Doug Waterman Information Technology Team Leader Fox Valley Technical College.

Protecting Your PC

Doug WatermanInformation Technology Team LeaderFox Valley Technical College

Copyright 2009 Doug Waterman

Protecting Your PC

What If… Thwarting harm Protecting your data


Presentation Available

http://it/fvtc/edu/PC


The Curious Case of Julie Amero

October 19, 2004, Ms. Amero was substitute teaching for a seventh grade class at Kelly Middle School in Norwich CT.

While Amero was using a laptop computer—one accessible to both students and teacher—the computer began spinning off pop-up ads that exposed the class to pornographic websites.

Amero concedes she was checking her email and surfing the Internet while she was supposed to be teaching.


Julie Amero

She had been specifically told not to turn off the computer. She turned the computer so that students could not see the images.

She sought help at a break and described the pop-up situation.


Julie Amero

She told the assistant principal after school and described the situation to the principal, Scott Fain, the following day.

The school reported the incident to the police just over a week later.

Fain did not tell the investigating officer what he knew of Amero’s activities on that day or her report to him the following day. He withheld information that would have allowed the officer to determine that Amero’s access was not intentional.


Julie Amero

The computer, along with the school network, lacked firewall or anti-spyware protection to prevent inappropriate pop-ups.

The school used a Symantec filter; however, it was not licensed for software updates and so did not block newly discovered pornographic websites.

The situation described by Amero is consistent with what is called a “porn trap”, “porn storm” or "mouse trap.” When this occurs, the browser is no longer under the control of the user and porn images will simply keep popping up until the computer is turned off.


Julie Amero

January 5, 2007 was convicted on four counts of risk of injury to a minor or impairing the morals of a child. The maximum prison term was 40 years.

Conviction was delayed four times due to the prosecution and the judge not being convinced all aspects of the case had been examined.

June 6, 2007, a New London Superior Court Judge threw out the conviction. She was granted a new trial.


Julie Amero

November 21, 2008 Julie Amero pleaded guilty to a single charge of disorderly conduct. She received a $100 fine and the loss of her Connecticut teaching credentials.


Protection

Protections Suites include…FirewallAnti-VirusMalwarePhishingSurfing ProtectionParental Control


Security SuitesOne Stop Shopping

Incorporate many protection products into one package.

Anti-virus Anti-spyware Other items you may find in the suite

FirewallSpam Blocker/FilteringParental ControlBackupSystem Manageability


Suites

Biggest Name ProductSymantec

Antivirus - $39.99 Norton Internet Security 2009 (adds firewall and anti-

malware) – $69.99 Norton 360 (adds backup and system tuning) - $79.99

+Very good firewall and antivirus

- Must re-subscribe each year Alternative - ZoneAlarm Internet Security

Single Pack $39.95 Three pack $64.90Comparable featuresLess resource intensive

http://store.norton.com/v2.0-img/operations/symantus/site/promo/pd/pt_navnis09_360_us_16.html

http://download.zonealarm.com/bin/promotions/suite/zaiss_buynow.html?c=W200002

http://www.zonealarm.com/

http://www.symantec.com/


Firewalls

A firewall is a dedicated software or hardware which inspects network traffic.

It denies or permits passage based on a set of rules.

It can operate on inbound or outbound or both.

Windows XP firewall monitors inbound only

Windows Vista can monitor both directions (inbound on by default)


Firewall Products

Features to look for Port Monitoring Network Traffic Monitor Data Filtering

Comodo Firewall Pro 3.0 FreeClean PC Install Mode Keeps a million+ known safe program

list ZoneAlarm Pro $39.95

http://www.zonealarm.com/

http://www.personalfirewall.comodo.com/


Firewall Tips

Configure your firewall to monitor both incoming and outgoing traffic.

Test your firewall using Shields Up from Gibson Research Corp.

