Click on any word in red to see more information on that topic!

Do you worry whether your PC is safe, at home or at work?  This month's Talkin' Tech seeks to arm you with some knowledge and resources in this not-so-friendly world of cyber threats and scams.   Information on this page has been extracted from the National Cyber Alert System, which provides timely information about current and emerging threats and vulnerabilities as well as advice about protecting your computer and networks.
	Understanding the Threats
	All computers, from the family home computer to those on desktops in the largest corporations in the country can be affected by computer security breaches.   As with any type of crime, the threats to the privacy and integrity of data come from a very small minority. However, while a car thief can steal only one car at a time, a single hacker working from a single computer can generate damage to a large number of computer networks that can wreak havoc on our country's information infrastructure. Whether you want to secure a car, a home or a nation, a general knowledge of security threats and how to protect yourself is essential. Viruses are the most widely known security threat because they often garner extensive press coverage. Viruses are computer programs that are written by devious programmers and are designed to replicate themselves and infect computers when triggered by a specific event. The effects of some viruses are relatively benign and cause annoying interruptions such as displaying a comical message when striking a certain letter on the keyboard. Other viruses are more destructive and cause such problems as deleting files from a hard drive or slowing down a system. A computer can be infected with a virus only if the virus enters through an outside source – most often an attachment to an email or a file downloaded from the Internet. When one computer on a network becomes infected, the other computers on the network – or for that matter other computers on the Internet – are highly susceptible to contracting the virus. Trojan Horse Programs, or Trojans, are delivery vehicles for destructive computer code. Trojans appear to be harmless or useful software programs, such as computer games, but are actually enemies in disguise. Trojans can delete data, mail copies of themselves to e-mail address lists and open up computers to additional attacks. Trojans are usually contracted by copying the Trojan horse program to a computer, downloading from the Internet or opening an email attachment.  A Trojan may be uploaded to your PC without your knowledge or any interaction on your part. Vandals: Web sites have come alive through the development of such software applications as ActiveX and Java Applets. These applications enable animation and other special effects to run, making web sites more attractive and interactive. However, the ease with which these applications can be downloaded and run has provided a new vehicle for inflicting damage. Vandals can take on the form of a software application or applet that causes destruction of various degrees. A vandal can destroy a single file or a major portion of a computer system. Attacks: Innumerable types of network attacks have been documented, and they are commonly classified in three general categories: (1) reconnaissance attacks, (2) access attacks, and (3) denial of service (DoS) attacks.   Reconnaissance attacks are essentially information gathering activities by which hackers collect data that is used to later compromise networks. Usually, software tools, such as sniffers and scanners, are used to map out and exploit potential weaknesses in home computers, web servers and applications. For example, software exists that is specifically designed to crack passwords. Such software was originally created for computer administrators to assist people who have forgotten their passwords or to determine the passwords of people that have left a company without telling anyone what their passwords were. Placed in the wrong hands, however, this type of software can become a very dangerous weapon. Access attacks are conducted to gain entry to e-mail accounts, databases and other confidential information. DoS attacks prevent access to all or part of a computer system. They are usually achieved by sending large amounts of jumbled or other unmanageable data to a machine that is connected to the Internet, blocking legitimate traffic from getting through. Even more malicious is a Distributed Denial of Service attack (DdoS) in which the attacker compromises multiple machines or hosts. Data Interception:  Data transmitted via any type of network can be subject to interception by unauthorized parties. The intercepting perpetrators might eavesdrop on communications or even alter the data packets being transmitted. Perpetrators can use various methods to intercept data. IP spoofing, for example, entails posing as an authorized party in the data transmission by using the Internet Protocol (IP) address of one of the data recipients. Scams: Con artists have been