![Page 1: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/1.jpg)
Security Awareness: Applying Practical Security in Your World, Second Edition
Chapter 4 Personal Security
![Page 2: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/2.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 2
Objectives
• Define spyware and tell how it is used
• List and describe spyware tools
• Explain how to use personal security defense mechanisms
![Page 3: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/3.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 3
What is Spyware?
• Spyware – Software that violates user’s personal security
• The Antispyware Coalition defines spyware as – Technologies implemented in ways that impair
user’s control over• Use of system resources
• The collection, use, and distribution of personal or otherwise sensitive information
• Material changes that affect user’s experience, privacy, or system security
![Page 4: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/4.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 4
What is Spyware? (continued)
• Characteristics of spyware– Creators are motivated by money– More intrusive than viruses– Harder to detect– Harder to remove– Harmful spyware is not always easy to identify
![Page 5: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/5.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 5
![Page 6: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/6.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 6
![Page 7: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/7.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 7
What is Spyware? (continued)
• Identity theft – Use of someone’s personal information to
impersonate with intent to commit fraud
• Once identity thieves have personal information they can– Change the mailing address on a credit card account– Establish phone or wireless service in the person’s
name– File for bankruptcy under the person’s name
![Page 8: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/8.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 8
What is Spyware? (continued)
• Computer might be infected with spyware if– Pop-up advertisements appear even when user is
not on the Web– Browser settings have changed without user’s
consent– New toolbar unexpectedly appears and is difficult to
remove– Computer takes longer than usual to complete
common tasks– Computer crashes frequently
![Page 9: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/9.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 9
Spyware Tools
• Adware – Delivers advertising content in a manner or context
that is unexpected and unwanted by user
• Most users frown on adware because– Unwanted advertisements can be a nuisance– Repeated pop-up ads can impair productivity– Adware may display objectionable content– Advertisements can slow a computer down or cause
crashes and the loss of data
![Page 10: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/10.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 10
![Page 11: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/11.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 11
Phishing
• Sending an e-mail or displaying a Web announcement that – Falsely claims to be from a legitimate enterprise – Attempts to trick a user into surrendering private
information
• Both the e-mails and the fake Web sites appear legitimate
![Page 12: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/12.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 12
![Page 13: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/13.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 13
![Page 14: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/14.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 14
Phishing (continued)
• Variations on phishing attacks– Spear phishing
• Targets specific users
– Pharming• Automatically redirects user to fake site
– Google phishing• Phishers set up their own search engines to direct
traffic to illegitimate sites
![Page 15: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/15.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 15
Keyloggers
• Hardware device or small program that monitors each keystroke a user types
• Small plug located between keyboard connector and computer keyboard port
• Software keyloggers– Silently capture what a user types, including
passwords and sensitive information
• Can elude detection by Windows Task Manager
![Page 16: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/16.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 16
![Page 17: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/17.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 17
![Page 18: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/18.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 18
Configuration Changers
• Type of spyware that change settings on computer without user’s knowledge or permission
• Configuration changers can– Change operating system or software security
settings– Disable antivirus or other security software– Initiate an outbound Internet connection– Change startup procedures or security settings
![Page 19: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/19.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 19
Dialers
• Change settings of a computer that uses a dial-up telephone line to connect to Internet
• Not affected by dialers– Users with broadband connections
![Page 20: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/20.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 20
Backdoors
• Provide unauthorized way of gaining access to a program
• Enable the remote malicious user to– Upload files to the computer– Start programs– Reboot computer– Log off current user– Display message boxes– Play sounds through the speakers
![Page 21: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/21.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 21
Personal Security Defenses
• Antispyware software– Helps prevent computers from becoming infected by
different types of spyware– Must be regularly updated– Can be set to
• Provide continuous real-time monitoring
• Perform a complete scan of the entire computer system
![Page 22: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/22.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 22
![Page 23: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/23.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 23
![Page 24: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/24.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 24
Antispyware Software
• Additional tools– System explorers
• Expose configuration information that are normally difficult to access
– Tracks Eraser• Automatically removes cookies, browser history,
record of which programs have been recently opened
– Browser Restore• Allows user to restore specific browser settings if
spyware infects the Web browser
![Page 25: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/25.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 25
Recognize Phishing
• Common elements in messages that could be phishing attacks– Deceptive Web links– E-mails that look like Web sites– Fake sender’s address– Generic greeting– Pop-up boxes and attachments– Unsafe Web sites
![Page 26: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/26.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 26
![Page 27: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/27.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 27
![Page 28: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/28.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 28
Legislation and Procedures
• Fair and Accurate Credit Transactions Act (FACTA) of 2003– Grants consumers the right to
• Request one free credit report from each national credit-reporting firms every twelve months
– If consumers find a problem on their credit reports • They must first send a letter to the credit-reporting
agency
![Page 29: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/29.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 29
![Page 30: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/30.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 30
Fair and Accurate Credit Transactions Act (FACTA) of 2003
• FACTA Disposal Rule– Proper destruction of data relating to personal
information– Extends to
• Employers, landlords, automobile dealers
• Private investigators, debt collectors
• Anyone who obtains credit reports on prospective contractors
![Page 31: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/31.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 31
Payment Card Industry Data Security Standard (PCI-DSS)
• Payment Card Industry Data Security Standard (PCI-DSS)– Established by Visa and Mastercard– Safeguards cardholder data and prevents identity
theft based on stolen credit card information– Composed of 12 discrete requirements that force
merchants to develop a secure network
![Page 32: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/32.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 32
Proposed Federal Legislation
• Several bills proposed in the U.S. Congress to address spyware and identity theft
• Microsoft – Has teamed up with the FBI– Has brought charges against over 100 suspected
phishers
![Page 33: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/33.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 33
Summary
• Spyware – Term used to describe software that violates user’s
personal security
• Adware – Delivers advertising content in a manner that is
unexpected and unwanted by user
• Phishing– Sending e-mail or displaying Web announcement
that falsely claims to be from a legitimate enterprise
![Page 34: Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 4 Personal Security](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d255503460f949fbce1/html5/thumbnails/34.jpg)
Security Awareness: Applying Practical Security in Your World, 2e 34
Summary (continued)
• Keylogger or keystroke logger– Hardware device or software that monitors and
collects each keystroke a user types
• Antispyware program– One of the best defenses against spyware
• Legislation – Addresses protection of personal data