Information Security Awareness

1 / 67
About This Presentation
Title:

Information Security Awareness

Description:

creates an email server on your computer ... Information Security Awareness. What are some examples? Email Scams (Citibank email) http://www ... – PowerPoint PPT presentation

Number of Views:2577
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: Information Security Awareness


1
Information Security Awareness
  • Basic Training for the Campus Community

2
Information Security Awareness
  • What are we protecting?
  • Our personal data
  • Students personal data
  • Critical systems-email, network, file storage
  • What are we protecting them from?
  • Information exposure
  • DOS-Denial of Service
  • Malicious Editing
  • How do these things happen?
  • Direct attacks
  • Hacker gets remote control access to a
    computer
  • DOS attack, such as a virus worm
  • Network/email slowed or stopped
  • Lack of physical security
  • computer stolen or paperwork viewed

3
Information Security Awareness
  • Attacks suffered  (compared with last year) Last
    12 months
  • Yes More
    Less Same
  • Virus or worm 100 73 9
    18
  • Laptop theft 63  32 15 54
  • Desktop theft 59  30 14 56
  • Denial-of-service attack 53  51 16
    34
  • System compromised 41  46 18 36
  • Unauthorized access to student data
  • 14  26 26 48
  • -from Educause Chronicle of Higher Education
  • Worst ones at UWM

4
Information Security Awareness
  • Statistics (from higher ed as of December, 2004)
  • Successfully hacked 41
  • Attacks Accellerating 73
  • Punitive measures (students) 89

5
Information Security Awareness
  • Virus/Security Impact at UWM
  • Worst yet? Blaster virus, August 2003
  • Support Hours (non-IMT) 175 hours
  • Employee Downtime (non-IMT) 149 hours

6
Information Security Awareness
  • Virus/Security Impact at UWM
  • UWM Help Desk Virus/Security Help Request Hours
  • 485 hours
  • 683 hours
  • 1037 hours

7
Information Security Awareness
  • Legislation and Policy
  • Where do I go for help?

8
Information Security Awareness
  • Federal Legislation
  • GLBA (Graham Leach Bliley Act)
  • Financial Modernization
  • institutions ensure the security and
    confidentiality of any individuals personal
    financial information
  • bank and credit card account numbers
  • credit histories
  • social security numbers used in conjunction with
    financial transactions
  • FERPA
  • HIPAA

9
Information Security Awareness
  • Federal Legislation
  • FERPA (Family Educational Rights and Privacy Act)
  • Protects the privacy of student educational
    records
  • HIPAA
  • Health Insurance Portability and Accountability
    Act
  • Protect personally identifiable health
    information

10
Information Security Awareness
  • UWM Computer Use Policy
  • Harassing other users, stealing passwords and
    corrupting files will not be tolerated.
  • Only UWM students, faculty and staff members are
    authorized to use IMT computers. You may not
    permit anyone else to use your computer account.
  • Everyone is expected to do their share of
    avoiding waste of limited resources.
  • Do not attempt to break into any computers or use
    any other person's computer account without their
    permission.
  • In general, common sense reigns.
  • http//www.uwm.edu/IMT/Computing/Docs/csdGuideline
    .html

11
Information Security Awareness
  • Where do I get computer help?
  • Decentralized campus IT environment
  • Ask your supervisor what their dept. policy is
  • General information and questions?
  • UWM Help Desk 229-4040
  • Email help_at_uwm.edu
  • Virus or security questions?
  • Help desk
  • http//security.uwm.edu
  • virus_at_uwm.edu
  • csirt_at_uwm.edu

12
Information Security Awareness
  • Where do I get computer help?
  • When to contact Campus Police
  • Feel your or others personal safety is at risk
  • Believe a law has been violated
  • Believe your identity or other theft has occurred
  • When in doubt, call campus PD x9911

13
Information Security Awareness
  • Prevention and Awareness to avoid threats
  • Virus Protection
  • System Hardening-stop hackers!
  • Spyware Prevention/Awareness
  • Social Engineering and other threats
  • Email Safety Tips
  • Passwords
  • Fraud/Identity Theft
  • Physical Information Security

14
Information Security Awareness
  • Virus Protection
  • What is a computer Virus?
  • Generally speaking
  • A virus is a computer program, usually disguised
    as something else, (mail, game, joke) that is
    designed to automatically spread itself to other
    computer users.
  • Clogs networks by spreading itself
  • Creates great expense in cleanup and downtime

15
Information Security Awareness
  • Virus Protection
  • Most common Computer Virus delivery at UWM
  • An email with an attachment that appears to have
    been intentionally sent by someone you regularly
    communicate with

16
Information Security Awareness
  • How do computers get infected?
  • Opening Email Attachments
  • How does it work?
  • Open a bad attachment
  • Actually a disguised program that does 2 things
  • creates an email server on your computer
  • uses your address book to email itself to
    everyone you know, thus it looks like its from
    you!
  • Your friend opens it too and the cycle
    continues..

