Protecting your digital identity

Download Report

Transcript Protecting your digital identity

Protecting your digital
identity
Nik Talati, Stan Patterson
Overview

While at work, your computer is protected using
several techniques including antivirus software,
central updates, authentication, filters and
firewalls.

At home, we must be aware of ways to protect
our identity and information. There are additional
factors that affect home computing:




Shared computer often with kids
Responsible for updates and antivirus software
Lack of passwords or strong passwords
Online banking and purchasing
Be aware of…









Sharing your personal information
Phishing
Hacking
Social networking web sites
P2P file sharing
Secure web sites (https)
Anti-virus and anti-spyware software
Operating system and browser updates
Wireless networks
Sharing your personal information
SSN, Credit card #, username/password,
birthday, challenge question & answer, etc
 No legitimate and reputable organization
will ask for personal information via email
 Be wary of people asking for such
information: why they need it?
 Never email sensitive information. Call.
 Verify identity of online merchant

Phishing (Goucher example)
From: "[email protected]" <[email protected]>
Date: May 13, 2009 11:32:06 AM EDT
To: ..@...
Subject: [spam]Important Notice
Reply-To: <>
Dear goucher.edu User
Your email account has been used to send numerous Spam mails recently from a foreign IP. As a
result, the goucher.edu has received advice to suspend your account. However, you might not be
the one promoting this Spam, as your email account might have been compromised. To protect
your account from sending spam mails, you are to confirm your true ownership of this account by
providing your original Username
(*******) and Password (*******) as a reply to this message. On receipt of the requested
information, the "goucher.edu" web email support shall block your account from Spam.
Failure to do this will violate the goucher.edu email terms &
conditions. This will render your account inactive.
NOTE: You will be send a password reset message in next seven (7) working days after
undergoing this process for security reasons.
Thanks for using goucher.edu
Goucher College Education Without Boundaries, Webmail Access (Powered By Eircom).
(c) 2009 Goucher College Education Without Boundaries, All rights reserved
Phishing (example)
Dear USAA Member,
During our regular update and verification of the accounts,
we could not verify your current information. Either your
information has changed or it is incomplete.
As a result, your access to online banking on USAA has
been restricted. To start using fully your online account,
please update and verify your information by clicking the
link below :
http://www.ptcnets.com
Thank you for your prompt attention to this matter.
Regards,
USAA Inc.
Phishing (example)
Dear Navy Federal Credit Union customer,
We at Navy Federal Credit Union, would like to remind you that your Navy Federal Credit Union
Account has not been updated to the latest Online Access Agreement for Navy Federal Credit
Union Online Services.
In order for us, at Navy Federal Credit Union to guarantee your online security, you need to update
your account information. We urge you to partner with us to prevent consumer fraud, by going
through the 2 steps Wells Fargo Account Confirmation process. This operation involves logging in
and confirming your identity over a secure connection at:
https://online.navyfcu.org/signon?SIGNON_XCP=1010
After completing this process, you will be informed that your account has been updated and you
will be redirected to the actual Online Access Agreement, for you to review.
Thank you for choosing Navy Federal Credit Union as your Financial Institution.
When you use Navy Federal Credit Union Online ® or Navy Federal Credit Union Business Online ®
Banking, we guarantee that you will be covered 100% for any funds improperly removed from your
Navy Federal Credit Union accounts, while we are handling your transactions, subject to your
responsibility, described below.
© 1999 - 2005 Navy Federal Credit Union Bank. All rights reserved.
Phishing (example)
Dear PayPal® member,
inetnum:
netname:
descr:
country:
admin-c:
tech-c:
status:
mnt-by:
mnt-lower:
source:
role:
address:
address:
address:
address:
phone:
e-mail:
remarks:
admin-c:
admin-c:
80.163.160.0 - 80.163.163.255
DK-TELEDANMARK-PROACCESS-ADSL
Local assignments for Proaccess ADSL
DK
AS5071-RIPE
AS5071-RIPE
LIR-PARTITIONED PA
TDK-MNT
TDK-MNT
RIPE # Filtered
AS3292 Staff
TDC A/S
Sletvej 30, A-039
DK-8310 Tranbjerg
Denmark
+45 66 65 15 74
[email protected]
contact info: http://noc.tele.dk/peering/
MILY1-RIPE
NINA1-RIPE
It has come to our attention that your PayPal® account information
needs to be updated as part of our continuing commitment to protect
your account and to reduce the instance of fraud on our website.
If you could please take 5-10 minutes out of your online experience and
update your personal records you will not run into any future
problems with our online service.
However, failure to update your records will result in account
suspension.
You can get
more information on a IP address at:
http://www.arin.net
Please update your records. Once you have updated your account
records, your PayPal® account activity will not be interrupted and
will continue as normal.
Click here to update your PayPal account information
Social networking web sites




Facebook, Myspace, Bebo, LinkedIn, Orkut,
Zorpia, etc.
The content posted on the site stays on the
server even after you disable your account and
is searchable
Unknown person can pretend to be your friend
and get access to your posts and virtual wall
Can be a source of spam, adware and spyware
Hacking
Gaining unauthorized access to your
computer
 Why interested in a basic home user’s pc?
 Steal personal information stored on your
computer
 But, more importantly use your network as
a launch pad for malicious activities

By Brian Krebs | May 26, 2009; The Washington Post
An example of malicious code inserted
into a MSNBC sports webpage
Even
reputable site
might not be
safe at times
A hacker had
placed a malicious
JavaScript file into
the website’s
Source code
Tools like McAfee site advisor can be handy in determining if the site is safe
SSL (https)
Secure Socket Layer encrypts the data
between the user machine and the server
 Always log off and close the browser after
your transaction is completed
 Prefer to shop at the web sites that offers
google, paypal, safepass, etc. check outs

Browsers are populated with commonly used certificate authorities
P2P file sharing





Gnutella, KaZaA, Napster, iMesh, LimeWire, Morpheus,
SwapNut, WinMX, AudioGalaxy, Blubster, eDonkey and
BearShare
Primarily used to exchange pirated music, video, and
software.
Many files shared in the P2P network contain viruses, worms,
Trojan horses, & spyware.
By installing P2P software, the user is required to allow
access to their personal computer. This has lead to the
unintended access of banking and tax informrtion.
The Recording Industry Association of America (RIAA) has
started lawsuits against individuals and businesses over this
"sharing" of copyrighted material.
Antivirus, Antispyware, & Firewalls






Protect yourself against viruses and Trojan horses that may
steal or modify the data on your own computer and leave you
vulnerable
Make sure to keep your virus definitions up to date
Make sure to keep your firewall enabled
Run regular virus and spyware scans
McAfee AV and AS free to all Goucher Community
Other free offerings:
◦
◦
◦
◦
AVG-Free Antivirus http://free.grisoft.com/
SpyBot Search & Destroy http://www.safer-networking.org
Ad-Aware http://lavasoft.com/
McAfee SiteAdivsor http://www.siteadvisor.com/
Update Your Operating System



Windows, Mac, and Linux.
Internet Explorer, Firefox, and Safari.
Adobe Flash Player, Adobe Shockwave, and Java
They all need updates!!!

Updates address:
 Security by fixing vulnerabilities
 Functionality by fixing software bugs
Wireless Networks - Home

Steps to a secure network

Use the setup disk and select the secure options

Do not broadcast network name
Enable security/encryption

WPA2 – Best
 WEP – Better
 None – Bad


Enable MAC address filtering
More Secure
 Hard to maintain

What can happen if I don’t secure
my wireless network?