Protecting Yourself Keeping Your Secrets Secret November 11, 2004 - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Protecting Yourself Keeping Your Secrets Secret November 11, 2004

Description:

Other scams. Spam. Cryptography. Email Tips. Questions and ... What do phishing scams look like? I checked the url in the email it looks okay, can I click? ... – PowerPoint PPT presentation

Number of Views:148
Avg rating:3.0/5.0
Slides: 30
Provided by: Dep53
Category:

less

Transcript and Presenter's Notes

Title: Protecting Yourself Keeping Your Secrets Secret November 11, 2004


1
Protecting YourselfKeeping Your Secrets
SecretNovember 11, 2004
  • Arlene Yetnikoff
  • Director of Information Security
  • DePaul University

2
Information Security at DePaul
  • Who we are
  • Information Services - Business Continuity and
    Security Group (BCS)
  • Web Site
  • http//is.depaul.edu/security/information_security
    /
  • http//security.depaul.edu
  • Email Addresses for BCS team
  • Bill Eaheart - weaheart_at_depaul.edu
  • Eric Pancer epancer_at_security.depaul.edu
  • Arlene Yetnikoff ayetniko_at_depaul.edu
  • Ed Gregory egregory_at_depaul.edu
  • Cheryl Barkby - cbarkby_at_depaul.edu
  • Maybelline Davis - mdavis_at_depaul.edu
  • Reporting security incidents
  • security_at_depaul.edu
  • abuse_at_depaul.edu

3
Today
  • Provide practical information
  • General guidelines for protecting yourself and
    your information on the Internet
  • No Silver Bullet
  • Understanding risks and scams is critical
  • Presentation available at
  • http//is.depaul.edu/security/information_security
    /presentations.sap

4
Agenda
  • Viruses
  • Phishing
  • Other scams
  • Spam
  • Cryptography
  • Email Tips
  • Questions and Discussion

5
Viruses
  • What do they look like?
  • Attachment
  • From someone you dont know or someone you know
    very well
  • Usually will have a very impersonal note in it
  • How do they work?
  • Automated
  • Honor system
  • What should you do when you get one?
  • Delete key
  • Stinger - http//vil.nai.com/vil/stinger/

6
Viruses
  • How can you prevent all viruses?
  • How can you prevent many viruses?
  • AVG www.grisoft.com
  • Symantec security check - http//www.symantec.com/
    cgi-bin/securitycheck.cgi
  • Are some files more likely than others to carry
    viruses?
  • Errrr..well..yes
  • But dont let that make you feel comfortable with
    other files.

7
Phishing
  • Attempts to get personal information for the
    objective of identity theft or theft of money
  • What do phishing scams look like?
  • I checked the url in the email it looks okay,
    can I click?
  • Fun Practice
  • phishing IQ test
  • http//survey.mailfrontier.com/survey/quiztest.htm
    l
  • http//www.netriplex.com/phishfraud/phishing_test.
    aspx
  • Unsure?
  • Ask us security_at_depaul.edu

8
Other Scams
  • Nigerian 419 fraud
  • Foreign lotteries
  • Postcard drives, name frequency surveys

9
Spam
  • What is Spam?
  • Why do people send Spam?
  • How can I tell who it is from?
  • How do spammers get my email?
  • If I unsubscribe will it stop?
  • What is an open relay?
  • How can I prevent Spam?

10
What is Spam?
  • Email
  • Unwanted
  • Inappropriate
  • Unsolicited (UCE)

11
Why do people send Spam?
  • Equivalent to junk mail
  • Difference
  • junk mail is a cost for the sender
  • spam is a cost for everyone else
  • Attempting to sell products and services

12
How can I tell who it is from?
  • Majority of the time you cannot tell the origin
  • Very sophisticated
  • open mail relays
  • Ethical?
  • Check the email headers
  • one time accounts
  • forged headers

13
What is an open relay?
  • Open mail relay
  • mail server processes a mail message where
    neither the sender nor the recipient is a local
    user
  • Problems
  • In the past, third party mail relaying was a
    useful tool remote users
  • Open mail relays pose a significant threat to the
    usefulness of email.
  • Abuse occurs when massive amounts of mail are
    relayed through an otherwise unrelated server.
  • Costs storage space, bandwidth, time

14
Open Mail Relay
15
Email Headers
  • Viewing email headers on Groupwise
  • Open the offending email
  • Choose File gt Attachments gt View.
  • You can view the message headers by clicking on
    the attachment Mime.822

16
Reading Email Headers
  • http//www.stopspam.org/email/headers.html
  • Check www.google.com for more

17
How do spammers get my email?
  • Harvesting WebPages
  • Harvesting Newsgroups
  • Guessing
  • Buying lists from other spammers or companies
  • From a mailing list
  • By people themselves
  • Other ways

18
If I unsubscribe will it stop?
  • Do not respond to spam
  • By responding you
  • Verify that your email address is valid.
  • Verify that you actually read the mail, and took
    the time to reply to it.
  • Show a lack of anti-spam knowledge to the spammer
  • Increase the chances that you will receive more
    spam

19
How can I prevent Spam?
  • May be able to limit spam
  • Use a separate email address when you post to
    newsgroups and mailing lists
  • NEVER buy anything from a company that spams.
    Don't visit their sites or ask for more
    information.
  • Do not forward chain letters, petitions, mass
    mailings, or virus warnings
  • Protect your email address
  • Filter from your inbox
  • Use a commercial product.
  • Some email services may have a spam report
    feature.

