Just when I think I've learned about all I can learn in a course, this module comes along. This module dealt with risks we can encounter whether we are on-line or conducting business using today's technology. I know it opened my eyes to the unknown dangers that are out there. I also know that it has changed the way I go about my on-line experiences. I'd like to tell you about what I learned about peer-to-peer networks, my on-line safety, and the security of my home network. Additionally, I want to educate you about how Wal-Mart protects the personal information of it's customers. I also feel I must be candid about how I used to conduct certain on-line activities.
What Didn't I Learn???
This module had a big impact on me and my family. We were doing things we shouldn't have been doing and leaving ourselves open to having our personal information stolen.
Let's start with peer-to-peer networks. I guess I always knew that nothing is ever truly free but I never really thought about downloading free music as stealing. Really. My kids had no qualms about downloading songs onto their iPods and I just jumped on the bandwagon with them. Then a few weeks ago my son discovered that the peer-to-peer network that we get our music from, Lime Wire, had been shut down by the government. THEN we start this module and I discover that we had been conducting illegal downloading of songs!! Yikes!! So, we are a different family now. Music will be paid for if anyone wants to download it. My personal opinion is that these artists make obscene amounts of money for what they produce (especially the stuff my son listens to) and they really can't be hurting from these downloads. I guess I should thank the government for shutting down Lime Wire. It was a big source of viruses, spy-ware, and malware if you weren't diligent with using your anti-virus software to check everything you downloaded. I've read about computers becoming completely infected after a song or two were downloaded. I guess I should consider us lucky that we weren't one of those victims.
So, the next eye-opening thing I discovered was that our wireless router was pathetic as far as security went. I read the parts of the module that dealt with securing your wireless router and chuckled along with the people on the video when they spoke about router passwords being......"password". How could anyone be that dumb? Well, guess what. When we bought our router and set it up I was much less tech savvy than I am now. The password on our home router was......."password". Yep. I am embarrassed to admit this but at least I can say I've learned from this experience. I can also admit that the SSID we were broadcasting was NETGEAR. So, let me recap what I discovered. We were broadcasting our SSID as NETGEAR with the password of "password". I might as well have just left our credit cards sitting on our front steps and saved any war-drivers some time. Unfortunately, the router technology is WEP which I have learned is old school and not very secure. That will change in the future, but for now I feel a little more confident since I made some much needed adjustments. At the least I feel that if someone were trying to use our wireless network to go on the Internet or steal our credit card information I've just made it a little tougher for them. Perhaps they will just move on to the next house that may not be as secure.
Part of this assignment included displaying a screen shot of my computer's SSID information. I have Windows 7 so the directions were a little different than the operating system that was used as an example in our learning module. Here's what I was able to capture as information from the dialog box on my computer:
This screen shot shows that I have no authentication and that the encryption type is WEP. But the key items I want to highlight on this screen shot are the SSID, which is KCKRMULL, and that it is requiring a network security key, which isn't displayed. Those are changes that I have made since starting this module. My kids complain about these changes each time they log onto their accounts in iTunes using their iTouch since they have to enter the security key. A small price, I tell them, for added security.
While I'm on the topic of security, personal security to be precise, I looked at the corporate website for Wal-Mart to see how they are protecting their customer's personal information. From what I was able to discover about in-store transactions is that they use WEP but the network is MAC address filtered. This means that it looks at each individual computer trying to connect to the network to see if it is allowed to connect. Even if the WEP key was cracked the individual would not be allowed to access the network because the laptop's MAC address is not in the list of allowable MAC addresses. For on-line purchases they
use SSL technology. They also have a digital certificate from Verisign. This allows your personal information to be transmitted in encrypted form to a Wal-Mart.com web server. Wal-Mart also discloses that any hard copies of personal information are kept in locked locations or cabinets with similar restrictions for electronic storage of personal information. When it is disposed of it is shredded, destroyed, erased, or some other way made unreadable. It sounds like Wal-Mart is taking many steps to ensure their customer's personal information is secure.
