PROJECTS: Law Practice Technology Class

Troy's Net Security & Firewalls Presentation for the Spring 2006 Law Practice Technology Class

COMPUTER SECURITY THREATS

Virtual Security

Viruses, Worms, Trojan Horses, Spyware, and misc. other Hacker Attacks.

Known by many names these are all essentially programs that are loaded onto your computer without your consent or knowledge. Many of these programs are basically benign, often changing browser settings, creating new default Web pages, and adding web sites to your "favorites" folders.

However, many are responsible for much more serious problems like, altering system files, plaguing the user with new tool bars and a constant barrage of popup ads, erasing documents, sending out spam from your computer, and harvesting personal information from your computer to be used in identity theft.

Malicious software often arrives in the following forms:

  • E-Mail Attachments
  • HTML Encoded E-Mail Messages
  • Malicious Web Pages
  • Embedded in programs that you download from the internet
  • Embeded in macro's within a Word or Excel document

Physical Security

Physical Protection Measures to safeguard your computer/network system. A risk assessment of your computing/network system should include considerations for the following:

  • Dust
  • Electrical supply (capacity, stability, and potential interference)
  • Electromagnetic radiation
  • Fire
  • Smoke
  • Vibration/Earthquake
  • Water
  • Anti-theft measures & anti-vandal measures (restrictions on entry to the building, restrictions on entry to any particular computer room, locking/disabling equipment)
  • Fire-resistant and tamper-resistant storage facilities for data backup systems
  • Other possible physical threats?

 

Flood Damaged Computer

Fire Damaged Computer

 

PROTECTING YOUR COMPUTER

KEEP YOUR OPERATING SYSTEM SOFTWARE UP TO DATE

Because software systems are so complex, it is common for security-related problems to be discovered only after the software has been in widespread use. Although most vendors try to address known security flaws in a timely manner, there is normally a gap from the time the problem is publicly known, the time the vendor requires to prepare the correction, and the time you install the update. This gap gives potential intruders an opportunity to take advantage of this flaw and mount an attack on your computers and networks.
To keep this time interval as short as possible, you need to stay aware of:

  • announcements of security-related problems that may apply to your systems
  • immediate steps you can take to reduce your exposure to the vulnerability, such as disabling the affected software
  • permanent fixes from vendors

Installing applicable vendors' updates can reduce your vulnerability to attack.

 

USE ANTI-VIRUS SOFTWARE (and keep it up to date)

The better anti-virus software products can be set to scan for viruses in various ways and places.
Set your software to do all of the following:

  • Auto launch when the computer starts up
  • Automatically scan all floppy disk files when a disk is inserted
  • Automatically scan all e-mail messages and attachments when received
  • Automatically check all web downloads for infected files
  • Automatically check the vendor website for updated virus definition files regularly

Virus Protection User Tips:

  • DO NOT Open unexpected e-mail attachments
  • DO NOT Assume you're safe
  • DO NOT Use floppy disks from others without scanning them
  • DO NOT Open large e-mails from questionable sources

 

USE FIREWALLS

Firewalls are essential to prevent hackers from accessing your computers. Firewalls are programs that control and monitor access to and from the Internet. You can program your firewall to allow certain types of communications (e.g., e-mail, instant messaging, Web pages) or not allow them. Most firewalls also give you the option of blocking individual web or e-mail addresses. Some companies use this ability to block pornographic sites, news sites, or other Internet sites that are not work-related.

Software

Software firewalls run on your own computer. A software firewall is essential to security if you are using a mobile computer and plugging into various other networks – like the one here at GGU or especially if you are connecting to the internet through a wireless system.

Windows has a software version included in XP – it is allright but not great.

Norton makes what I personally think is the best combination of good security and low cost, easy to use software
Norton Internet Security Software

McAfee is also pretty good
McAfee Internet Security Software

Hardware

Generally a fire wall will be built into the latest DSL and Cable modems, however if yours don't have one built in it is a really great idea to get a good hardware firewall. Amazon.com carries a wide range of hardware and software options at all different prices. The Netgear products seem to be a pretty good combination of high quality and low price.

BACKUP YOUR DATA REGULARLY

A complete, recent backup provides the most reliable, "last-ditch" defense against a computer disaster, virus-related or otherwise. When was the last time you made a copy of all your important files and put the copy in a safe place? Back-up software can be configured to automatically make a copy of all your important files every night.

Most of the IT professionals that I know use Dantz Retrospect 7 Professional It is solid and affordable and is relatively easy to configure.

 

USE DATA ENCRYPTION SOFTWARE

Encryption is a fairly simple concept, take something perfectly intelligible and make it gobbledygook, using a secret code. Ever heard of the old Science Fiction secret decoder rings from the 1950’s? Encryption software is exactly the same concept. However, the latest software packages can create incredibly complex secret codes! You can encrypt any or all files on your computer. Anybody trying to open a file or folder that you have encrypted on your computer will see absolute non-sense unless they have the correct password.

Cryptainer PE Data Security Software is very solid, very well priced, data encryption software.

Cryptography for Dummies is a great book that explains very clearly the whole concept of how the software works and how best to use it for yourself.

USE STRONG PASSWORDS

The strongest passwords are random series of characters, mixing uppercase and lowercase letters, numbers, and other keyboard symbols. Longer passwords provide greater protection.

From a practical standpoint, a 64-character password of random symbols is difficult to remember - and you can't use a password if you can't remember it.

When selecting a password, a common mistake is to choose a weak password that can be easily broken. A short single-word password provides minimal protection. A short password can be easily broken by decoding programs that compile all possible combinations of short passwords.

Educate yourself using the following SAFE COMPUTING RESOURCES:

Mitnik Security - http://www.mitnicksecurity.com/
Mitnick Security Consulting, is a full-service information security consulting firm dedicated to helping to protect vital information. Through on-site consulting, training programs and seminars we demonstrate how information loss occurs and how it can be stopped. Using “learned knowledge” of computer and security vulnerabilities we have a unique perspective on the methods of truly achieving information security and identifying the unexpected ways in which computer network systems are compromised.

The National Cyber Security Alliance - http://www.staysafeonline.info/
The National Cyber Security Alliance (NCSA) is the go-to resource for cyber security awareness and education for home user, small business, and education audiences. A public-private partnership, NCSA sponsors include the Department of Homeland Security, Federal Trade Commission, and many private-sector corporations and organizations. NCSA provides tools and resources to empower home users, small businesses, and schools, colleges, and universities to stay safe online.

Symantec - http://www.symantec.com/index.htm
Symantec, makers of the Norton Security Software, is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Founded in 1982, Symantec currently employs more than 14,000 people and has operations in more than 40 countries.

US-CERT - http://www.us-cert.gov/
The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

Computer Security Article at CNET.com - http://www.cnet.com/4520-10192_1-6411728-1.html
David Ian Miller provides a policy that spells out what to do if you suspect your network has been compromised and, even more importantly, how to prevent such problems from occurring in the first place.