Security 101 Harper P. Johnson Information Technology Services Director of Information Security Security 101 Integrity Confidentiality Availability At the Intersection: Secure Productivity Security 101 • Identity and Information Theft Passwords • Weak passwords cracked in seconds • Don’t use common words or text phrases • Choose a combination of letters, numbers, caps/lowercase, and non-alpha-numeric (Special characters) • Sharing is bad (sorry) SPAM • Don’t be a spam zombie Viruses • Previous: Viruses written by anti-social misfits • Current: financial gain, hackers-for-hire write viruses • Deliver infected machines to spammers • Going rate: $600 per 10,000 machines per week • If you don’t know the source don’t click it, delete it • www.spamhaus.org Phishing • Affected up to 4.7% of Americans (1.78M) • “Phishing”: collecting private info through various scams, ~ 3.2% of current emails • Exploding: $1.2B toll to US banks, credit card companies, now more regionalized • Desired success rate: 3% • Typical: starts with email purporting to be from established company (eBay, bank, etc.) • For more info: www.consumer.gov/idtheft/ Local Phishing sample • • • • • • Dear Customer, We are contacting you to remind you that our Account Review Team identified some unusual activity in your account. In accordance with Arizona State Savings & Credit Union's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. We encourage you to sign on and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure. To view and perform the verification process, please click on the link below: https://www.azstcu.org/VirtualAccess/jsp/Member/hbhome.jsp Arizona State Savings & Credit Union is committed to maintaining a safe environment for our customers. To protect the security of your account, our bank employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Online Banking system for unusual activity. Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience. Sincerely, Arizona State Savings & Credit Union, Customer Service. Real site Sample Phishing site Sample phishing information Desktop/Laptop Security S-A-F-E • • • • Software Updates Antivirus Protection Firewall Eradicate Spyware Software Updates • Software Updates – Top priority in securing your PC. – Most obvious are Windows & Office Updates. – Most updates close security “holes” in software products Antivirus • Antivirus Protection – Lots to choose from! – What to look for when selecting a product: • • • • • Able to scan e-mail as well as hard drive Able to create a scan schedule Able to automate the update process Price Bundled with other things (OneCare) – NAU provides to Faculty and Staff Firewall • Firewall – A primary method for keeping a computer secure from intruders – Built into recent versions of major OS • Windows XP SP2 • Mac OS X 10.2 + – Limits network traffic in and out of your computer – Wireless networks at home? • Firewall (usually comes turned off) • Limit access to your MAC addresses Spyware • Eradicate Spyware – What spyware is • Malicious software • Intercepts or takes partial control of a computer's operation • Without the knowledge or consent of that machine's owner – What spyware does • The not-so-bad – Monitors where you go online – Marketers • The really bad – Can give someone else control of your computer – Can record keystrokes Physical Security Physical Security • Lock/Log Off/Turn Off – Lock when you walk away – Log Off overnight – Turn Off for the weekend – Lock your office door • Back Up and Clean Up – Prevent Lost work and productivity – Don’t dispose of old computers unless properly degaussed Incident Reporting • • • • • Know your local contacts Other national sites: For everyone: http://onguardonline.gov/index.html For Parents and kids: http://www.netsmartz.org For Phishing: – http://www.us-cert.gov/nav/report_phishing.html • Arizona: – http://gita.state.az.us/security/security_web_site s_and_links.htm • ID Theft: www.consumer.gov/idtheft/ • Spam: www.spamhaus.org Summary • Summary – Be cautious and think before providing personal data – Protect your passwords – Update frequently (automatically!) • Home and Office – Use your antivirus software & keep it updated • If you don’t have it, get it! – Scan for spyware frequently – Have a firewall in place – Remember physical access restrictions