A Last Note
My daughter received an unnerving message the other day from Face Book. It seems someone in California was trying to access her account but was having trouble with her password. She needed to answer several security questions and change her password before she was allowed to access her Face Book account. She brought it to my attention since she has decided that her mom is becoming a security nut ever since she started taking this class. We discussed what constitutes a secure password and I feel confident that the password she selected will be a secure one. I think we all learned something from this module.
As part of my experiences in CIS 205 our class has been given an opportunity to win money! Well, let me preface this by saying that, if our submission is great, we could win money. We have been placed on teams to help foster teamwork and create our projects. The contest is sponsored by Cyberwatch, an organization comprised of higher education institutions, businesses, and government agencies whose mission is to improve the quantity and quality of the information assurance workforce. I thought it was an interesting organization and decided to become a member. I know that, at the least, I will receive their newsletter. Depending on where my education leads me, it may prove to be a valuable resource for my future. The fact that I can receive a discount on Comp TIA certification exams is a terrific benefit that I plan to take advantage of. The contest that Cyberwatch is sponsoring is geared toward producing posters and short videos aimed at college students. The goal is to spread information security awareness. I'm excited about this contest! I don't know what my team's chances are for winning but I think this will, ultimately, be another great accomplishment to place on my resume.
My team and our project
My team has narrowed down our plan for this project to a short video. We have decided that cybercrime is an excellent topic to cover since college students can be easy targets for these predators. The video, according to the contest requirements, should be about 2 minutes in length. We haven't made any detailed decisions yet, other than the fact that it will be a video and not a poster. I suggested that we use a website called called Xtranormal.com. The link to it is www.xtranormal.com and it is a text-to-movie movie-making system that we can run entirely in our browser. Once we are done editing the video we can publish it and make it available on the world wide web. I have made a couple simple videos, just for fun. My 14 year old son made a couple videos also. It is simple enough that anyone with some time and patience can create a video. I'd like to give you an example of a video I made. It is only 30 seconds long, and has a few items in it I'd like to change, but it does give you an idea of what I thought about as a platform for this project.
This video talks about my love of Cannoli flavored ice cream and the possible consequences if I eat too much of it:
I think myself, and my team, will be able to create an informative video that has the potential to look spectacular.And who knows? Maybe if it's spectacular enough we will be the answer to the question ---------------->
Let me start out by saying that Stephen King has nothing in his arsenal that comes close to how frightening attacks on your computer can be.
My Reflections on this Module
Each time we start a new module I am excited at the prospect of what I am going to learn in regards to computer security. This module didn't disappoint me in the least. I feel pretty savvy when it comes to knowledge about computer viruses. They've been around almost as long as personal computers have been around. I did enjoy the background and history of virus origins since it's always good to know how something began.
What really grabbed me were the articles on hackers, botnets, and zombie computers. The facts about hackers, and their habits, made me think about these individuals as their own culture. They seem to have their roots based in quests to satisfy their curiosity or attain a goal. It seems, however, they've lost sight of what effects they cause in their quests. I learned that the majority of hackers don't have malicious intentions when they try to achieve something. What they are doing may not be proper, but it isn't bad either. The other side of the coin, the hackers with bad intentions (also known as crackers), are a different story. I can't understand why they would use their knowledge to cause something bad to happen. Especially since, I would think, being able to see what they've done would be their "prize". They aren't around when an innocent victim has their hard drive corrupted or wiped out. They aren't standing there when these people realize a lot of their personal data is gone forever, or irretrievable. So what is the fun in that? Where is their prize? I could almost understand the crackers who are able to cause problems to major corporations or networks. Their accomplishment becomes a media story so they feel they can brag or feel good about it. But the crackers who affect individuals are just wrong.
I must mention that the information about botnets and zombie computers made me look at my computer in a whole different light. There are some telltale signs that your computer has become a zombie for a botnet army but I'm not sure the average computer user would know what to look for. There are limited choices you can make when it comes to stopping this threat and the idea of wiping out your entire hard drive and starting over from scratch is painful, to say the least. So now, each time I go onto the internet, the thought passes through my head "Is my computer at risk of becoming a zombie?"
What will I do differently?That's easy to answer. First of all, I will keep my anti-virus software up to date. Additionally, I've done some research and I think I'm going to download an add-on for Mozilla Firefox called NoScript.
