Understanding the Need for Security Measures Chapter 06 Understanding the Need for Security Measures

Basic Security Concepts Threats Anything that can harm a computer Vulnerabilities are weaknesses in security Security attempts to neutralize threats

Basic Security Concepts Degrees of harm Level of potential damage Include all parts of system Potential data loss Loss of privacy Inability to use hardware Inability to use software

Basic Security Concepts Countermeasures Steps taken to block a threat Protect the data from theft Protect the system from theft Teaching tip It is important to note that no countermeasure is 100% effective all of the time. For proof, discuss an instance of a locked car being stolen. A truly dedicated attacker will eventually break through any security.

Threats To Users Identity Theft Impersonation by private information Thief can ‘become’ the victim Reported incidents rising Methods of stealing information Shoulder surfing Snagging Dumpster diving Social engineering High-tech methods Teaching tip The move Hackers includes scenes demonstrating most of these crimes in action.

Threats To Users Loss of privacy Personal information is stored electronically Purchases are stored in a database Data is sold to other companies Public records on the Internet Internet use is monitored and logged None of these techniques are illegal

Threats to Users Cookies Files delivered from a web site Originally improved a site’s function Cookies now track history and passwords Browsers include cookie blocking tools Teaching tip Cookies are named after the ‘magic cookie’.

Threats to Users Spyware Software downloaded to a computer Designed to record personal information Typically undesired software Hides from users Several programs exist to eliminate

Threats to Users Web bugs Small programs embedded in gif images Gets around cookie blocking tools Companies use to track usage Blocked with spyware killers Teaching tip More information regarding web bugs can be found at en.wikipedia.org/wiki/Web_bug.

Threats to Users Spam Unsolicited commercial email Networks and PCs need a spam blocker Stop spam before reaching the inbox Spammers acquire addresses using many methods CAN-SPAM Act passed in 2003 Teaching tip Spam is rumored to be named in honor of the Monty Python skit, Spam!. In the skit, a customer is forced to select spam in his lunch. Much like we are forced to accept a spam message. Visit www.detritus.org/spam/skit.html for the entire spam skit. Discussion point Spam is one topic that nearly everyone in the class can relate to. Have your students think about spam from the other side. Have them consider the point of view of the self proclaimed ‘Spam King’, Scott Richter. For some conversation fodder visit www.pcworld.com/news/article/0,aid,116807,00.asp.

Threats to Hardware Affect the operation or reliability Power-related threats Power fluctuations Power spikes or browns out Power loss Countermeasures Surge suppressors Line conditioners Uninterruptible power supplies Generators Teaching tip Visit www.apc.com for information regarding UPS solutions. Larger installations use generators to protect networks. Hospitals, grocery stores and insurance companies may all use generators. Quite often the power solution is a combination of battery and generator. The batteries run long enough for the generators to start and stabilize. Then the batteries stop and the generators provide power to the facility.

Threats to Hardware Theft and vandalism Thieves steal the entire computer Accidental or intentional damage Countermeasures Keep the PC in a secure area Lock the computer to a desk Do not eat near the computer Watch equipment Chase away loiterers Handle equipment with care

Threats to Hardware Natural disasters Disasters differ by location Typically result in total loss Disaster planning Plan for recovery List potential disasters Plan for all eventualities Practice all plans Discussion point In 2004 Hurricane Ivan caused massive damage to Florida and several other states. Network administrations in Florida are used to planning for hurricanes. However, computers in Southeastern Pennsylvania suffered massive loss of data due to Ivan. How culpable are the administrators in PA who did not plan for Ivan?

Threats to Data The most serious threat Data is the reason for computers Data is very difficult to replace Protection is difficult Data is intangible

Threats to Data Viruses Software that distributes and installs itself Ranges from annoying to catastrophic Countermeasures Anti-virus software Popup blockers Do not open unknown email Teaching tip For information on specific viruses visit securityresponse.Symantec.com/. Detailed information regarding the protection from viruses, see the Computing keynote at the end of the chapter.

Threats to Data Trojan horses Program that poses as beneficial software User willingly installs the software Countermeasures Anti-virus software Spyware blocker Teaching tip Ad Aware is sold by LavaSoft. The homepage is www.lavasoftusa.com/software/adaware/. Spybot is a product of Patrick M. Kolla. The true website is www.safer-networking.org/en/index.html.

Threats to Data Cybercrime Using a computer in an illegal act Fraud and theft are common acts

Threats to Data Internet fraud Most common cybercrime Fraudulent website Have names similar to legitimate sites

Threats to Data Hacking Using a computer to enter another network Cost users $1.3 trillion in 2003 Hackers motivation Recreational hacking Financial hackers Grudge hacking Hacking methods Sniffing Social engineering Spoofing

Threats to Data Distributed denial of service attack Attempt to stop a public server Hackers plant the code on computers Code is simultaneously launched Too many requests stops the server

Threats to Data Cyber terrorism Attacks made at a nations information Targets include power plants Threat first realized in 1996 Organizations combat cyber terrorism Computer Emergency Response Team (CERT) Department of Homeland Security Teaching tip CERT’s home page is located at www.cert.org.

