 |
|
|
|
|
|
FAQS
|
|
| |
How easy is it to break into
a computer? |
|
|
| Cyber criminals are
relentlessly finding new vulnerabilities to
exploit in the many different application software
programs installed on your computer. Once a
"hole" in software has been exploited, the Cyber
criminal can do quite a bit of damage to both
your computer and identity.
Many times, these holes are exploited by
simply opening an email from a malicious source;
which is why you must always be careful when
opening any email...even if the email indicates
that it came from someone you know. You can also become
infected by simply visiting a compromised website, which are often legitimate websites that have been hijacked
by a cyber criminal, who then placed malicious software on the site designed to automatically download to a
computer simply because the user visited the page and their computer may have been vulnerable because they
did not have all the security updates installed, or perhaps their web browser was not configured for optimum
security.
The good news is that many of these holes
can be fixed by simply installing the latest
security patches for your software as they are
released. Microsoft releases their security
patches on the second Tuesday of each month
and you should make it a habit to check the
Microsoft Windows and Office update sites regularly to ensure that
you have all of the latest security patches
installed on your computer(s). If you need any
security patches, we strongly recommend downloading and
installing them immediately! Make sure you get the patches from Microsoft...not by clicking a link in your email or
on any other website!
You should also check the web sites of the
other application software vendors for products
you have installed for security patches on a
continuous basis; especially Adobe, Java, and other popular products.
Other preventative measures include changing
the default settings for the software you have
installed to more secure settings; preventing
access to certain sites that are known to cause
problems; and understanding how to safely surf
the Internet.
We outline some techniques and offer many
suggestions in our eBook,
Home
Network Security, and our video tutorials to help educate the end
user on many do's and don'ts.
|
|
|
|
| |
What are the types of threats
to me and my computer? |
|
Currently, these are the most common threats
to your computer:
-
Phishing attacks - this is currently one of the most common and dangerous avenues to steal your
personal identity. Phishing attacks usually present themselves in the form of an email asking the recipient to
log in to their account by clicking a link embedded within the email. They usually ask the recipient to verify
their account profile or change their password and these emails are very clever in the way they are written.
Just remember, you cannot become compromised from a phishing attack if you do
not click the links!
-
Social Networking sites - MySpace and other social networking sites have become an attractive place for
malicious cyber criminals to work their devious deeds. Using social networking sites, the cyber criminal will
often meet someone, who will eventually gain their trust, before they commit a fraudulent act against the new
victim. Many times, the cyber criminal will be successful in convincing the victim to send them money; which
they will never see again.
- Trojan horse programs – can be used
to provide a “back door” into your computer
and allow the intruder remote control of
your system.
- Botnets - can be used to make your computer
part of an army of remotely controlled computers
that can be, and are often used, to attack
other computer systems or distribute illegal content from your computer.
- Denial of service – causes your computer
to be overwhelmed processing data from outside
sources, which could make it crash; or it
could be used to attack other systems with
the same results.
- Unprotected Windows shares - can be
used by an intruder to store malicious tools
and unwanted content such as pornography
on your computer.
- Mobile code (Java, JavaScript, and ActiveX)
– this is code used by your web browser
and can be used in many malicious ways,
such as gathering information about you
and sending that information back to the
source who compromised your system.
- Cross-site scripting - can be used to
trick users into revealing sensitive information
about themselves, alter the appearance of
a web page, insert unwanted or offensive
images or sounds into a web page, or otherwise
interfere with the intended appearance and
behavior of the web page.
- Email spoofing – emails that imitate
a legitimate company or site and can be
used to trick the end user into revealing
confidential information the user would
not normally divulge. This is a common method
used in “phishing” attacks.
- Email-borne viruses – these are usually
attachments accompanying an email that when
launched, could present your computer with
a variety of problems, including annoying
behavior and inserting back door programs.
- Hidden file extensions – by default,
hidden file extensions are enabled by Windows
operating systems. The problem with this
is that you may receive an attachment with
a harmless extension such as .txt; however,
if the extensions are hidden, the attachment
may actually have a .vbs, .exe, or other
executable extension type that does not
show because Windows is hiding those extensions.
It would be better to ensure that you can
see the extension so you can better determine
what type of file you are opening.
- Chat clients – IRC, Internet Relay Chat
programs, are quickly becoming a popular
avenue for spreading malicious code because
these messaging programs provide a mechanism
for information to be transmitted bi-directionally
between computers on the Internet.
- Packet sniffing – data is sent back
and forth in “packets” containing files
and information. Packet sniffing provides
a Cyber criminal with a tool to intercept
and read the information contained within
the packets, which could contain your personal
information.
- Root kits – Root kits are quickly becoming
one of the most serious threats to computer
security and confidential information stored
on the hard drives. If your computer becomes
infected with a Root kit, the person who
placed it on your system could have complete
control to do anything they wish, including
stealing your personal information or using
your computer to attack other computers
connected to the Internet. Hackers often
gain access to your system through unpatched
software and are now placing Root kits on
compromised computers because of security
holes in the unpatched software. If someone
is successful in placing a Root kit on your
computer, it is often very difficult or
even impossible to detect and remove.
- Loss of Data – ensuring that you have
good backups is your best protection against
losing your data due to hard drive failures,
power surges, and theft. It would be a good
idea to encrypt your data in addition to
backing it up regularly.
Other, but often overlooked threats include:
- - environmental threats such as water and power surges,
- - physical access to your computer whereby someone can steal your data,
place harmful software on your computer, or simply steal your computer
- - Hardware failures.
|
|
|
|
| |
What can I do to protect myself
from threats to my computer? |
|
Fortunately, there are many, many things you can
do yourself, and you will find this information
in our eBook,
Home Network Security
and in our video tutorials.
In a nutshell, you should:
- Change various settings in your operating
system and other application software installed
on your computer to enable higher security
- Install a hardware-based perimeter firewall
and configure it for optimum security
- Install a good and reputable Anti-Virus
program and ensure it is always up-to-date
- Install a couple of good and reputable
Anti-spyware programs and ensure they are
always up-to-date
- Install a good and reputable Anti-spam
email program
- Install a good and reputable software-based
firewall program and learn how effectively
use it and configure it for optimum security.
It would be a good idea to review the logs
on a regular basis to ensure your firewall
is protecting your computer.
- Develop and practice safe Internet surfing
and email habits
- Ensure that your operating system and
all application software on your computer
is always up-to-date with the latest security
patches
- Use strong passwords for all accounts
and web sites requiring you to log on with
a user name and password and never give
them to anyone
- Make sure you back your data up regularly
and keep it in a safe place
- Encrypt the confidential data on your
hard drives using strong encryption programs
- Disable Java, JavaScript, and ActiveX
in your web browser and email programs
- When your computer is not being used,
turn it completely off. It cannot be compromised
if it is not running.
- Use a reliable uninterruptible power
supply to protect your computer from power
surges, spikes, and outages.
- Disable hidden filename extensions for
known file types
- When you have finished surfing the Internet,
clean your system of files and cookies that
accumulated while surfing. Some Anti-spyware
programs are capable of cleaning these files,
as well as other utilities found in most
computer stores.
|
|
|
|
