Securing your PC

advertisement
Security 101
Harper P. Johnson
Information Technology Services
Director of Information Security
Security 101
Integrity
Confidentiality
Availability
At the
Intersection:
Secure
Productivity
Security 101
• Identity and
Information Theft
Passwords
• Weak passwords cracked in seconds
• Don’t use common words or text phrases
• Choose a combination of letters, numbers,
caps/lowercase, and non-alpha-numeric
(Special characters)
• Sharing is bad (sorry)
SPAM
• Don’t be a spam zombie
Viruses
• Previous: Viruses written by anti-social
misfits
• Current: financial gain, hackers-for-hire write
viruses
• Deliver infected machines to spammers
• Going rate: $600 per 10,000 machines per
week
• If you don’t know the source don’t click it,
delete it
• www.spamhaus.org
Phishing
• Affected up to 4.7% of Americans (1.78M)
• “Phishing”: collecting private info through
various scams, ~ 3.2% of current emails
• Exploding: $1.2B toll to US banks, credit
card companies, now more regionalized
• Desired success rate: 3%
• Typical: starts with email purporting to be
from established company (eBay, bank, etc.)
• For more info: www.consumer.gov/idtheft/
Local Phishing sample
•
•
•
•
•
•
Dear Customer,
We are contacting you to remind you that our Account Review Team identified
some unusual activity in your account. In accordance with Arizona State
Savings & Credit Union's User Agreement and to ensure that your account has
not been compromised, access to your account was limited. Your account
access will remain limited until this issue has been resolved. We encourage
you to sign on and perform the steps necessary to restore your account access
as soon as possible. Allowing your account access to remain limited for an
extended period of time may result in further limitations on the use of your
account and possible account closure. To view and perform the verification
process, please click on the link below:
https://www.azstcu.org/VirtualAccess/jsp/Member/hbhome.jsp
Arizona State Savings & Credit Union is committed to maintaining a safe
environment for our customers. To protect the security of your account, our
bank employs some of the most advanced security systems in the world and
our anti-fraud teams regularly screen the Online Banking system for unusual
activity.
Thank you for your prompt attention to this matter. Please understand that this
is a security measure meant to help protect you and your account. We
apologize for any inconvenience.
Sincerely,
Arizona State Savings & Credit Union, Customer Service.
Real site
Sample Phishing site
Sample phishing information
Desktop/Laptop Security
S-A-F-E
•
•
•
•
Software Updates
Antivirus Protection
Firewall
Eradicate Spyware
Software Updates
• Software Updates
– Top priority in securing your PC.
– Most obvious are Windows & Office Updates.
– Most updates close security “holes” in
software products
Antivirus
• Antivirus Protection
– Lots to choose from!
– What to look for when selecting a product:
•
•
•
•
•
Able to scan e-mail as well as hard drive
Able to create a scan schedule
Able to automate the update process
Price
Bundled with other things (OneCare)
– NAU provides to Faculty and Staff
Firewall
• Firewall
– A primary method for keeping a computer secure from
intruders
– Built into recent versions of major OS
• Windows XP SP2
• Mac OS X 10.2 +
– Limits network traffic in and out of your computer
– Wireless networks at home?
• Firewall (usually comes turned off)
• Limit access to your MAC addresses
Spyware
• Eradicate Spyware
– What spyware is
• Malicious software
• Intercepts or takes partial control of a computer's operation
• Without the knowledge or consent of that machine's owner
– What spyware does
• The not-so-bad
– Monitors where you go online
– Marketers
• The really bad
– Can give someone else control of your computer
– Can record keystrokes
Physical Security
Physical Security
• Lock/Log Off/Turn Off
– Lock when you walk away
– Log Off overnight
– Turn Off for the weekend
– Lock your office door
• Back Up and Clean Up
– Prevent Lost work and productivity
– Don’t dispose of old computers unless properly
degaussed
Incident Reporting
•
•
•
•
•
Know your local contacts
Other national sites:
For everyone: http://onguardonline.gov/index.html
For Parents and kids: http://www.netsmartz.org
For Phishing:
– http://www.us-cert.gov/nav/report_phishing.html
• Arizona:
– http://gita.state.az.us/security/security_web_site
s_and_links.htm
• ID Theft: www.consumer.gov/idtheft/
• Spam: www.spamhaus.org
Summary
• Summary
– Be cautious and think before providing personal
data
– Protect your passwords
– Update frequently (automatically!)
• Home and Office
– Use your antivirus software & keep it updated
• If you don’t have it, get it!
– Scan for spyware frequently
– Have a firewall in place
– Remember physical access restrictions
Download