SlideShare a Scribd company logo

Lecture 11 B Security

Download as PPT, PDF
S
Sur College of Applied Sciences

The document discusses various cybersecurity threats such as phishing, social engineering, viruses, and packet sniffing. It provides tips for protecting systems through regular software updates, strong passwords, encryption, firewalls, and education about common threats. The key message is that most security breaches are caused by human error rather than technical vulnerabilities.

EducationTechnology
1 of 31
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
SFDV2001- Web Development Lecture 11 B: Security
The Plan Security threats Physical attacks Packet sniffing Phishing, social engineering Worms, Viruses, and Trojan horses Protecting your machine Scanning Software Updates Encryption, Passwords, Secure transmission Practical steps 11/09/07 (SFDV2001:22) Security
Security Threats The largest security threat to any company is the people in the company. Jamie Oliver “Naked chef 2” Security is more than just applying rules to the computer systems. The main security threats: Phishing, social engineering Physical attacks Worms, Viruses, and Trojan horses Packet sniffing Denial of Service 11/09/07 (SFDV2001:22) Security
Defences Culture of secure operation Always lock the door before you go out Get a neighbour to clear the mail Always use complex passwords Have a working and up to date firewall Defences: Updating, updating, updating Education Scanning programs Encryption & Passwords Firewalls 11/09/07 (SFDV2001:22) Security
Stupidity Most problems caused by ignorance. Only worrying about security when something has already broken. Believing that a scam is real Thinking “it won’t happen to me” Social Engineering – finding out about people and using that information to break into systems. Break in via the weakest link - people 11/09/07 (SFDV2001:22) Security
Social Engineering Finding out about people and using that information to break into systems. Learning about a target person in a company Family, pets, phone numbers Utilising that knowledge to break passwords Using people to open up a system for you The best technical security will not stop your users giving away information Security by obscurity does not work!!!! Computers can search large amounts of data quickly. Port scanning 11/09/07 (SFDV2001:22) Security
Phishing Phishing Sending emails looking to get personal data Or an attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. Fake web pages Recent examples: Westpac Trust, National Bank. Emails asking you to re-login to a bank web site. Tip: Never trust an email that looks like spam. Search for the contents and see where it turns up. 11/09/07 (SFDV2001:22) Security
11/09/07 (SFDV2001:22) Security http://www.antiphishing.org/reports/
Physical Attacks Physical attacks Not necessarily related to internet connections, but one of the key problems. Laptops get stolen. People break in. Someone could Break in and steal your computer. Connect a computer to a network plug inside your building and your firewall. Install logging hardware somewhere on your computer. Software on Internet Caf é s terribly insecure. 11/09/07 (SFDV2001:22) Security
Worms Worm A stand alone program that attacks computers and once established tries to spread to other systems. Usually has malicious intent. Is not the same as a virus as it can infect other systems without users interaction. Examples Blaster mydoom 11/09/07 (SFDV2001:22) Security
Viruses A computer program that replicates itself by placing its program code inside other applications Often contains some form of malicious code Often spread by opening attachments sent via email. Now on Mobile phones, iPods, and MP3 players 11/09/07 (SFDV2001:22) Security Infected App Virus App Virus App Virus
Trojan Horses Definition: A program that contains instructions to perform a task not usually intended by the user A card game that includes instructions to scan your hard drive for personal information and send it to a computer Like a virus, but usually not self replicating 11/09/07 (SFDV2001:22) Security
Wifi Wifi – wi reless fi delity Your computer is a radio station and a radio receiver. All data is sent as a radio signal. War Driving Is the name for driving around breaking into wireless networks War Chalking Walking around writing in chalk on the sidewalk where open wireless networks are. Most wireless networks are not very secure! 11/09/07 (SFDV2001:22) Security
Wifi Access George Street 11/09/07 (SFDV2001:22) Security
Free Wifi Crn George and Albany – 2pm Tuesday Accessed a Wifi named SpeedTouch Full open internet access Provided a DNS server and full download Security risk very high I could do anything illegal, immoral, or costly All they would know is that the signal came in through their wireless network. 11/09/07 (SFDV2001:22) Security
Packet Sniffing Snooping on the packets in a network. If you do this here you will be thrown out immediately. Each packet passes through many other computers in the network, normally computers ignore packets not addressed to them. Set up a computer to check packets addressed to other computers. Check for the usernames which are often followed by passwords. Sniff for the word “exam”, or “budget”, etc. 11/09/07 (SFDV2001:22) Security
