Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security for CPAs J. Carlton Collins, CPA.

Similar presentations

Presentation on theme: "Information Security for CPAs J. Carlton Collins, CPA."— Presentation transcript:


2 Information Security for CPAs J. Carlton Collins, CPA


4 It’s a New World …It’s a YouTube World

5 Unlock car with a tennis ball Open a padlock with a Coke can - I Open a padlock with a shim - II How to make a shim from a Coke can - I Make a shim - II How to hack a Coke machine Pop Corn with a cell phone Unlock car with a tennis ball Open a padlock with a Coke can - I Open a padlock with a shim - II How to make a shim from a Coke can - I Make a shim - II How to hack a Coke machine Pop Corn with a cell phone

6 Legal Issues



9 Protecting Your Hard Drive Page 27 4 measures you can take as follows

10 1. BIOS Password Page 28

11 2. Windows Password Page 28 Carlton Collins

12 How Thieves beat BIOS &Windows Passwords 1.Remove Drive 2.Insert in another computer as second drive 3.Second drive becomes completely readable

13 How Thieves beat BIOS & Widnows Passwords 1.Or they use Knoppix

14 4. Encrypt Files or Folders Page 29/30 1.Must use NTFS (in Windows XP) 2.Right click file or folder, Properties 3.Advanced

15 4. Or Use Vista BitLocker Page 30 1.New in Vista

16 4. Or Use TrueCrypt Page 29 and 31 Hard drive is encrypted and decrypted on the fly

17 Encryption Page 14

18 Encrypting Word and Excel Files

19 Encryption Primer Page 17 All encryption is based on two prime numbers:

20 About Bits Page 17 It takes 8 Bits to Form a Single Number 40 Bit123131 second 56 Bit123451319 hours 64 Bit123456137 months 128 Bit12345678912345134.3 quadrillion years 4,300,000,000,000,000 4,594,972,986,357,220,000,000,000,000,000,000,000,000,000,000,000 4,300,000,000,000,000 4,594,972,986,357,220,000,000,000,000,000,000,000,000,000,000,000

21 PGP (Pretty Good Privacy) Phil Zimmerman


23 PGP (Pretty Good Privacy)





28 E-Mail Encryption Software




32 Is Big Brother Watching You Anyway? ‘Widely Rumored that a master key' exists

33 Strong Passwords

34 3. Use Strong Passwords Page 28 Happy – 5 minutes to break Happy44 – 15 minutes to break hAPP5y44 – Many hours to break (Microsoft recommends using Upper/lower/special characters) I recommend the old phone number method: 9126384822Delta4499 delta delta 4499 912 638 4822 delta 4499

35 Windows Security “Folders” Page 66

36 FAT32 versus NTFS Do Not Choose FAT 32 Do Choose NTFS


38 NTFS No Impact on Network NTFS is Also Better in Other Ways: Larger files Larger drive partitions, Has better data compression, Less file fragmentation It’s Easy to Change to NTFS: At Command Prompt type convert c: /fs:ntfs

39 Warning - Hidden Files and Folders Can Still Be Deleted Page 68

40 Don’t Confuse NTFS Share Settings with File Share Settings

41 (NTFS permissions affect access both local and remote users) (Share permissions apply only to network shares)


43 Folder Settings


45 The Internet can teach a person how to become a hacker Plenty of tools and utilities to make it easy to hack Blocking the Cracking Tools CrackZ HackZ WareZ SerialZ

46 How Serious is the Problem? Page 3

47 Organization: National Institute of Health Date of Theft:February 2008 Type of Data Stolen:Patient data for 2,500 patients over a 7 year period How Stolen: From an employee’s home

48 Organization: Davidson County Election Commission - (Nashville, TN) Date of Theft:December 28, 2007 Type of Data Stolen:Names and complete Social Security numbers for 337,000 registered voters How Stolen: Someone broke into several county offices over Christmas and stole laptop computers

49 Organization: Transportation Security Administration (TSA) Date of Theft:August 10, 2006 Type of Data Stolen:Social Security numbers, payroll information, and bank account data for approximately 133,000 employee records How Stolen: From a government vehicle

50 Organization: Federal Trade Commission (FTC) Date of Theft: June 22, 2006 Type of Data Stolen:Data on about 110 people that was "gathered in law enforcement investigations” How Stolen: Stolen from a locked vehicle

