa arrived and you opened your e-mail • Subject: Important Message From (infected sender’s name) • Body Text: Here is that document you asked for... don't show anyone else ;-) • Attachment: list.doc (virus embedded in Word document)
Here is the Code (part 1) Send a copy to the first 50 people in the infected computer’s address book Subject: Important Message From (infected user’s name) Body Text: Here is that document you asked for... don't show anyone else ;-)
Here is the Code (part 2) Infection process: Melissa virus is part of an attached Word document
Here is the Code (part 3) Notes from the author of the virus
Hands-on Firewalls Why do I need a firewall? A properly configured firewall • provides protection against unauthorized data flowing in or out of a computer • makes your computer invisible to port scanners seeking vulnerable targets
Hands-on Firewalls Port Scanners – just a free download away Source: http://www.radmin.com/images/screenshots/pts/ptscan13_Main_Window.gif
Hands-on Firewalls Test your firewall • Even with a properly configured firewall installed, your computer divulges a certain amount of information about itself when you are online • Let’s see what others can see • ShieldsUp by Gibson research • Panopticlick
Hands-on Firewalls Consider recommending a free firewall to your students • Turn on the Windows firewall Additionally, use • Comodo Internet Security, or • Zone Alarm Free Firewall
Hands-on Restore Points • Have you ever set a restore point? • Do you use Restore Points before attempting critical operations? • To set a restore point with Windows XP • Start • Programs • Accessories • System Tools • System Restore
Hands-on Restore Points • To set a restore point with Vista or Windows 7 • Start • Computer • Properties • System Protection • Create
Hands-on Backups • Everybody knows important files should be backed up • After losing important files, we all promise to make good backups from now on • Natural and manmade disasters teach us that onsite backups may not be sufficient to preserve valuable data
Hands-on Backups • To backup files and folders with Windows XP • Start • Programs • Accessories • System Tools • Backup
Hands-on Backups • Automated task scheduling makes it easier to keep backups up-to-date • External drives provide a convenient location for backups
Hands-on Backups • Backing up by synchronizing • Microsoft provides a free application called SyncToy, which synchronizes files and folders between different computers • Each computer acts as a backup for the other • SyncToy 2.1
Hands-on Backups Cloud backup Source: http://aws.amazon.com/s3/
Hands-on Backups Cloud backup Source: http://www.jungledisk.com/
Hands-on Backups Cloud backup Source: https://www.dropbox.com/tour
Hands-on Look at Social Networking Source: http://royal.pingdom.com/2009/03/13/battle-of-the-sizes-social-network-users-vs-country-populations/
Hands-on Look at Social Networking • Social networking users willingly provide abundant information about themselves • Look at what can be discovered about you, or someone you know, in seconds • http://www.webmii.us/ • Think about (not) leaving footprints
Hands-on Look at Social Networking • Social networking sites are infested with online quizzes, enticing unwitting users to eagerly part with personal information in the guise of discovering their personality • Let’s look at CheckMyPersonality.com • http://checkmypersonality.com/ • And, in particular, let’s look at their privacy policy
Hands-on Look at Social Networking “We collect personally identifiable information about our registrants based on information collected at the time of registration, registrant interaction and response to subsequent electronic mailings and web site use, information provided by our clients and information appended from data aggregators. Information collected may include name, email address, postal address, gender, birth date, telephone number, cell number, secondary phone number, activities, interests, user behavior and other demographic information. This information enables us to better tailor our content to registrants' needs and to help our clients promote and sell their products and services.” Who wants to read this?
Hands-on Look at Social Networking • “We collect personally identifiable information about . . . • name • email address • postal address • gender • birth date • telephone number • cell number • secondary phone number • activities • interests • user behavior • and other demographic information.”
Hands-on Look at Social Networking • “This information enables us . . . to help our clients promote and sell their products and services.” • “Additionally, pages on CheckMyPersonality may contain • Internet tags • pixel tags • and clear GIFs. ” • “These devices allow third parties to obtain information such as • the IP address of the computer that downloaded the page on which the device appears, • the URL of the page on which the device appears, • the time the page containing the device was viewed, • the type of browser used to view the page, • and the information in cookies set by the third party. • We use log files to store the data that is collected through these devices.”
Hands-on Look at Social Networking • “By agreeing to these terms, you hereby consent to the disclosure of any record or communication to any third party when CheckMyPersonality, in its sole discretion, determines the disclosure to be appropriate.” • “The information that we collect from you may be transferred to, stored at and processed at a destination outside of the U.S. By submitting your personal information, you willingly agree to this transfer, storage and processing.” Source: http://checkmypersonality.com/privacy.html
Hands-on Cookies Here is a very accessible overview from Lifehacker of what cookies are . . . and aren’t • About cookies • A Firefox Add On • View Cookies
Locally Shared Objects (LSO) - Flash Cookies • Never expire • Can store up to 100 KB of information compared to a text cookie’s 4 KB. • Internet browsers are not aware of those cookies. • LSO’s usually cannot be removed by browsers. • Using Flash they can access and store highly specific personal and technical information (system, user name, files,…). • Can send the stored information to the appropriate server, without user’s permission. • Flash applications do not need to be visible. • There is no easy way to tell which flash-cookie sites are tracking you. • Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application • No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome. • Many domains and tracking companies make extensive use of flash-cookies. • Source: http://billmullins.wordpress.com/2010/01/04/invasive-web-sites-flash-cookies-revisited/
Locally Shared Objects (LSO) - Flash Cookies • Protect yourself • Better Privacy - a Firefox add on
Hands-0n Cookies • A simple cookie that “remembers” your choice of background color when viewing a web site • Dim ColorChoice As HttpCookie = New HttpCookie(“ColorChoice”) • ColorChoice.Expires = DateTime.Now.AddMonths(2)