Chapter 4 Personal Security Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security

Objectives Define spyware and tell how it is used List and describe spyware tools Explain how to use personal security defense mechanisms Security Awareness: Applying Practical Security in Your World, 2e

What is Spyware? Spyware The Antispyware Coalition defines spyware as Software that violates user’s personal security The Antispyware Coalition defines spyware as Technologies implemented in ways that impair user’s control over Use of system resources The collection, use, and distribution of personal or otherwise sensitive information Material changes that affect user’s experience, privacy, or system security Security Awareness: Applying Practical Security in Your World, 2e

What is Spyware? (continued) Characteristics of spyware Creators are motivated by money More intrusive than viruses Harder to detect Harder to remove Harmful spyware is not always easy to identify Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

What is Spyware? (continued) Identity theft Use of someone’s personal information to impersonate with intent to commit fraud Once identity thieves have personal information they can Change the mailing address on a credit card account Establish phone or wireless service in the person’s name File for bankruptcy under the person’s name Security Awareness: Applying Practical Security in Your World, 2e

What is Spyware? (continued) Computer might be infected with spyware if Pop-up advertisements appear even when user is not on the Web Browser settings have changed without user’s consent New toolbar unexpectedly appears and is difficult to remove Computer takes longer than usual to complete common tasks Computer crashes frequently Security Awareness: Applying Practical Security in Your World, 2e

Spyware Tools Adware Most users frown on adware because Delivers advertising content in a manner or context that is unexpected and unwanted by user Most users frown on adware because Unwanted advertisements can be a nuisance Repeated pop-up ads can impair productivity Adware may display objectionable content Advertisements can slow a computer down or cause crashes and the loss of data Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Phishing Sending an e-mail or displaying a Web announcement that Falsely claims to be from a legitimate enterprise Attempts to trick a user into surrendering private information Both the e-mails and the fake Web sites appear legitimate Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Phishing (continued) Variations on phishing attacks Spear phishing Targets specific users Pharming Automatically redirects user to fake site Google phishing Phishers set up their own search engines to direct traffic to illegitimate sites Security Awareness: Applying Practical Security in Your World, 2e

Keyloggers Hardware device or small program that monitors each keystroke a user types Small plug located between keyboard connector and computer keyboard port Software keyloggers Silently capture what a user types, including passwords and sensitive information Can elude detection by Windows Task Manager Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Configuration Changers Type of spyware that change settings on computer without user’s knowledge or permission Configuration changers can Change operating system or software security settings Disable antivirus or other security software Initiate an outbound Internet connection Change startup procedures or security settings Security Awareness: Applying Practical Security in Your World, 2e

Dialers Change settings of a computer that uses a dial-up telephone line to connect to Internet Not affected by dialers Users with broadband connections Security Awareness: Applying Practical Security in Your World, 2e

Backdoors Provide unauthorized way of gaining access to a program Enable the remote malicious user to Upload files to the computer Start programs Reboot computer Log off current user Display message boxes Play sounds through the speakers Security Awareness: Applying Practical Security in Your World, 2e

Personal Security Defenses Antispyware software Helps prevent computers from becoming infected by different types of spyware Must be regularly updated Can be set to Provide continuous real-time monitoring Perform a complete scan of the entire computer system Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Antispyware Software Additional tools System explorers Tracks Eraser Expose configuration information that are normally difficult to access Tracks Eraser Automatically removes cookies, browser history, record of which programs have been recently opened Browser Restore Allows user to restore specific browser settings if spyware infects the Web browser Security Awareness: Applying Practical Security in Your World, 2e

Recognize Phishing Common elements in messages that could be phishing attacks Deceptive Web links E-mails that look like Web sites Fake sender’s address Generic greeting Pop-up boxes and attachments Unsafe Web sites Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Legislation and Procedures Fair and Accurate Credit Transactions Act (FACTA) of 2003 Grants consumers the right to Request one free credit report from each national credit-reporting firms every twelve months If consumers find a problem on their credit reports They must first send a letter to the credit-reporting agency Security Awareness: Applying Practical Security in Your World, 2e

Security Awareness: Applying Practical Security in Your World, 2e

Fair and Accurate Credit Transactions Act (FACTA) of 2003 FACTA Disposal Rule Proper destruction of data relating to personal information Extends to Employers, landlords, automobile dealers Private investigators, debt collectors Anyone who obtains credit reports on prospective contractors Security Awareness: Applying Practical Security in Your World, 2e

Payment Card Industry Data Security Standard (PCI-DSS) Established by Visa and Mastercard Safeguards cardholder data and prevents identity theft based on stolen credit card information Composed of 12 discrete requirements that force merchants to develop a secure network Security Awareness: Applying Practical Security in Your World, 2e

Proposed Federal Legislation Several bills proposed in the U.S. Congress to address spyware and identity theft Microsoft Has teamed up with the FBI Has brought charges against over 100 suspected phishers Security Awareness: Applying Practical Security in Your World, 2e

Summary Spyware Adware Phishing Term used to describe software that violates user’s personal security Adware Delivers advertising content in a manner that is unexpected and unwanted by user Phishing Sending e-mail or displaying Web announcement that falsely claims to be from a legitimate enterprise Security Awareness: Applying Practical Security in Your World, 2e

Summary (continued) Keylogger or keystroke logger Antispyware program Hardware device or software that monitors and collects each keystroke a user types Antispyware program One of the best defenses against spyware Legislation Addresses protection of personal data Security Awareness: Applying Practical Security in Your World, 2e