This way I will be in control of what URLs will be acceptable. I read the reviews on it and they are overwhelmingly positive. I learned about this add-on from a video that was provided to us in this module.It was a very good video and I'd like to provide you with a link to it. Please take the time to watch it, you may learn something!
Now, while this video was good, the following video from the fine folks at Symantec points out some additional things that may prove useful in keeping your computer safe from outside threats. This video talks about a family of fake anti-virus applications. They mimic legitimate anti-virus software but their whole purpose is simply to get money from you. You can get one of these fake applications after clicking on a link in a professional looking website. Suddenly pop-ups begin to appear telling you that your computer is infected and what you need to do to fix this problem. Ultimately, they are hoping you will follow the links to a page where you provide your credit card information. Once they have your card number they will sell it or use it to buy items. All this can be prevented with a good anti-virus software program running on your PC.
I am almost ashamed to admit this but, several years ago, I clicked on a link that was fake. I was bombarded with pop-ups telling me my computer was infected and offering a solution for a price. Ultimately, I ended up wiping out the contents of my hard drive and starting from scratch. A hard lesson to learn but one I won't soon forget.
My Anti-Virus Program
There are plenty of choices out there when it comes to anti-virus software. Some are free and some can range in price from a few dollars to upwards of $100.00 for the rights to use the software. The choice comes down to a matter of personal preference. I have McAfeeAnti-Virus 2011 as the anti-virus software for my computer and the other computers that we use in our home. We used to have AVG as our anti-virus program but I didn't feel it performed as well as I had hoped. In it's defense, I was using the free version which doesn't have as many bells and whistles as some programs that you can buy. After discontinuing AVG, I decided to go with CA Anti-Virus. It is provided as the anti-virus software that Time-Warner customers can use for free with their internet subscription to Roadrunner. It did too good of a job. The computer that I installed it on slowed down so much nothing could be accomplished. My family complained loudly and frequently. I decided a change needed to be made....again. So I chose McAfee Anti-Virus 2011. I am very pleased with the job it is doing. It runs quietly in the background, and doesn't use a lot of system resources. When it perceives a potential threat it notifies me with a pop-up window that allows me to choose what action I want it to perform. I think I will stay with it for a long time.
Since I am singing it's praises, I want to provide you with a screen shot of what my home page looks like, along with part of the scan report:
As you can see, the program is scheduled to do regular scans and I have noticed that it performs regular updates without me needing to get involved. I really like how it works.
What To Do if the Bad Guys Succeed
So, let's assume you have an up-to-date anti-virus program running and you are a careful person when it comes to clicking on suspicious links. This doesn't mean you may not fall victim to an authentic looking link. I'd like to take this time to show you how to "fix" your computer. Basically, you are turning back the hands of time (kind of like Daylight Savings Time) to a time before you clicked on that link. You are performing a System Restore. I wish I had this knowledge several years ago when I ran into that link that caused me to need to reformat my hard drive.
The following video will guide you through the steps you will need to take to restore your computer:
Like I said in the tutorial, I hope this short video proves helpful if you ever need to restore your computer to an earlier point in time.
My Conclusion
Everyday we encounter countless threats to our computers. With education and the proper tools to protect ourselves we can avoid these threats. As new threats are born, it is up to each of us to do our job to prevent them from spreading.
Let's start with peer-to-peer networks. I guess I always knew that nothing is ever truly free but I never really thought about downloading free music as stealing. Really. My kids had no qualms about downloading songs onto their iPods and I just jumped on the bandwagon with them. Then a few weeks ago my son discovered that the peer-to-peer network that we get our music from, Lime Wire, had been shut down by the government. THEN we start this module and I discover that we had been conducting illegal downloading of songs!! Yikes!! So, we are a different family now. Music will be paid for if anyone wants to download it. My personal opinion is that these artists make obscene amounts of money for what they produce (especially the stuff my son listens to) and they really can't be hurting from these downloads. I guess I should thank the government for shutting down Lime Wire. It was a big source of viruses, spy-ware, and malware if you weren't diligent with using your anti-virus software to check everything you downloaded. I've read about computers becoming completely infected after a song or two were downloaded. I guess I should consider us lucky that we weren't one of those victims.