17
Information Security Awareness
  • What can I do to prevent this?
  • Use care when opening attachments
  • You should never open an attachment unless you
    can answer YES to all three of the following
    conditions
  • I know exactly what this file is
  • I have scanned this file with my virus scan AND I
    have ensured that my virus scan was recently
    updated
  • I have verified the identity of the sender and
    their intentions via email or phone call.

18
Information Security Awareness
  • Anti-Virus Software
  • Campus License of Mcafee Virus scan
  • Can use at home
  • Available in ccls, download
  • Preconfigured for
  • Auto-updates
  • Full scans
  • No yearly subscription fees
  • Daily monitoring for virus trends

19
Information Security Awareness
  • Where do I get virus protection?
  • Campus Computer Labs
  • Links at http//security.uwm.edu

20
Information Security Awareness
  • Do I already have virus protection?
  • Departmental computers If you dont see the
    McAfee shield (below) on your computer in the
    bottom right hand corner contact help person for
    information on what you should be using on your
    office computer

21
Information Security Awareness
  • How do I know if I have a virus on my computer?
  • Strange behavior or you get a Mcafee pop-up
  • Unusual performance problems
  • Suspect you clicked on something bad
  • Where can I go for help if I think I have a virus
    on my computer?
  • Your areas computer help staff
  • Campus help desk 229-4040 or security.uwm.edu
    website
  • virus_at_uwm.edu

22
Information Security Awareness
  • How do I initiate a scan?
  • Whole hard drive
  • Single file
  • Remember
  • Anti Virus products are only as good as their
    last update!

23
Information Security Awareness
  • If McAfee finds a virus on my computer, now what?
  • It may clean it automatically
  • It may not be able to clean it because it is a
    program that is running
  • Restart in safe mode (hit f8 during
    pre-windows boot up)
  • Run scan again or manually clean it up
  • Check for documentation about the virus it
    identifies
  • http//vil.mcafee.com
  • http//securityresponse.symantec.com

24
Information Security Awareness
  • Stopping Hackers
  • All these steps help, but there are additional
    steps Windows PC users should take
  • 1. Secure all accounts on your PC and limit the
    number of accounts
  • 2. Ensure your PC is up to date and enable Auto
    Updates
  • 3. Use a software and hardware firewall

25
Information Security Awareness
  • Stopping Hackers
  • 1. Secure all accounts on your PC and limit the
    number of accounts
  • (this is different on different versions)
  • Go to start/settings/control panel
  • Choose Users and groups
  • Choose Users
  • Limit this to the bare minimum
  • Rename the administrator account
  • Disable guest unless using Windows file sharing

26
Information Security Awareness
  • Stopping Hackers
  • 2. Ensure your PC is up to date and enable Auto
    Updates
  • Go to start, and Windows Update
  • Alternately, open Internet Explorer and go to
  • http//windowsupdate.microsoft.com
  • -Windows XP Service Pack 2
  • AutoUpdate feature
  • May not be available on IMT or other campus
    machines
  • right click on My Computer, choose
    properties and choose the Automatic Updates
    tab

27
Information Security Awareness
  • Stopping Hackers
  • 3. Use a Hardware and/or Software Firewall
  • Firewall
  • A computer Firewall helps filter traffic and
    limits the kinds of communications your
    computer/network can have with the world

28
Information Security Awareness
  • Stopping Hackers
  • Hardware Firewall (Router)
  • Suggested if you are using Broadband at home
  • Includes Roadrunner, DSL
  • D-Link DI-604 30 Linksys BEFSR41 40

29
Information Security Awareness
  • Stopping Hackers
  • Software Firewall
  • Norton Personal Firewall 50

Zone Alarm free/40
30
Information Security Awareness
  • Spyware
  • Spyware is software that is installed on a
    computer to covertly gather information through
    your internet connection.
  • -used by Advertisers and Market Researchers

31
Information Security Awareness
  • Spyware
  • Spyware lurks on as many as 80 of computers
    nationwide, according to the National Cyber
    Security Alliance, a trade group.
  • In a recent survey, 31 of online shoppers said
    they were buying less than before because of
    security issues.
  • Fed up over problems stemming from viruses and
    spyware, some computer users are giving up or
    curbing their use of the Web
  • -LA Times article http//www.latimes.com/business/
    la-fi-fedup14jan14,0,111456.story?collla-home-hea
    dlines
  • .

