Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies Denial of Service Attack Key Logging Software Firewalls Security Exploit
Terminology Password Cracking Password Cracker –An application that tries to obtain a password by repeatedly generating and comparing encrypted passwords or by authenticating multiple times to an authentication source. –Repeatedly trying to access your accounts Common methods of Password cracking –Brute Force –Dictionary
Terminology Password Cracking (contd) Passwords are usually stored in an encrypted form with a one way encryption algorithm –If this data is compromised, password cracking can be moved to a standalone system for easier control and speed of cracking.
Terminology Biometrics Science and technology of measuring and statistically analyzing biological data When used in Information Technology it usually refers to the use of human traits for authentication This method can include fingerprints, eye retinas and irises, voice patterns, and a host of other consistent biological data
Terminology Public Key Cryptography Two Keys, certificates, are available for each resource, one public and one private As the names imply, the public key can be shared freely while the private key is kept secret Items encrypted using the public key are decrypted using the private key and conversely anything encrypted with the private key can be decrypted with the public key This method of encryption is used to ensure secure communication is only between a valid, known, sender and recipient
Terminology SSL Secure Sockets Layer Uses Public Key Cryptography Negotiates a method to encrypt communication between a client and server Allows other network protocols to connect over top of it, such as web browsing and e-mail protocols Transport Layer Security (TLS) is a variant of SSL used to negotiate encryption within the network protocol being used
Terminology Man-in-the-Middle Attack A system between two hosts that either passively watches traffic to gain information used to replay a session or actively interferes with the connection, potentially imitating the remote system
Terminology Zombies Computer system infected by a virus or Trojan horse that allows the system to be remotely controlled for future exploits These systems may be used to send large amounts of spam e-mail or take part in Distributed Denial of Service (DDoS) attacks
Terminology Denial of Service Attack (DoS) Sending large amounts of data and requests to a remote system in order to inundate the remote computer or network A Distributed DoS is a coordinated effort by a number of systems to perform a DoS on a single host
Terminology Key Logging Software / Hardware Software installed on a system to capture and log all keystrokes Hardware installed between the keyboard and computer used to capture and log all keystrokes Security Exploit A software bug, or feature, that allows access to a computer system beyond what was originally intended by the operator or programmer
Terminology Firewall Network hardware device or software used to filter traffic to and from the connected resources Ranges from simple filters, blocking certain services and protocols, to more complex systems that plot network traffic patterns Local operating system firewalls are referred to as personal firewall software
Password Security Password limitations Reasons for complex passwords Helpful suggestions for creating complex passwords Future password requirements
Password Security According to CERT/CC (Computer Emergency Response Team / Coordination Center) approximately 80% of all network security issues are caused by bad passwords Computer to Computer authentication can use large keysets and complex encryption while Human to Computer authentication relies on much easier methods
Password Security Password Limitations and why they are in place Password Expiration –Decreases the chances of your password being cracked Complex Passwords –Requiring complexity actually increases the possible character combinations required by brute-force cracking Password Length Requirements –The longer your password the more possible character combinations are present and the harder it is to crack
Password Security Dealing with Password Limitations Password lockouts –If a certain number of login attempts fail within a given timeframe the account is automatically locked out for a preset amount of time –Using this limitation stops brute force authentication attempts Dictionary Checks –Simple checks against common dictionaries are used to increase password complexity
Password Security Are Password rules too complex? With the increase of computer hardware speed and the decrease of computer prices, we can use more advanced methods to keep security high Post-it Notes –Is your computer in a locked room? –Who has physical access to your system? –A majority of system attacks originate through the network.
Password Security Suggestions for Complex Passwords Think of a phrase and use the first characters of each word, mixing case and adding numbers and special characters –It is good to change your password every 6 months = Iig2cyPe6m –UI vandals are number one = UiVdlsR#1 Using a favorite word or phrase and breaking it up with numbers and special characters –Happy = Hap3py1 –Motorcycle = M0tor6cyc!e
Password Security Possible Future Password Requirements Decreasing password expiration time Certificate authentication Use of Biometrics Two part identification, where you use a password and another physical item
Password Security Passwords are like Underwear! Dont leave yours lying around Dont Share them with friends The longer the better (cold weather) Change yours often Be mysterious
E-mail Security Some common E-mail protocols Secure E-mail protocols at the UI
E-mail Security Common E-mail protocols POP –Post Office Protocol l Older protocol for downloading messages from an INBOX IMAP –Internet Message Access Protocol l Full featured mail folder access SMTP –Simple Mail Transfer Protocol l Standard for sending and receiving e-mail between clients and servers, and from server to server MAPI –Mail Application Programming Interface l A set of communication methods and standards used predominately between Microsoft e-mail clients and servers
E-mail Security Secure protocols in place at the University of Idaho POPS –Pop mail over an SSL connection IMAPS –IMAP over an SSL connection SMTP+TLS –Negotiation of a TLS/SSL connection after connecting All popular e-mail clients support the use of these protocols
Web Security Web specific definitions HTTP URL SSL Spyware / Adware Web browser updates Some common methods of Web Security
Web Security HTTP (Hyper Text Transfer Protocol) Modern web browsers are capable of using multiple protocols to download content although most data transfers use HTTP URL (Uniform Resource Locator) Web Address protocol://server/resource http://www.uidaho.edu/registrar
Web Security SSL (Secure Sockets Layer) Very important on insecure networks such as wireless How to verify SSL in a browser –https: -- the web address begins with https meaning the connection is using HTTP over SSL –Look for a lock icon –Internet Explorer may display a Security Alert that states you are about to view pages over a secure connection
Web Security SSL (contd) Certificate Authorities –A CA is an entity that issues certificates –If you trust a CA you will trust the certificates issued by that CA –Web browsers come with a standard collection of common certificate authorities including Verisign, Geotrust, Thawte, and a number of others –Be wary of untrusted certificates as it has the potential of being a man-in-the-middle attack
Web Security Spyware / Adware Spyware is software designed to intercept or take partial control of a computer with out the express consent of the operator Adware is similar to spyware except it is used primarily for advertising purposes and may have provided the user with information about its operation Regardless of the network level security, when browsing, spyware will have access to your data
Web Security Web Browser Software Updates Update, Update, Update Security exploits can use your web browser to access your system, install software, delete data, spread viruses, and much, much more.
Peer-to-Peer File sharing What is Peer-to-Peer File sharing Common applications Common issues to consider when using P2P How to protect yourself when using P2P
Peer-to-Peer File sharing Peer-to-Peer File sharing, or P2P, is using software to facilitate the transfer of data between two systems without the need for a central file server Common P2P applications are: Kazaa eDonkey Morpheus Gnutella Clients (Limewire, Bearshare)
Peer-to-Peer File sharing Common issues with P2P file sharing Copyright issues Spyware / Adware Zombies –Remote control Key logging Security exploits Sharing unexpected information
Peer-to-Peer File sharing How to protect yourself when using P2P Install Antivirus –Symantec Antivirus Check for operating system and software updates regularly Install Spyware Detection Software –Microsoft Defender Beta 2 –Spybot –Adaware
Your consent to our cookies if you continue to use this website.