Download presentation
Presentation is loading. Please wait.
Published byPrimrose Ward Modified over 9 years ago
2
Information Security for CPAs J. Carlton Collins, CPA
4
It’s a New World …It’s a YouTube World
5
Unlock car with a tennis ball Open a padlock with a Coke can - I Open a padlock with a shim - II How to make a shim from a Coke can - I Make a shim - II How to hack a Coke machine Pop Corn with a cell phone Unlock car with a tennis ball Open a padlock with a Coke can - I Open a padlock with a shim - II How to make a shim from a Coke can - I Make a shim - II How to hack a Coke machine Pop Corn with a cell phone
6
Legal Issues
7
http://www.ftc.gov/os/2002/05/67fr36585.pdf
9
Protecting Your Hard Drive Page 27 4 measures you can take as follows
10
1. BIOS Password Page 28
11
2. Windows Password Page 28 Carlton Collins
12
How Thieves beat BIOS &Windows Passwords 1.Remove Drive 2.Insert in another computer as second drive 3.Second drive becomes completely readable
13
How Thieves beat BIOS & Widnows Passwords 1.Or they use Knoppix
14
4. Encrypt Files or Folders Page 29/30 1.Must use NTFS (in Windows XP) 2.Right click file or folder, Properties 3.Advanced
15
4. Or Use Vista BitLocker Page 30 1.New in Vista
16
4. Or Use TrueCrypt Page 29 and 31 Hard drive is encrypted and decrypted on the fly
17
Encryption Page 14
18
Encrypting Word and Excel Files
19
Encryption Primer Page 17 All encryption is based on two prime numbers:
20
About Bits Page 17 It takes 8 Bits to Form a Single Number 40 Bit123131 second 56 Bit123451319 hours 64 Bit123456137 months 128 Bit12345678912345134.3 quadrillion years 4,300,000,000,000,000 4,594,972,986,357,220,000,000,000,000,000,000,000,000,000,000,000 4,300,000,000,000,000 4,594,972,986,357,220,000,000,000,000,000,000,000,000,000,000,000
21
PGP (Pretty Good Privacy) Phil Zimmerman
23
PGP (Pretty Good Privacy)
28
E-Mail Encryption Software
32
Is Big Brother Watching You Anyway? ‘Widely Rumored that a master key' exists
33
Strong Passwords
34
3. Use Strong Passwords Page 28 Happy – 5 minutes to break Happy44 – 15 minutes to break hAPP5y44 – Many hours to break (Microsoft recommends using Upper/lower/special characters) I recommend the old phone number method: 9126384822Delta4499 delta delta 4499 912 638 4822 delta 4499
35
Windows Security “Folders” Page 66
36
FAT32 versus NTFS Do Not Choose FAT 32 Do Choose NTFS
38
NTFS No Impact on Network NTFS is Also Better in Other Ways: Larger files Larger drive partitions, Has better data compression, Less file fragmentation It’s Easy to Change to NTFS: At Command Prompt type convert c: /fs:ntfs
39
Warning - Hidden Files and Folders Can Still Be Deleted Page 68
40
Don’t Confuse NTFS Share Settings with File Share Settings
41
(NTFS permissions affect access both local and remote users) (Share permissions apply only to network shares)
43
Folder Settings
45
The Internet can teach a person how to become a hacker Plenty of tools and utilities to make it easy to hack Blocking the Cracking Tools CrackZ HackZ WareZ SerialZ
46
How Serious is the Problem? Page 3
47
Organization: National Institute of Health Date of Theft:February 2008 Type of Data Stolen:Patient data for 2,500 patients over a 7 year period How Stolen: From an employee’s home
48
Organization: Davidson County Election Commission - (Nashville, TN) Date of Theft:December 28, 2007 Type of Data Stolen:Names and complete Social Security numbers for 337,000 registered voters How Stolen: Someone broke into several county offices over Christmas and stole laptop computers
49
Organization: Transportation Security Administration (TSA) Date of Theft:August 10, 2006 Type of Data Stolen:Social Security numbers, payroll information, and bank account data for approximately 133,000 employee records How Stolen: From a government vehicle
50
Organization: Federal Trade Commission (FTC) Date of Theft: June 22, 2006 Type of Data Stolen:Data on about 110 people that was "gathered in law enforcement investigations” How Stolen: Stolen from a locked vehicle
51
Organization: Internal Revenue Service (IRS) Date of Theft:June, 2006 Type of Data Stolen:291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth How Stolen: In transit on an airline flight
52
