Computer and Device Security: Introduction

    3 Aug 2018

    ***This presentation by Peter Jenkins, supersedes the original presentation on 5 May 2017.***

Computer and Device Security: a Web Search

Computer security — Wikipedia

…protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

3   Systems at risk (selected examples)

3.4   Consumer devices

Desktop computers and laptops are commonly infected with malware either to gather passwords or financial account information, or to construct a botnet to attack another target. Smart phones, tablet computers, smart watches, and other mobile devices such as Quantified Self devices like activity trackers have also become targets and many of these have sensors such as cameras, microphones, GPS receivers, compasses, and accelerometers which could be exploited, and may collect personal information, including sensitive health information. Wifi, Bluetooth, and cell phone networks on any of these devices could be used as attack vectors, and sensors might be remotely activated after a successful breach.

Home automation devices such as the Nest thermostat are also potential targets.

3.8   Internet of Things and physical vulnerabilities

The Internet of Things (IoT) is the network of physical objects such as devices, vehicles, and buildings that are embedded with electronics, software, sensors, and network connectivity that enables them to collect and exchange data – and concerns have been raised that this is being developed without appropriate consideration of the security challenges involved.

While the IoT creates opportunities for more direct integration of the physical world into computer-based systems, it also provides opportunities for misuse. In particular, as the Internet of Things spreads widely, cyber attacks are likely to become an increasingly physical (rather than simply virtual) threat. If a front door’s lock is connected to the Internet, and can be locked/unlocked from a phone, then a criminal could enter the home at the press of a button from a stolen or hacked phone. People could stand to lose much more than their credit card numbers in a world controlled by IoT-enabled devices. Thieves have also used electronic means to circumvent non-Internet-connected hotel door locks.

6   Computer protection (countermeasures)

6.1   Security by design

Apple operating systems — macOS, iOS, watchOS, tvOS

macOS: System Preferences > Security & Privacy
iOS:       Settings > Touch ID & Passcode

6.5   Reducing vulnerabilities (selected)

Two factor authentication is a method for mitigating unauthorized access to a system or sensitive information. It requires “something you know”; a password or PIN, and “something you have”; a card, dongle, cellphone, or other piece of hardware. This increases security as an unauthorized person needs both of these to gain access.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Training is often involved to help mitigate this risk, but even in a highly disciplined environments (e.g. military organizations), social engineering attacks can still be difficult to foresee and prevent.

It is possible to reduce an attacker’s chances by keeping systems up to date with security patches and updates… The effects of data loss/damage can be reduced by careful backing up…

How-To Geek — Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

People often think of computer security as something technical and complicated. And when you get into the nitty-gritty, it can be—but the most important stuff is actually very simple. Here are the basic, important things you should do to make yourself safer online.

None of these ideas are particularly high tech. They’re not advanced. They don’t take complex programs or a degree in computer science to implement. They’re simple ways to adjust your behavior that will greatly improve your security—and everyone can (and should) use them.

1. Enable Automatic Updates
        — get security updates ASAP
2. Use Antivirus and Anti-Malware
        — (Windows)
3. Craft Better Passwords, and Automate Them
        — internet
        — password manager
        — laptop and iDevice –> Find My iPhone (and iPad and Mac)
        — two-factor authentication
4. Never Leave Your Phone or Computer Unattended
        — theft
        — Find My iPhone (and iPad and Mac)
5. Know Which Links Are Safe to Click in Emails
        — phishing
6. Be Careful About Programs You Download and Run (and Stop Pirating Software)
        — (Windows, Android)
        — macOS: System Preferences > Security & Privacy
        — iOS:       only from the iTunes Store (unless jailbroken –> danger)
7. Don’t Trust Your Popup Notifications

US Federal Trade Commission – Consumer Information – Computer Security     (updated Jun 2107)

1. Update Your Software
2. Protect Your Personal Information
3. Protect Your Passwords
4. Consider Turning On Two-Factor Authentication *
5. Give Personal Information Over Encrypted Websites Only
6. Back Up Your Files

* Two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token.

Computer and Device Security: Some Practical Measures for Apple Owners

Password Managers

They make it easy to use strong passwords and different passwords, and not have to remember them.

Example: 1Password
    >>>>  Demonstration

Find My iPhone

Where is it? Has it been lost or stolen? If so, can I find it? Can I protect my data on it? Can I disable its use?
    >>>>  Demonstration

Further information:
Track and find your missing Apple device
iCloud: What is Find My iPhone?
Find My iPhone Activation Lock

Email spam and phishing

    >>>>  Demonstration

    An example unsolicited commercial email (spam) message – raw source

Spam filtering

May be provided by your ISP or your email client or an email add-on.

Example: SpamSieve
    >>>>  Demonstration

Spam reporting

For those dedicated to fighting spam!

    >>>>  Demonstration

What is the source?

Whois Search
ARIN   (American Registry for Internet Numbers)
RIPE   (Regional Internet Registry for Europe . . . and the Middle East and parts of Central Asia)
    >>>>  Demonstration