Common Sense Computing

SAFE & SECURE COMPUTING IN TODAY'S WORLD BY PAUL DEL ROSSI, PRESIDENT & CHIEF CONSULTANT PDR SYSTEMS, LLC – 9/10/16 (610) 761-7969, DELROSSI@VOICENET.COM

©2016 PDR SYSTEMS – PAUL DEL ROSSI

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Overview - Threats

• 10 Most Common Security Threats Explained 1. Malware

2. Computer Virus

3. Rogue Security Software

4. Trojan Horse

5. Malicious Spyware

6. Computer Worm

7. Botnet

8. Spam

9. Phishing

10. Rootkit Source: http://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-explained

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Overview - Tips

• 10 Safe Computing Tips 1. Patch, Patch, PATCH!

2. Install Protective Software

3. Choose Strong Passwords

4. Backup, Backup, BACKUP!

5. Control Access To Your Machine

6. Use eMail And The Internet SAFELY!

7. Use Secure Connections Wherever Possible

8. Protect Sensitive Data

9. Use Desktop Firewalls

10. Most Importantly, Stay Informed Source: https://ist.mit.edu/security/tips

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Threats Explained - Malware

• 1. Malware • Short for "Malicious Software" • Wikipedia: "variety of forms of hostile, intrusive, or annoying software or

program code" • Any one of the following that are defined later in this presentation

• Computer Viruses

• Rogue Security Software

• Trojan Horses

• Malicious Spyware

• Computer Worm

• Botnet, Spam, Phishing

• Malicious Rootkits

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Threats Explained - Virus

• 2. Computer Virus • Small piece of software installed on your Computer that can spread from

one infected computer to another. • Corrupts, steals, or deletes data on your computer • Can erase the entire Hard Drive! • Not to be underestimated • Can use other programs on your Computer like email to spread itself to

your Computer OR others on your Contact List!

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Threats Explained – Rogue Security SFW• 3. Rogue Security Software

• Also called "Scareware" • Popup window with a Security Update or Alert! • Popup appears legitimate, asks the user to click on links to install the

"update" or "remove" the Malware • If NOT from your installed Security Software it's designed to lure you into

clicking and downloading Malware • Microsoft link to description of Scareware

• https://www.microsoft.com/en-us/safety/pc-security/antivirus-rogue.aspx

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Threats Explained – Trojan Horse

• 4. Trojan Horse • Can come from an application thought to be legitimate that was

downloaded and installed • Once inside your computer it can:

• Record Passwords

• Log Keystrokes

• Hijack webcam to watch your every move

• Obtain bank account numbers, passwords

• Facilitate Fraud attacks on Computer User

• Feb 2010 Study of 500 small businesses – 55% experienced Fraud attacks • http://guardiananalytics.com/mobile-banking-fraud-trends/

• Key feature – Remain UN-DETECTED!

©2016 PD

R Systems – Pa

ul Del Rossi

Common Sense Computing Threats Explained – Malicious Spyware

• 5. Malicious Spyware • Trojan Horse created by Cybercriminals to spy on victims • Key Logger

• Records EVERY keystroke made by user at his/her computer

• Information periodically sent back to Cybercriminals over Internet

• Software is widely available and marketed to: • Parents

• Businesses

• Anyone that wants to monitor kids/employees Internet Usage

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Threats Explained - Worms

• 6. Computer Worms • Software that copies itself from one computer to another w/o human

interaction • Replicates with great volume and speed

• Frequently uses your contact list and your contacts contact lists!

• Overnight, can infect computers across the globe as fast as a user can turn on their computer and open their email

• Example: Confiker worm (aka Downadup) infected 8.9 million computers worldwide in just 4 days!

• Only defenses are to not get infection and/or stop proliferation

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Threats Explained - Botnet

• 7. Botnet • Group of computers connected to Internet that are compromised with a

virus or Trojan horse • Zombie Computers

• Botnet commanded by "bot herder" or "bot master" • Distributes SPAM

• Coordinates denial-of-service (DoS) attack • DoS attack brings down a web server

• Overloads web server with access requests

• Google & Twitter have been victims of DoS attacks

• No web server is immune

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Threats Explained - SPAM

• 8. SPAM • eMail SPAM – unwanted messages in your email inbox • Electronic Junk mail is a nuisance • Takes up useful space on email server • CAN be harmless • CAN contain links that if clicked on will install malicious software on your

computer • Source of terminology – Monty Python sketch – SPAM, SPAM SPAM, SPAM,

SPAM, SPAMMITY SPAM, SPAMMITY SPAM……. • https://youtu.be/cFrtpT1mKy8

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Threats Explained - Phishing

• 9. Phishing • Fraudulent attempts by cybercriminals to obtain private information • Frequently appear as email messages that appear to be from a legitimate

source, e.g. Banks, email service provider, Retailers, Amazon, Google, etc. • Pretends to require you to click on a link due to some update in progress

and you need to verify your account information and password details • Easy to spot if you mouse over the link and check where the underlying link

goes. • NEVER respond to this type of request!

