Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security Awareness

advertisement 
Security Awareness Topics
Password Tips
-Always use strong passwords:
-At least eight characters long
-Non-dictionary words
-Use upper and lower case letters
-Use numbers and special characters (!@#$%...)
-Use password phrases (This passwd is 4 my email)
-Avoid common phrases, famous quotes, family & pet names, and song
lyrics.
-Don’t use the same password everywhere. (e.g., Facebook and email account)
-Don’t share your password with anyone.
-Don’t email your password to anyone for any reason.
-Consequences of weak passwords
The consequences of using weak, insecure passwords are often severe.
Many people use the same password for every account they own. For
instance, if someone were to gain access to your email account password
would they also be able to find your username to your Amazon or PayPal
accounts?
Email Security
-Don’t open attachments from unknown senders.
-Be careful about opening attachments from known senders. A favorite
technique of malware and spyware is to harvest the email addresses of everyone
in your address book and send phishing emails to them.
-Phishing emails
-These are the spam email messages you get asking you to reset your password
on your email or bank account.
-Don’t respond to emails that ask you to send your password.
-Don’t click on the links in an email. (show the screenshot from The Consumerist
of a phishing site)
-Never send or reply to an email with account numbers, social security numbers,
or passwords.
Credit Card Use Online
-Manually type the site address into the address bar.
-“Look for the lock”
-Look for https: in the address bar
-Only make purchases online from reputable merchants.
Malware, Spyware, Trojans, Rootkits, and Viruses
-Antivirus software
-Have one installed. Freely available to students, staff, and faculty from
https://download.uky.edu/
-McAfee
-Microsoft Forefront* - (may not be widely distributed yet)
-Install software to detect malicious software.
-Malwarebytes’ Anti-Malware
-Spybot Search & Destroy©®
-Ad-Aware
Unsafe Browsing Behaviors
-The most common ways to get infected with a virus, Trojan, or malware:
-Warez - Downloading software via BitTorrent, eDonkey, LimeWire, Ares,
etc.
-Not only is downloading most of this software illegal but it has
likely been altered in some way to infect your PC or harvest
personal information.
-Only install software from reputable sources. (see below)
-Visiting a malicious site accidentally because of a misspelled domain
name.
-Clicking a link in a phishing email
Operating System and Software Updates
-Windows Updates
-Always install the latest updates (Patch Tuesday – 2nd Tuesday of every
month)
-Automatic Updates
-Windows has the ability to automatically download and install the latest
updates when they are available. Most people should enable this setting.
-Most viruses and Trojans take advantage of already patched
vulnerabilities. (i.e., would be safe if you had installed latest updates)
Windows firewall
-Turn it on. Leave it on.
File Backups
-Both Mac and Windows have built-in backup solutions. Use them.
-Don’t have just one copy of homework/important files
-Buy an extra hard drive to backup to
-Backup files to your email
-Backup to a USB key
-Backup to your campus NetBlue account
-Online services such as:
Dropbox (2GB free) www.getdropbox.com
Mozy (1GB free) www.mozy.com
Windows Live SkyDrive (25GB free) http://skydrive.live.com/
Cell Phone Security
-Always password-protect your phone.
-Cell phones today can make calls, check email, browse the web, take pictures
and video, and be used as a GPS. All of these technologies can be exploited by an
unscrupulous person with just a few minutes access to your phone. They can be
viewing very personal information in just a few clicks or swipes.
-Check out some of the consequences of leaving your phone unattended:
-Show video?
Social Networking Security Awareness (Facebook, MySpace, Twitter, etc.)
-Be careful about the information you share such as your home address, phone
numbers, your schedule, or your routine.
-Some people have hundreds of online “friends”. Is your Facebook profile
viewable to “Only Friends”, “Friends of Friends”, or “Everyone”? There could
potentially be thousands of people who could view your name, home address,
work address, cell phone number, IM screen names, your political views, or your
religious views.
-The pictures you upload could come back to haunt you.
-Companies are using Facebook, Myspace, and Google to perform background
checks during the interview process. You should occasionally log out and do
those same searches yourself. Vanity searching
Laptop Security and Encryption
-File Encryption
-Use software to protect your laptop should it be stolen. Both Windows and Mac
platforms have software available that will encrypt your data.
-Windows
-Windows EFS1 – Built-in
-BitLocker1 – Built-in Ultimate & Enterprise editions. Removable
Devices can also be protected with BitLocker
-TrueCrypt
-Mac
-FileVault
-TrueCrypt
-Physical Security
-Don’t leave laptops, cell phones, or any electronic devices unattended.
There is a good chance they won’t be there when you return. Which
would you rather lose, your driver’s license or your laptop with possibly
irreplaceable and/or embarrassing information on it?
-Use a laptop security cable, even for quick trips to the restroom.
-Wireless Access Point Security
-Be cautious when connecting to an unverified Wireless Access Point
-Probably illegal (theft of service)
-Possibly malicious; i.e., use of your information (packet capture)
DMCA, RIAA, & MPAA
-If you download music, movies, TV shows, software, or even textbooks illegally
while using the campus network, you will likely be getting familiar with one of
those acronyms.
-Freely available, legal alternatives
-Music
-Pandora.com
-Last.fm
-Blip.fm
-thesixtyone.com
-Movies & TV shows
-Hulu.com
-Most broadcast & some cable channels offer streaming of past
episodes on their own corporate sites. NBC.com, ABC.com,
ComedyCentral.com
-Software
-Download.com
-FileHippo.com
-SourceForge.net
1The EFS mechanism works after Windows boots up, while BitLocker
works before Windows and
seamlessly operates beneath the operating system. EFS works on the file system level and encrypts at the
file level based on user permissions and PKI-protected session keys; BitLocker is a low-level mechanism
that encrypts an entire volume and is oblivious to the concept of users and PKI. This means that EFS offers
high-level manageability, while BitLocker operates at a low level without the manageability features--but
it can protect those spots EFS can't. Files encrypted by EFS can't be cracked, although the filename and
directory structure is not protected. The Windows partition encrypted by BitLocker is completely
scrambled so you can't even tell what the filename and directory structure is.
http://articles.techrepublic.com.com/5100-10878_11-6162949.html
Related documents
TIPS for teaching Dystopian Fiction
TIPS for teaching Dystopian Fiction
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
Edlio PowerPoint - Hemet Unified School District
Edlio PowerPoint - Hemet Unified School District
Untitled document
Untitled document
Procedural Facts to Know and Pearls CardioThoracic Procedures
Procedural Facts to Know and Pearls CardioThoracic Procedures
Log on to flinders.edu.au/setup 2. Enter your FAN & Password
Log on to flinders.edu.au/setup 2. Enter your FAN & Password
Password-Based Football
Password-Based Football
Edsby login
Edsby login
e-Billing & e
e-Billing & e
This policy setting allows you to control whether the
This policy setting allows you to control whether the
Protect Data with Windows 7 BitLocker Get Started
Protect Data with Windows 7 BitLocker Get Started
Download
advertisement