You just received a brand new computer for your home environment. It comes with the latest Operating System. You also have an Internet Service Provider where you can easily use the existing network to connect to the Internet and to perform some online banking. Describe the steps you plan to go through to ensure this system remains as secure as possible. Be sure to discuss the details of firewall settings you plan to implement within your operating system, browser privacy settings, and recommended software (e.g., Anti-virus and others) you will install. Also, describe your password strength policy you plan to adopt, and what you envision to do to ensure your online banking site is encrypted and using the proper certificates. Discussion of operating system patches and application updates should also be included. As you discuss these steps, be sure to justify your decisions bringing in possible issues if these steps are not followed. You can discuss this for a specific type of computer (e.g. MAC or PC) to make the scenario more appropriate for your environment.
There are simple steps that one can take to make the computer safer. Any computer connected to the network is vulnerable to attack, but by following the steps below I would minimize security risk associated with using internet. They describe the threats of not following proper security measures and what one can do to defend against them:
Enable Firewall Protection:
A firewall is software or hardware that checks information coming from the Internet or a network and then either turns it away or allows it to pass through to your computer, depending on the firewall settings. In this way, a firewall can help prevent hackers and malicious software from gaining access to the computer. Mac OS X includes a firewall known as Advanced Firewall Settings (10.5). The fire logging option would keep track of all connections to the Mac and allow me to see what machines tried to connect and which ones were denied while Stealth Mode will hide the fact that the machine even exists from unauthorized machines
Use virus protection:
If the computer is connected to the Internet a person share files with anyone and thus needs anti-virus software. One common function of this malware is to record keys that are typed on the computer and then forward collected information to central locations for analysis and distribution. This recorded information may include passwords and even credit card information. Viruses, worms, and Trojan horses are also programs created by hackers that use the Internet to infect vulnerable computers. Viruses and worms can replicate themselves from computer to computer, while Trojan horses enter a computer by hiding inside an apparently legitimate program, such as a screen saver. Destructive viruses, worms, and Trojan horses can erase information from the hard disk or completely disable the computer. Others don't cause direct damage, but worsen the computer's performance and stability.
Macintosh Anti-Virus Software such as ClamXav and Sophos Anti-Virus for Mac Home Edition are available that would scan email and other files on the computer for viruses, worms, and Trojan horses. If one is found, the antivirus program either quarantines (isolates) it or deletes it entirely before it damages the computer and files. With malware writers taking advantage of any potential security hole, it's just as important for Mac users such as me to keep up-to-date with patches as anyone else. The fact that these patches exist at all may be seen as proof that the platform is far from air-tight.
Use spyware protection
"Spyware" is anything that hijacks personal information and shares it with someone else. Spyware can gather and send information including what Web sites one visits, email addresses and even passwords and credit card numbers. It also uses memory and system resources that can lead to computer crashes and general system instability. Dealing with spyware and its effects can be equal to that of dealing with viruses and worms. The fix for such issues can be problematic and painstaking. The anti-spyware for MAC is MacScan that I would install. This Anti-spyware software works by periodically scanning the computer for spyware programs, and giving me the opportunity to remove any harmful surveillance software found on the computer.
Updating the Operating System:
As flaws are found in the computer's operating system, they are patched through system updates. All operating systems require updates to repair security flaws that are found after the software was originally released. Automatic Macintosh Update through OS X is available that would ensure that my computer is installed with the latest operating system.
Usage of strong Passwords:
One of the easiest ways to break into the computer is to have a weak or blank password; Data-harvesting campaigns routinely steal passwords using malware or illegal technology like key loggers and screen scrapers that monitor a computer user's activity. To prevent hackers from compromising my accounts, the password would need to be as long and complex as possible. Multiple character sets would be used (letters, numbers and symbols) and common words and phrases would be avoided. They would include both upper and lower case letter. Passwords would not be repeated from one site to another, and passwords would be changed regularly, especially for highly sensitive logins such as online banking.
Ensuring that the online banking website is secure:
A secure connection is an encrypted exchange of information between the website that I am visiting and me. Encryption is provided through a document the website provides called a certificate. When one sends information to the website, it is encrypted the computer and decrypted at the website. Under normal circumstances, the information cannot be read or tampered with while it is being sent, but it's possible that someone might find a way to crack the encryption. The certificate that is used to encrypt the connection also contains information about the identity of the website owner or organization. This would be viewed by me to ensure the connection is secure and to verify the website's identity. Both secure (HTTPS/SSL) and non-secure (HTTP) web server connections might be displayed on the website. Some malware might try to route the request for a bank website to a malicious one. The security certificate of the webpage I am visiting would always be checked. Even if the connection is SSL secured (https:// / / ) and the site presents a security certificate, I will still verify the issuer, the owner and the expiration date to ensure it belongs to a bank.
When I will visit a website that uses a secure connection, the color of the Security Status bar will tell whether the certificate is valid or not, and it displays the level of validation that was performed by the certifying organization.
Phishing, by far the most common vector of attack, is often an email, text message or even call, that, through a technique called "social engineering" which fools one into believing that the bank contacted us. Social engineering is art of manipulating persons in order to bypass security measures and tools. The purpose is to obtain confidential information from users through phone, e-mail, snail mail or direct contact and secondly use these data to gain illegal access. In order to protect myself I would never click on links in emails pertaining to be from banks and other financial institutions. Even if I believe the message might be from a trusted source, I would go directly to the bank website by typing the web address or call the bank directly.
Question: Your son, who just turned 13, wants to join Facebook and post his picture and contact information on the site. Assuming, you are willing to allow him to have a Facebook account, describe what types of guidelines you would discuss with him to ensure his privacy and security are protected. Be sure to justify your decisions by describing possible issues if your guidelines are not followed.
ID fraudsters target Facebook and other social networking sites to harvest information about people. I would recommend my son to set the Facebook privacy options in a manner such that one is protected against online identity theft.
I would present the following guideline on how to set more secure levels of privacy which would reduce the chance of becoming a victim of online identity theft.
Why proper privacy management on Facebook is important?
Right now, 350 million people are using Facebook, and as more and more people start to use the social networking portal, more and more criminals will use it as a valuable source of profit and information. Criminals are attracted to large groups, and social networking is a gold mine for infection vectors, if the criminal wants to spread Malware, or information gathering, if the criminal wants to buy and sell information.
Facebook has seen Malware attacks, which spread via malicious links or applications, Phishing scams, which again spread via applications and posted links, as well as common robbery, where people…