Title: Security Awareness http:security'nsu'edu
1Security Awarenesshttp//security.nsu.edu
2Security AwarenessProtect your PC Update
- Update your OS
- Operating Systems are not perfect. As they get
older, vulnerabilities and errors are found and
exploited. - Updates are intended to fix these.
- Windows has a built in feature called Automatic
Updates. Enabling it will ensure your system
stays up to date. - http//windowsupdate.microsoft.com
- Update all other Software
- Microsoft Office can be updated online.
- Most other third party applications contain a way
to update them. Many are automated.
3Security AwarenessProtect your PC Update
4Security AwarenessProtect your PC Passwords
- Passwords are a primary way of accessing your or
your institutions data. They need to be strong.
Make sure all accounts have one. - Do not use personal information. Names,
addresses, nicknames, hobbies, etc are easy to
guess. - Do not use the same password for everything
- When asked to change, do not use the same
password with a minor change.
5Security AwarenessProtect your PC Passwords
- Strong passwords are comprised of
- Minimum of 8 characters
- Combination of at least three of the following
- Lower case letters a b c
- Upper case letters A B C
- Numbers 1 2 3
- Symbols ! _at_
6Security AwarenessProtect your PC Passwords
- Passphrases can used
- Take a phrase and use the first letter of each
word. - Punctuation marks can be used
- Capitalize some of the letters
- Switch symbols for letters
7Security AwarenessProtect your PC Passwords
- Passphrase example
- Mary had a little lamb, its fleece was white as
snow. - M h a l l , i f w
w a s . - Mhall,ifwwas.
- Mh411,!fWW45gt
8Security AwarenessProtect your PC Login
- Disable Automatic Login
- For newer versions of Windows, setting a password
will prevent the system from booting into an
account - Disable the Welcome Screen
- This is will cause Windows to use the classic
login screen instead of advertising accounts that
are available.
9Security AwarenessProtect your PC Login
10Security AwarenessProtect your PC Accounts
- Windows has two administrator accounts for users
when installed. - Set strong passwords for both
- Only use admin accounts for admin tasks like
installing software or making operating system
changes - Create user accounts for all users
- This adds privacy and security to individuals
data - Prevents unauthorized users from installing
software or changing the operating system - When online, some sites will attempt to install
software, some of it is malicious in nature - Disable the Guest account
- This is the default state for newer operating
system, so verify
11Security AwarenessProtect your PC Accounts
12Security AwarenessProtect your PC Firewall
- Windows has a built in Firewall.
- Firewalls prevent unauthorized traffic from
entering the computer - Example PCs can be remotely controlled. A
firewall can prevent remote users from doing this - Verify the Windows Firewall is enabled
- Enabled by default in service pack 2 and above
- There are third party firewalls available
- ZoneAlarm
- Free for personal use
- http//www.zonelabs.com
- Hardware based firewalls can be incorporated into
routers - Used predominantly with home networks
- Only use one at a time
13Security AwarenessProtect your PC Firewall
14Security AwarenessProtect your PC Anti-Virus
- Virus is a term that is used to refer to
malicious software. In reality, it is one of
many types of software that has malicious intent
(malware). - Viruses
- Worms
- Trojan Horses
- Key-loggers
- etc
- Can
- Destroy data
- Cause hardware failure
- send sensitive information to others
- etc
15Security AwarenessProtect your PC Anti-Virus
- Malware is spread through
- Email
- Web Browsing
- Intentionally included in what looks like
legitimate software. The user is usually
prompted for installation. - Example Gator is part of some screensaver
installs - Intentionally included in web site
- Web site is hacked and when visited, malware is
downloaded - External data devices
- CDs
- External Hard Drives
- Floppy
- Flash (USB) drives
- Remote attacks
16Security AwarenessProtect your PC Anti-Virus
- Protect your PC by installing an Anti-Virus
program - Update it daily, automatically if possible.
