Home Computer Security and Privacy Seminar

1
Home Computer Security and Privacy Seminar

• a presentation byBob Cook
• Discovery Owners Association, Inc

Special Thanks to Pat Crispen
http//www.discoveryowners.com
2
Seminar Topics

• Phishing
• Internet Shopping
• Firewalls and Testing
• Computer Virus
• Spyware
• Windows Software Updates
• Internet Explorer
• Misc Security concerns
• WIFI security considerations

3
Cooks Law of Computer Security

• Don't buy a computer.
• If you do buy a computer, don't turn it on.
• If you must turn it on, protect yourself from
  disaster by following the recommendations in this
  seminar!

4
Tick tock

• Once online, your computer is vulnerable to
  attack from viruses, worms, and even criminals.
• How long do you have between connection and
  attack?
• On average, 20 minutes.
• And if you have a cable or DSL connection, you
  have less time than that.

Source http//isc.sans.org/survivalhistory.php
5
Common types of home computer security breaches

• Viruses, worms, and Trojan horses
• Code exploits
• Malware adware and spyware
• Phishing attacks

6
Impact of home computer security breaches

• Loss or compromise of your data
• Identity theft
• Loss of income
• Legal consequences
• Stolen money from your bank account

7
Scared yet?

• The internet can be a dangerous place for both
  computers and users.
• Fortunately, there are some simple ways to
  protect both your computer and yourself.

8
Phishing Attacks

• You get an email advising that you need to update
  your account information. A link is provided
  that takes you to a website that looks very
  official, but it really is a pirate site seeking
  your personal info.
• PROTECTION
• Never click on link, type in URL manually
• Use spoofstick (http//www.corestreet.com/spoofsti
  ck/)

9
Internet Purchases

• Only purchase from known vendors
• Use a special credit card or PayPal account to
  limit exposure
• Never buy anything from a foreign venders
• Always use a secure link (https) for paying (Most
  browsers display a key or lock when on a secure
  site)

10
Part One Firewalls

• What they are and why you absolutely need one
  well, actually, two before you even THINK about
  connecting your computer to the internet.

11
Mmm worms and crackers.

• Connect to the internet and two things will
  quickly target and attack your computer Worms
  and crackers.
• Worms are a type of computer virus that, using
  automatic file sending and receiving features
  built into most computers, tries to infect other
  computers including yours over a network.
• Many worms include backdoors that give crackers a
  way to easily break into your computer at a later
  date.
• And if the worms dont get you, the crackers will.

12
How crackers find you

• How do worms and crackers find your computer in
  the first place?
• Worms automatically/randomly search the internet
  looking for every unprotected computer they can
  find.
• Every semi-competent cracker and script kiddie
  has software that
• Scans thousands of internet connections looking
  for Windows file and printer shares.
• Scans for known vulnerabilities, holes, and
  unsecured services in Windows, Mac OS, Linux,
  VM-CMS, etc.
• Exploits those known vulnerabilities.
• Cracks Windows passwords.
• And so on.

13
Protecting your computer

• To protect your computer, you must hide it from
  the internet.
• If the worms and crackers cant see your
  computer, they hopefully wont attack you.
• How do you hide your computer? Use a firewall.

14
Consumer Firewall

• Hardware based most routers (Linksys, D-Link,
  etc) also include a router
• Software based ZoneAlarm, EZFirewall, etc

15
What is a firewall?

• A firewall is either hardware or software that
  stands between your computer or home network
  and its internet connection and provides access
  controlit determines what can and cannot pass.
• Its just like the firewall in your car.
• Your cars firewall keeps the bad stuff from your
  engine like heat and exhaust out of your
  passenger cabin.
• But it isnt impervious. It has holes in it to
  let the good stuff like the steering column and
  the brakes through.

16
What is a firewall?

• A good firewall, like your cars firewall, keeps
  the bad stuff out and lets the good stuff
  through.
• How? Well most consumer firewalls offer a
  combination of
• Computer stealththey hide your computer from the
  worms and crackers scans.
• Intrusion blockingthey make it harder but not
  impossible for worms and crackers to break in.