Don’t install multiple firewalls on a given system.

http://www.grc.com/x/ne.dll?rh1dkyd2


Time For Something Different What is key bumping ? How to make a bump key Link What is happening in a lock Link Hacking a bike lock Link

http://www.youtube.com/watch?v=pwTVBWCijEQ

http://www.youtube.com/watch?v=XQDR-DBQRfI&feature=related

http://www.youtube.com/watch?v=zvfj4D8yUXw&feature=related


Malware Protection

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.

Malware includes …•Viruses•Worms•Trojan Horses•Rootkits

•Spyware•Botnets• Loggers•Dialers


Virus

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user.

The term "virus" is commonly used, incorrectly, to refer to many different types of malware programs.


Ways to get infected

You play an active part!Clicking on e-mail attachments.Running programs from infected media

(CD’s, DVD’s or USB memory sticks).Running infected programs from a

shared network drive.


Scanning files for Viruses Scan with the Anti-Virus (AV)

software on your computer Scan single files

Forward suspect file as an attachment to [email protected]

The file will be checked against 32 anti-virus products.

The results of the scan will be e-mailed to you.

mailto:[email protected]


File Sharing

Derived from the original 1st Gen P2P Napster

Used to share music and video Examples

LimewireKazaaeMuleKademlia

Third Generation P2P adds anonymity

Fourth Generation add streaming capabilities


How They Work


How They Work


How They Work


What Gets Shared

Music (illegal) Movies (illegal) If you keep personal information on

your computer you are also sharing ...Tax ReturnsBanking InformationShopping Information

Link

http://today.msnbc.msn.com/id/3041440


Worms

A worm is a computer program that has the ability to copy itself from machine to machine.

Worms use up computer time and network bandwidth when they replicate, and often carry payloads that do considerable damage.

A worm usually exploits some sort of security hole in a piece of software or the operating system.


Worm Examples

1998 - Morris Worm - Robert Tappan Morris used the UNIX programs sendmail, fingerd and rsh/rexec to spread a program across the Internet. Intent was to count the number of computers on the

Internet (rtm was a graduate student at Cornell University at the time)

Conviction: Intentional access of Federal interest computers without authorization thereby preventing authorized access and causing a loss in excess of $1,000.00 Jury returned a verdict of "guilty" on 22 Jan 1990, after 5½ hours of deliberations

Penalty: Probation for a term of three years and 400 hours of community service in a manner determined by the Probation Office and approved by the Court.

Currently: Associate Professor at Massachusetts Institute of Technology


Other Worms

2003 SQL Slammer – Spread due to a vulnerability in SQL Server 2000. Caused Denial-of-Service (DoS) on servers and slowed Internet traffic.

2004 Mydoom – Commisioned by e-mail spammers to send junk e-mail through infected computers.


Botnet

Worms and viruses are used to create botnets Multiple computers on the Internet set up to

transmit spam or viruses to other computers.These compromised computers are called

Zombies.Take part in distributed denial-of-service attacks

(DDoS). Used to cripple a web server (competitor, enemy or ???)

Through the first six months of 2006 – there were 4,696,903 active botnet computers on the Internet (Symantec Internet Security Threat Report)


Phishing

Phishing is an attempt, by masquerading as a trustworthy entity in an electronic communication, to criminally and fraudulently acquire sensitive information, such as …UsernamesPasswordsCredit card detailsBank account information


Internet ExplorerPhishing Filter

•Internet Explorer has a built-in Phishing Filter.•Must be turned on to function.


Phishing Example After the last annual calculations of your fiscal activity we have determined that you are

eligible to receive a tax refund under section 501(c) (3) of the Internal Revenue Code. Tax refund value is $152.60.Please submit the tax refund request and allow us 3-6 days in order to IWP the data received.

-If you distribute funds to other organization, your records must show wether they are exempt under section 497 (c) (15). In cases where the recipient org. is not exempt under section 497 (c) (15), you must have evidence the funds will be used for section 497 (c) (15) purposes.

-If you distribute fund to individuals, you should keep case histories showing the recipient's name and address; the purpose of the award; the maner of section; and the realtionship of the recipient to any of your officers, directors, trustees, members, or major contributors.