Denial of Service Try to deny a company access to the internet or their email. Release a worm (eg Blaster), Trojan horse, or virus that includes code to connect to a particular machine at a set time. If millions of machines are sending requests for pages the server becomes overloaded. The same is true of email. University of Otago suffered a network outage for 5 hours because of a DoS attack. Time Frame: 18 April 2005: Approximately 9.00am - 2.00pm 11/09/07 (SFDV2001:22) Security
Defences Vulnerabilities are not a problem until someone discovers them. Others have probably experience a problem before you do. Companies try to fix holes when the are found. Updating Update your software frequently. Windows XP updates,Firefox, OSX, …. Security is an “arms race” make sure you don’t bring a knife to a gun fight. Update all the programs as anything that connects to the internet could have a problem that allows people access. 11/09/07 (SFDV2001:22) Security
Education and Scepticism Don’t trust spam. Understand the threats and don’t get sucked in by offers. Read security notices – AusCERT for example Check for program updates – turn on auto updates for software Pay attention to the security on your system If you are going to use and internet Café, check the security and ask about key loggers. 11/09/07 (SFDV2001:22) Security
Scanning Programs AntiVirus software now big business These systems scan you computer for files that match a list of virus definitions that are regularly updated Checks every program to see if they contain suspect code AVG is good and free (www.grisoft.com) ‏ Norton Antivirus from Symantic is also good 11/09/07 (SFDV2001:22) Security
Encryption Securing information by converting it from plain text into something else Things to consider: Speed of encryption. How long is the message relevant? Who needs to decrypt the message? Encryption algorithms are called ciphers Skytala cipher, write text down the pole Romans used these RSA public key system 128bit very secure 11/09/07 (SFDV2001:22) Security
Passwords If you select an easy password then no security system will protect you. Every word in the English language can be checked in about 10 minutes. If a computer can check two thousand passwords per second, the dictionary is done in a few minutes. Password not stored, encrypted password stored and new string is tested by encrypting it and testing to see if it is the same as the stored version. 11/09/07 (SFDV2001:22) Security
Passwords Everybody can see passwd But you don’t know what to type to make crypt spit out the string stored in the password file Given time you can crack the passwd file so for security you need to change passwords every few months 11/09/07 (SFDV2001:22) Security Simon:Jd94@tg*7lf;5: Peter:7yg$dj#z,Gdew: David:mvj^jsl59Lksw: . . . . User:Simon Password: Tow1ttf Tow1ttf crypt Jd94@tg*7lf;5 /etc/passwd
End to End Encryption You cannot trust the physical security of the network. Encryption should occur at each end The sending and the receiving machine should encrypt and decrypt any communication. Everything in between should be treated as public communication which anyone can see. Email is not secure, neither are text messages or chat programs 11/09/07 (SFDV2001:22) Security
SSH and SFTP Telnet sends passwords as plain text. Any computer could intercept these passwords. FTP sends files and usernames and password unencrypted. SSH and SFTP are secure versions of Telnet and FTP. They encrypt all the communication between two computers. Packet sniffers will not gain access to your data 11/09/07 (SFDV2001:22) Security
https Secure http connection. Uses SSL to have secure transmission of information. Padlock icon - Certificates VeriSign registers pages so that you can check that the page you are connecting to is owned by the company you want to connect to. Only protects information on the internet. Keyloggers will still grab your information 11/09/07 (SFDV2001:22) Security
Firewall Software / hardware that prevents unauthorised access to or from a private network or computer. Private network is a collection of computers that are networked together. Every single packet is checked against a set of rules to make sure that it is part of the communication that you want to happen. Programs communicate using ports – port 80 is agreed to be the http protocol port A Firewall can block ports so that connections cannot be made to your machine on a blocked port. 11/09/07 (SFDV2001:22) Security
Proxy server / gateway Proxies are “middle men”. 11/09/07 (SFDV2001:22) Security Client Server Proxy Make decisions about connections Client Server
Proxy The proxy firewall can protect you in a number of ways: Worms cannot connect to your computer or from your computer Trojans and viruses may not be able to send information back out to the network Can scan for viruses and some Trojans Your computers IP number can remain hidden so that it is harder to collect information about you 11/09/07 (SFDV2001:22) Security
Practical steps Do Update, update and update. Use good unique passwords. Have different levels of passwords. Password protect your laptop. Change your passwords on a regular basis. Don't Use words, names, birthdays etc. in passwords. Put private information in obvious places. Click links in emails. Give out information about passwords asked for via email. 11/09/07 (SFDV2001:22) Security
Practical Steps Do Set up Windows firewall XP Service Pack 2 has firewall as standard Use a proxy Install antivirus software Think about what you have to lose. Don't Download executables from pirate sites Try to do any packet sniffing 11/09/07 (SFDV2001:22) Security