perpetrating scam operations for decades. Now more than ever, the stakes are higher as they've got easy access to millions of people on the Internet. Scams are often sent by e-mail and may contain a hyperlink to a web site that asks you for personal information, including your password. Other times, scam e-mail may contain a solicitation for your credit card information in the guise of a billing request. There are ways to take proactive steps toward protecting yourself from scams on the Internet, such as never giving out your password, billing information or other personal information to strangers online. Because it is easy to fake e-mail addresses, be mindful of who you're listening to or talking with before you give out personal information. Don't click on hyperlinks or download attachments from people or web sites you don't know. Be skeptical of any company that doesn't clearly state its name, physical address and telephone number.   Report a Scam to the Federal Trade Commission Spam is the commonly used term for unsolicited e-mail or the action of broadcasting unsolicited advertising messages via e-mail. Spam is usually harmless, but it can be a nuisance, taking up people's time and storage space on their computer. If you receive spam, you should report it to your Internet Service Provider (ISP). Check your ISP Help Areas to find out how to report spam.   Taken from Beginner's Guide to Computer Security from Stay Safe Online site; click on this link to view entire article.  Want to find out how safe you are?  Take their Self-Assessment. Want to see a more complete list of definitions?  See a glossary of terms.   Report Spam to the Federal Trade Commission
	What you can do at home
	The National Cyber Alert System is America's first coordinated national cyber security system for identifying, analyzing, and prioritizing emerging vulnerabilities and threats. All information products are available on a free subscription basis and are delivered via push e-mail. Home users can also access Cyber Security Tips and Cyber Security Alerts from US-CERT affiliates including StaySafe Online ( www.staysafeonline.info  ).   Follow these precautions at home, especially if you are using a high-speed internet connection (DSL or cable): Use anti-virus software.  Look for anti-virus software that recognizes current viruses, as well as older ones; that can effectively reverse the damage; and that updates automatically. Regularly update anti-virus software.  To be effective, anti-virus software must be updated routinely with antidotes to the latest "bugs" circulating through the Internet.  Most anti-virus software provide the utility for automatic updates. Install a firewall.  A firewall is software or hardware designed to block hackers from accessing your computer.  A properly configured firewall masks your IP address, making it tougher for hackers to locate your computer.  For more information about firewalls, see the full article below or check out Zone Labs site.  Eliminate spyware.  Spyware is the term which refers to code or components that are downloaded to your PC.  They can track your surfing habits, abuse your Internet connection by sending this data to a third party, profile your shopping preferences, hijack your browser start page or pages, alter important system files, and can do this without your knowledge or permission.  You can eliminate spyware using utilities such as Ad-Aware and SpyBot.  See these sites for more info:  Lavasoft and SpyBot. Apply operating system updates.  You should routinely check for and applying security patches from your operating system vendors, Windows users can get critical updates from http://windowsupdate.microsoft.com . Combined with the anti-virus and firewall recommendations you already have, this should solve most problems. Don't fall for a "fibbing" email.  Delete emails from persons you do not know; beware of attachments, even if they are sent by users that you know.  See the information on Scams above.  If any source asks you for personal information, call the company directly. Beware of hoaxes.  When you receive emails warning of a virus and instructing you to use an attachment or delete/ modify files on your computer, do a little internet research to make sure this is authentic.   The website at  http://www.f-secure.com/virus-info/hoax/ is a good source for information on hoaxes. If your computer is infected, take action immediately. Use strong passwords.  (See tips in the next section of this page.) Take advantage of your software's security features.  Your operating system and web browser software give you some options for increasing your online security. Check the "Tools" or "Options" menus for built-in security features.  You may also use tools in your email software to filter certain types of messages. Turn off software features that you don't use.  File sharing which is turned on when Windows is installed can be used by hackers to access your files.  The Preview Pane in email software opens potentially-unsafe email without any action on your part. Back up important files. Report serious incidents.  Let your ISP (Internet Service Provider) know about problems. Taken from Beginner's Guide to Computer Security from Stay Safe Online site; click on this link to view entire article.  Want to find out how safe you are?  Take their Self-Assessment. Want to see a more complete list of definitions?  See a glossary of terms.   Don't have virus protection at home?  See the following sites for free anti-virus software: AVG antivirus software Avast antivirus Trend Free Online