20
Filtering Email
  • Researching Possibilities
  • Pros
  • May limit some spam
  • Cons
  • Can slow mail delivery
  • May drop legitimate mail
  • Managing filters
  • New ways to deliver

21
Cryptography
  • Terms
  • What is PGP?
  • How does it work?
  • Examples
  • Tutorial

22
Terms
  • Cryptography
  • Mathematical manipulation of data
  • Encryption
  • Process of scrambling information
  • Decryption
  • To undo the encryption process
  • Cipher Text
  • Mangled information
  • Public Key cryptography (asymmetric)
  • Encryption and Decryption are performed with
    different keys
  • Secret Key cryptography (symmetric)
  • Same key is used for Encryption and Decryption

23
What is PGP?
  • PGP Pretty Good Privacy
  • Strong encryption software
  • Authored by Phillip Zimmerman
  • Scrambles emails and files

24
Why should I use it?
  • Security
  • Privacy
  • Options - Free versions available
  • PGP
  • some licensing restrictions may apply for newer
    versions
  • http//www.pgp.com/
  • GNU Privacy Guard gpg
  • completely free
  • http//www.gnupg.org/
  • S/MIME
  • http//www.mozilla.org/projects/security/pki/psm/s
    mime_guide.html

25
Privacy?
  • C\mailscan2.is.depaul.edu
  • Tracing route to mailscan2.is.depaul.edu
    140.192.20.71
  • over a maximum of 30 hops
  • 1 1 ms 1 ms 1 ms 192.168.0.1
  • 2 22 ms 23 ms 23 ms
    dsl081-226-001.chi1.dsl.speakeasy.net
    192.168..2.1
  • 3 21 ms 23 ms 22 ms
    border5.ge3-2.speakeasy-28.chg.pnap.net
    64.94.35.212
  • 4 23 ms 24 ms 22 ms
    core5.ge3-0-bbnet2.chg.pnap.net 64.94.32.78
  • 5 23 ms 21 ms 24 ms
    gigabitethernet8-0-519.ipcolo1.Chicago1.Level3.net
    209.247.34.165
  • 6 25 ms 22 ms 22 ms
    gigabitethernet5-2.core2.Chicago1.Level3.net
    209.244.8.21
  • 7 23 ms 22 ms 22 ms
    p5-1.chcgil2-cr2.bbnplanet.net 209.0.227.70
  • 8 23 ms 23 ms 22 ms
    p0-0.icnet.bbnplanet.net 4.24.203.66
  • 9 24 ms 24 ms 24 ms
    rtr-cst-bs-int2-a1-0.netequip.depaul.edu
    206.220.243.169
  • 10 25 ms 24 ms 21 ms
    mfc-cst-bs-a-v865.netequip.depaul.edu
    140.192.9.58
  • 11 27 ms 24 ms 23 ms
    mfc-cst-5a-v19.netequip.depaul.edu
    140.192.19.122
  • 12 25 ms 26 ms 27 ms smtp.depaul.edu
    140.192.20.71
  • Trace complete.

26
How does it work?
27
Example
  • Plain text
  • Hello world
  • Encrypt with public key
  • Encrypting created Ciphertext
  • -----BEGIN PGP MESSAGE-----
  • Version PGPfreeware 6.5.8 for non-commercial use
    lthttp//www.pgp.comgt
  • qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl
    7uZH8wYNrsVFnF
  • ALvwwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm
    4OCj1s0O3GVQDP
  • tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5i
    Qpp66wucJETAey
  • /tWpLjVBtb8vsDdjRm/3OBxjVXRdJJynk3HHrqpvBDLkMCK
    p2JSnqT2w2jK6
  • biDVKNtKao7Vq5sQYWZ1UAHXuH53Ph9NZIYuk6NKoNljeomSbY
    s46lx/SHzotBM
  • w3ou7xausaUn0/Q24YclFPdyVDHbyThEWGSCZvMjCZcLqACA
    C1sLhpDZUwgW1g
  • cGQ6dTsnySTtmV9uB/tMyAPPnPQFPHd1bpBP000RySteLHj
    EKjMV752k
  • ScLD
  • -----END PGP MESSAGE-----
  • Decrypt with private key
  • Plaintext

28
Email Tips
  • Be smart about your password
  • Keep browsers up-to-date
  • Trust your instincts
  • Do not open suspicious attachments
  • Do not respond to spam
  • Log out of your email account
  • Email should not be considered private.
    Confidential information should not be sent by
    email.
  • Use encryption when possible

29
The End!
  • Thank you
  • Any questions
  • http//security.depaul.edu
  • security_at_depaul.edu
Write a Comment
User Comments (0)
About PowerShow.com