More Related Content

What's hot (20)

PPTX
WannaCry? No Thanks!
Roberto Martelloni
 
PDF
Ransomware
m3 Networks Limited
 
PPTX
Computer security
EktaVaswani2
 
PPTX
Security presentation
Nathan Bateman
 
PPT
New internet security
university of mumbai
 
PPT
Sirt roundtable malicious-emailtrendmicro
Sumit Tambe
 
PPTX
Network security
Nandini Raj
 
PDF
The Safest Way To Interact Online
pcsafe
 
PPTX
Program security
Prachi Gulihar
 
PPTX
KeystrokeGuard_Presentation_20141024
Frank Maiorca
 
PPTX
Computer security
INGAMULE SIRAJI
 
PPT
Network seurity
Naqash Rasheed
 
PPT
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
Schipul - The Web Marketing Company
 
PPT
Network security
-jyothish kumar sirigidi
 
PPTX
4.2.1 computer security risks
hazirma
 
PPT
Computer security
Dhani Ahmad
 
PPTX
The 5 most dangerous proxies
seldridgeD9
 
PDF
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
PPTX
Network security and viruses
Aamlan Saswat Mishra
 
PPT
Tutorial 09 - Security on the Internet and the Web
dpd
 
WannaCry? No Thanks!
Roberto Martelloni
 
Ransomware
m3 Networks Limited
 
Computer security
EktaVaswani2
 
Security presentation
Nathan Bateman
 
New internet security
university of mumbai
 
Sirt roundtable malicious-emailtrendmicro
Sumit Tambe
 
Network security
Nandini Raj
 
The Safest Way To Interact Online
pcsafe
 
Program security
Prachi Gulihar
 
KeystrokeGuard_Presentation_20141024
Frank Maiorca
 
Computer security
INGAMULE SIRAJI
 
Network seurity
Naqash Rasheed
 
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
Schipul - The Web Marketing Company
 
Network security
-jyothish kumar sirigidi
 
4.2.1 computer security risks
hazirma
 
Computer security
Dhani Ahmad
 
The 5 most dangerous proxies
seldridgeD9
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
Network security and viruses
Aamlan Saswat Mishra
 
Tutorial 09 - Security on the Internet and the Web
dpd
 

Viewers also liked (6)

PDF
WordCamp ABQ 2013: Making the leap from Designer to Designer/Developer
my easel
 