32
Information Security Awareness
  • Spyware vs. Viruses
  • Viruses Mostly designed to propagate itself and
    damage network and computer performance
  • Spyware Designed to gain information from your
    computer by running unnoticed or providing some
    other service.
  • .

33
Information Security Awareness
  • I have an anti-virus program. Will this stop
    spyware?
  • Some spyware is detected by anti-virus products
    such as McAffee and Norton, but for the most part
    this is not the case.

34
Spyware has the potential to share personal
information with third parties without your
knowledge or consent.
35
Information Security Awareness
  • Increasing threat level!
  • Spyware type attack gains financial information
  • (http//www.eweek.com/article2/0,1759,1619842,00.a
    sp)
  • An attack in June of 2004 which had the ability
    to monitor web traffic for the purposes of
    gaining account numbers and passwords for victims
    online banking accounts.
  • While this attack also depended on other elements
    to be successful, it represents a disturbing
    trend for spyware toward increasingly invasive
    and disturbing attacks.

36
Information Security Awareness
  • Spyware two kinds voluntary vs involuntary
  • Voluntary
  • Programs installed intentionally to server a
    purpose that also report personal information to
    a third party
  • browser toolbars
  • browser help windows
  • free screensavers
  • internet speed optimizers
  • Anti-spyware programs

37
Information Security Awareness
  • Spyware
  • Voluntary Examples
  • Weatherbug
  • Webshots
  • Marketscore
  • How to avoid this?
  • 1. Google new things before installing
  • 2. Read your EULA
  • NUMEROUS ANTI-SPYWARE PRODUCTS ARE ACTUALLY
    SPYWARE!!
  • .

38
Information Security Awareness
  • Marketscore (voluntary)
  • Promises to increase your internet speed.
  • Passes ALL of your internet traffic through their
    servers

39
Information Security Awareness
  • Marketscore (voluntary)
  • Evil Eula
  • Accept Marketscore-provided software upgrades or
    changes to your system settings
  • Make reasonable efforts to configure all of the
    computers having Internet access that are used at
    home by anyone in your Household to use the
    Marketscore Network and, where allowed by company
    policy, on all such computers having Internet
    access that are used at work by anyone in your
    Household
  • Provide complete and accurate information about
    yourself and your Household as requested during
    registration for the Marketscore Network
  • Allow Marketscore to combine the information that
    you provide with information such as credit or
    prescription information from third parties

40
Information Security Awareness
  • Spyware
  • Involuntary
  • Programs you accidentally pickup on the internet
    that hook into your browser
  • symptoms include
  • Changed homepage
  • sluggish performance
  • new toolbars
  • lots more pop ups
  • How to avoid this?
  • 1. Stop using Internet Explorer
  • 2. Use a reputable anti-spyware program

41
Information Security Awareness
  • Suggested Anti-Spyware Products
  • Spybot
  • Ad-Aware
  • Giant Anti Spyware (Now Microsoft product)
  • Pest Patrol
  • Webroot Spy Sweeper
  • Other resource
  • Spywarewarrior.com

42
Information Security Awareness
  • Spyware
  • Prevention in detail
  • 1. Use Anti- Spyware software
  • 2. get rid of IE
  • 3. keep PC updated
  • 4. read your EULAs
  • 5. research software that you are considering
    installing
  • 6. Avoid software that is advertised via
    pop-ups or SPAM.
  • .

43
Information Security Awareness
  • Email Safety Tips
  • Be careful with email attachments! - They can be
    an open door to your computer!
  • Avoid links to jokes, free downloads, etc. (Do
    you REALLY know where that link goes?)
  • Be aware of virus hoaxes (jdbgmgr.exe)
  • Do not submit personal data over email
  • Ssn
  • Address
  • Phone

44
Information Security Awareness
  • Email Safety Tips
  • Forged email addresses. i.e. From bob_at_uwm.com
  • This is simply text-can be forged for purposes of
    gaining personal information.
  • Do you REALLY know who you are sending that email
    to?