- Scan your PC on a regular basis. If possible,
setup automatic scanning. - Although it is possible, it is not recommended to
use multiple AV programs on the same PC at the
same time. - Some Manufacturers will include AV software in a
suite that provides other protection - Example Nortons Internet Security includes
- Firewall
- Spam filter
- Parental Controls
17Security AwarenessProtect your PC Anti-Virus
- Available
- Free
- AVG
- Free for personal use
- http//free.grisoft.com
- Avast
- Free for Personal use
- http//www.avast.com
- Nominal Fee
- McAfee
- Can be purchased as part of a security suite
- Http//www.mcafee.com
- Norton
- Can be purchased as part of a security suite
- http//www.symantec.com
18Security AwarenessProtect your PC Anti-Virus
19Security AwarenessProtect your PC Anti-Virus
20Security AwarenessProtect your PC Anti-Spyware
- Spyware is another type of Malware. The main
purpose behind Spyware is to monitor your
activities and transmit them to a third party,
usually, without your consent. - Example Popup Ads
- Spyware is generally installed via malicious or
hacked web sites, but, it is possible to get
spyware the same way as a virus. - Example Cool Web Search Toolbar
21Security AwarenessProtect your PC Anti-Spyware
- Install an Anti-Spyware Program.
- In most cases, more than one can be used.
- Keep it up to date. Automatic updating is
available in some. - Scan your PC on a regular basis. If possible,
setup automatic scanning. - Micorsoft provides an Anti-Spyware program called
Windows Defender. It is currently in Beta, which
means it is still being tested, but available to
general public without warranty. - Updated via Automatic Updates
- http//www.microsoft.com/athome/security/spyware/s
oftware/default.mspx
22Security AwarenessProtect your PC Anti-Spyware
- There are many free third party Anti-Spyware
programs available. (Be careful though, some
spyware programs are actually spyware.) - Spybot Search and Destroy
- Free
- http//www.safer-networking.org/
- Lavasofts Ad-Aware
- Free for Personal Use
- http//www.lavasoft.com
- SpywareBlaster
- Free
- Prevents Spyware from being installed.
- http//www.javacoolsoftware.com/spywareblaster.htm
l
23Security AwarenessProtect your PC Anti-Spyware
24Security AwarenessProtect your PC Anti-Spyware
25Security AwarenessProtect your PC Anti-Spyware
26Security AwarenessProtect your PC Lock-it or
Logout
- Lock your PC when you leave it unattended.
- Many times, users will be working on sensitive
information and leave for a break, meeting or
other need, leaving this and other potentially
sensitive data accessible from their desk. - Lock the screen by
- Press and release, at the same time, the
CTRLALTDEL keys (not the key) to bring up
the Window Security window and click Lock
Computer - Set up a screensaver, set it for a short period
of time (5 minutes) and set it to prompt for a
password on resume. - Press and release, at the same time, the
WindowsL keys. - If you dont want to lock-it, then logout or
shutdown. - If the PC is off, people cant attack it or
access its data.
27Security AwarenessProtect your PC Lock-it or
Logout
28Security AwarenessProtect your PC Lock-it or
Logout
29Security AwarenessProtect your PC
Lock-it/Logout
30Security AwarenessProtect your PC Wireless
- Wireless home
- Use encryption
- Changes the format of the data between the access
point and your PC - WEP Wired Equivalent Privacy (insecure)
- WPA Wi-Fi Protected Access
- Uses a passphrase/pre-shared key
- WPA2
- Use preferred networks
- Those that you setup or know who owns them
(NSUWIFI) - Use access points, not PC to PC communication (ad
hoc) - Public access points allow anyone to connect,
which means anyone can see what you are sending - Disable your wireless network adapter when not in
use - Using another persons access point without their
consent is illegal
31Security AwarenessProtect your PC Wireless
- NSUWIFI provides wireless access for faculty,
staff and students - Information available at http//www.nsu.edu/wifi/
- WPA2 is used for encryption
- TKIP (Temporal Key Integrity Protocol)
- Changes keys dynamically to prevent attackers
from finding the (single) key used for
encrypting data - NSU userid and password required to gain access
to the wireless network - NSU monitors for unauthorized access points
- Future plans for guest access
32Security AwarenessProtect your PC Wireless
- Bluetooth
- Designed for short wireless communications over
short distances - Bluesnarfing
- Acquiring phonebooks, pictures, calendar
- Paris Hiltons phone was cracked
- Bluetracking
- Tracking your movement based on the unique
address of the device - Bluebugging
- Send commands to a bluetooth device
- Make it call you which means an attacker could be
listening - Bluetooth sniper rifle
- How To Building a BlueSniper Rifle - Part 1
- http//www.tomsnetworking.com/2005/03/08/how_to_bl
uesniper_pt1
33Security AwarenessProtect your PC Parental
Controls
- Parental Controls allow parents to control what
their children do online. - Block web sites, chat, pop-ups
- Allows you to monitor activity
- Web sites visited
- Keyloggers
- A few that get decent ratings and are a nominal
fee - CyberPatrol (Appears to be the highest rated
overall) - http//www.cyberpatrol.com/
- CYBERsitter
- http//www.cybersitter.com/
- NetNanny
- http//www.netnanny.com
34Security AwarenessProtect your PC Add-ons
- Many Web sites or files require additional
software to be installed in order to view. - These viewers are usually free and easily
accessible. - Adobe Acrobat Reader is needed to view PDF
documents. - Windows Media Player or QuickTime may be required
to watch certain videos or listen to music - Other sites may have programs that will improve
your computing experience - Firefox is another popular web browser
- Google Toolbar will prevent pop-ups in Internet
Explorer while providing a quick way to search
the internet. - To get these, go directly to the manufacturers
site. - Acrobat Reader is available from Adobe
- The latest version of Windows Media Player is
available through Microsoft - QuickTime is available through Apple
- If not sure, research the program. If still not
sure, dont install.