PPT
Lecture11 A Image
Sur College of Applied Sciences
 
PDF
Wordcamp abq cf-cpt
my easel
 
PPT
Lecture 10 Image Format
Sur College of Applied Sciences
 
PPT
Lecture 3 Javascript1
Sur College of Applied Sciences
 
PPT
WordPress made for humans
Stefanos Kofopoulos
 
WordCamp ABQ 2013: Making the leap from Designer to Designer/Developer
my easel
 
Lecture11 A Image
Sur College of Applied Sciences
 
Wordcamp abq cf-cpt
my easel
 
Lecture 10 Image Format
Sur College of Applied Sciences
 
Lecture 3 Javascript1
Sur College of Applied Sciences
 
WordPress made for humans
Stefanos Kofopoulos
 
Ad

Similar to Lecture 11 B Security (20)

PPT
computer_security.ppt
Asif Raza
 
PPTX
Internet Security
JainamParikh3
 
PPTX
Itc chapter # 11
National university of modern languages
 
PPT
Network Security Threats and Solutions
Colin058
 
DOCX
cybersecurity essay.docx
ssuser719d6b
 
PPTX
An introduction to cyber security by cyber security infotech pvt ltd(csi)
Cyber Security Infotech
 
PPTX
Mobile security
Stefaan
 
PPT
The Consumerisation of Corporate IT
Peter Wood
 
PPTX
Computer security.pptx
GovandJamal
 
PPT
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Nicholas Davis
 
PPT
Ne Course Part One
backdoor
 
PDF
Ch14 Desktop Protection
phanleson
 
PPT
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Devku45
 
PPTX
Computer security threats & prevention
PriSim
 
PPT
cybersafety_and_cyber_security_basics.ppt
pradnyakashikar4
 
PDF
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
PDF
Information security
Appin Faridabad
 
PDF
Cscu module 01 foundations of security
Sejahtera Affif
 
PPTX
Lecture about network and host security to NII students
Akiumi Hasegawa
 
PPT
0290-cyber-security-basics, for biggners
comstarndt
 
computer_security.ppt
Asif Raza
 
Internet Security
JainamParikh3
 
Itc chapter # 11
National university of modern languages
 
Network Security Threats and Solutions
Colin058
 
cybersecurity essay.docx
ssuser719d6b
 
An introduction to cyber security by cyber security infotech pvt ltd(csi)
Cyber Security Infotech
 
Mobile security
Stefaan
 
The Consumerisation of Corporate IT
Peter Wood
 
Computer security.pptx
GovandJamal
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Nicholas Davis
 
Ne Course Part One
backdoor
 
Ch14 Desktop Protection
phanleson
 
Dev Abhijet Gagan Chaitanya VII-A ....Salwan public school
Devku45
 
Computer security threats & prevention
PriSim
 
cybersafety_and_cyber_security_basics.ppt
pradnyakashikar4
 
Cscu module 03 protecting systems using antiviruses
Alireza Ghahrood
 
Information security
Appin Faridabad
 
Cscu module 01 foundations of security
Sejahtera Affif
 
Lecture about network and host security to NII students
Akiumi Hasegawa
 
0290-cyber-security-basics, for biggners
comstarndt
 
Ad

More from Sur College of Applied Sciences (12)

