I found chapter 5 to be the most interesting so far. I have a couple of mobile devices, and a wireless network but I had no idea what I can do to make them more secure. This chapter gave me the tools to make them more secure.
I learned that attacks against home Wi-Fi networks are relatively easy. There are three primary reasons: the signal can be picked up outside the building, users are unaware how to configure the router's security, some users consider Wi-Fi security an inconvenience. WOW, I really do not understand why some users would consider security an inconvenience, especially if you use your computer to do business. What bothers me most is an attacker could possibly be reading my wireless transmissions which includes usernames, passwords, credit card numbers, and other information I send over the network. All routers come with a default password which is usually the word 'password'. I had replaced that with a strong password when the router was first set up. I also have remote management turned off which adds a stronger degree of security. I learned that WPA2-PSK (AES) should be selected and I discovered that my router was set to 'none'. So, I turned on the WPA-2PSK (AES) with a passphrase (key value). I learned that key values should be at least 20 characters in length because of the damage that can result from a key value being cracked by an attacker.
I am always taking advantage of free Wi-Fi in restaurants and other places but I never use those services for sensitive transactions. It's always to play a game or check my email or text messages. One needs to use the public Wi-Fi with caution because the signals are rarely if ever encrypted. I never use my devices to make purchases unless I am on my home network and I rarely use them to do that. I prefer to use my desktop computer for online purchases.
I learned that tablets and smartphones have increasingly been the target of attackers. This can be done through an infected app, downloading from an unofficial app store, connection to another computer, email attachments, and attacks through networks. To make my smartphone more secure, I installed an anti-virus software which includes settings for remotely wiping the contents of the device if is lost or stolen. I have not installed anti-virus on my tablet but I will be looking into this very soon. I don't use my tablet to check my email like I do with my smartphone. I also learned that by disabling Bluetooth on my smartphone and tablet that it will prevent bluesnarfing. Bluesnarfing is an attack that accesses unauthorized information from a wireless device through a bluetooth connection.
Sunday, November 24, 2013
Monday, November 18, 2013
Chapter 4 Internet Security
Chapter 4 discusses the various security risks that users face from using the internet. While there are a plethora of risks, I will discuss what stood out for me from reading the chapter.
One of the security risks is what is called 'drive-by downloads'. I know enough not to download suspicious software but I had no idea that just by viewing a website that I could become infected with malware. I learned that CNET.com, ABC News' homepage, and Walmart.com have all at one time or another been infected with drive-by download malware. So, just by visiting a well-known and trusted website I could become infected with malware which will (if all works according to the attacker's plan) automatically download, install and execute on my computer without my knowledge. One way to defend yourself against this attack is to set up browser security zones which can be found in the Internet Explorer's web browser. I use Firefox which doesn't use security zones, however I also use Norton's Security Suite which does have other security settings for browsing safely. One of the assignments this week was to use IE to create security zones for web surfing and to place the sites that I visit into the zones. It was easy enough to do but I didn't see much difference whether I used them or not. Perhaps I don't fully understand how it works, or perhaps it's just not 'all that'? While I love all the security settings found in IE, I just don't care for the browser so I rarely use it.
Another type of attack comes from what is called mobile code. I have heard of JavaScript, Java and ActiveX but I did not know these types of programming instructions is called mobile code. I learned that you can disable these codes from running by disabling them in the browser settings but if you do that, some pages may not look right or function the way it was designed. The text says you can restrict mobile code so that it must prompt the user before the code runs...I like that idea.
One of the more common ways to become a victim of an internet attack is through email which includes spam, malicious attachments, and embedded hyperlinks. Embedded hyperlinks are used to "trick" users to the attacker's website. Easily done since all that is needed is a hyperlink that displays words instead of the URL which is embedded within the text. I personally use a spam filter in my email and I know my ISP also stops spam from reaching my computer. Most of the so called spam that makes it through isn't actually spam...they're legitimate emails that I signed up to receive from websites that I trust! The true spam gets deleted immediately or added to the block list. I wasn't aware that using the reading pane is a way to safely view message because malicious scripts and attachments are not activated or opened automatically in the reading pane. I have always disabled the reading pane simply because I never like the way it took up extra space or the way it looks, however, after learning how it's a way to defend against attacks, I will begin using that feature.
