acs computer forum
TRANSCRIPT
Company
LOGO
Understanding Computers
ACSIT Committee
Viruses, Spam, Backups and more
It’s all about Risk Management
Objectives
§ Viruses and Trojans§ Spyware§ Phishing § Flaming§How do you protect yourself?§ Spam§ Backups§Recommendations
Malware
Viruses and Trojans
§ Definitionõ A program that replicates itself with malicious
intent. It usually remains hidden in another program and depends on a person to activate it.
õ Viruses only damage software and cannot destroy hard drives, monitors, or anything else like that as commonly rumored.
õ Exploit weaknesses in Operating Systems and programmes
Viruses and Trojans
§ Definitionõ Whoever thought to name a virus, a virus was
certainly on the right track.
õ Think of a human Virus – it serves no purpose, it uses a host to multiply and then leaves the host useless, it is highly contagious, but can be immunized against.
Viruses
§ At its peak infection rate in 2004, about 1 in 12 emails on the Internet were MyDoom Viruses
§ It is estimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003.This amount doubles EACH Year. Thus $220 Billion in 2005 - $220,000,000,000.00
§ In the US alone, ID theft cost banks $1 billion a year. Nearly 10,000 victims had home loans - totalling about $300 million - taken out in their name and another 68,000 had new credit cards issued in their name"
Spyware
§ Definitionõ Software that tracks a user's personal
information and passes it on to third parties, without the user's authorisation or knowledge
õ Personal information includes Passwords, sites visited, even Banking and Credit Card Information
Malware
§ You can get them from…õ E-Mails and attachments (eg Word
Document)õ Files from insecure sourcesõ “Cover Disks”õ Web surfing
Phishing
§ The act of “getting” a username and password by means of deception.§ “Bank Records” emails
Always type web address§ Phone calls
Freddo Frogs.Never give your password
§ Password SavingJust Don’t!!
§ If you feel your password has been compromised – CHANGE IT!
Phishing
§ 5.7 Billion - Number of phishing emails sent each month
$1,200 - Average loss to each person sucessfully phished
13,228 - Average number of unique phishing attacks per month
3,431 - Average number of phishing web sites each month
§ Source: www.mailfrontier.com
Flaming
§ Sending many or large emails to one address.
§ Can be both Real or Perceived(dependant on tolerance threshold)
§ Denial of Service in its worst examples
Spam
§ Definitionõ Spam is a collective term referring to mass
email forwarded messages, junk email, email hoaxes, etc.
õ Spam bogs down the Internet with unwanted junk email making it slower for us to download files or access WebPages.
Spam
§ How to protect yourselfõ Don’t use common e-mail addresses§ don’t use e-mail addresses such as
õ CEO@, manager@
§ consider not usingõ admin@, sales@, info@
õ NEVER respond to spam. õ Don’t click ‘unsubscribe’ at the bottom of
spamõ Minimise the number of e-mail addresses on
a web site
How do you protect yourself?
§ Cast Iron Optionõ Don’t let machines talk to the
Internet or receivee-mails etc. ie Completely stand alone
õ Pro – Good securityõ Con – Can’t do anything… Extreme
limit to productivity
How do you protect yourself?
§ Cotton Wool / Band-Aid Optionõ This is the soft option – don’t do
anything and hope that nothing happensThe Cotton wool is used to ‘mop up the mess’
õ Pro – easy to administerõ Con – Wide open to attack
How do you protect yourself?
§ Rubber Optionõ Put something solid but flexible
between your resources and the potential source of risk
õ Pro – Allows modern work flowsõ Con – Some administration
required
It’s not has hard as you may think
§ Softwareõ Run Anti-Virus softwareõ Run Anti-Spyware softwareõ Run Anti-Spam software§ These all compare everything to known
signatures§ If something is detected, it is automatically dealt
withõ Update, Update, Update (Automatically)
It’s not has hard as you may think
§ Hardwareõ Router§A router that directs traffic dependent on where it
comes from and it’s type§ It directs the Black Sheep and the White Sheep
õ Firewall§A device that looks at the information passing
between devices, and filters it if required§ It filters the Sheep from the Goats
It’s not has hard as you may think
§ Peer to Peer / Workgroupõ All PCs are equal õ One PC may be prime
§ Domainõ Server / Clientõ Possibly multiple servers § File, § Application§ Email§ Authentication
It’s not has hard as you may think
§ A combination solution of hardware and software is often the best
§ It depends on:õ The size of your networkõ The value of your information§A bank will spend significantly more money on
security than a 30 bed nursing home
Policies and Procedures
§ Literally, setting rules and policing them§ If rules can not be set for the systems to
enforce, set “best practice” guidelines.§ Passwords MUST be used.§ Physical Security of Equipment§ User level security§ Acceptable Use
Web Browsing / Sites visitedPersonal UseAuditing and Monitoring – Who can see what.Netiquette
Backup
The safe storage of important information§ Paper based or electronic has same
importance§ Backup to Disk, Tape or CD
õ Archive and backup those archives§ Test the backup regularly
õ Ensure information can be retrieved
Backup
The safe storage of important information§ Store the backup away from the Network
õ If the computer is destroyed is the backup still safe
§ Ensure any “restore to” PC can read the backup
Recommendations
§ Minimum requirements - essentialsõ Keep your Systems up to date!§ All Software Update/ Patches/ Definitions
õ Anti-Virus Software§ eg, CA, Trend, AVG, McAfee, Norton etc
õ Anti-Spyware Softwareõ Firewall or Routerõ Policies and Best Practice Procedures.õ Backups§ Keep both onsite and offsite§ Backup as often as you feel you can afford to
replace the data
Recommendations
§ Additional Recommendations - desirables…õ Anti-Spam§ At the ISP (Internet Service Provider)§ At your firewall/ Email Server (if you have one)§ On your PC eg Outlook Junk E-Mail filter
õ Professional assistance (internal or outsource)§ Internet Service Providers§ Computer Suppliers§ Trained staff (as long as their skills are up to date)§ Purchasing Partners/ Networking Opportunities
Recommendations
Whichever solution(s) you choose to implement
Maintain it!
Other Information
You may not be aware§Not-for-profits can purchase most
hardware and software for a significantly reduced price
§Windows XP is the minimum recommended operating system
§ ‘It all worth the effort’ J
Questions to the Panel
Thank you for your time