To access the form for your tax refund, please click here :

http://www.led.go.th:84/IRS.gov/refunds.php

This notification has been sent by the Internal Revenue Service,a bureau of the Department of the Treasury.

Note:-If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP- For security reasons, we will record your ip address, the date and time.-Deliberate wrong imputs are criminally pursued and indicted.

© Copyright 2008, Internal Revenue Service U.S.A.

Tax ID : HCVNRIKDJGWNNJYCLQCJDGBSUONHIEZJKOTIMN


Phishing Example After the last annual calculations of your fiscal activity we have determined that you are

eligible to receive a tax refund under section 501(c) (3) of the Internal Revenue Code. Tax refund value is $152.60.Please submit the tax refund request and allow us 3-6 days in order to IWP the data received.

-If you distribute funds to other organization, your records must show wether they are exempt under section 497 (c) (15). In cases where the recipient org. is not exempt under section 497 (c) (15), you must have evidence the funds will be used for section 497 (c) (15) purposes.

-If you distribute fund to individuals, you should keep case histories showing the recipient's name and address; the purpose of the award; the maner of section; and the realtionship of the recipient to any of your officers, directors, trustees, members, or major contributors.

To access the form for your tax refund, please click here :

http://www.led.go.th:84/IRS.gov/refunds.php

This notification has been sent by the Internal Revenue Service,a bureau of the Department of the Treasury.

Note:-If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP- For security reasons, we will record your ip address, the date and time.-Deliberate wrong imputs are criminally pursued and indicted.

© Copyright 2008, Internal Revenue Service U.S.A.

Tax ID : HCVNRIKDJGWNNJYCLQCJDGBSUONHIEZJKOTIMN

.th = Thailand

Port 84


Malware Protection

FreeSpybotAdAware

Other packagesSpy Sweeper $39.95CA Anti-Spyware 2009 $39.99

(formerly Pest Patrol)

http://www.safer-networking.org/en/index.html

http://www.lavasoftusa.com/

http://www.webroot.com/En_US/index.html

http://www.pestpatrol.com/


Surfing Protection

Firefox versus IESimilar in features (Firefox usually

leads)Firefox running NoScript is one of the

safest ways to browse.ActiveX controls for IE are a major

vulnerability.Most web sites are tested against

Internet Explorer and Firefox for compatability. Other browsers may have been tested.

http://noscript.net/

http://www.mozilla.com/en-US/firefox/

Want More?


•Classroom and On-Line•2 hours / week for 18 weeks.•Summer 2009 – Online version offered (nine weeks starting June 1st - 4 hours/week summer)•Identify the challenges of defending a computer against attacks.•List the defenses that can be set up to protect a desktop computer.•Identify and protect against Spyware, Malware and Viruses. •Identify methods to defend against network attacks.

Computer

Defense 10-150-

143 2 credits#40534


K-12 & Technical Colleges If you obtained your license prior to 2000

and wish to re-license using credits; all credits used for recertification must be from a baccalaureate degree granting institution

OR Professional Development Plan (PDP) are

tied to the “DPI--Educator Standards” and you may include the following:Coursework (including WTCS courses)Work ExperienceMentoring Other professional learning activities


PDP Process

This is the rule for teachers graduating after 2004

Prior to the plan development a review team approves the goals for the initial educator

The plan must be followed to maintain certification

Review team approval is needed after completion of the PDP for the initial educator license

Want More?


•Coming either Fall 2009 or Winter 2010•Learn how a hacker can compromise a computer network•Perform network penetration testing•Harden networks to prevent unauthorized use

Ethical Hacking


Protecting Your Kids

Are you concerned about their children being exposed to sexual predators and harassment on the Internet?

Stop thinking of social networking sites, such as MySpace.com and Facebook, as the biggest threats.

Chat rooms and instant messaging sessions are the areas where children are more likely to become victim of predators and unwanted sexual solicitation in general.