One of the security risks is what is called 'drive-by downloads'. I know enough not to download suspicious software but I had no idea that just by viewing a website that I could become infected with malware. I learned that CNET.com, ABC News' homepage, and Walmart.com have all at one time or another been infected with drive-by download malware. So, just by visiting a well-known and trusted website I could become infected with malware which will (if all works according to the attacker's plan) automatically download, install and execute on my computer without my knowledge. One way to defend yourself against this attack is to set up browser security zones which can be found in the Internet Explorer's web browser. I use Firefox which doesn't use security zones, however I also use Norton's Security Suite which does have other security settings for browsing safely. One of the assignments this week was to use IE to create security zones for web surfing and to place the sites that I visit into the zones. It was easy enough to do but I didn't see much difference whether I used them or not. Perhaps I don't fully understand how it works, or perhaps it's just not 'all that'? While I love all the security settings found in IE, I just don't care for the browser so I rarely use it.
Another type of attack comes from what is called mobile code. I have heard of JavaScript, Java and ActiveX but I did not know these types of programming instructions is called mobile code. I learned that you can disable these codes from running by disabling them in the browser settings but if you do that, some pages may not look right or function the way it was designed. The text says you can restrict mobile code so that it must prompt the user before the code runs...I like that idea.
One of the more common ways to become a victim of an internet attack is through email which includes spam, malicious attachments, and embedded hyperlinks. Embedded hyperlinks are used to "trick" users to the attacker's website. Easily done since all that is needed is a hyperlink that displays words instead of the URL which is embedded within the text. I personally use a spam filter in my email and I know my ISP also stops spam from reaching my computer. Most of the so called spam that makes it through isn't actually spam...they're legitimate emails that I signed up to receive from websites that I trust! The true spam gets deleted immediately or added to the block list. I wasn't aware that using the reading pane is a way to safely view message because malicious scripts and attachments are not activated or opened automatically in the reading pane. I have always disabled the reading pane simply because I never like the way it took up extra space or the way it looks, however, after learning how it's a way to defend against attacks, I will begin using that feature.
Monday, November 11, 2013
Chapter 3 Computer Security
Chapter three was very interesting and informative. One can never read or learn enough when it comes to computer security, preventing viruses and a host of other types of attacks against personal computers. Of course I knew about viruses, worms, malware, spyware, etc. I learned there are two types of Malware: viruses and worms. I also learned that there are several ways a virus can infect one's computer: appender infection, swiss cheese infection, program virus, macro virus. I am more familiar with the program virus which is a virus that infects a program's executable file. Likewise, I've heard much about the macro virus. About 18 months ago I started having problems with my computer after I opened an email from a trusted friend sharing files that were of interest to me that were originally downloaded using a torrent website . When I tried to run the executable for the first file, I got a warning that proceeding could seriously harm my computer. I didn't 'listen' and proceeded with the install. I immediately starting having hard disk errors and random reboots which quickly became worse to the point where I ended backing up my data and replacing the drive. This was after I tried all the various ways to repair the disk by running disk defrag, check disk, disk clean up etc. Check disk found errors that it could not repair. I also ran a Seagate utility that could not read my disk, so that wasn't a good sign (the hard drive was a Seagate model). My class instructor at the time this happened suspected malware caused this and there wasn't much I could do to save the drive as I did everything I could. Meanwhile, I learned a valuable lesson and will never again ignore any pop up warnings in the future.
One of the types of malware that concerns me more than others is the rootkit. The textbook describes this as a set of software tools that an attacker uses to hide the actions or the presence of other types of malware. The textbook says that the user and the operating system do not know that it is being compromised and is carrying out what it thinks are valid commands. In other words, it gains administrative access to the computer. What the heck? How do you detect such a thing? One of the projects assigned this week was to scan for rootkits. I downloaded, installed, and ran a program called Kasperksy's TDSSKiller. The program did not detect any rootkit threats which is good, but what if it did? I shudder to think about that. I guess if it ever does happen, I'll cross that bridge if I need to. The internet is full of advice on how to remove a rootkit from a Windows system.
