Purpose of this Web Site
I am a retired Emeritus faculty member of the College of Information Sciences and Technology at Penn State University, Many of the classes I developed or taught are in our Security and Risk Analysis and Information and cyber-Security majors - including Introduction to Cyber Security, Risk Analysis, Computer and Cyber-Forensics and Security and Risk Management.
From 1976 to 2000 I was a manager at the academic computing centers of the University of Pittsburgh and Penn State University. At Pitt my team was responsible for mainframe application and system software. At Penn State my team was responsible for microcomputer/workstation support and network security before the establishment of Penn State's Security Operations and Services group in 1993.
In 2000 I moved to the new School (now College) of Information Sciences and Technology as a full-time faculty member. I developed a number of classes and eventually began a focus in Information Assurance and Security Risk Analysis. For the past 4 years I have been Program Coordinator of the SRA undergraduate degree. My specialties include computer forensics, security and risk management, risk assessment and risk mitigation.
I have spent many hours giving advice to friends, family and students on the best ways to protect their information and computers from compromise and theft. Having seen, once again, a rise in the variety and sophistication of malware attacks, I have decided to create this Web site to serve as a simple overview and introduction to the things an individual can do to protect themselves, and their family, from information theft.
This site is NOT intended to be 100% comprehensive. It is intended as a simple, quick, start. I will give a small amount of background, and will then skip tp practical tips and strategies to protect your information, data, programs and identity. If you want complete information you should take one of my classes at Penn State :-).
I will be adding to this site constantly. The best defense is knowledge and a bit of preparation. If the information on this Web site confuses you I suggest you find your most tech-savvy friend to help.
I moved to Englewood, Florida in 2017 and intend to start teaching computer forensics for the State College of Florida. I intend to stay current in the field of Information Security, and will continue to update this page, as well as other resources. I am happy to give talks on Privacy and Security to civic or company groups. Contact me at [email protected].
From 1976 to 2000 I was a manager at the academic computing centers of the University of Pittsburgh and Penn State University. At Pitt my team was responsible for mainframe application and system software. At Penn State my team was responsible for microcomputer/workstation support and network security before the establishment of Penn State's Security Operations and Services group in 1993.
In 2000 I moved to the new School (now College) of Information Sciences and Technology as a full-time faculty member. I developed a number of classes and eventually began a focus in Information Assurance and Security Risk Analysis. For the past 4 years I have been Program Coordinator of the SRA undergraduate degree. My specialties include computer forensics, security and risk management, risk assessment and risk mitigation.
I have spent many hours giving advice to friends, family and students on the best ways to protect their information and computers from compromise and theft. Having seen, once again, a rise in the variety and sophistication of malware attacks, I have decided to create this Web site to serve as a simple overview and introduction to the things an individual can do to protect themselves, and their family, from information theft.
This site is NOT intended to be 100% comprehensive. It is intended as a simple, quick, start. I will give a small amount of background, and will then skip tp practical tips and strategies to protect your information, data, programs and identity. If you want complete information you should take one of my classes at Penn State :-).
I will be adding to this site constantly. The best defense is knowledge and a bit of preparation. If the information on this Web site confuses you I suggest you find your most tech-savvy friend to help.
I moved to Englewood, Florida in 2017 and intend to start teaching computer forensics for the State College of Florida. I intend to stay current in the field of Information Security, and will continue to update this page, as well as other resources. I am happy to give talks on Privacy and Security to civic or company groups. Contact me at [email protected].
Is Internet Security Really a Problem?
You must be kidding? In tests run at Penn State an insecure PC connected to the Internet was infected in an average of 23 minutes. There are well over 100,000 known varieties of malware for Windows systems alone. Macintosh users are not immune, nor are Linux users. In the case of the Macintosh, the argument is mainly semantic - what is a 'virus,' what is a 'trojan,' etc. Most security professionals today group all online threats into the category of 'malware' -- which, loosely, includes any effort (software or social engineering) that has the goal of stealing information, compromising system control, or otherwise breaching the privacy of systems and users.
The Bad News:
The bad news is that the threat from malware is increasing at an amazing rate. Major security organizations claim that as many as 80% of all systems are infected in some way. Botnets alone represent a major national security threat. Almost every government on the planet (including the U.S.) has established a cyber-warfare unit whose goal is to prevent (if possible) attacks on infrastructure such as the power grid and financial networks. The sophistication of malware design and strategy has already reached a level where it can be daunting even to the person with significant skills in information technology. Unless you enjoy taking risks with your identity, and really love paying people like me big bucks to try to rebuild your systems, you will take the situation seriously. If you do not follow my advice you risk, at a minimum, a lot of hassle and cost. At a maximum you risk permanently losing your photographs, your music, documents, and programs -- and use of your computer system for days or weeks.
