Company

LOGO

Understanding Computers

ACSIT Committee

Viruses, Spam, Backups and more

It’s all about Risk Management

Objectives

§ Viruses and Trojans§ Spyware§ Phishing § Flaming§How do you protect yourself?§ Spam§ Backups§Recommendations

Malware

Viruses and Trojans

§ Definitionõ A program that replicates itself with malicious

intent. It usually remains hidden in another program and depends on a person to activate it.

õ Viruses only damage software and cannot destroy hard drives, monitors, or anything else like that as commonly rumored.

õ Exploit weaknesses in Operating Systems and programmes

Viruses and Trojans

§ Definitionõ Whoever thought to name a virus, a virus was

certainly on the right track.

õ Think of a human Virus – it serves no purpose, it uses a host to multiply and then leaves the host useless, it is highly contagious, but can be immunized against.

Viruses

§ At its peak infection rate in 2004, about 1 in 12 emails on the Internet were MyDoom Viruses

§ It is estimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003.This amount doubles EACH Year. Thus $220 Billion in 2005 - $220,000,000,000.00

§ In the US alone, ID theft cost banks $1 billion a year. Nearly 10,000 victims had home loans - totalling about $300 million - taken out in their name and another 68,000 had new credit cards issued in their name"

Spyware

§ Definitionõ Software that tracks a user's personal

information and passes it on to third parties, without the user's authorisation or knowledge

õ Personal information includes Passwords, sites visited, even Banking and Credit Card Information

Malware

§ You can get them from…õ E-Mails and attachments (eg Word

Document)õ Files from insecure sourcesõ “Cover Disks”õ Web surfing

Phishing

§ The act of “getting” a username and password by means of deception.§ “Bank Records” emails

Always type web address§ Phone calls

Freddo Frogs.Never give your password

§ Password SavingJust Don’t!!

§ If you feel your password has been compromised – CHANGE IT!

Phishing

§ 5.7 Billion - Number of phishing emails sent each month

$1,200 - Average loss to each person sucessfully phished

13,228 - Average number of unique phishing attacks per month

3,431 - Average number of phishing web sites each month

§ Source: www.mailfrontier.com

Flaming

§ Sending many or large emails to one address.

§ Can be both Real or Perceived(dependant on tolerance threshold)

§ Denial of Service in its worst examples

Spam

§ Definitionõ Spam is a collective term referring to mass

email forwarded messages, junk email, email hoaxes, etc.

õ Spam bogs down the Internet with unwanted junk email making it slower for us to download files or access WebPages.

Spam

§ How to protect yourselfõ Don’t use common e-mail addresses§ don’t use e-mail addresses such as

õ CEO@, manager@

§ consider not usingõ admin@, sales@, info@

õ NEVER respond to spam. õ Don’t click ‘unsubscribe’ at the bottom of

spamõ Minimise the number of e-mail addresses on

a web site

How do you protect yourself?

§ Cast Iron Optionõ Don’t let machines talk to the

Internet or receivee-mails etc. ie Completely stand alone

õ Pro – Good securityõ Con – Can’t do anything… Extreme

limit to productivity

How do you protect yourself?

§ Cotton Wool / Band-Aid Optionõ This is the soft option – don’t do

anything and hope that nothing happensThe Cotton wool is used to ‘mop up the mess’

õ Pro – easy to administerõ Con – Wide open to attack

How do you protect yourself?

§ Rubber Optionõ Put something solid but flexible

between your resources and the potential source of risk

õ Pro – Allows modern work flowsõ Con – Some administration

required

It’s not has hard as you may think

§ Softwareõ Run Anti-Virus softwareõ Run Anti-Spyware softwareõ Run Anti-Spam software§ These all compare everything to known

signatures§ If something is detected, it is automatically dealt

withõ Update, Update, Update (Automatically)

It’s not has hard as you may think

§ Hardwareõ Router§A router that directs traffic dependent on where it

comes from and it’s type§ It directs the Black Sheep and the White Sheep

õ Firewall§A device that looks at the information passing

between devices, and filters it if required§ It filters the Sheep from the Goats

It’s not has hard as you may think

§ Peer to Peer / Workgroupõ All PCs are equal õ One PC may be prime

§ Domainõ Server / Clientõ Possibly multiple servers § File, § Application§ Email§ Authentication

It’s not has hard as you may think

§ A combination solution of hardware and software is often the best

§ It depends on:õ The size of your networkõ The value of your information§A bank will spend significantly more money on

security than a 30 bed nursing home

Policies and Procedures

§ Literally, setting rules and policing them§ If rules can not be set for the systems to

enforce, set “best practice” guidelines.§ Passwords MUST be used.§ Physical Security of Equipment§ User level security§ Acceptable Use

Web Browsing / Sites visitedPersonal UseAuditing and Monitoring – Who can see what.Netiquette

Backup

The safe storage of important information§ Paper based or electronic has same

importance§ Backup to Disk, Tape or CD

õ Archive and backup those archives§ Test the backup regularly

õ Ensure information can be retrieved

Backup

The safe storage of important information§ Store the backup away from the Network

õ If the computer is destroyed is the backup still safe

§ Ensure any “restore to” PC can read the backup

Recommendations

§ Minimum requirements - essentialsõ Keep your Systems up to date!§ All Software Update/ Patches/ Definitions

õ Anti-Virus Software§ eg, CA, Trend, AVG, McAfee, Norton etc

õ Anti-Spyware Softwareõ Firewall or Routerõ Policies and Best Practice Procedures.õ Backups§ Keep both onsite and offsite§ Backup as often as you feel you can afford to

replace the data

Recommendations

§ Additional Recommendations - desirables…õ Anti-Spam§ At the ISP (Internet Service Provider)§ At your firewall/ Email Server (if you have one)§ On your PC eg Outlook Junk E-Mail filter

õ Professional assistance (internal or outsource)§ Internet Service Providers§ Computer Suppliers§ Trained staff (as long as their skills are up to date)§ Purchasing Partners/ Networking Opportunities

Recommendations

Whichever solution(s) you choose to implement

Maintain it!

Other Information

You may not be aware§Not-for-profits can purchase most

hardware and software for a significantly reduced price

§Windows XP is the minimum recommended operating system

§ ‘It all worth the effort’ J

Questions to the Panel

Thank you for your time