Computer and Information Security Protecting yourself and your clients in the wild and wooly online...

27
Computer and Information Security Protecting yourself and your clients in the wild and wooly online world

Transcript of Computer and Information Security Protecting yourself and your clients in the wild and wooly online...

Page 1: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Computer and Information Security

Protecting yourself and your clients in the wild and wooly online world

Page 2: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

To protect your computer and information assets…

Page 3: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

…buy a Mac!

Page 4: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

The End

Page 5: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Mac Hacked Via Safari Browser in Pwn-2-Own Contest A zero-day vulnerability … Macaulay

pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user … was infected with malware, without clicking on anything within the site.

-- eWeek Security Watch

Page 6: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Vectors for getting “pwned”

Physical access Theft Seizure Attack of opportunity

Network access Browsing the Web Using email Using a wireless connection …

Page 7: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Physical protection

Leave sensitive information at home Separate data from hardware Use encryption Use strong passwords Eliminate sensitive information Log out when not using

Page 8: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Cracking passwords

Single word found in dictionary: ~ 1 s Example: “translator”

7 random lowercase letters: ~ 45 m Example: “uklahva”

10 random characters: ~ 632,860 years! Example: “4pRte!ai@3” (With Moore’s Law: 30 years)

Source: Wikipedia (Password strength)

Page 9: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Network vulnerabilities

Page 10: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Internet & email

Cross-site scripting (XSS) Phishing (social engineering) Viruses …

Page 11: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

On a network: batten the hatches

Filter Block Ignore

Page 12: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Internet

Page 13: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Firefox

Safer Cross-platform Free/Libre Add-ins All the cool kids are using it!

Page 14: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Vital Firefox Add-ins

Web of Trust NoScript

Page 15: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Web of Trust

Warns users about risky websites that try to scam visitors, deliver malware, or send spam.

Page 16: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

ginstrom…

Page 17: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

warez…

Page 18: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

NoScript

Allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice.

Page 19: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
Page 20: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Scripts from 15 sites!

Page 21: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Safer Email

View email as plain text Beware of phishing Spam filtering

Page 22: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Example: MS Outlook

Page 23: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
Page 24: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
Page 25: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
Page 26: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

SpamBayes

http://spamassassin.apache.org/

SpamAssassin

http://spambayes.sourceforge.net/

Page 27: Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.

Stay Safe!

http://ginstrom.com/ijet-19/