Computer security 101
This page is a compilation of the notes and links that were presented in the 2011 SUNY Delhi work shop called: Computer Security 101. In this session we discussed you how you can keep your computer and yourself safe while using your computer and the internet. The topics of discussion were:
What is computer security?
Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
Why should I care about computer security?
We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
Who would want to break into my computer at home?
Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.
Intruders may be able to watch all your actions on the computer, or cause damage to your computer by deleting or changing your data.
How easy is it to break into my computer?
Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.
When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.
Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.
Tips on keeping you safe in this complex digital world
Use Secure Passwords
Computers can crack weak passwords easily!!! Security firms estimate that most passwords in use can be cracked in just 10 seconds. 10 SECONDS! That is scary stuff. Lets make that a bit harder by using more secure passwords. Don't use any real names, words, or numbers of significance. Even combination of these are insecure. The biggest problem is that we have so many passwords to rembember, and remembering complex passwords is just not something we get excited about doing. A trick I like to use is to move your fingers one space to the right on the keyboard.
Lets take a look at the 4 most commonly used passwords and what they become using this method:
- password => [sddeptf
- letmein => ;ry,rom
- money => .pmru
- love => ;pbr
Finding, installing, and updating free anti-virus / spy-ware
Keeping your computer up to date with free windows updates (and software updates)
- Set critical updates to run automatically and install them for you
- XP users, click start, all programs, Windows Update
- Vista/windows 7 users, click start, type windows update in the box and select it from the menu
- FLASH: When Flash and Java tell you there is an update available, do it!!!!
Keeping your important files safe with free online backup tools
Tracking your stolen computer with free "lojack" software
- www.preyproject.com - Prey. Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It's lightweight, open source software, and free for anyone to use. And it just works. The free version lets you track up to three devices.
Tracking your stolen digital camera
- www.stolencamerafinder.com - Is your camera lost or missing? Has your camera been stolen? If so, stolencamerafinder can help you find out where it is now. They can help to locate a missing camera by searching for photos on the web that have been taken by that camera. It works because many digital cameras will save information about the camera with the image. This could include the camera serial number which is unique to each camera. This information is saved with the picture as an invisible fingerprint of sorts. Stolencamerafinder.com searches the internet for pictures with that same fingerprint which can help in the recovery of your camera.
Tips for keeping safe while shopping online
- Do not buy from vendors you have never heard of. If you are unsure, check the better business bureau or sites like http://www.sitejabber.com or http://www.resellerratings.com
- Look for HTTPS at the start of the address on any page that asks for information (passwords, credit cards, etc…)
- Never buy anything from an unsolicited email… ever. Seriously… never.
- Do a lot of shopping? Invest $50 in one of these to encrypt your credit card information start to finish. http://www.amazon.com/NetSecure-SMSEN01-SmartSwipe-Reader-Black/dp/B002KQ56QU
Use browser plugins to block ads, malware, and other stuff you dont want to see.
Use HTTPS Everywhere to encrypt all of your web trafffic! Websites often do not encrypt traffic unless you are submitting passwords or other sensitive data. Use this plugin to make your browser ALWAYS request encryption. https://www.eff.org/https-everywhere https://www.eff.org/https-everywhere
- Use AD Block Plus to block annoying ads, not just popups. Many websites load ads into every available inch of their sites. These not only annoy us, but can also pose a serious security threat. Hackers sometimes use attacks hidden in ads to target insecure computers. By using AdBlock Plus, your browser will skip ads, and you will see a much cleaner version of your website. http://adblockplus.org/en/
The best advice I can give you is to BE SKEPTICAL OF EVERYTHING ONLINE. If your friend sends you random links to things and they never have before, ask them if they really sent it before opening it. If Prince Mumbabi asks for your bank account number so he can send you your million dollar inheritance, don't do it!