PPT
Lecture 9 Usability Orignal
Sur College of Applied Sciences
 
PPT
Lecture 9 Professional Practices
Sur College of Applied Sciences
 
PPT
Lecture 9 Accessibility Original
Sur College of Applied Sciences
 
PPT
Accessibility Usability Professional Summry
Sur College of Applied Sciences
 
PPT
Lecture 8 Video
Sur College of Applied Sciences
 
PPT
Lecture 6 Data Driven Design
Sur College of Applied Sciences
 
PPT
Lecture 5 XML
Sur College of Applied Sciences
 
PPT
Lecture2 CSS 2
Sur College of Applied Sciences
 
PPT
Lecture2 CSS 3
Sur College of Applied Sciences
 
PPT
Lecture2 CSS1
Sur College of Applied Sciences
 
PPT
Lecture1 B Frames&Forms
Sur College of Applied Sciences
 
PPT
Navigation1 A
Sur College of Applied Sciences
 
Lecture 9 Usability Orignal
Sur College of Applied Sciences
 
Lecture 9 Professional Practices
Sur College of Applied Sciences
 
Lecture 9 Accessibility Original
Sur College of Applied Sciences
 
Accessibility Usability Professional Summry
Sur College of Applied Sciences
 
Lecture 8 Video
Sur College of Applied Sciences
 
Lecture 6 Data Driven Design
Sur College of Applied Sciences
 
Lecture 5 XML
Sur College of Applied Sciences
 
Lecture2 CSS 2
Sur College of Applied Sciences
 
Lecture2 CSS 3
Sur College of Applied Sciences
 
Lecture2 CSS1
Sur College of Applied Sciences
 
Lecture1 B Frames&Forms
Sur College of Applied Sciences
 
Navigation1 A
Sur College of Applied Sciences
 

Recently uploaded (20)

PPTX
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
PDF
Dimensions of Societal Planning in Commonism
StefanMz
 
PPTX
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
PDF
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
PPTX
How to Set Maximum Difference Odoo 18 POS
Celine George
 
PPTX
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PDF
DIGESTION OF CARBOHYDRATES,PROTEINS,LIPIDS
raviralanaresh2
 
PDF
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
PDF
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
PPTX
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
PDF
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
PPTX
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
PPTX
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
PPTX
SPINA BIFIDA: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
PDF
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
PPTX
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
PDF
Women's Health: Essential Tips for Every Stage.pdf
Iftikhar Ahmed
 
PDF
Lesson 2 - WATER,pH, BUFFERS, AND ACID-BASE.pdf
marvinnbustamante1
 
PPTX
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
Dimensions of Societal Planning in Commonism
StefanMz
 
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
How to Set Maximum Difference Odoo 18 POS
Celine George
 
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
DIGESTION OF CARBOHYDRATES,PROTEINS,LIPIDS
raviralanaresh2
 
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
SPINA BIFIDA: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
Women's Health: Essential Tips for Every Stage.pdf
Iftikhar Ahmed
 
