LectureSecurity MeasuresUnderstanding PortsPort Scanning & Malicious ProbesFirewallsSlide 6The Big PicturePassword AttacksPassword TipsWeb-based ExploitsHTML and SQL injectionsPhishing ScamsSpy-WareAnti-Virus SoftwareCryptography and EncryptionSlide 16Online TransactionsPacific Resources: InsidePacifc Administrative TabPacific Resources News Release: Facebook riskSafeguard your privacyLectureComputer SecurityPorts, Firewalls, Passwords, and MalwareSecurity Measures•Firewalls•Passwords•Mal-Ware•Anti-Virus and Anti-Spy-Ware•Patches and UpgradesUnderstanding Ports•A port is a doorway to a connection in the Internet world.•Part of TCP/IP layer –65,535 possible ports•Different layers of TCP/IP use different ports, eg:•Port 80 for web traffic•Port 21 for FTP•Port 25 for emailPort TablePort Scanning & Malicious Probes•It is similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked.•Port scanning software sends out a request to each port sequentially and makes a note of which ports responded or seem open to more in-depth probing.Firewalls•Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet •Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through•Firewalls can either be hardware and/or software based.Firewalls•Windows & Apple have a built in firewall •Some anti-virus software provide firewall•Blocks traffic based on...–Content–User–Patterns–PortsThe Big PictureNetworkSwitchInternInternetetInternInternetetDSL ModemDSL Modem)))FirewallPassword AttacksPassword Tips•Character Length•Complexity•Case, Symbols, and Numbers•Sharing with Others•Changing•Uniqueness•TipsWeb-based Exploits•More common now than sending malicious email attachments•Botnets: Networks of infected PCs inject code into legitimate websites•Download codes stealthily to innocent users READ “A day in the life of a hacker”•Harvest keystrokes and financial dataExample: Business Week.com infected 2007HTML and SQL injections•Limbo malware – Costs $300•Trojan Horse programming•Downloaded via pop up or phishing•Adds extra fields to legitimate online banking and financial sites•Tricking users into giving up bank numbers, pins, SSN’s numbers and valuable informationPhishing Scams•Identity theft –asks for personal information or account information•Increase “click count” – encourages you to click on a link… to surreptitiously increase “click count” revenue.•Gateway to malware - clicking on a link in a phishing email may trigger the launch of malware.•Was that a no-no? - clicking on the link may take you to site that looks perfectly OK… except that malware is launched in the backgroundSpy-Ware•Degrades PC/internet performance•Browser Hijacking•Anti-Spyware software:–Ad-Aware by Lavasoft–Grisoft's AVG Anti-Spyware 7.5, –Microsoft's Windows Defender 1.1 (free)–Safer Networking's Spybot Search & Destroy –Webroot's Spy Sweeper 5.5-VistaAnti-Virus Software•Searches all drives looking for known "virus signatures"•Scans all files and email attachments as they are accessed•Virus Definition Files must be updated frequently (daily or better)•Symantec Anti-Virus–Licensed for campus and homeCryptography and Encryption•from the Greek for “secret writing” -- is the mathematical “scrambling” of data so that only someone with the necessary key can “unscramble” it. •Cryptography allows secure transmission of private information over insecure channels (for example packet-switched networks).•Cryptography also allows secure storage of sensitive data on any computer.Cryptography and EncryptionEncryption: Method of scrambling contents of e-mail or files to make them unreadable if intercepted–Private key encryption: Uses a single key•Most often used to encrypt files on a computer•If used to send files to others, the recipient needs to be told the key–Public key encryption: Uses two keys•Public key: Can be given to anyone; used to encrypt messages to be sent to that person•Private key: Only known by the individual; used to decrypt messages that are encrypted with the individual’s public key•Key pairs can be obtained through a Certificate AuthorityOnline Transactions•1976: W. Diffie and M.E. Hellman proposed the first public-key encryption algorithms -- actually an algorithm for public exchange of a secret key.•1978: L.M Adleman, R.L. Rivest and A. Shamir propose the RSA encryption method–Currently the most widely usedPacific Resources: InsidePacifcAdministrative Tab•Go to Help Tab•Follow links to Security and Virus ProtectionPacific ResourcesNews Release: Facebook riskSafeguard your privacy•Review what you have posted online periodically. –Hints to your passwords–Personal information–Pictures that can be simply copied and used elsewhere. •One fifth of hiring managers have used the internet to search for personal info on job candidates•Monster Ideas for