From the Internet Solutions for Kids Inc. and Crimes Against Children Research Center at the University of New Hampshire


Kid Computing Stats

43% of those who reported unwanted sexual solicitations said they had been victimized via instant messaging

32% said such solicitations had happened in chat rooms.

55% of those who said they had been harassed said the incidents happened during an instant messaging session.

From the Internet Solutions for Kids Inc. and Crimes Against Children Research Center at the University of New Hampshire


How Do You Protect Your Kids Available in Microsoft Vista


Parental ControlTime Restrictions


Game Rating Blocking


Program Blocking


Home Networks

Have broadband? Get your own router!

Change your admin passwordChange the default SSID (wireless network

name)Disable SSID broadcastConfigure your router to use NAT (Network

Address Translation)Configure it to use Stateful Packet Inspection

(SPI) to discriminate between legitimate and suspect network traffic.

Turn off when away for extended periods.


Wireless Network Protection Use WiFi Protected Access (WPA) not

WEP (128 bit encryption) encryption Don’t broadcast your network name

(SSID) Use MAC filtering More info on WPA and WPA-PSK

http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx


General Protection

Enable Auto Updates for Windows Don’t allow .EXE files Use Task Manager to see what is

running (applications and processes)Press Ctrl-Alt-Del to see

Don’t Click on e-mail links unless you are sure they are authentic.

Turn on the IE Phishing Filter Make sure the lock is on when on a

secure site

https://www.gibill.va.gov/wave/


General Protection

Use Strong PasswordsDon’t use dictionary words.Don’t use alphabetical or numerical

sequences abcd1234 is not a string password

Use different passwords for different applications

Change your password at least once a year (quarterly is best)

Erase your historyIn IE, go to Tools>Internet

Options>Delete


General Protection

Get a secondary e-mail address through another service (Hotmail, Gmail, etc.).

Have your children use a computer in an area you monitor. Then monitor it!

Limit access to gaming sitesTime AddressBuilt into MS Vista


General Protection

Know what you agree to in End User License Agreement s (EULA’s)Analyze a EULA at www.javacoolsoftware.com

to find potential problems. Keep the serial number of your computer

in a safe place in case of theft. Take a picture of the computer and peripherals for insurance documentation.

Use a Kensington Security Slot lock to secure your laptop. $25

http://www.javacoolsoftware.com/


Backup

WindowsCopy and PasteWindows BackupThird party software

Apple Mac Time Machine


Windows Backup


Third Party Backup

Genie Backup Manager Pro 8.0 $69.95 Disaster Recovery System State Backup Integrated Open File Backup Outlook 2000-2007 Backup Outlook Express Backup SQL and Exchange Backup Backup User Access Control

CMS Products BounceBack Pro$69.00

NTI Backup Now 5 File and Folder $49.99 Advanced $99.99

http://www.cmsproducts.com/product_bounceback_professional.htm

http://www.genie-soft.com/products/gbmpro/default.html

http://www.ntius.com/backup_now.asp


CMS Bounceback


Apple Time Machine

Part of OS X Leopard Backs up your system files,

applications, accounts, preferences, music, photos, movies, and documents

Allows you to backup multiple versions of files.

Default is hourly incremental backups


Backup Devices

Internal Hard DrivesInstall a second hard drive in your machine

External Hard DrivesInterfaces

USB 2.0 (slowest) Firewire 400 Firewire 800 eSATA (fastest)

Network Attached Storage Online Backup

http://www.wdc.com/en/products/products.asp?driveid=340&language=en

http://www.pcworld.com/article/125072-1/article.html


Summary

Protect your computer Install and update anti-virus and firewall

Pay attention to all communication Harden your wireless network Backup your data Take one of my classes!


Doug [email protected]

ClassComputer Defense 10-150-143

2 credits

Presentationhttp://it/fvtc/edu/PC

mailto:[email protected]


Questions

Doug Waterman Information Technology Team Leader Fox Valley Technical College.

Documents