Lesson 2 - WATER,pH, BUFFERS, AND ACID-BASE.pdf
marvinnbustamante1
 
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 

Lecture 11 B Security

  • 1. SFDV2001- Web Development Lecture 11 B: Security
  • 2. The Plan Security threats Physical attacks Packet sniffing Phishing, social engineering Worms, Viruses, and Trojan horses Protecting your machine Scanning Software Updates Encryption, Passwords, Secure transmission Practical steps 11/09/07 (SFDV2001:22) Security
  • 3. Security Threats The largest security threat to any company is the people in the company. Jamie Oliver “Naked chef 2” Security is more than just applying rules to the computer systems. The main security threats: Phishing, social engineering Physical attacks Worms, Viruses, and Trojan horses Packet sniffing Denial of Service 11/09/07 (SFDV2001:22) Security
  • 4. Defences Culture of secure operation Always lock the door before you go out Get a neighbour to clear the mail Always use complex passwords Have a working and up to date firewall Defences: Updating, updating, updating Education Scanning programs Encryption & Passwords Firewalls 11/09/07 (SFDV2001:22) Security
  • 5. Stupidity Most problems caused by ignorance. Only worrying about security when something has already broken. Believing that a scam is real Thinking “it won’t happen to me” Social Engineering – finding out about people and using that information to break into systems. Break in via the weakest link - people 11/09/07 (SFDV2001:22) Security
  • 6. Social Engineering Finding out about people and using that information to break into systems. Learning about a target person in a company Family, pets, phone numbers Utilising that knowledge to break passwords Using people to open up a system for you The best technical security will not stop your users giving away information Security by obscurity does not work!!!! Computers can search large amounts of data quickly. Port scanning 11/09/07 (SFDV2001:22) Security
  • 7. Phishing Phishing Sending emails looking to get personal data Or an attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. Fake web pages Recent examples: Westpac Trust, National Bank. Emails asking you to re-login to a bank web site. Tip: Never trust an email that looks like spam. Search for the contents and see where it turns up. 11/09/07 (SFDV2001:22) Security
  • 8. 11/09/07 (SFDV2001:22) Security http://www.antiphishing.org/reports/
  • 9. Physical Attacks Physical attacks Not necessarily related to internet connections, but one of the key problems. Laptops get stolen. People break in. Someone could Break in and steal your computer. Connect a computer to a network plug inside your building and your firewall. Install logging hardware somewhere on your computer. Software on Internet Caf é s terribly insecure. 11/09/07 (SFDV2001:22) Security
  • 10. Worms Worm A stand alone program that attacks computers and once established tries to spread to other systems. Usually has malicious intent. Is not the same as a virus as it can infect other systems without users interaction. Examples Blaster mydoom 11/09/07 (SFDV2001:22) Security
  • 11. Viruses A computer program that replicates itself by placing its program code inside other applications Often contains some form of malicious code Often spread by opening attachments sent via email. Now on Mobile phones, iPods, and MP3 players 11/09/07 (SFDV2001:22) Security Infected App Virus App Virus App Virus
  • 12. Trojan Horses Definition: A program that contains instructions to perform a task not usually intended by the user A card game that includes instructions to scan your hard drive for personal information and send it to a computer Like a virus, but usually not self replicating 11/09/07 (SFDV2001:22) Security
  • 13. Wifi Wifi – wi reless fi delity Your computer is a radio station and a radio receiver. All data is sent as a radio signal. War Driving Is the name for driving around breaking into wireless networks War Chalking Walking around writing in chalk on the sidewalk where open wireless networks are. Most wireless networks are not very secure! 11/09/07 (SFDV2001:22) Security
  • 14. Wifi Access George Street 11/09/07 (SFDV2001:22) Security
  • 15. Free Wifi Crn George and Albany – 2pm Tuesday Accessed a Wifi named SpeedTouch Full open internet access Provided a DNS server and full download Security risk very high I could do anything illegal, immoral, or costly All they would know is that the signal came in through their wireless network. 11/09/07 (SFDV2001:22) Security
  • 16. Packet Sniffing Snooping on the packets in a network. If you do this here you will be thrown out immediately. Each packet passes through many other computers in the network, normally computers ignore packets not addressed to them. Set up a computer to check packets addressed to other computers. Check for the usernames which are often followed by passwords. Sniff for the word “exam”, or “budget”, etc. 11/09/07 (SFDV2001:22) Security
  • 17. Denial of Service Try to deny a company access to the internet or their email. Release a worm (eg Blaster), Trojan horse, or virus that includes code to connect to a particular machine at a set time. If millions of machines are sending requests for pages the server becomes overloaded. The same is true of email. University of Otago suffered a network outage for 5 hours because of a DoS attack. Time Frame: 18 April 2005: Approximately 9.00am - 2.00pm 11/09/07 (SFDV2001:22) Security
