Risky Business & What Can We Do About It?

In this round of learning the main focus was on keeping your computer and information safe while on the internet.

For me, there were three main points that I came away with from the readings and lectures. Always use some form of anti-virus software, keep everything up to date with current security patches and software updates, and probably one of the most important ones, and always keep your anti-virus software up to date with the latest virus definition file. One thing about all three of these points is to update and/or patch software as soon it is available. If you do not have Windows set to update automatically, I highly suggest that change your settings. Microsoft is constantly putting updates out there to patch security holes almost as soon as they find out about them.

Since learning about all the different ways hackers can gain access to your computer without you even knowing they are there is scary. There are a few telltale signs that something is going on. Your computer starts to boot really slow all of sudden. It starts running extremely slow. Programs you don’t recognize start showing up in your task manager sometimes. There are some more devious programmers out there that have it so their programs do not show up in the task manager.

Wireless networks are some of the easiest ways for a criminal to gain access to your system, mainly because not many people properly secure their networks. One thing you can do is enable your security features, either through your operating system, or through your router, if you have one. I use a router and have my security turned on. Oh and also, DO NOT FORGET to change the login and password for your router. All routers of the same brands use the same default login and password. So if you do not change it, you are leaving your system that much more open for attack. Here is a screen shot of my security:

As you can see I use WPA Personal with TKIP encryption. I blanked out my network name for security reasons.

Here is some information that you might find interesting to know. It is actually safer to use your credit card online than it is to use it in most retail outlets. The reason being is that most stores have not upgraded to the newer WPA security, they are still using WEP to “secure” their networks. I found out that by downloading some free software from the internet and setting up a laptop with Linux and the free software, that I will not mention, I was able to go out and do some war driving. What I found was that stores that have been around for many years were still using WEP, and I was able to get in to their systems. Now the newer stores that have built their own buildings, within the last 5 years or so, are using WPA and I was not able to get in. I drove all over the Boulevard and Sheridan Drive area. I was really amazed at the information that is obtainable. Stores that when you talk to them over the phone make you think that their system is completely safe and that customer data is not stored on the same network. I found out otherwise, the data was actually saved on the network. Now I am not about to name the franchise, because I do not want any legal type backlash, but I would think twice before using credit at the store. I will be using cash whenever possible now.

When you shop online, you are using a secure network, locked down with WPA and all the latest software, plus whatever security measures you have in place. Now that doesn’t mean that just because you have all this security in place that you can never be hacked. There are always people out in the world that are finding ways to get around the latest and greatest security measures that are currently in place. Having the security in place greatly decreases the chances of someone gaining unlawful entry into your network.

People need to realize that using some else’s wireless connection, even if it is just to use the internet to check email, is the same as splicing into your neighbors cable just to watch TV for free. It is considered “Theft of Services” and comes with some jail time and hefty fines.

Information Security Awareness Contest

Educause Poster and Video Contest for 2011!

I would like to start out by introducing everyone to the Educause Poster and Video Contest for 2011. I feel the best way to describe what it is about is a screen capture from their website.

The website is: http://www.educause.edu/SecurityVideoContest2011

The topics for the contest are as follows:

Ideas for topics include, but are not limited, to:

• Computer security
• Antimalware (antivirus/antispyware) software
• Botnets
• Firewalls
• Operating system updates
• Software/application updates
• Cybersafety/staying safe online
• Cyberbullying
• Cybercrime (e.g., denial of service, extortion, identity theft, or web defacement)
• Phishing
• Protecting yourself online and safe social networking
• Passwords and passphrases
• Physical security
• Securing access to sensitive, nondigital information
• Securing equipment that is either valuable or contains sensitive information (or both)
• Social engineering
• Safeguarding data/information
• Encrypting files/e-mails with sensitive data
• Why encrypt e-mail?
• Protecting confidentiality, integrity, and availability of data
• Security of wireless/mobile devices
• Security risks of peer-to-peer (P2P) file sharing

A strong supporter of Educause and the contest is CyberWatch. The ultimate goal for CyberWatch is “to improve information assurance education at all levels: high school, associate, baccalaureate, and advanced degree levels.”

Here is a screen capture from CyberWatch explaining the mission, vision, and goals of the organization.

CyberWatch has a great slide show overview in PDF format that explains a lot as well. You will need the Adobe Acrobat Reader, found HERE. I suggest that everyone get involved with CyberWatch and become a registered member. It is FREE and easy!!!

My partner and I have been looking into Wireless/Mobile Security combined with Safeguarding Data/Information for the contest. One source I found particularly interesting was:

Debbah, Merouane, et al. "Wireless physical layer security." EURASIP Journal on Wireless Communications and Networking (2009). Academic OneFile. Web. 14 Nov. 2010.

Document URLhttp://find.galegroup.com/gtx/infomark.do?&contentSet=IAC-Documents&type=retrieve&tabID=T002&prodId=AONE&docId=A234053592&source=gale&userGroupName=niagara_main&version=1.0

You may not be able to follow the above link unless you have access to Niagara County Community Collage’s library online so that is why I supplied the original source of the information.

Merouane Debbah presents a technical write up explaining wireless physical layer security. There is a lot of technical verbage in this paper so you will want a dictionary handy if you are not familiar with some of the technical language involved.

So get inspired and enter the contest, and do not forget to become a member of CyberWatch!!!!!!!!!

Don’t Threaten Me!

Computer virus – what are they, how do we get them, and how do we rid ourselves of them?

This module was interesting learning about computer viruses and how they work. There is a great article on this topic on the website HowStuffWorks. It is amazing how such a simple program can cause so much damage.

Then we moved on to learning about botnets or zombie armies, which ever name you prefer to call them. It appears that just having your computer connected to the internet unprotected can have an ill effect upon you and millions of others. Here is a great article about this from the NY Times.

The third part of this module was learning how a hacker works. What are the tools that a hacker uses? There is another great article on this from HowStuffWorks. There is also a video that goes with this and I am only sharing this because there is some good that can come from it. I DO NOT encourage any illicit or illegal behavior by watching this video.

Finally we looked at fixing a zombie computer. Unfortunately the best fix is a complete system wipe and restorations. Basically this means format your hard drive and start from scratch re-installing all your software. Your computer will basically be back to factory original. Once again HowStuffWorks has a great article on this.

Let us start out by defining a computer virus. What is it? According to the website HowStuffWorks, here are some definitions of viruses, trojans, and worms:

­­When you listen to the news, you hear about many different forms of electronic infection. The most common are:

·         Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

·         E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson].

·         Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

·         Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

Now that we have that out of the way, we should move on to how we get these vicious programs on our computers. Here is a short video demonstrating how email can be used against you and what to watch out for.

I currently use four different anti-virus programs. I don’t advise doing this, because it took me the better part of a week to get all four programs to play nice together and not delete each other. I am using the currently ranked top four free apps.

1.     Avast!

2.     Avira AntiVir Personal

3.     AVG Anti-Virus

4.     Microsoft Security Essentials

If you are unfortunate enough to acquire a virus of any kind on your computer and are not successful at eradicating it from your system you may have one last option before formatting your hard drive and starting over from scratch. That option is System Restore. Using system restore you can turn back time so to speak. You can restore your computer to a previous state from the past at a point in time that you are positive that your computer did not have the virus on it. I am using Vista so after performing a right mouse button click and selecting properties, the following window appears. I then clicked on System Protection which opened up a new window called System Properties with the System protection Tab visible. Next i clicked on System Restore button to topen the System Restore window. Here are the options for my computer to restore it to a previous good state. I can not show any other windows beyond this because i do not want to lose everything that I currently do not have backed up at this point.