51 Organization: Internal Revenue Service (IRS) Date of Theft:June, 2006 Type of Data Stolen:291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth How Stolen: In transit on an airline flight

52 Organization: AICPA Date of Theft: June, 2006 Type of Data Stolen:Unencrypted hard drive containing names, addresses and Social Security numbers of 330,000 AICPA members. How Stolen: Lost during shipping

53 Organization: US Government Veterans Affairs Administration Date of Theft:May 3, 2006 Type of Data Stolen:26.5 million veterans, their spouses, and active- duty military personnel How Stolen: Laptop stolen from employees home

54 Organization: Citibank Student Loan Corporation Date of Theft:March 8, 2006 Type of Data Stolen:Information on 3.9 million customers How Stolen: Lost in transit while being shipped


56 Long List of Documented Thefts of Data Victims Include:

57 Here’s An Even Bigger List


59 Organization: Drug Enforcement Agency (DEA) Date of Theft:June 7, 2004 Type of Data Stolen:Laptop of DEA Informants How Stolen: From the trunk of an Auditor’s car while he was at a bookstore coffee shop in suburban Washington

60 System Restore Page 57

61 Understanding the Registry REGEDIT


63 Firewalls Page 33

64 Routers and Firewalls Have Opposing Objectives Share information Versus Prevent Sharing of Information




68 Page 37

69 Windows XP & Windows Vista Firewalls Page 52

70 Change the Default SSID (Service Set Identifier) Page 53

71 Disable SSID Broadcast Page 55

72 Do Not Auto-Connect to Open Wi-Fi Networks Page 55

73 Turn Off the Network During Extended Periods of Non-Use Page 56

74 Wireless Security Page 50



77 Online Security Tests Page 40

78 ShieldsUp! - Port Authority Edition Broadband Tests and Tools BrowserSpy GFI Email Security Testing Zone Hacker Whacker PC Flank PC Pitstop [Checkup

79 Windows Security “Users” Page 60

80 No Security in W95 & W98 User Accounts Now Required - Windows XP and Windows Vista


82 1.Accessing User Accounts – The Control Panel - User Accounts 2.Disable the Guest Account in W95, W98, W2000 and Vista 3.Password Protect the Guest Account in Windows XP Turning off hides it from the log in screen – but it still remains active 4.Rename the Administrator Account


84 Beware the Hacker Tools

85 Windows Security “Screen Savers” Page 74


87 Blocking Pornography Page 78




91 Room full of Naked Blonde Chicks Totally Nude Thumbnail Image of Brad Pitt

92 Computer Bread Crumbs Page 43

93 Recent Applications Game High Scores Search history Browsing History Cookie History Temporary Internet Files Search for JPGs Recycle Bin Password Protected Files Requesting Lost Passwords Review Sent and Received E-Mail Review Deleted E-Mail Folder Review Junk E-Mail Folder Use E-Mail Rules to Track Usage Use E-Mail Server Settings to Track Usage Key Loggers Print Monitor Pro (free) Give Me Do (free) Desktop Spy (free) Hardware Keylogger ($60) Internet Spy (free) Evidence Tracker (free) and Evidence Blaster ($23)

94 Remote Access Page 43

95 1. Lock out keyboard and mouse 2. Blank out screen 3. Increase time out setting

96 Backing Up Your Data


98 Computer Viruses Page 8


100 1.1986 – First Virus 2.1989 – 6 viruses 3.1999 - $7.6 Billion Cost 4.10 to 15 new viruses a day 5.2008 - $55 Billion Cost (Most Conservative Estimate)

101 1.The Worm Virus a)Uses email addresses from your address book b)Send itself to those people 2.The Trojan Virus a)Disguises itself as a legitimate function. b)Really causes damage or steals data like passwords. a)The Backdoor Trojan Virus a)Takes control of your computer through your network or the internet. b)File Virus a)Attaches to real software. b)Whenever you use the software, it will load into your memory. c)Adware and Spyware a)Adware is basically just advertisements. b)Spyware can log your keystrokes 5 Types of Viruses Page 9

102 Important Virus Tips 1.Backup every week. 2.Backup BIOS before you change it 3.Run virus protection software.

103 Top Virus Protection Products


105 Phishers Prey on the Ignorant




109 Spy Stuff Page 201

Download ppt "Information Security for CPAs J. Carlton Collins, CPA."

Similar presentations

Ads by Google