CITA 250

Defense Demo

Laws of Defense

• 10 Immutable Laws of Security

http://technet.microsoft.com/en-us/library/cc722487.aspx

Common Attacks and Defenses

Common Attacks and Defenses

Common Attacks and Defenses

Examples

• Google Hacking Defense http://www.informit.com/articles/article.aspx?p=170880&seqNum=4

• Buffer Overflow Defense

http://nsfsecurity.pr.erau.edu/bom/

Web Bug

• 1-pixel by 1-pixel image file

• Referenced in an <img> tag

• Usually works with a cookie

• Purpose similar to that of spyware and adware

• Comes from third-party companies specializing in data collection

Web Bug Defense

• For e-mail, turning off HTML display and displaying only the text

• Ghostery https://www.ghostery.com/

Hoax Defense

• Computer Virus Myths at http://vmyths.com/

• Rogue/Suspect Anti-Spyware Products & Web Sites http://www.spywarewarrior.com/rogue_anti-spyware.htm

Surf Defense

• Never double click on unknown email attachments

• Never double click links in unsolicited emails

• Never trust pop-up messages

Windows OS Defense

• Unhide file extensions

• Disable autorun (Tweak UI)

Commerce Defense

• Better Business Bureau

http://www.bbb.org/

• Looking for HTTPS

• Use credit card, NOT debit card

• Keep transaction records

Encryption

• Web content encryption: HTML Guardian

http://www.protware.com/

(YouTube Video at http://www.youtube.com/watch?v=sIOxL2HgMac)

• Wireless encryption: WEP, WPA, WPA2

Testing Defense

• ShieldsUP! from GRC

http://www.grc.com/