Information Security for CPAs

1
Information Security for CPAs Birmingham
Chapter September 5, 2008 J. Carlton Collins,
CPA
2
(No Transcript)
3
The Internet can teach a person how to become a
hacker Plenty of tools and utilities to make it
easy to hack Blocking the Cracking
Tools CrackZ HackZ WareZ SerialZ
4
How Serious is the Problem?
Page 3
5
Organization National Institute of Health Date
of Theft February 2008 Type of Data
Stolen Patient data for 2,500 patients over a 7
year period How Stolen From an employees home
6
Organization Davidson County Election
Commission - (Nashville, TN) Date of
Theft December 28, 2007 Type of Data
Stolen Names and complete Social Security
numbers for 337,000 registered voters How
Stolen Someone broke into several county
offices over Christmas and stole laptop
computers
7
Organization Transportation Security
Administration (TSA) Date of Theft August 10,
2006 Type of Data Stolen Social Security
numbers, payroll information, and bank account
data for approximately 133,000 employee
records How Stolen From a government vehicle
8
Organization Federal Trade Commission
(FTC) Date of Theft June 22, 2006Type of Data
Stolen Data on about 110 people that was
"gathered in law enforcement
investigations How Stolen Stolen from a
locked vehicle
9
Organization Internal Revenue Service
(IRS) Date of Theft June, 2006Type of Data
Stolen 291 employees and job applicants,
including fingerprints, names, Social Security
numbers, and dates of birth How Stolen In
transit on an airline flight
10
Organization AICPA Date of Theft June,
2006Type of Data Stolen Unencrypted hard drive
containing names, addresses and Social
Security numbers of 330,000 AICPA members.
How Stolen Lost during shipping
11
Organization US Government Veterans Affairs
Administration Date of Theft May 3, 2006 Type
of Data Stolen 26.5 million veterans, their
spouses, and active- duty military
personnel How Stolen Laptop stolen from
employees home
12
Organization Citibank Student Loan
Corporation Date of Theft March 8, 2006 Type of
Data Stolen Information on 3.9 million
customers How Stolen Lost in transit while
being shipped
13
(No Transcript)
14
Long List of Documented Thefts of Data Victims
Include
15
Heres An Even Bigger List
16
(No Transcript)
17
Organization Drug Enforcement Agency
(DEA) Date of Theft June 7, 2004 Type of Data
Stolen Laptop of DEA Informants How Stolen
From the trunk of an Auditors car while he was
at a bookstore coffee shop in suburban
Washington
18
Computer Viruses
Page 8
19

• 1986 First Virus
• 1989 6 viruses
• 1999 - 7.6 Billion Cost
• 10 to 15 new viruses a day
• 2008 - 55 Billion Cost (Most Conservative
  Estimate)

20
5 Types of Viruses Page 9

• The Worm Virus
• Uses email addresses from your address book
• Send itself to those people
• The Trojan Virus
• Disguises itself as a legitimate function.
• Really causes damage or steals data like
  passwords.
• The Backdoor Trojan Virus
• Takes control of your computer through your
  network or the internet.
• File Virus
• Attaches to real software.
• Whenever you use the software, it will load into
  your memory.
• Adware and Spyware
• Adware is basically just advertisements.
• Spyware can log your keystrokes

21

• Important Virus Tips
• Backup every week.
• Backup BIOS before you change it
• Run virus protection software.

22
Top Virus Protection Products
23
(No Transcript)
24
Encryption
Page 14
25
Encrypting Word and Excel Files
26
Encryption Primer Page 17 All encryption is
based on two prime numbers
27
About Bits Page 17 It takes 8 Bits to Form a
Single Number
4,300,000,000,000,000 4,594,972,986,357,220,000,0
00,000,000,000,000,000,000,000,000,000
28
PGP (Pretty Good Privacy)
29
(No Transcript)
30
PGP (Pretty Good Privacy)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
E-Mail Encryption Software
36
E-Mail Encryption Software
37
E-Mail Encryption Software
38
E-Mail Encryption Software
39
Is Big Brother Watching You Anyway?
Widely Rumored that a master key' exists
40
Protecting Your Hard Drive Page 27 4 measures you
can take as follows
41
1. BIOS Password Page 28
42
2. Windows Password Page 28
Carlton Collins
43
3. Use Strong Passwords Page 28
Happy 5 minutes to break Happy44 15 minutes
to break hAPP5y44 Many hours to
break (Microsoft recommends using
Upper/lower/special characters) I recommend the
old phone number method 9126384822Delta4499
delta
delta 4499
912 638 4822 delta 4499
9126384822delta4499
44
How Thieves beat BIOS Windows Passwords

