Secure Design Principles CSC 482/582: Computer SecuritySlide #1.
03 secure the computer
53
Copyright © 2014 CyberSecurity Malaysia Secure the Computer
-
Upload
ministry-of-education-malaysia -
Category
Internet
-
view
110 -
download
0
Transcript of 03 secure the computer
Copyright © 2014 CyberSecurity Malaysia
Secure the Computer
2
Nowadays, everyone has computers, digitaldata, online identity and account credentials.Not everyone is serious about security.
But malicious hackers are constantly looking forweaknesses of their prey in order tosuccessfully execute their malicious activities onthe internet.
In this session, we’ll examine our commonmistakes and how hackers exploit that mistakes.
Let us think likes HACKERS!
Introduction
3
Goals
Hackers’ PerspectiveHackers are constantly finding for theweakness of each components toensure the success of malicious attack
Users’ PerspectiveMost users are more focused on howto use computer to do their daily tasksbut not so much about their security
Copyright © 2014 CyberSecurity Malaysia
4
Objectives
Windows Logon
Password
Antivirus Software
Operating System
Application
Patches Update
Internet Access
Networking Devices
External Devices
Online Surfing
Copyright © 2014 CyberSecurity Malaysia
5
1) Windows Logon
Windows Logon Logon Screen Screen Saver User Management
Copyright © 2014 CyberSecurity Malaysia
6
Logon Screen
Copyright © 2014 CyberSecurity Malaysia
7
Password Protected Screen Saver
Copyright © 2014 CyberSecurity Malaysia
8
Access Control
Work-Related Information
company information
(structure, process, systems)
corporate email
business applications access
business servers access
business documents
customer information
vendor information
Personal-Related Information
personal information
personal emails
online banking
social networking
personal documents
personal photos
your dirty little secrets
Copyright © 2011 CyberSecurity Malaysia 9
Software Keylogger
The Keylogger allows you to secretly track all activities from all computer users and automatically receive logs to a desire e-mail
10
User Management
11
2) Password
Password Password Strength Managing Accounts Managing Password
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 12
Password Strength
https://www.microsoft.com/security/pc-security/password-checker.aspx
13
Managing AccountsDON’T USE SAME
UsernamePassword
Copyright © 2014 CyberSecurity Malaysia
Avoid creating passwords that use:
Dictionary words in any language.
Words spelled backwards, common misspellings, and abbreviations.
Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
Personal information. Your name, birthday, driver's license, passport number, or similar information.
14
Managing Password
Copyright © 2014 CyberSecurity Malaysia
15
Dangerous Password
16
3) Antivirus Software
Antivirus Software Antivirus Categories Online Scanner Signature Updates
Copyright © 2014 CyberSecurity Malaysia
17
Antivirus Categories
Free Edition Antivirus
Commercial Antivirus
Online Scanner
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 18
Antivirus Comparatives
http://www.av-comparatives.org/
Copyright © 2011 CyberSecurity Malaysia 19
Online Scanner
Copyright © 2011 CyberSecurity Malaysia 20
Windows Security Center
Windows Start > Control Panel > Security > Check this computer’s security status
21
Signature Updates
Virus Definition
Computer
Copyright © 2014 CyberSecurity Malaysia
22
4) Operating System
Operating System Service Pack Validate Win & Office Microsoft Support
Copyright © 2014 CyberSecurity Malaysia
23
Service Pack
http://windows.microsoft.com/en-US/windows/downloads/service-packs
Copyright © 2014 CyberSecurity Malaysia
24
Validate Windows and Office
http://www.microsoft.com/genuine/validate/
Copyright © 2014 CyberSecurity Malaysia
25
Microsoft Fix it
http://support.microsoft.com/fixit/
Copyright © 2014 CyberSecurity Malaysia
26
Microsoft Product Lifecycle
http://support.microsoft.com/gp/lifeselect
Copyright © 2014 CyberSecurity Malaysia
27
5) Application
Application Paid Application Cracked Application Malicious Application
Copyright © 2014 CyberSecurity Malaysia
28
Paid Application
Copyright © 2014 CyberSecurity Malaysia
29
Cracked Application
Copyright © 2014 CyberSecurity Malaysia
30
Rogue Antivirus
Copyright © 2014 CyberSecurity Malaysia
31
Potentially Unwanted Program
Copyright © 2014 CyberSecurity Malaysia
32
6) Patches Updates
Patches Updates Service Pack Windows Updates Third Party Updates
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 33
Microsoft Download Center
http://www.microsoft.com/download/en/default.aspx
34
Windows Updates
Copyright © 2011 CyberSecurity Malaysia 35
Third Party Updates
http://secunia.com/vulnerability_scanning/personal/
36
7) Internet Access
Internet Access Wired Network Wireless Network Other Computer
Copyright © 2014 CyberSecurity Malaysia
37
Wired Network
REMOTE CODE EXECUTION
VIRUS & MALWARE
WEB APP ATTACKS
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 38
Wireless Network
39
8) Networking Devices
Networking Devices Microsoft Keyboard Webcam
Copyright © 2014 CyberSecurity Malaysia
40
Wireless Microsoft Keyboard
https://www.dreamlab.net/files/articles/27_Mhz_keyboard_insecurities.pdf
The team of Dreamlab Technologies has hacked two wireless keyboards fromMicrosoft. Dreamlab warns that it is possible to “sniff” the keyboard strokes -possible to capture and decrypt keystrokes - user names, passwords, bankdetails or confidential correspondence can be very easily copied.
Copyright © 2014 CyberSecurity Malaysia
41
Webcam
Webcam
Copyright © 2014 CyberSecurity Malaysia
42
9) External Devices
External Devices Thumb Drive External HD CD/DVD
Copyright © 2014 CyberSecurity Malaysia
43
AutoPlay
Copyright © 2014 CyberSecurity Malaysia
44
10) Online Surfing
Online Surfing Browser Malicious website Phishing website
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 45
Web Browser
Copyright © 2011 CyberSecurity Malaysia 46
Browser Preferences
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia 47
Clear Browsing Data
48
Malicious Website
Copyright © 2011 CyberSecurity Malaysia 49
Phishing Attacks
50
Check the Suspicious Website
Copyright © 2014 CyberSecurity Malaysia
51
Summary
Windows Logon
Password
Antivirus Software
Operating System
Application
Patches Update
Internet Access
Networking Devices
External Devices
Online Surfing
Act Now!
Copyright © 2014 CyberSecurity Malaysia
52
Action Time!
“If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology”- Bruce Schneier
Netbook Laptop Desktop
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2013 CyberSecurity Malaysia 53