17
IP addresses

• When you connect your home computer to the
  internet, the internet connects to your computer.
• Every computer connected to the internet has its
  own, unique internet address like 137.151.128.96
  or 130.160.4.4
• Your ISP automatically assigns the internet
  address to your computer from a pool of addresses
  the ISP maintains.
• When you disconnect or at some regular interval
  with cable modem and DSL connections, that
  address goes back into the ISPs pool of
  addresses and is given to someone else.

18
If a cracker knows your internet address, he can
probe your computer for vulnerabilities.
19
NAT

• Hardware firewalls use something called Network
  Address Translation or NAT which, among other
  things, hides your computer from the worms and
  crackers.
• You physically connect your home computers to
  the firewall and connect the firewall to the
  internet.
• The firewallnot your home computerconnects to
  the internet and is assigned a publicly-visible
  internet address by your ISP.

20
Hiding behind a wall of fire

• Your firewall automatically assigns your
  computer a private internet addresses.
• Only your firewall knows what your computers
  private address is.
• The private address is not visible to anyone on
  the Internet nor is it directly accessible from
  the internet.
• Since the worms and crackers cant see your
  computers address, it is harder for the worms
  and crackers to scan your computer for
  vulnerabilities.
• So, hopefully, the worms and crackers move on to
  someone elses computer.

21
Communicating with the Internet

• Your firewall becomes your computers
  intermediary on the internet. All traffic must
  go through it.
• When you request something from the internet, the
  firewall pretends that it made the request, not
  your computer.

22
Keeping worms and crackers out

• Since the internet never even sees your computer,
  theres nothing for the worms or crackers to
  probe or attack other than your firewall.
• And your firewall is just a dumb box.

23
Stateful packet inspection

• In addition to using NAT to hide your computer,
  a firewall also uses stateful packet inspection
  or SPI to block intruders.
• It only allows connections that you originate.
• All other connections are automatically blocked
  at the firewall.

24
Why firewalls ROCK!

• IF YOU DONT HAVE A FIREWALL, YOUR COMPUTER WILL
  BE ATTACKED AND/OR COMPROMISED USUALLY WITHIN
  20 MINUTES OF YOUR CONNECTING TO THE INTERNET.
• Firewalls protect your home computer from worms
  and crackers through a combination of
• Computer stealth using NAT.
• Intrusion blocking using stateful packet
  inspection.
• Gosh, is there anything firewalls cant do?

25
What a firewall cant do

• Well, actually, a consumer firewall cant
• Fix operating system or software vulnerabilities
• A firewall may block some exploits coming in from
  the internet, but the vulnerabilities will still
  be there
• Thats why patch management is so important
• Protect your computer from viruses.
• A firewall may block internet worms, but it wont
  block viruses attached to emails, hidden in files
  you download from the internet or Kazaa, etc.
• Virus protection is a job for your antivirus
  program, not a firewall.

26
Theres more

• A consumer firewall also cant
• Protect your computer from spyware.
• Block pop-up ads.
• Block spam.
• Completely keep crackers out.
• Protect you from doing stupid stuff to your
  computer.

27
But, if you are looking for simple computer
stealth and basic intrusion blockingand trust
me, you areyou need a firewall.
28
Dont I already have a firewall?

• How can you tell if you have a firewall and/or if
  it is working properly?
• Go to grc.com and run Shields Up.
• This is a free, online tool from security guru
  Steve Gibson.
• Shields Up checks file sharing, common ports, all
  service ports, messenger spam, and browser
  headers.
• If Shields Up can see you, so can the crackers.
• You either dont have a firewall or it isnt
  configured properly.

29
Which one?

• Should you get a hardware firewall or a software
  firewall?
• If you have a cable modem, satellite, or DSL
  connection, you need both a hardware firewall and
  a software firewall.
• If you have a dial-up connection or an internal
  broadband modem a modem physically built into
  your computer, you only need a software firewall
• But thats only because I dont know of any
  reasonably-priced external hardware firewalls
  that work with internal modems.

30
Why both?

• Hardware firewalls have an Achilles heel they
  for the most part assume that ALL internet
  traffic originating from your computer is safe.
• But, if you accidentally double-click on a
  virus-infected file,
• Your computer will be infected with that virus.
  Remember, hardware firewalls cant protect you
  from either viruses or doing stupid stuff.
• That virus is more than likely going to try to
  use your computer and your internet connection to
  infect other computers.