• IF you think the request MAY be valid go directly to the website in a browser and see if you get the same message when you login.

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Threats Explained - Rootkit

• 10. Rootkit • Definition: A collection of tools that are used to obtain administrator-level

access to a computer or network of computers • Could be installed by a Cybercriminal exploiting a security hole or

vulnerability • Spyware that contains monitors and keystroke recorders

• 2005 notoriety – Sony BMG Music Entertainment copy protection tool • Secretly installed a rootkit when users copied the CD onto their computers

• COULD allow a hacker to gain and maintain control of your system and you wouldn't know it – Bruce Schneier

• Additional reading about Security Threats can be found at Cisco 3Q10 Global Threat Report: http://www.cisco.com/c/dam/en/us/products/collateral/security/3q10_cisco_threat.pdf

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Patch, Patch

• 1. Patch, Patch, Patch • Turn on Automatic Software Updates • Turn on Automatic Operating System Updates • Unpatched machines have more software vulnerabilities that can be

exploited • Software and Operating System manufacturers issue patch updates to

guard against vulnerabilities and correct small function problems in between larger upgrade releases

• DON'T GO CRAZY HERE! • Set your Automatic Updates to NOTIFY you of an update that needs to be

downloaded and installed

• Some updates can take a long time to download and install and you want to control that to be a time when you don't need to use your computer!

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Protective SFW

• 2. Install Protective Software • Free Antivirus – Avast, Malwarebytes, Sophos, Bitdefender, Avira,

Webroot, Trend Micro • All don't require subscriptions for virus definition updates

• Most installations try to "up sell" other products so be careful to read all dialog boxes that pop up during installation

• Set Software to scan most vulnerable areas • Emails, email attachments, browser usage

• In 10+ years of exclusive MAC usage I have not had, or seen, one virus infection. In 30+ years of Windows usage I've seen numerous virus infections of my own and others. Main reason for difference: Admin credentials required for ALL SFW installs on MAC OS X, and now Windows

• Alternative: Use Virtual Machine for vulnerable activity – email, browsing

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Strong PWs

• 3. Use Strong Passwords • More about this later today in Mike Inskeep's presentation on 1Password • Criminal Computer Forensics use brute force "attacks" to crack into a

criminal's computer, phone, tablet. Hackers use the same technique(s) • Your passwords should have NOTHING to do with your personal life or the lives

of those closest to you!

• Use Letters, Capitalization, Numbers & Special Characters • My favorite method: Common item from your kitchen + Common item

from your garage + your favorite number + a special character. Then variations • Example: KeurigShovel57!

• Variation with 0s for Os and/or 3s for Es and/or 1s for Is and/or more numbers: • K3ur1g57Sh0v3l57! – Virtually un-crackable!

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Strong PWs

• 3. Strong Passwords – Continued • Tip from a teacher friend of mine for a Unique Password for EVERY

website you visit! Append the name of the website to the end of the Password!

• For Example: KeurigShovel57!_Amazon, KeurigShovel57!_Google, etc… • Simple to remember

• Virtual un-crackable

• Unique to every website you visit, if one is compromised ( very unlikely ) the others are still OK.

• IMPORTANT NOTE: Make sure that the passwords that you use for banking and other financial affairs are TOTALLY DIFFERENT than the ones that you use for email, browsing and gaining access to other websites

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Backup, BU

• 4. Backup, Backup, Backup • Rule #1: Backing up your machine will protect you from the unexpected • Rule #2: The unexpected WILL happen • Question: How often should I backup my machine?

• Answer: How much work are you willing to redo?

• Keep a few months of backups, ideally offsite from your machine • The worst disaster is a fire. Your machine is easily replaced but, your

information is not

• Time Machine with an external drive is ideal for everyday use. The only thing missing is offsite storage.

• Consider organizing ALL your documents in one main directory and backing them up to the cloud

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Backup, BU

• 4. Backup, Backup, Backup – Continued • Have a Backup Plan

• You need access to backups to corrupted or accidentally deleted files

• You need to do full restore in case of a HDD failure, Virus infection or fire

• Types of Backups • Full Backup – Total backup of your machine, Pro: All your current data is saved,

Con: Takes a long time and you can' the use your machine as it backs up

• Incremental Backup – Backs up all CHANGES since your last Total Backup OR Incremental Backup, Pro: it's fast and doesn't interfere (much) with the use of your machine, Con: Full Restore requires last Total Backup and ALL Incrementals since. Full Restore takes longer but, not usually an issue

• Differential Backup – Backups up all CHANGES since your last Total Backup, Pro: only need last Total Backup and latest Differential Backup to Restore, Con: as Differentials "pile up" between Full Backups Differentials take longer and interfere with the use of your machine.