Organization: AICPA Date of Theft: June, 2006 Type of Data Stolen:Unencrypted hard drive containing names, addresses and Social Security numbers of 330,000 AICPA members. How Stolen: Lost during shipping
53
Organization: US Government Veterans Affairs Administration Date of Theft:May 3, 2006 Type of Data Stolen:26.5 million veterans, their spouses, and active- duty military personnel How Stolen: Laptop stolen from employees home
54
Organization: Citibank Student Loan Corporation Date of Theft:March 8, 2006 Type of Data Stolen:Information on 3.9 million customers How Stolen: Lost in transit while being shipped
56
Long List of Documented Thefts of Data Victims Include:
57
Here’s An Even Bigger List
59
Organization: Drug Enforcement Agency (DEA) Date of Theft:June 7, 2004 Type of Data Stolen:Laptop of DEA Informants How Stolen: From the trunk of an Auditor’s car while he was at a bookstore coffee shop in suburban Washington
60
System Restore Page 57
61
Understanding the Registry REGEDIT
63
Firewalls Page 33
64
Routers and Firewalls Have Opposing Objectives Share information Versus Prevent Sharing of Information
68
Page 37
69
Windows XP & Windows Vista Firewalls Page 52
70
Change the Default SSID (Service Set Identifier) Page 53
71
Disable SSID Broadcast Page 55
72
Do Not Auto-Connect to Open Wi-Fi Networks Page 55
73
Turn Off the Network During Extended Periods of Non-Use Page 56
74
Wireless Security Page 50
77
Online Security Tests Page 40
78
ShieldsUp! - Port Authority Edition grc.com Broadband Tests and Tools www.broadbandreports.com/tools BrowserSpy gemal.dk/browserspy GFI Email Security Testing Zone www.gfi.com/emailsecuritytest Hacker Whacker www.hackerwhacker.com PC Flank www.pcflank.com PC Pitstop www.pcpitstop.com [Checkup browsercheck.qualys.comgrc.comwww.broadbandreports.com/toolsgemal.dk/browserspywww.gfi.com/emailsecuritytestwww.hackerwhacker.comwww.pcflank.comwww.pcpitstop.combrowsercheck.qualys.com Privacy.net privacy.net/analyzeprivacy.net/analyze
79
Windows Security “Users” Page 60
80
No Security in W95 & W98 User Accounts Now Required - Windows XP and Windows Vista
82
1.Accessing User Accounts – The Control Panel - User Accounts 2.Disable the Guest Account in W95, W98, W2000 and Vista 3.Password Protect the Guest Account in Windows XP Turning off hides it from the log in screen – but it still remains active 4.Rename the Administrator Account
84
Beware the Hacker Tools
85
Windows Security “Screen Savers” Page 74
87
Blocking Pornography Page 78
91
Room full of Naked Blonde Chicks Totally Nude Thumbnail Image of Brad Pitt
92
Computer Bread Crumbs Page 43
93
Recent Applications Game High Scores Search history Browsing History Cookie History Temporary Internet Files Search for JPGs Recycle Bin Password Protected Files Requesting Lost Passwords Review Sent and Received E-Mail Review Deleted E-Mail Folder Review Junk E-Mail Folder Use E-Mail Rules to Track Usage Use E-Mail Server Settings to Track Usage Key Loggers Print Monitor Pro (free) Give Me Do (free) Desktop Spy (free) Hardware Keylogger ($60) Internet Spy (free) Evidence Tracker (free) and Evidence Blaster ($23)
94
Remote Access Page 43
95
1. Lock out keyboard and mouse 2. Blank out screen 3. Increase time out setting
96
Backing Up Your Data
98
Computer Viruses Page 8
100
1.1986 – First Virus 2.1989 – 6 viruses 3.1999 - $7.6 Billion Cost 4.10 to 15 new viruses a day 5.2008 - $55 Billion Cost (Most Conservative Estimate)
101
1.The Worm Virus a)Uses email addresses from your address book b)Send itself to those people 2.The Trojan Virus a)Disguises itself as a legitimate function. b)Really causes damage or steals data like passwords. a)The Backdoor Trojan Virus a)Takes control of your computer through your network or the internet. b)File Virus a)Attaches to real software. b)Whenever you use the software, it will load into your memory. c)Adware and Spyware a)Adware is basically just advertisements. b)Spyware can log your keystrokes 5 Types of Viruses Page 9
102
Important Virus Tips 1.Backup every week. 2.Backup BIOS before you change it 3.Run virus protection software.
103
Top Virus Protection Products
105
Phishers Prey on the Ignorant
106
http://info.org.il/irrelevant/may02-smilepop-soapbox4.swf
107
http://www.themobiletracker.com/english/index.html
109
Spy Stuff Page 201
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.