31
Hardware Firewall Limitations

• So your computer is now a virus-spewing zombie.
• BUT, remember, your hardware firewall still
  trusts your computer.
• Your computer is flooding the internet with
  thousands of viruses, worms, or spams, and your
  hardware firewall doesnt notice, care, or even
  bother to tell you.

32
How software firewalls work

• Software firewalls actually, personal software
  firewalls
• Constantly run in the background.
• Block bad stuff from the internet the stuff that
  somehow magically makes it past the hardware
  firewall.
• Warn you when a program on your computer tries to
  access the internet.
• You decide whether or not that program will be
  allowed to access the internet.

33
So in our zombie example, the software
firewallNOT the hardware firewallwould catch
the flood of viruses before they even left your
computer.
34
In the simplest terms

• Hardware firewalls protect your computer from the
  internet.
• Software firewalls
• Are a second layer of defense behind your
  hardware firewall.
• Protect both your computer from the internet AND
  the internet from your computer.
• Warn you when something fishy is happening on
  your computer.
• So now can you see why I recommend running both a
  hardware AND a software firewall?

35
Hardware firewalls

• Now for the bad news Hardware firewallsstand-alo
  ne boxes that do nothing but block intrudersare
  both complicated and expensive.
• Ciscos cheapest firewall the PIX 501 is
  approximately US400 Source pricewatch.com
• But two important features of hardware
  firewallsNAT and SPIare built into most
  hardware routers which are a LOT cheaper.
• Linksys Instant Broadband EtherFast Cable/DSL
  Firewall Router with 4-Port Switch/VPN Endpoint
  BEFSX41 is approximately US70 Source
  pricewatch.com

36
Over the router and through the woods

• My suggestion?
• Before you connect your computer to the Internet,
  go to your nearest technology store or big box
  retailer.
• Buy a cable/DSL router from Linksys my
  favorite, D-Link, Netgear, Belkin, or SMC for
  US50-75.

Image courtesy Linksys.com
37
uadmin padmin?

• Read the instructions that come with your router
  and CHANGE YOUR ROUTERS DEFAULT ADMIN USERID AND
  PASSWORD!
• Crackers know the default administrators userid
  and password for every router and firewall and
  server and operating system and... ever made.
• Check out http//www.phenoelit.de/dpl/dpl.html if
  you dont believe me.
• Also, using the instructions, make sure to
  disable remote administration in your routers
  settings.

38
Software firewalls

• Now that I spent US50 of your hard-earned money
  on a router, let me save you some money.
• The best software firewalls in my humble
  opinion are absolutely free.
• ZoneAlarm http//www.zonelabs.com/
• Sygate Personal Firewall http//smb.sygate.com/pr
  oducts/spf_standard.htm

39
Training your firewall

• You need to train the free version of ZoneAlarm
  and other software firewalls.
• By default, ZoneAlarm blocks everything on your
  computer from accessing the internet.
• You have to manually tell ZoneAlarm which
  programs to let through.
• Fortunately, this is really simple to do Just
  check out http//www.tinyurl.com/27wcz for
  instructions on how to install and train
  ZoneAlarm.

40
XP Firewall

• Windows XP comes with its own firewall, so we XP
  users can breathe easy, right?
• WRONG!
• If you have Windows XP Home or Professional, your
  built-in software firewall is both horrible and
  most likely disabled.
• XP SP2 Firewall only protects incoming traffic.
• Do NOT use XP firewall!

41
Done?

• Once youve installed a hardware and/or software
  firewall youre in the clear, right?
• Not exactly. Youre SIGNIFICANTLY better
  protected from exploits and network intrusions
  than most people, but theres still more you need
  to do.

42
Part Two Exploits

• What they are, where they come from, and how to
  manage them

43
Some questionable stats from Secunia

• XP Professional
• 46 security advisories issued in 2003-2004
• 48 involved some sort of remote online attack.
• 46 involved granting system access to a cracker.
• Mac OS X
• 36 security advisories issued in 2003-2004
• 61 involved some sort of remote attack.
• 32 involved granting system access to a cracker.

