Computer and Device Security: Introduction

South Australian Apple Users' Club

  Presentation by Peter Jenkins

    5 May 2017


Peter Jenkins will be providing some excellent advice on the precautions needed to protect our computers and devices.

Anti-virus
malware, viruses, ransomware, adware, spyware

Computer and Device Security: a Web Search

Computer security -- Wikipedia

https://en.wikipedia.org/wiki/Computer_security

...protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Systems at risk (selected examples)

Consumer devices

Desktop computers and laptops are commonly infected with malware either to gather passwords or financial account information, or to construct a botnet to attack another target. Smart phones, tablet computers, smart watches, and other mobile devices such as Quantified Self devices like activity trackers have also become targets and many of these have sensors such as cameras, microphones, GPS receivers, compasses, and accelerometers which could be exploited, and may collect personal information, including sensitive health information. Wifi, Bluetooth, and cell phone networks on any of these devices could be used as attack vectors, and sensors might be remotely activated after a successful breach.

Home automation devices such as the Nest thermostat are also potential targets.

Internet of Things and physical vulnerabilities

The Internet of Things (IoT) is the network of physical objects such as devices, vehicles, and buildings that are embedded with electronics, software, sensors, and network connectivity that enables them to collect and exchange data – and concerns have been raised that this is being developed without appropriate consideration of the security challenges involved.

While the IoT creates opportunities for more direct integration of the physical world into computer-based systems, it also provides opportunities for misuse. In particular, as the Internet of Things spreads widely, cyber attacks are likely to become an increasingly physical (rather than simply virtual) threat. If a front door's lock is connected to the Internet, and can be locked/unlocked from a phone, then a criminal could enter the home at the press of a button from a stolen or hacked phone. People could stand to lose much more than their credit card numbers in a world controlled by IoT-enabled devices. Thieves have also used electronic means to circumvent non-Internet-connected hotel door locks.

Computer protection (countermeasures)

Security by design

Apple operating systems -- macOS, iOS, watchOS, tvOS

macOS: System Preferences > Security & Privacy
iOS:       Settings > Touch ID & Passcode

Reducing vulnerabilities (selected)

Two factor authentication is a method for mitigating unauthorized access to a system or sensitive information. It requires "something you know"; a password or PIN, and "something you have"; a card, dongle, cellphone, or other piece of hardware. This increases security as an unauthorized person needs both of these to gain access.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Training is often involved to help mitigate this risk, but even in a highly disciplined environments (e.g. military organizations), social engineering attacks can still be difficult to foresee and prevent.

It is possible to reduce an attacker's chances by keeping systems up to date with security patches and updates... The effects of data loss/damage can be reduced by careful backing up...

How-To Geek -- Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

https://www.howtogeek.com/173478/10-important-computer-security-practices-you-should-follow/

People often think of computer security as something technical and complicated. And when you get into the nitty-gritty, it can be—but the most important stuff is actually very simple. Here are the basic, important things you should do to make yourself safer online.

None of these ideas are particularly high tech. They're not advanced. They don't take complex programs or a degree in computer science to implement. They're simple ways to adjust your behavior that will greatly improve your security—and everyone can (and should) use them.

1. Enable Automatic Updates
        -- get security updates ASAP
2. Use Antivirus and Anti-Malware
        -- (Windows)
3. Craft Better Passwords, and Automate Them
        -- internet
        -- password manager
        -- laptop and iDevice --> Find My iPhone (and iPad and Mac) https://www.icloud.com/#find
        -- two-factor authentication
4. Never Leave Your Phone or Computer Unattended
        -- theft
        -- Find My iPhone (and iPad and Mac) https://www.icloud.com/#find
5. Know Which Links Are Safe to Click in Emails
        -- phishing
6. Be Careful About Programs You Download and Run (and Stop Pirating Software)
        -- (Windows, Android)
        -- macOS: System Preferences > Security & Privacy
        -- iOS:       only from the iTunes Store (unless jailbroken --> danger)
7. Don't Trust Your Popup Notifications

US Federal Trade Commission - Consumer Information - Computer Security

https://www.consumer.ftc.gov/articles/0009-computer-security

1. Use Security Software That Updates Automatically
2. Treat Your Personal Information Like Cash
3. Check Out Companies to Find Out Who You're Really Dealing With
4. Give Personal Information Over Encrypted Websites Only
5. Protect Your Passwords
6. Back Up Your Files

Computer and Device Security: Some Practical Measures for Apple Owners

Password Managers

They make it easy to use strong passwords and different passwords, and not have to remember them.

Example: 1Password
https://agilebits.com
https://1password.com

Find My iPhone

Where is it? Has it been lost or stolen? If so, can I find it? Can I protect my data on it? Can I disable its use?

https://www.icloud.com/#find

https://support.apple.com/explore/find-my-iphone-ipad-mac-watch
https://support.apple.com/kb/PH2696
https://support.apple.com/en-us/HT201365

Email spam and phishing

Spam filtering

May be provided by your ISP or your email client.

Example: SpamSieve
https://c-command.com/spamsieve/

Spam reporting

For those dedicated to fighting spam!

Example: SpamCop.net
https://www.spamcop.net

What is the source?

APNIC Whois Search
https://wq.apnic.net/whois-search/static/search.html