35Security AwarenessProtect your PC Browsing
- Be careful when browsing
- Misspelling or mistyping a word, even one
character off, can take you to a web site that
may be objectionable or malicious in nature. - Use an alternate browser.
- Helps avoid site redirects or phishing.
- Prevents certain sites from taking advantage of
flaws in Internet Explorer - Firefox has additional add-ons that can be used
for additional security - Free
- Second most used web browser (behind Internet
Explorer) and gaining more ground each day. - http//www.getfirefox.com
- Watch for redirection. Redirection is when you
click a link on a site and end up at another web
site. Phishing scams can take advantage of this. - Watch the contents of the location or address
bar. This is where you will detect the
redirection. - When going to a site that may need personal
information, go directly to the web site. - Disable pop-ups.
36Security AwarenessProtect your PC Browsing
37Security AwarenessProtect your PC Email
- Be wary of email from addresses you do not know.
- Typically SPAM or phishing attempts
- Use caution with attachments.
- Programs should not be sent through email.
- Avoid sending personal information through email.
- Email is in clear text.
- Do not send social security numbers or credit
card info. - Do not send usernames or passwords.
- Do not click links for banking institutions.
- Financial Institutions do not ask for personal
information through email. It is only used to
distribute information. - Contact your financial institution in person or
telephone. - There are alternative email clients available,
but they may require additional computing skills.
38Security AwarenessProtect your PC Backup
- Backup your data regularly
- Windows has a built in backup utility.
- Backup programs with automation are available.
- Simple methods include
- Burning specific files to CD.
- Copying them to flash (USB) drives or memory
cards. - Copy the data to another computer
- Fee based subscriptions are available online.
- Floppy Disks are too small for most data.
39Security AwarenessProtect your PC NSU Policies
- NSU policies are available from
- http//www.nsu.edu/policies
- Policy 60.201 Acceptable Use of Technology
Resources - Policy 62.002 Computer Systems Passwords
- http//www.nsu.edu/forms
- Resource Authorization Request / OIT Request Form
Information Security Access Agreement - http//www.nsu.edu/oit/policies
- Policy 61.002 Electronic Data Privacy and
Ownership
40Security AwarenessProtect your PC Further Info
- Credit Reports
- 1 free report per year
- https//www.annualcreditreport.com
- Symantec Security Check
- Online check for exposure and or common viruses
- http//security.symantec.com/sscv6
- National Security Agency Security Configuration
Guide - http//www.nsa.gov/snac
- National Institute of Standards and Technology
(NIST) Computer Security Resource Center (CSRC) - http//csrc.nist.gov/
- National Do Not Call Registry
- http//www.donotcall.gov
- Child Safety Online
- http//www.fbi.gov/publications/pguide/pguidee.htm
- http//www.microsoft.com/athome/security/children
41Security AwarenessProtect your PC Advanced
- These options are available, but, generally
recommended for advanced users - Disable/Remove Windows Components
- Disable unnecessary Windows services
- Use alternate email client
- Thunderbird
- http//www.getthunderbird.com
- Enable Auditing
- Microsoft Baseline Analyzer
- Port Reporter and Parser
- Root Kit Detection tools
- HiJackThis.exe
- Use encryption for files and email
- Use GeSWall
42Security AwarenessProtect your PC Advanced
- Advanced options
- USE LINUX