Chapter 1 Introduction to Security

 I've read chapter 1 "Introduction to Security" and found myself both fascinated and horrified by the challenges of securing information. I've never been one to shy away from ordering products and goods over the internet and am careful to check that the purchases are done on secure web sites. However as a result of reading this chapter I found myself a lot more leery of making online purchases. Why would anyone care to break into my personal computer? I don't store valuable information on it and I don't store my payment information on my favorite web sites where I make frequent purchases. However, having said this I make most of my purchases using my bank issued debit card which can also be run as a credit card. I rarely use cash and I don't use any other form of payment. One of my concerns is someone stealing my info at the point of purchase. How does this get prevented? Makes me want to go back to cash only which is how I used to pay for my purchases. No matter what you do to keep your data secured you’re never truly safe from the morons wanting to steal your money and personal information. I’ve learned that there is no single simple solution to security. We can block attacks, update defenses, minimize losses in the event of an attack, and send secure information by scrambling the data so the unauthorized cannot view it.

 

One of the projects our class was assigned was to examine data breaches at the Privacy Clearinghouse (PRC) web site. I have never heard of this site, but am very glad to have learned about it from this project. It is mind boggling and overwhelming the number of breaches made public for all types of organizations. I plan to make use of this site frequently to monitor breaches. Another project involved using an analyzer to analyze EULAs for various software such as Windows Professional and Excel. Who actually reads the EULA before installing the software? I know I am guilty of NOT doing this. I need this software so I can work, so why bother to read it? I was a little surprised by the results of the analysis pertaining to tracking & monitoring. In one instance Microsoft wants to determine whether my computer is connected to a network by either passive monitoring of network traffic or active DNS or HTTP queries. Um....what does that mean exactly? I found that confusing. On the other hand, I don't mind that Microsoft wants to monitor by using information it collects through the software features to upgrade or fix the software & otherwise improve the products & services. Like I said, I need the software, so I agree to the EULA without reading so whatever it says for good or bad is a risk in itself.

I've never heard of hactivists and script kiddies, but now I know what that means. Hactivists remind me of little children who don’t get their way so they throw a fit by attacking the entity (a web site) that upsets them. How mature! Script kiddies are those who break into computers but lack the knowledge of how to do this so they purchase the software from devious individuals who have this knowledge all in the name of making your life a living hell. Again, how mature. Don’t these people have better use of their time than to mess with your life? The very idea of attacking medical devices almost made my heart stop (sorry no pun intended). Recently I read a story where the former vice-president of the United States, Dick Cheney was fearful that terrorists could hack into the heart defibrillator implanted into his heart thus shocking him into a cardiac arrest. I remember thinking he may be overreacting. So right there in chapter 1 it talks about medical devices possibly becoming the next target of terrorists. From what I understand, Cheney's doctors had the wireless device deactivated to prevent anyone from sending a signal to the device to cause a cardiac arrest. He wasn't overreacting at all and I've been 'schooled'. If it's electronic, you bet it can be attacked to cause more trouble than you and I will ever need.

 

I have three main electronic devices that I use, personal computer, tablet (iPad), and an android smart phone. I know more about how to keep my personal computer secured (and obviously there is always more to learn) but I really have no idea what I can do to protect my phone and tablet other than turn off or enable certain features that pertain to security. Hopefully through this class I will learn how to make those devices more secure, and to share my knowledge with others. Super glad I signed up for this course.