45
Information Security Awareness
  • Email Safety Tips
  • Your bank will not ask for personal information
    via unsolicited email
  • Neither we nor Microsoft will email you a patch
    to install via email attachment
  • Do you REALLY know who you are sending that email
    to?

46
Information Security Awareness
  • Passwords
  • Use strong passwords and change them regularly!
  • What are Strong Passwords?
  • Minimum 8 characters
  • Capitalized/lower case
  • Some non-letter characters like, and
  • The trick to making passwords

47
Information Security Awareness
  • Passwords
  • Epanther ID password characteristics
  • Do not use your name or variations of your name.
  • Do not use your address or other sequences of
    characters that someone may guess about you.
  • Use exactly 8 characters.
  • Include upper case as well as lower case letters,
    digits and non-alphanumeric characters.
  • Please do not use the backslash character.

48
Information Security Awareness
  • Fraud/Identity Theft
  • My purse was stolen in December. By February, I
    started getting notices of bounced checks. About
    a year later I received information that someone
    using my identity had defaulted on a number of
    lease agreements and bought a car. In 1997, I
    learned that someone had been working under my
    Social Security number for a number of years. A
    man had been arrested and used my SSN on his
    arrest sheet. Theres a hit in the FBI computers
    for my SSN with a different name and gender. I
    cant get credit because of this situation. I
    was denied a mortgage loan, employment, credit
    cards, and medical care for my children. Ive
    even had auto insurance denied, medical insurance
    and tuition assistance denied.
  • -From a consumer complaint to the FTC, January
    2, 2001

49
Information Security Awareness
  • Fraud/Identity Theft
  • Identity Theft is the use of someone elses good
    name and credit to obtain things you will never
    pay for.
  • Fraud/Identity Theft
  • Identity Fraud vs Identity Theft
  • Identity Theft When someone gathers personal
    information about you and assumes your identity
    as your own
  • Identity Fraud Consists mainly of someone
    making unauthorized charges to your credit cart

50
Information Security Awareness
  • What are some examples?
  • Email Scams (Citibank email) http//www.uwm.edu/s
    ab2/sample.htm
  • Dumpster diving
  • Credit Card information theft
  • Lost/Stolen Wallets
  • Bogus change of address requests

51
Information Security Awareness
  • Fraud/Identity Theft
  • Statistics
  • 1. Approximately 7 million people were victims of
    identity theft in 2002. That breaks down to a
    little more than 13 identity thefts every minute.
  • 2. 85 percent of all identity theft victims find
    out about the crime only when they are denied
    credit or employment, contacted by the police, or
    have to deal with collection agencies, credit
    cards, and bills.
  • 3. On average, victims spend 600 hours to fix the
    damage. The time can add up to as much as 16,000
    in lost wages or income.
  • http//www.insideid.com/idtheft/article.php/343826
    1

52
Information Security Awareness
  • Fraud/Identity Theft
  • How Victims Information is Misused (2003)
  • 33 credit card fraud
  • 21 phone or utilities fraud
  • 17 Bank Fraud
  • 6 Loan Fraud
  • -Courtesy of FTC

53
Information Security Awareness
  • Fraud/Identity Theft

54
Information Security Awareness
  • What are some methods of stealing identities?
  • Stealing records from employer
  • Abusing access to credit reports (landlords,
    employers)
  • Email Scams (Phishing)
  • http//www.uwm.edu/sab2/sample.htm
  • Simply stealing your mail
  • Computer Hacking/Theft
  • Skimming
  • Dumpster diving
  • Credit Card information theft
  • Lost/Stolen Wallets
  • Bogus change of address requests
  • Pretext Calling

55
Information Security Awareness
  • What do thieves do with this information?
  • Open credit card and bank accounts in your
    name/credit
  • Change the billing address for current accounts
  • Take out auto loans
  • File for bankruptcy in your name
  • Identify themselves as you when being arrested
  • Obtain IDs/ driver licenses in your name
  • Open cell phone or utility bills, then not pay
  • Change of address requests

56
Information Security Awareness
  • What does it take to steal someone's identity?
  • Name
  • Social Security Number
  • D.O.B.
  • Mothers maiden name
  • Address
  • Phone number

57
Information Security Awareness
  • Fraud/Identity Theft
  • How Can I Tell if I'm a Victim of Identity Theft?
  • Monitor the balances of your financial accounts.
    Look for unexplained charges or withdrawals.
    Other indications of identity theft can be
  • failing to receive bills or other mail signaling
    an address change by the identity thief
  • receiving credit cards for which you did not
    apply
  • denial of credit for no apparent reason or
  • receiving calls from debt collectors or companies
    about merchandise or services you didn't buy.
  • -(UWM Police Department)

58
Information Security Awareness
  • Fraud/Identity Theft
  • How can I detect it?
  • Order a copy of your credit report regularly
  • When you do your taxes?
  • Credit bureaus
  • Equifax, 800-525-6285
  • Experion, 888-397-3742
  • TransUnion, 800-680-7289.