Source Secunia as posted in http//slashdot.org
/comments.pl?sid113493cid9613964
44
The truth of the matter

• Computer security isnt just a PC- or Mac-only
  problem.
• EVERY operating system and EVERY software
  application has vulnerabilities, especially
  online.
• Crackers can use these vulnerabilities to
• Read or even delete every file on your computer
• Infect your computer with a virus
• Use your computer to attack another computer or
• Do a whole bunch of other nasty things.

45
But there are some simple ways to keep the
crackers especially the script kiddies at bay.
46
Repairing the damage

• Repairing the damage from an exploit could be as
  simple as deleting or replacing corrupt data or
  as complicated as a deep-level format of your
  hard drive.
• The repair path depends on the exploit.
• This may be a job for a professional repair
  technician.
• The BEST way to repair the damage caused by an
  exploit is to close the holes before they are
  exploited.

47
Closing the holes

• When a vulnerability is found, operating system
  and software manufacturers eventually/hopefully
  release something called a patch.
• A patch is simply a software update meant to fix
  problems, bugs, or the usability of a previous
  version of an application. Source Wikipedia
• Download and install the patch and your computer
  is hopefully no longer susceptible to that
  particular vulnerability.

48
Why are patches so important?

• When a new patch is released, an unintended
  consequence is that the bulletin announcing the
  patch also announces the vulnerability to
  crackers.
• Crackers count on the fact that you wont get the
  patchyour computer will continue to be
  vulnerable.
• And the time between bulletin and exploit is
  shrinking.

49
You cant completely protect your computer from
every exploit, but you can keep the exploits at
bay by practicing simple patch management.
50
How to patch Windows

• When Microsoft finds a security hole in Windows
  or Internet Explorer, they usually/eventually
  release a patch called a Critical Update.
• In Internet Explorer, go to Tools Windows
  Update.
• Click on Scan for updates.

51
How to patch Windows

• Download and install only the Critical Updates
  and Service packs.
• Ignore the other updates.
• Keep running Windows Update until it tells you to
  go away.
• To see a complete catalog of all Microsoft
  Critical Updates for Windows 9X and NT, go to
  http//v4.windowsupdate.microsoft.com/catalog

52
The NEW Windows Update

• There are now two Windows Updates
• Version 4 for Windows 95, 98, 98SE, ME, and NT
• Version 5 for Windows XP and 2000
• When you run Windows Update, Microsoft sniffs
  your computer and automatically redirects you to
  the correct version.

53
Mambo Number 5

• When you run Windows Update v.5 on XP or 2000 for
  the first time, choose Express Install.
• This only gives you the critical updates and
  security updates.
• By default, Automatic Updates are turned on.

54
Manually run Windows Update at least once a week.

• Your computer should, by default, automatically
  check for updates. Thats cool, but also run the
  update manually just to be safe.

55
To patch Microsoft Office

• In Windows XP or 2000, just run the new Windows
  Update.
• In older versions of Windows, go to
  officeupdate.microsoft.com and click on Check
  for Updates
• Mac users need to go to http//www.microsoft.com/m
  ac/downloads.aspx
• Have your Office installation disk nearby in case
  the update needs to sniff the disk.

56
Patching other programs through Check for
Updates

• Open the program you want to patch and, under the
  Help menu, look for Check for Updates,
  Updates, Check for Upgrade, or something
  similar.
• This will either
• Automatically check for and install any software
  patches you are missing
• Take you to a web site where you can download the
  necessary patches.

57
Manually patching your software

• If the Help menu doesnt have a built-in update
  feature, choose About the name of the program
  in the Help menu and write down the exact version
  number of the program.
• Usually its an integer and a combination of
  decimals like 7.0.1
• Go to the software manufacturers web site and
  look for Downloads, Upgrades, Support, or
  something similar.

58
Manually patching your software

• Compare your softwares version number to the
  version number available online.
• If the decimals of the online version number are
  larger than yours, download and install the
  appropriate patch.
• If the integer is larger, youll need to buy a
  new version of the program.

59
Done?

• Once youve installed a hardware and/or software
  firewall and regularly patched your operating
  system and programs youre in the clear, right?
• Not exactly. Youre certainly better protected
  from exploits than most people, but theres still
  more you need to do.
• You need to test your firewall, and check for
  viruses and spyware