The Really Bad News:
You can only secure your information while it is in your possession! After you have entered in on a Web page it is completely out of your control. Current wisdom says that you should be diligent in (a) only doing business online with reputable businesses, and (b) limit the information you reveal. But even so, the customer information of a business or organization is a very rewarding target to hackers.
The Good News:
There are a few, fairly simple, steps you can take to protect your computers and information while it is still in your posession. Yes, these require a small bit of learning. I do encourage my students to help those around them (parents, grandparents, friends, etc.). Do not be afraid to ask for help, but make sure the person you are asking has a clue. There is an old saying - "In the Land of the Blind the One-Eyed Man is King" - it may be a good idea to identify someone with decent IT skills before you need them -- and be very nice to them (make cookies, buy them a beer, etc.).
The Rest of This Site:
The rest of this site consists of pages on different aspects of Internet Security. I expect to be frequently updating this site. I welcome comments and questions, but please understand that I am not running a consulting business - so I will be unable to answer specific security questions. I am also NOT guaranteeing that following these steps will always keep you safe -- but they will address a very large percentage of the risk you will find on the Internet, and help to make recovery far less traumatic than it could be.
About the author:
This site is developed and maintained by Dr. Gerald M. (Gerry) Santoro - [email protected] -- it is made freely available for educational purposes as a community service. If you wish to verify my identity you may look me up in the faculty directory for the College of Information Sciences and Technology at The Pennsylvania State University.
The Bad News:
The bad news is that the threat from malware is increasing at an amazing rate. Major security organizations claim that as many as 80% of all systems are infected in some way. Botnets alone represent a major national security threat. Almost every government on the planet (including the U.S.) has established a cyber-warfare unit whose goal is to prevent (if possible) attacks on infrastructure such as the power grid and financial networks. The sophistication of malware design and strategy has already reached a level where it can be daunting even to the person with significant skills in information technology. Unless you enjoy taking risks with your identity, and really love paying people like me big bucks to try to rebuild your systems, you will take the situation seriously. If you do not follow my advice you risk, at a minimum, a lot of hassle and cost. At a maximum you risk permanently losing your photographs, your music, documents, and programs -- and use of your computer system for days or weeks.
The Really Bad News:
You can only secure your information while it is in your possession! After you have entered in on a Web page it is completely out of your control. Current wisdom says that you should be diligent in (a) only doing business online with reputable businesses, and (b) limit the information you reveal. But even so, the customer information of a business or organization is a very rewarding target to hackers.
The Good News:
There are a few, fairly simple, steps you can take to protect your computers and information while it is still in your posession. Yes, these require a small bit of learning. I do encourage my students to help those around them (parents, grandparents, friends, etc.). Do not be afraid to ask for help, but make sure the person you are asking has a clue. There is an old saying - "In the Land of the Blind the One-Eyed Man is King" - it may be a good idea to identify someone with decent IT skills before you need them -- and be very nice to them (make cookies, buy them a beer, etc.).
The Rest of This Site:
The rest of this site consists of pages on different aspects of Internet Security. I expect to be frequently updating this site. I welcome comments and questions, but please understand that I am not running a consulting business - so I will be unable to answer specific security questions. I am also NOT guaranteeing that following these steps will always keep you safe -- but they will address a very large percentage of the risk you will find on the Internet, and help to make recovery far less traumatic than it could be.
About the author:
This site is developed and maintained by Dr. Gerald M. (Gerry) Santoro - [email protected] -- it is made freely available for educational purposes as a community service. If you wish to verify my identity you may look me up in the faculty directory for the College of Information Sciences and Technology at The Pennsylvania State University.
Here is a link to my security blog:
https://santorosecurityblog.blogspot.com/
Shameless, but honest, plug ...
If you want to learn more about computer security, and possibly develop a career in computer and network security. I urge you to check out the Bachelor of Science Degrees in Information and Cyber-Security and Security and Risk Analysis at Penn State University. Our students learn state-of-art methodologies, develop current skills, and become certified by the National Security Agency upon graduation.
Important note: I recently gave a talk at Penn State about protecting your privacy online. Here is a video version of the talk:
Important note: I recently gave a talk at Penn State about protecting your privacy online. Here is a video version of the talk:
This page created and made available for educational purposes by Dr. Gerry Santoro - [email protected]