Transcript Wild West! No Borders!

Computer Security
Major Security and Privacy Threats
Using The Internet At Home
Computer Security at Home
Slide 1
Agenda
• What is the Internet?
• Identity and Social Engineering
• Malware – what is it?
• Online Banking
• Actions you can take to protect yourself
• Online Resources
• Your turn!
Computer Security at Home
Slide 2
What Is The “Internet”?
“Global system of interconnected networks”
Each network is operated by individual entities
• Only connections are managed
• The rest is NOT managed
– Wild West! No Borders!
• Tool for communication
– Makes it easier
– Makes it faster
– Makes it cheaper
Computer Security at Home
Slide 3
“Identity” is Never Guaranteed
Computer Security at Home
Slide 4
Social Engineering
“If it sounds too good to be true, it probably is”
Manipulating people into performing an action
• Phone calls from the “security department”
• Clicking on links and attachments
– Email, web sites, twitter, MSN, …
• Lost USB sticks
• Software “updates”
• Nigerian “419” scams
• Requests for help from friends overseas
Computer Security at Home
Slide 5
Malware
Also known as Virus, Worm, Trojan Horse,
Adware, Spyware, Scareware, Pestware,
Crimeware, Rootkit
• Downloading software from the Internet
• Sharing USB sticks, software CDs and DVDs
• Opening untrusted Email attachments
• File sharing
• “drive by” attacks from malicious web sites
• Ignoring security warnings
Computer Security at Home
Slide 6
On-Line Banking
Many sites offer additional SMS security:
• Commonwealth NetCode
• Westpac Protect SMS Code
• NAB SMS Security
• PayPal Security Key
Used to send SMS codes to mobile phone
• Authorising “higher risk” transactions
• Authenticating to login to the account
Computer Security at Home
Slide 7
Validating Web Sites
Slide sub-heading (manual text box)
Look for “Extended Validation” Certificates – click on green bar to see details
Computer Security at Home
Slide 8
Actions
Simple steps you can take to improve your online security
Technical:
• Ensure that automatic updates are enabled
• Ensure adequate antivirus is operating
– Microsoft Security Essentials is pretty good
• Ensure adequate firewall is in place
– Most modern routers will do this for you
– But direct connection to modems will not!!
• Use at least WPA or WPA2 on your WLAN
• Shred any paper with names/addresses
Computer Security at Home
Slide 9
Actions
Simple steps you can take to improve your online security
Personal:
• Ensure adequate and regular backups
• NEVER click on links/attachments
– Especially in unsolicited Email or web sites
– Type the URL in yourself, or use bookmarks
• Use separate computers for important tasks
– Online banking, superannuation, tax
– Online shopping, social networking
– General browsing, downloaded software
Computer Security at Home
Slide 10
Actions
Simple steps you can take to improve your online security
Personal:
• NEVER send personal details
– Credit cards, bank accounts, addresses
– Drivers licence, passport, date of birth
• Especially by Email, over the phone, at the
door, or entered into a web site
– Unless it is for a specific purpose
• Don’t sign anything until you have read and
understood it completely
Computer Security at Home
Slide 11
Actions
Simple steps you can take to improve your online security
Passwords:
• Use different passwords for each account
• Make them “strong” passwords
– Almost impossible to do if you have a lot of
accounts to protect
– Use passwords made from your favourite
sayings and songs
• Create “classes” of passwords – I use three!
– “throwaway”; “moderate”; “secure”
Computer Security at Home
Slide 12
Actions
For the VERY technical audience
My favourite Firefox add-ons:
• AdBlock Plus
– Block web page components from Ad sites
– Makes browsing MUCH faster
• Noscript
– Disable Javascript – requires configuration
• Flashblock
– Stop those annoying flash moving images
– … until you want to see them!
Computer Security at Home
Slide 13
Resources
To validate rumours and scams:
• www.scamwatch.gov.au
• www.snopes.com
• www.accc.gov.au
To reduce telemarketers:
• www.donotcall.gov.au
Information for the more technically minded:
• www.staysmartonline.gov.au
• www.auscert.org.au
www.cert.gov.au
Computer Security at Home
Slide 14