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Control!

• 5. Control Your Machine! • Use Password access to ALL your devices EVEN if you are the only one

that uses it like your Tablet or Phone or Notebook • Never leave a device unattended and logged on in a public place • Physical Security is JUST as important as your technical security • Given enough time with your machine and the right "attack" software

and ANY person can hack into your machine.

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Email & Inet

• 6. Use email and the Internet Safely • Ignore unsolicited emails no matter how enticing

• If you are REALLY interested go to a browser and MANUALLY type in the address of the site of interest

• NEVER, NEVER, NEVER click on a link or attachment in an email that is not FOR SURE from someone you know and about something that you expect! • This is THE MOST common way to inadvertently download a Trojan horse or

other malware • NEVER click a link or open an attachment EVEN FROM A FRIEND that

looks "phishy". This especially applies to emails, supposedly, from eBay, your Bank, or any other financial institution that is about your account and your private information. • To check it out for real go to a browser and enter the REAL address of the site

and see if there is an issue with your Account

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Email & Inet

• 6. Use email and the Internet Safely – Continued • EVEN for links that look SAFE in an email from a friend or on a webpage

you can mouse over the link or tap-hold (on tablet) and see the link before you go to it. • My Rule-Of-Thumb for safety is if the REAL address in the link looks like

something I can read and is normal I MAY click. I won't click on ANY shortened links, these have been a boon to Cyber Criminals!

• Don't forget that your Friend's email may have been hacked and the Virus in it may be trying to replicate itself. ALMOST all emails of this type look "off" in some way if you take the time to look at them closely

• BEWARE of emails and websites that LOOK like the real site and ask for your login or other personal information. You can ONLY be sure you went to the correct website if you typed the link in yourself.

• AGAIN: Consider doing all email and browsing from a Virtual Machine!

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Email & Inet

• 6. Use email and the Internet Safely – Continued • Virtual Machines - http://www.digitaltrends.com/computing/best-virtual-machine-apps-for-mac-

linux-and-windows-pcs/

• VMWare – Free - $250 • In Business since 1998, Professional user grade

• Virtual Box – Free • Lean software, best of the free versions

• Parallels - $80 for Desktop 11 • Great overall and supports Retinal Displays

• QEMU - Free • Open Source, targeted to small VMs that fit on a Flashdrive

• Boot Camp – Free • Not a VM, provides dual boot capability

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Secure Conn

• 7. Use Secure Connections • Data can be vulnerable in transit • Remote Connectivity

• TeamViewer – My personal favorite - Free • Designed for Tech Support it also provides remote control login that is unattended

• Great for showing someone how to do something with out making the physical trip

• Apple Remote Desktop - $79.99 – Geared more towards professional support

• Secure File Transfer Options • Finder, Forklift and other File Managers have FTP and SFTP (Secure File Transfer

Protocol) tools for safe data transfer

• TeamViewer has an FTP tool for file transfers

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Protect Data

• 8. Protect Sensitive Data • Reduce the risk of Identity theft • Securely remove (Wipe) sensitive data files from your HDD and/or

encrypt their storage on your machine. • Store your passwords and other sensitive personal information on your

phone, with a login, and ONLY sync to iTunes and NOT the cloud. • Encrypt your phone/tablet backups to iTunes. This will securely store and save

your sensitive data on your main machine in case of the loss of your phone or tablet.

• Install Find My iPhone on your mobile machines – provides location if lost/stolen and remote data wiping capabilities

• Backup your working documents to the Cloud for safe keeping and ease of access.

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Use Firewalls

• 9. Use Desktop Firewalls • Make sure you are using the firewall on your LAN (Local Area Network)

especially for your WiFi • Use password for WPA2 Access • Consider setting up MAC Address Filtering – It's more work but, more secure

• Each network Card has a MAC address and your can DENY ALL on your network EXCEPT those you manually put in a list yourself.

• Turn on and use the internal Mac OS X firewall and checkout the advanced options.

• There is no firewall for iOS devices • Historically phones & tablets are not "high return" targets for criminals but, that

may be changing as the landscape of devices we are all using changes

• Like all things in life, when properly set up a firewall will protect your computer files from unwanted access from the outside world. Consult a professional if you need assistance.

©2016 PD

R Systems – Pa

ul Del Rossi

Commons Sense Computing Safe Computing Tips – Stay Informed

• 10. Most importantly, stay informed • Stay current with the latest developments AND vulnerabilities for MAC,

Windows, Linux and UNIX. MAC is highly modified Linux and a core vulnerability could propagate down to MAC OS X .

• Continue to attend this MLMUG for the latest information

• To REPEAT: • Use common sense with using email and the Internet as discussed here

and you should be able to enjoy a long time of trouble free computing day

• And don't forget to BACKUP, BACKUP, BACKUP! :-)