• Remove Drive
• Insert in another computer as second drive
• Second drive becomes completely readable

45
How Thieves beat BIOS Widnows Passwords

• Or they use Knoppix

46
4. Encrypt Files or Folders Page 29/30

• Must use NTFS (in Windows XP)
• Right click file or folder, Properties
• Advanced

47
4. Or Use Vista BitLocker Page 30

• New in Vista

48
4. Or Use TrueCrypt Page 29 and 31
Hard drive is encrypted and decrypted on the fly
49
Firewalls
Page 33
50
Routers and Firewalls Have Opposing Objectives
Share information Versus Prevent Sharing of
Information
51
(No Transcript)
52
(No Transcript)
53
(No Transcript)
54
Page 37
55
Windows XP Windows Vista Firewalls
Page 52
56
Change the Default SSID (Service Set Identifier)
Page 53
57
Disable SSID Broadcast
Page 55
58
Do Not Auto-Connect to Open Wi-Fi Networks
Page 55
59
Turn Off the Network During Extended Periods of
Non-Use
Page 56
60
Online Security Tests
Page 40
61
ShieldsUp! - Port Authority Edition
 grc.comBroadband Tests and Tools
 www.broadbandreports.com/toolsBrowserSpy
 gemal.dk/browserspyGFI Email Security Testing
Zone  www.gfi.com/emailsecuritytestHacker
Whacker  www.hackerwhacker.comPC Flank
 www.pcflank.comPC Pitstop  www.pcpitstop.comC
heckup  browsercheck.qualys.com Privacy.net
 privacy.net/analyze
62
Computer Bread Crumbs
Page 43
63
Recent Applications Game High Scores Search
history Browsing History Cookie
History Temporary Internet Files Search for
JPGs Recycle Bin Password Protected
Files Requesting Lost Passwords Review Sent and
Received E-Mail Review Deleted E-Mail
Folder Review Junk E-Mail Folder Use E-Mail Rules
to Track Usage Use E-Mail Server Settings to
Track Usage Key Loggers Print Monitor Pro
(free) Give Me Do (free) Desktop Spy
(free) Hardware Keylogger (60) Internet Spy
(free) Evidence Tracker (free) and Evidence
Blaster (23)
64
Wireless Security
Page 50
65
(No Transcript)
66
System Restore
Page 57
67
Understanding the Registry REGEDIT
68
(No Transcript)
69
Windows Security Users
Page 60
70
No Security in W95 W98 User Accounts Now
Required - Windows XP and Windows Vista
71
(No Transcript)
72

• Accessing User Accounts The Control Panel -
  User Accounts
• Disable the Guest Account in W95, W98, W2000 and
  Vista
• Password Protect the Guest Account in Windows XP
  Turning off hides it from the log in screen
  but it still remains active
• Rename the Administrator Account

73
(No Transcript)
74
Beware the Hacker Tools
75
Windows Security Folders
Page 66
76
FAT32 versus NTFS
Do Not Choose FAT 32 Do Choose NTFS
77
(No Transcript)
78
NTFS No Impact on Network NTFS is Also Better
in Other Ways Larger files Larger drive
partitions, Has better data compression, Less
file fragmentation Its Easy to Change to NTFS
At Command Prompt type convert c /fsntfs
79
Warning - Hidden Files and Folders Can Still Be
Deleted
Page 68
80
Dont Confuse NTFS Share Settings with File Share
Settings
81
(NTFS permissions affect access both local and
remote users) (Share permissions apply only to
network shares)
82
(No Transcript)
83
Folder Settings
84
(No Transcript)
85
Windows Security Screen Savers
Page 74
86
(No Transcript)
87
Blocking Pornography
Page 78
88
(No Transcript)
89
(No Transcript)
90
(No Transcript)
91
Totally Nude Thumbnail Image of Brad Pitt
Room full of Naked Blonde Chicks

92
Backing UpYour Data
93
(No Transcript)
94
Spy Stuff Page 201