Avoiding Identity Theft Guard your papers Shred unneeded papers Pick up you mail quickly Check statements immediately Keep records for 3 years

Avoiding Identity Theft Guard your personal information Be wary giving out information Avoid giving account numbers Never give personal information in e-mail Ensure online shopping is secure Teaching tip Secure online shopping is covered in chapter 10.

Avoiding Identity Theft Look at the big picture Review your credit report yearly Develop an efficient filing system Know your liability limits Teaching tip The Federal Fair Dept Collections Practices Act allow residents one free credit report a year. Several sites offer pay access to a credit report. Visit www.creditreport.com/report_sample_m.html for a sample report. Visit www.freecreditreport.com for a free report.

Protecting Your Privacy Keep marketers at bay Be wary filling out forms Guard your primary email address Have a ‘spam account’ for forms

Protecting Your Privacy Know your legal rights 1966 Freedom of Information Act 1970 Fair Credit Reporting Act Privacy Act of 1974 1986 Electronic Communications Act Financial Modernization Act of 1999 2001 USA Patriot Act

Managing Cookies and Spyware Dealing with cookies Browsers provide settings to block cookies No cookies to all cookies allowed Without cookies some sites crash Cookies can be deleted Browsers Spyware programs

Managing Cookies and Spyware Cookie types Session cookies Cookies for the current site Persistent cookies Stored on hard drive until deleted First-party cookies Installed by the current site Third-party cookies Installed by an ad Teaching tip Third party cookies are a primary source for spyware.

Deleting Cookies

Managing Cookies and Spyware Removing web bugs and spyware Install a spyware removal program None are 100% effective, use two Install a pop-up blocker Are extremely effective Teaching tip In 2004 PC World ranked Patrick Kolla’s Spybot and LavaSoft’s AdAware as the best spyware programs available. Both are free downloads. Google, Msn and Yahoo all offer excellent free popup blockers. Additionally the new Mozilla browser FireFox includes a popup blocker. Finally, Windows XP Service Pack 2 installs a popup blocker.

Managing Cookies and Spyware Evading spam Contact your ISP Use mail program’s filters Use an anti-spam program Use an online account for purchasing Insider information America Online takes a very aggressive approach about blocking spam. After a certain number of customers mark an email as spam, AOL will refuse to accept email from that sender. Teaching tip Mozilla products include spam software. For Outlook and Eudora users, download MailWasher from www.mailwasher.net/.

Protection From Malware Viruses and worms Purchase a good anti-virus product Keep the product updated Keep your OS up to date Teaching tip The Computing Keynote feature at the end of chapter 14B provides a thorough examination of virus removal. PC World routinely picks either Norton AntiVirus or McAfee AntiVirus as best buys. A decent free product is AntiVir personal edition available for download at www.mailwasher.net/.

Protecting Your System Limit physical access Easiest way to harm or steal data Build an account for each user Require a password for access Software and hardware password Teaching tip Remind students that passwords should be easy to remember but hard to guess.

Protecting Your System Use a firewall Protects from unauthorized remote use Makes your computer invisible Cost between $0 and $80 Teaching tip The built in firewall in XP is not very strong. Many ports remain open. Disable Windows’ Firewall and install a free firewall from Zone Labs instead.

Protecting Your System Backup often Backup is a copy of a file Restore replaces a file on disk Organizations backup at least daily Home users should backup weekly Teaching tip All versions of Windows since 95 have included a good backup utility. Other products include Norton Ghost and EVault InfoStage.

System Events OS generates messages for events Provides clues about computer health Can alert to potential problems Windows includes the Event Viewer Teaching tip Open the event viewer for demonstration in class. A good method to generate an error is to disable the virus software on the system.

Event Viewer

Handling Storage Media Store media in the proper container Floppy disks in a hard case CD should be in a sleeve Thumb disks should be closed

Handling Storage Media Avoid magnetism Magnets erase the contents of disks Magnets found in Speakers Televisions and CRT monitors Radios

Handling Storage Media Heat and cold Avoid extreme temperatures Heat expands media Cold contracts media Floppies and CD-ROMs are susceptible Teaching tip Suggest to your students that the CD’s they burn and store in their car are likely to have a short life.

Handling Storage Media Moisture Do not use wet media CDs can be wiped off Floppy disks must dry for days

Handling Storage Media Dust, dirt, and fingerprints Dirty or scratched media will fail Handle media by the edge Clean CDs with gentle strokes

Storing Computer Equipment Never store near large electronics Store in dry, climate controlled rooms Plan for natural disasters Stack equipment safely

Keeping Your Computer Clean Computers should be spotless Avoid eating or smoking at computer Clean the dust from inside the system Change the filters if present

End of Chapter