security awareness: applying practical security in your world, second edition chapter 4 personal...
Post on 18-Dec-2015
224 views
TRANSCRIPT
Security Awareness: Applying Practical Security in Your World, Second Edition
Chapter 4 Personal Security
Security Awareness: Applying Practical Security in Your World, 2e 2
Objectives
• Define spyware and tell how it is used
• List and describe spyware tools
• Explain how to use personal security defense mechanisms
Security Awareness: Applying Practical Security in Your World, 2e 3
What is Spyware?
• Spyware – Software that violates user’s personal security
• The Antispyware Coalition defines spyware as – Technologies implemented in ways that impair
user’s control over• Use of system resources
• The collection, use, and distribution of personal or otherwise sensitive information
• Material changes that affect user’s experience, privacy, or system security
Security Awareness: Applying Practical Security in Your World, 2e 4
What is Spyware? (continued)
• Characteristics of spyware– Creators are motivated by money– More intrusive than viruses– Harder to detect– Harder to remove– Harmful spyware is not always easy to identify
Security Awareness: Applying Practical Security in Your World, 2e 5
Security Awareness: Applying Practical Security in Your World, 2e 6
Security Awareness: Applying Practical Security in Your World, 2e 7
What is Spyware? (continued)
• Identity theft – Use of someone’s personal information to
impersonate with intent to commit fraud
• Once identity thieves have personal information they can– Change the mailing address on a credit card account– Establish phone or wireless service in the person’s
name– File for bankruptcy under the person’s name
Security Awareness: Applying Practical Security in Your World, 2e 8
What is Spyware? (continued)
• Computer might be infected with spyware if– Pop-up advertisements appear even when user is
not on the Web– Browser settings have changed without user’s
consent– New toolbar unexpectedly appears and is difficult to
remove– Computer takes longer than usual to complete
common tasks– Computer crashes frequently
Security Awareness: Applying Practical Security in Your World, 2e 9
Spyware Tools
• Adware – Delivers advertising content in a manner or context
that is unexpected and unwanted by user
• Most users frown on adware because– Unwanted advertisements can be a nuisance– Repeated pop-up ads can impair productivity– Adware may display objectionable content– Advertisements can slow a computer down or cause
crashes and the loss of data
Security Awareness: Applying Practical Security in Your World, 2e 10
Security Awareness: Applying Practical Security in Your World, 2e 11
Phishing
• Sending an e-mail or displaying a Web announcement that – Falsely claims to be from a legitimate enterprise – Attempts to trick a user into surrendering private
information
• Both the e-mails and the fake Web sites appear legitimate
Security Awareness: Applying Practical Security in Your World, 2e 12
Security Awareness: Applying Practical Security in Your World, 2e 13
Security Awareness: Applying Practical Security in Your World, 2e 14
Phishing (continued)
• Variations on phishing attacks– Spear phishing
• Targets specific users
– Pharming• Automatically redirects user to fake site
– Google phishing• Phishers set up their own search engines to direct
traffic to illegitimate sites
Security Awareness: Applying Practical Security in Your World, 2e 15
Keyloggers
• Hardware device or small program that monitors each keystroke a user types
• Small plug located between keyboard connector and computer keyboard port
• Software keyloggers– Silently capture what a user types, including
passwords and sensitive information
• Can elude detection by Windows Task Manager
Security Awareness: Applying Practical Security in Your World, 2e 16
Security Awareness: Applying Practical Security in Your World, 2e 17
Security Awareness: Applying Practical Security in Your World, 2e 18
Configuration Changers
• Type of spyware that change settings on computer without user’s knowledge or permission
• Configuration changers can– Change operating system or software security
settings– Disable antivirus or other security software– Initiate an outbound Internet connection– Change startup procedures or security settings
Security Awareness: Applying Practical Security in Your World, 2e 19
Dialers
• Change settings of a computer that uses a dial-up telephone line to connect to Internet
• Not affected by dialers– Users with broadband connections
Security Awareness: Applying Practical Security in Your World, 2e 20
Backdoors
• Provide unauthorized way of gaining access to a program
• Enable the remote malicious user to– Upload files to the computer– Start programs– Reboot computer– Log off current user– Display message boxes– Play sounds through the speakers
Security Awareness: Applying Practical Security in Your World, 2e 21
Personal Security Defenses
• Antispyware software– Helps prevent computers from becoming infected by
different types of spyware– Must be regularly updated– Can be set to
• Provide continuous real-time monitoring
• Perform a complete scan of the entire computer system
Security Awareness: Applying Practical Security in Your World, 2e 22
Security Awareness: Applying Practical Security in Your World, 2e 23
Security Awareness: Applying Practical Security in Your World, 2e 24
Antispyware Software
• Additional tools– System explorers
• Expose configuration information that are normally difficult to access
– Tracks Eraser• Automatically removes cookies, browser history,
record of which programs have been recently opened
– Browser Restore• Allows user to restore specific browser settings if
spyware infects the Web browser
Security Awareness: Applying Practical Security in Your World, 2e 25
Recognize Phishing
• Common elements in messages that could be phishing attacks– Deceptive Web links– E-mails that look like Web sites– Fake sender’s address– Generic greeting– Pop-up boxes and attachments– Unsafe Web sites
Security Awareness: Applying Practical Security in Your World, 2e 26
Security Awareness: Applying Practical Security in Your World, 2e 27
Security Awareness: Applying Practical Security in Your World, 2e 28
Legislation and Procedures
• Fair and Accurate Credit Transactions Act (FACTA) of 2003– Grants consumers the right to
• Request one free credit report from each national credit-reporting firms every twelve months
– If consumers find a problem on their credit reports • They must first send a letter to the credit-reporting
agency
Security Awareness: Applying Practical Security in Your World, 2e 29
Security Awareness: Applying Practical Security in Your World, 2e 30
Fair and Accurate Credit Transactions Act (FACTA) of 2003
• FACTA Disposal Rule– Proper destruction of data relating to personal
information– Extends to
• Employers, landlords, automobile dealers
• Private investigators, debt collectors
• Anyone who obtains credit reports on prospective contractors
Security Awareness: Applying Practical Security in Your World, 2e 31
Payment Card Industry Data Security Standard (PCI-DSS)
• Payment Card Industry Data Security Standard (PCI-DSS)– Established by Visa and Mastercard– Safeguards cardholder data and prevents identity
theft based on stolen credit card information– Composed of 12 discrete requirements that force
merchants to develop a secure network
Security Awareness: Applying Practical Security in Your World, 2e 32
Proposed Federal Legislation
• Several bills proposed in the U.S. Congress to address spyware and identity theft
• Microsoft – Has teamed up with the FBI– Has brought charges against over 100 suspected
phishers
Security Awareness: Applying Practical Security in Your World, 2e 33
Summary
• Spyware – Term used to describe software that violates user’s
personal security
• Adware – Delivers advertising content in a manner that is
unexpected and unwanted by user
• Phishing– Sending e-mail or displaying Web announcement
that falsely claims to be from a legitimate enterprise
Security Awareness: Applying Practical Security in Your World, 2e 34
Summary (continued)
• Keylogger or keystroke logger– Hardware device or software that monitors and
collects each keystroke a user types
• Antispyware program– One of the best defenses against spyware
• Legislation – Addresses protection of personal data