Unlocking the Principles of Computer Security: October 2015

Thursday, October 29, 2015

When Danger Comes Knocking

Cyber criminals are constantly developing new and better threats. They discover and exploit holes in software, and build off of and disguise existing threats. Just having a computer on the network makes it a potential target.

Known Threats

Software updates and Patches

Operating system and software developers work towards plugging those holes and making their software safe from those attacks. These fixes come in the form of updates, patches, and new versions. The updates are only beneficial if they are actually installed on the computer. It is up to the computer user or system admin to make sure that the auto update is turn on or that there is some method to routinely install these updates.

Antivirus software

Antivirus software attempts to identify and stop the threats from infecting the computer. This is another essential component to keeping a computer safe on line. Just as with other software, this too must be updated routinely. New definitions are pushed out, often daily, as new threats are identified. Antivirus companies require a subscription for these definition updates to be received by a computer. The following picture is the interface of the antivirus installed on my computer. My primary device is a corporate owned laptop. This antivirus software is an enterprise level antivirus protection that my company recently moved to from Symantec Endpoint Protection. System Center Endpoint Protection is a Microsoft product.


System Center Endpoint Protection

Be careful when selecting an Antivirus product as there are fake ones out there as explained in this clip.

Backup and Restore point

Even with all this protection, it may be possible for an attack to find its way through and infect your computer. Having documents and files backed up to an external drive provides a way to keep them safe should something happen to the computer. Operating systems often have a built in mechanism to restore the computer to a point from an earlier time. This function can be used to restore the computer to a point before it got the virus and then updates should be used to protect it from being re-infected. The following video is a walk-through of using a restore point in Windows 7.

Wednesday, October 14, 2015

Just a Little Fish in a big Ocean?

Even though we may see ourselves a little fish in this ocean of data and users, there are predators actively and passively seeking to collect our Personally Identifiable Information, Credit card information and more. It is important to recognize and actively avoid their snares.

Definition Phishing

Phishing is where email or malicious websites are used to collect personal and financial information or infect your machine with malware and viruses.

Recognizing Phishing

Spelling and Grammar Mistakes - Spelling and grammar mistakes are often seen in phishing emails. Companies often take great pain in making sure that their emails and sites are professional. Cyber criminals are not known for their spelling or grammar. Having these mistakes in a site or email, may be a reason to start to question it.
Generic Greetings - Phishing emails tend to start with generic phrases like "Dear valued customer" or your email account name, instead of your name. Most legitimate companies include your name in their correspondence because companies will have it on record (if you've dealt with them before).

False links - Be cautious of links. Before clinking on links, make sure you know where they will take you. Move your mouse over the link, and leave it there for a moment (without clicking) and it should display the path the link will take you. The link path may show at the bottom of the browser depending on which browser you use.
Asking for Personal Information - If you receive an email requesting personal information, do not provide any information. Do not reply to the message or click any of the links in the message. Businesses have more secure methods of collecting this information. They will often have secure sections of their sites designed to give and receive information safely.
Threats - If the email states that if you do not respond now or it is a limited time offer, this wording is designed to have you make an impulse response due to this sense of urgency. If it appears to be a company that you have business with go to them by going to their site in a new browser session and getting contact information from there or signing into your account.

Other Modes of Phishing

Technology continues to advance and evolve. We will seek to use these advancements to enrich our lives. Criminals will seek to use these same tools against us. Phishing can come through phone calls, text messages, and have been seen on social sites.

What to do with Phishing Attempts

Report any emails to the Federal Trade Commission and other agencies as described on this link. Reporting these emails will help these agencies to fight these types of scams. If the sender is trying to pose as a actual business, let that company know.

Where to find out more

Here are some additional resources to learn about these crimes.

US Securities and Exchange Commission - "Phishing" Fraud
Microsoft - What is Phishing
StaySafeOnline - Spam & Phishing

About the School and Course

Niagara County Community College
3111 Saunders Settlement Rd.
Sanborn, NY 14132
716.614.6222

CIS 205 - Principles of Computer Security
3 credit hour course
Instructor: Loretta Driskel

The purpose of this course is to provide the student with the foundation-level information technology (IT) security skills and knowledge used by organizations and IT security professionals around the globe. The course will introduce the fundamental principles of computer and communications security and information assurance. Topics include ethics, privacy, assessments and audits, malicious software, system security and network infrastructure, organizational security, and cryptography.