Another project assigned to our class was to create a disk image backup. This is one of the best defenses against attacks. I have been meaning to purchase an external hard drive for the longest time but kept putting it off. I backed up data files to DVDs, CDs, and flash drives, but never have I created a disk image to restore Windows should some moron manage to infect and wreak havoc on my system. Soooo, I went out and bought an external drive and am so glad I did! After I created the disk image backup, I felt as if a brick has been lifted from my shoulders. I can now run regular backups and have plenty of space on the device to do this for years (providing the device does not stop working or become damaged of course). I have a point of restoration that I can trust should something bad happen...but hope I never have to use it. In addition to this type of defense I also stay current with Windows security patches, run a program called Malwarebytes on my computer in addition to Norton's Security Suite which includes a firewall, antivirus, etc. Windows, Malwarebytes, and Nortons are each set up to automatically download, and install all updates. Next week's chapter is Internet Security. Looking forward to learning about this.
Monday, November 4, 2013
Chapter 2 Personal Security
This week’s chapter was about personal security. The chapter started out with a discussion about passwords. Passwords are subject to a variety of attacks. Most of us have multiple passwords for a variety of online accounts ranging from email, social networking sites, financial sites, work, etc. It is difficult to remember and keep up with the growing list let alone trying to make them strong and safe to use. I know what makes a strong password but I am guilty of not following all of the recommendations to make them stronger and more secure. One of the projects assigned this week to our class was to test three different passwords using three different online password testing services. Generally my passwords are strong but they could and should be made stronger by adding a variety of symbols. Another assigned project involved speaking with three of my friends about their passwords and to try and convince them to make them stronger. All three agreed with me but were reluctant to mess with what works for them. At least one of my friends regularly changes her password to her email every month. This is a result of her account being hacked into and used maliciously by the attacker. However by changing her password so frequently is in fact one of the ways to keep her email account safe. None of my friends were interested in using a password management tool for the reason that they do not trust them. I have to agree with this since it seems risky to keep your passwords online … if an attacker can hack into the United States Government’s website, then how on earth can I trust a password management tool to keep my passwords guarded and safe?
I learned about Social Engineering attacks which doesn’t rely on technology but instead relies on gathering information for an attack by manipulation and psychological approaches. Examples would be asking for small bits of information from several people about one person…not too much to draw attention or suspicion. Using flattery to ‘soften’ up the person to gain their confidence in order to gain the information sought. Playing dumb can also be a way to gather information and to gain the trust of the person. Usually when someone asks me about someone else, I turn the tables and play dumb claiming I do not know. I’m instantly suspicious anytime someone asks me something out of the clear blue sky OR asks a family member something ‘odd’ in my presence. I cannot tell you how many times the family member freely gives away information without thinking! After it’s said and done, I confront this family member with what they did and they’re always surprised. I’ve asked them to be less trusting and to give away nothing to people whom they are not close with.
I’ve heard of impersonation, phishing, and hoaxes. I wasn’t aware of the variety of phishing attacks, but I never open any email I wasn’t expecting and have turned in what appeared to be phishing emails to eBay in the past. I just talked to my husband regarding the shoulder surfing method of someone trying to get your ATM pin number. I’ve asked him to immediately stop what he’s doing at these machines if there is anyone behind him. Let them go first and move in to do his transaction later. Likewise, there is no way shoulder surfing is going to happen with me!! I’ll turn around and ask the person if they would like to go first and then move out of their way. Identity theft is a big concern of mine. It has happened to one of my friends but it was caught very quickly and nipped in the bud before too much damage happened. Avoiding identity theft requires some common sense such as shredding financial documents, don’t carry your social security number in a wallet or write it anywhere (like on a check), don’t give personal info over the phone or by email, keep personal info in a secure location, be alert to any unusual activity with any of your financial accounts. All of these steps I do practice, but one must not become complacent! It requires constant monitoring and acting right away when something doesn’t appear as it should.
Subscribe to:
Comments (Atom)