Computer and Information Security Protecting yourself and your clients in the wild and wooly online...
-
Upload
gwenda-clemence-york -
Category
Documents
-
view
214 -
download
0
Transcript of Computer and Information Security Protecting yourself and your clients in the wild and wooly online...
Computer and Information Security
Protecting yourself and your clients in the wild and wooly online world
To protect your computer and information assets…
…buy a Mac!
The End
Mac Hacked Via Safari Browser in Pwn-2-Own Contest A zero-day vulnerability … Macaulay
pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user … was infected with malware, without clicking on anything within the site.
-- eWeek Security Watch
Vectors for getting “pwned”
Physical access Theft Seizure Attack of opportunity
Network access Browsing the Web Using email Using a wireless connection …
Physical protection
Leave sensitive information at home Separate data from hardware Use encryption Use strong passwords Eliminate sensitive information Log out when not using
Cracking passwords
Single word found in dictionary: ~ 1 s Example: “translator”
7 random lowercase letters: ~ 45 m Example: “uklahva”
10 random characters: ~ 632,860 years! Example: “4pRte!ai@3” (With Moore’s Law: 30 years)
Source: Wikipedia (Password strength)
Network vulnerabilities
Internet & email
Cross-site scripting (XSS) Phishing (social engineering) Viruses …
On a network: batten the hatches
Filter Block Ignore
Internet
Firefox
Safer Cross-platform Free/Libre Add-ins All the cool kids are using it!
Vital Firefox Add-ins
Web of Trust NoScript
Web of Trust
Warns users about risky websites that try to scam visitors, deliver malware, or send spam.
ginstrom…
warez…
NoScript
Allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice.
Scripts from 15 sites!
Safer Email
View email as plain text Beware of phishing Spam filtering
Example: MS Outlook
SpamBayes
http://spamassassin.apache.org/
SpamAssassin
http://spambayes.sourceforge.net/
Stay Safe!
http://ginstrom.com/ijet-19/