59
Information Security Awareness
  • Free credit reports available March 1
  • Online
  • Fair and Accurate Credit Transactions Act of
    2004.
  • www.annualcreditreport.com gets you all 3
    reporting agencies
  • (actually have to type the address in!)
  • Stick with that site. There are many reporting
    companies, some with strings or costs attached
  • By Phone
  • 877-322-8228
  • By Mail
  • Fill out the form (linked below) and mail it to
  • Annual Credit Report Request Service, PO Box
    105281, Atlanta, GA 30348-5281.
    www.ftc.gov/bcp/conline/edcams/credit/docs/fact_ac
    t_request_form.pdf.

60
Information Security Awareness
  • Fraud/Identity Theft
  • How can I prevent it?-other tips
  • Shred everything with you information on it that
    you dont need
  • Place passwords on bank and credit cards
  • Store card information separately
  • Dont write pin s anywhere
  • Dont provide personal info unless you initiated
    the contact
  • More email cautions
  • Secure personal information in your home

61
Information Security Awareness
  • What can I do if I think its already happened to
    me?
  • Contact the fraud departments of any one of the
    three credit bureaus or the clearinghouse
    mentioned earlier to place a fraud alert on your
    credit file.
  • Close the accounts that you know or believe have
    been tampered with or opened fraudulently.
  • File a police report. Get a copy of the report to
    submit to your creditors and others that may
    require proof of the crime.
  • File a complaint with the FTC using the ID Theft
    Affadvit. The FTC maintains a database of
    identity theft cases used by law enforcement
    agencies for investigations.

62
Information Security Awareness
  • What can I do if I think its already happened to
    me?
  • Keep a running record of everything
  • Get it in writing!

63
Information Security Awareness
  • Resources
  • UWM Police Department
  • http//www.uwm.edu/Dept/police/identity.html
  • Federal Trade Commission
  • http//www.ftc.gov

64
Information Security Awareness
  • What can I do to physically secure my
    information?
  • Lock your workstation
  • Dont leave stuff laying around
  • Lock up when possible
  • Surplus equipment properly
  • Shred documents

65
Information Security Awareness
  • Surplus Equipment
  • Disposal
  • EHS/RM Disposal Program
  • http//www.uwm.edu/Dept/EHSRM/HAZEXCEPTIONS/escrap
    .html
  • Cascading Equipment (giving to other staff)
  • Use Autoclave or similar cleaner
  • http//staff.washington.edu/jdlarios/autoclave/

66
Information Security Awareness
  • Basic Computer Security Steps
  • Virus Scan
  • Be cautious with email attachments
  • Use strong passwords
  • Keep your PC and other software up to date
  • Limit physical access to your computer
  • Install a firewall
  • Research new programs you are thinking of
    installing
  • Know where to go for help
  • Backup your files on a regular basis
  • Dont immediately discount computer warning
    messages
  • Available at http//security.uwm.edu

67
Information Security Awareness
  • Resource List
  • Virus Protection
  • http//vil.mcafee.com
  • http//www3.uwm.edu/security/virus/mcafee.cfm
  • http//vil.mcafee.com/hoax.asp
  • Hacker Thwarting
  • http//www.cert.org/tech_tips/before_you_plug_in.h
    tmlIII
  • http//www.microsoft.com/security/default.mspx
  • Spyware
  • http//spywarewarrior.com/
  • http//www.safer-networking.org/en/index.html
  • Email Safety
  • http//www3.uwm.edu/security/steps/step_2.cfm
  • Identity Theft
  • http//www.ftc.gov
  • http//www.fraudwatchinternational.com/idtheft/idt
    heft.htm
  • Physical Security
  • http//www.uwm.edu/Dept/EHSRM/HAZEXCEPTIONS/escrap
    .html
  • http//staff.washington.edu/jdlarios/autoclave/
Write a Comment
User Comments (0)