	Protection for your College PC
	ITS Network Services team supports a comprehensive virus protection program for CCAC's technical environment. Trend Microsystems is the standard software utilized on all desktops and servers with a Windows operating system. In addition, incoming and outgoing email is routinely scanned for viruses and worms.   This blue icon in the corner of your system tray is the Trend software at work on your PC.       The maintenance of Trend Micro virus scanning is done automatically within all College PC's. Virus definitions are updated routinely and regularly by the Network Services group. Your desktop PC is updated automatically with these definitions through the Windows 2000 software.   The Trend Micro software on your College PC runs a scan of your hard drive weekly on an automatic schedule.  You may notice the Trend icon in your system tray flicker during this process as it runs.  You can also choose to scan your hard drive or floppy disks at any time by going to the Start Menu, Programs, Trend OfficeScan.  Please scan all floppy disks brought from home or an external source before using in your College PC. A team in the ITS department has been formed to monitor alerts from external agencies and Trend. The team is on call at all times to ensure that external threats and malicious activities are responded to immediately.
	Passwords
	Making sure that your computer system is password protected is the simplest and most common way to ensure that only those that have permission can enter your computer or certain parts of your computer network.  However, the most powerful network security infrastructures are virtually ineffective if people do not protect their passwords.  Many users choose easily remembered numbers or words as passwords, such as birthdays, phone numbers, or pets' names, and others never change their passwords and are not careful about keeping them secret.  Keep these guidelines in mind: Make passwords as meaningless as possible.  A great technique is to create a phrase that you can remember; eg, my mother was born in 48 in new york; alternate the case and you have a password: MmwBi48iNY Change passwords regularly. NEVER divulge passwords to anyone. See these useful sites or articles for tips on creating and managing passwords: http://www.symantec.com/homecomputing/library/pass_w.html http://www.post-gazette.com/lifestyle/20040208passwordlifestyle2p2.asp
	Keeping on Top of the Issues
	The average home user should be able to avoid problems by following all the advice provided above.  Users who are more technically skilled may wish to monitor current trends more closely.   The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) unveiled the National Cyber Alert System, an operational system delivering to Americans timely and actionable information to better secure their computer systems. The National Cyber Alert System includes various informational products for cyber threats, warnings, and responses, as well as best practices and tips, that individuals and companies may subscribe to receive via the website at www.us-cert.gov .   If you want to keep on top of the latest news and alerts, check out the following sites.  These are the major sites used by the ITS security team. National Cyber Alert System Resource for computer threats and vulnerabilities: Internet Security Systems, Inc. (X-FORCE) Virus advisories, descriptions, solutions: Trend Micro Alerts on viruses: McAfee virus alerts Resource site for viruses, threats, etc: Symantec To find out if a virus is a hoax: F-SECURE Resource for viruses: Norman Resource page: FBI Warnings, advisories and alerts: National Infrastructure Protection Center  Warnings, advisories, practices, recommendations: CERT Alerts: SANS (System Administration, Networking and Security Institute 2004 Internet Fraud-Crime Report: Internet Crime Complaint Center Report Crime Complaint Center: Internet Crime Complaint Center

WANT TO VIEW TALKIN' TECH TOPICS FROM PREVIOUS MONTHS?

January 2004: Technology Services for Faculty and Students

November 2003: Going Away from the Office

September 2003: My Accounts

August 2003: Mailing Lists and Merges

June 2003: Colleague Release 17 Upgrade

May 2003: CCAC Website

April 2003: Get Productive with Outlook

March 2003: Office XP

February 2003: PrintScreen

December 2002: File Management

November 2002: The CCAC Desktop Environment

October 2002: Your Desktop

Technology Toolkit: Computing at CCAC

Academic Email for Students and Faculty

Windows XP Preview

Current Month's Topic