Internet Security

Presented by: Volcano Internet ProviderMatthew Carter, ISP Helpdesk Tier 2

Bill Harder Director of Operations

SPAM – What is it?

An electronic message is "spam" if:

(A) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND

(B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

HOW CAN YOU COMBAT SPAM?

1. Don’t give out your email address online.

2. Make your email address unscannable.

This entails sending a photo of your email instead of writing it down. To elude email harvesters

3. Don’t make your username the same as your email address.

4. Use disposable addresses to identify and shake off sources of spam.

5. Never respond to spam.

PHISHING

• The activity of defrauding an online account holder of financial information by posing as a legitimate company.

• Whaling and Spear Phishing are other forms of Phishing.

• Whaling – Target is high profile and often has a lot of money.

• Spear Phishing – When the target is chosen specifically but doesn’t meet the requirements of whaling.

SOCIAL ENGINEERING

The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized.

How to Protect Yourself from Social Engineering• Do not allow anybody to follow you into a secured area• Carefully block your access codes or Pin Numbers when inputting them.• Never trust any USB, microSD, etc. Don’t let curiosity destroy your

computer• When throwing away a hard drive – it is wise to completely destroy it by

driving nails into the platters. • Always ask for Identification when dealing with confidential information

(Personal info, anything labeled confidential, secret, or top secret)• Shred any files that contain any of the above before throwing them

away.• Follow security policy, do not let somebody sway your judgment with a

sob story.

Rogue APs and Evil Twins

• An Evil Twin is a WIFI access point that is installed in the same area as another legitimate Wi-Fi provider with the exact same name as the legitimate Wi-Fi provider. From the outside the Evil Twin looks exactly the same as the legitimate one, and when they log into it – the attacker can see all the users traffic.

• This is very similar to the Phishing attack discussed in slide four. Victims log into the Evil Twin thinking it is a legitimate Wi-Fi and perhaps go to do their online banking. Which the attacker then intercepts and uses later to steal the victims identity or funds.

• Sophisticated Evil Twins will also disable the legitimate AP to ensure all users log into the Evil Twin.

A rogue access point, also called rogue AP, is any Wi-Fi access point that is installed on a network but is not authorized for operation on that network, and is not under the management of the network administrator.A rogue AP can be inadvertently created by an employee who wants to provide access to the network wirelessly – and installs a wireless router at his cube without telling any network administrators. Left unsecured – the rogue AP has left a gaping hole in the networks security, and if discovered by any malevolent entities; could be the launch pad for an attack on the network. This example was for a large business, but the same applies to SOHO (small office/home office) networks as well.

Securing your WiFi

• The first step is to use your factory default credentials to log into the administrative side of your router and adding a 12 digit password

• While inside your router, change the SSID to something you will easily differentiate from other SSID’s in your area

• Enable WPA2 or WPA encryption. WEP encryption is unsecure and can be cracked within minutes

• For extra security you can turn on MAC filtering, by adding the MAC addresses of all your devices to the MAC address Filter area of your router.

• Always keep your router firmware up to date to close any security holes in the software itself.

1. Create a unique password on your router

2. Change your Network’s SSID name

3. Enable Network Encryption4. Filter MAC addresses5. Upgrade your Router’s firmware

Virus’s, Worms, Malware, Adware, and Spyware

• Protect yourself from most viruses and worms by installing a reputable antivirus.

• Only install trusted and reputable programs on your computer to avoid malware, adware, and spyware.

• Spyware can come in the form of hardware or software. Always check to make sure a hardware keylogger is not implemented on your system without your permission.

• Keyloggers cannot record any keys struck on the onscreen keyboard. It is wise to use this feature when performing your online banking to ensure that hackers cannot track your banking password information.

1. A virus is computer program that replicates itself within the infected system. Needs a human to transport it in some way to the next computer victim.

2. A worm is similar to a virus except that it has the ability to traverse the network and spread by itself, without the aid of a human.

3. Malware is a malicious program. Unlike a virus – it doesn’t reproduce or spread.

4. Adware is a software that automatically displays or downloads advertising material (often unwanted) when a user is online

5. Spyware is a software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

Cookies

• Session hijacking is when somebody uses your legitimate cookie to make the server believe that he is you.

• Prevent session hijacking by avoiding the use of personal information when the service you are trying to use is not encrypted.

• Be sure to log out of the service after your intended use is completed. This will invalidate the cookies session. Making the cookie worthless to attackers.

Many sites use a mechanism called a cookie to keep track of your sessions online. Whenever you log into a service such as online banking, checking your Facebook, or logging into your E-bay account. They all use cookies to keep you logged in – so that if you leave the site briefly and come back, you wont have to input your login credentials again. This is very convenient, but the convenience comes at a risk. The possibility that a hacker could use various techniques, involving the use of the cookie, to perform an attack called session hijacking.

Session Hijacking

NEW EMAIL INTERFACE!• IMPROVED USER INTERFACE!• Cloud Storage with drag and drop

interface• Modern Design• Keep your original Email Address• Keep your Folders• Set up your appointments in the

Calendar• Change your webmail background

colors• Also available for mobile phones.• Retain your Contacts

THANKS FOR HAVING US!