  • 18. Defences Vulnerabilities are not a problem until someone discovers them. Others have probably experience a problem before you do. Companies try to fix holes when the are found. Updating Update your software frequently. Windows XP updates,Firefox, OSX, …. Security is an “arms race” make sure you don’t bring a knife to a gun fight. Update all the programs as anything that connects to the internet could have a problem that allows people access. 11/09/07 (SFDV2001:22) Security
  • 19. Education and Scepticism Don’t trust spam. Understand the threats and don’t get sucked in by offers. Read security notices – AusCERT for example Check for program updates – turn on auto updates for software Pay attention to the security on your system If you are going to use and internet Café, check the security and ask about key loggers. 11/09/07 (SFDV2001:22) Security
  • 20. Scanning Programs AntiVirus software now big business These systems scan you computer for files that match a list of virus definitions that are regularly updated Checks every program to see if they contain suspect code AVG is good and free (www.grisoft.com) ‏ Norton Antivirus from Symantic is also good 11/09/07 (SFDV2001:22) Security
  • 21. Encryption Securing information by converting it from plain text into something else Things to consider: Speed of encryption. How long is the message relevant? Who needs to decrypt the message? Encryption algorithms are called ciphers Skytala cipher, write text down the pole Romans used these RSA public key system 128bit very secure 11/09/07 (SFDV2001:22) Security
  • 22. Passwords If you select an easy password then no security system will protect you. Every word in the English language can be checked in about 10 minutes. If a computer can check two thousand passwords per second, the dictionary is done in a few minutes. Password not stored, encrypted password stored and new string is tested by encrypting it and testing to see if it is the same as the stored version. 11/09/07 (SFDV2001:22) Security
  • 23. Passwords Everybody can see passwd But you don’t know what to type to make crypt spit out the string stored in the password file Given time you can crack the passwd file so for security you need to change passwords every few months 11/09/07 (SFDV2001:22) Security Simon:Jd94@tg*7lf;5: Peter:7yg$dj#z,Gdew: David:mvj^jsl59Lksw: . . . . User:Simon Password: Tow1ttf Tow1ttf crypt Jd94@tg*7lf;5 /etc/passwd
  • 24. End to End Encryption You cannot trust the physical security of the network. Encryption should occur at each end The sending and the receiving machine should encrypt and decrypt any communication. Everything in between should be treated as public communication which anyone can see. Email is not secure, neither are text messages or chat programs 11/09/07 (SFDV2001:22) Security
  • 25. SSH and SFTP Telnet sends passwords as plain text. Any computer could intercept these passwords. FTP sends files and usernames and password unencrypted. SSH and SFTP are secure versions of Telnet and FTP. They encrypt all the communication between two computers. Packet sniffers will not gain access to your data 11/09/07 (SFDV2001:22) Security
  • 26. https Secure http connection. Uses SSL to have secure transmission of information. Padlock icon - Certificates VeriSign registers pages so that you can check that the page you are connecting to is owned by the company you want to connect to. Only protects information on the internet. Keyloggers will still grab your information 11/09/07 (SFDV2001:22) Security
  • 27. Firewall Software / hardware that prevents unauthorised access to or from a private network or computer. Private network is a collection of computers that are networked together. Every single packet is checked against a set of rules to make sure that it is part of the communication that you want to happen. Programs communicate using ports – port 80 is agreed to be the http protocol port A Firewall can block ports so that connections cannot be made to your machine on a blocked port. 11/09/07 (SFDV2001:22) Security
  • 28. Proxy server / gateway Proxies are “middle men”. 11/09/07 (SFDV2001:22) Security Client Server Proxy Make decisions about connections Client Server
  • 29. Proxy The proxy firewall can protect you in a number of ways: Worms cannot connect to your computer or from your computer Trojans and viruses may not be able to send information back out to the network Can scan for viruses and some Trojans Your computers IP number can remain hidden so that it is harder to collect information about you 11/09/07 (SFDV2001:22) Security
  • 30. Practical steps Do Update, update and update. Use good unique passwords. Have different levels of passwords. Password protect your laptop. Change your passwords on a regular basis. Don't Use words, names, birthdays etc. in passwords. Put private information in obvious places. Click links in emails. Give out information about passwords asked for via email. 11/09/07 (SFDV2001:22) Security
  • 31. Practical Steps Do Set up Windows firewall XP Service Pack 2 has firewall as standard Use a proxy Install antivirus software Think about what you have to lose. Don't Download executables from pirate sites Try to do any packet sniffing 11/09/07 (SFDV2001:22) Security

Editor's Notes

  • #8: [Update with local recent examples if possible]
  • #15: [Update with local information, or delete this slide]
  • #16: [Update with a local example, or delete slide]
  • #18: Give a local example or remove reference to Otago