Danger! Internet Ahead!

1
Danger! Internet Ahead!
Online security and privacy without a lot of
jargon
Daniel Elswit College of Agriculture Life
Sciences IT Security Officer
2
Sometimes the only thing standing between you and
disaster is your own discretion.
3
Security Why Should We Care?

• State and federal laws
• Cornell policy
• Cornells image
• Prospective students
• Alumni
• Research and academic communities
• Clean-up costs in time and dollars

4
But this doesnt relate to me!
5
60-70 of Cornell faculty and staff harbor highly
sensitive data on their computers.
FACT
6
Computer security is made up of many features,
applications, and behaviors, none of which are
completely secure.
FACT
7
Antivirus programs may not immediately protect
against the latest threats.
FACT
8
Software updates may not address all threats in a
timely manner.
FACT
9
Firewalls may not protect you from yourself.
FACT
10
Firewalls may not protect you from yourself.
FACT
11
Firewalls may not protect you from yourself.
FACT
12
Viruses can do whatever you can do on your
computer.
FACT
13
Bad people want to use your computer.
FACT
14
What do the bad people do?

• Viruses, worms, and hacking are often associated
  with, among other things
• Backdoors secret access to a computer
• Botnets large groups of hacked computers
  attacking targets en-masse
• Keyloggers all keystrokes are captured

15
Do not install unnecessary software

• Examples of common software with known security
  concerns
• Instant Messaging applications
• Weatherbug
• Web Shots
• Google Desktop
• Limewire
• Voice-Over-IP applications

16
Avoiding Email Traps

• Red flags
• Requesting personal information
• Urgent tone (Respond within 24 hours or)
• Anonymous salutation (Dear Valued Customer)
• Asking you to install something by clicking on a
  link
• Verify if unsure - many companies have
  verification sites
• Use Cornells Dropbox service for sending
  sensitive data to on-campus recipients

17
Passwords

• An 8-letter password, all lowercase, can be
  cracked in less than 2 seconds
• Cornells password policy
• 8 characters long minimum
• Must include letters, numbers, symbols
• Not a dictionary word
• Netid passwords cannot be shared
• Change your password if it is not secure!

18
The Internet and Email are Not Private Places

• Networks are routinely monitored for good and bad
  reasons
• Most off-campus email (GMail, Yahoo, etc.),
  instant messaging, web, and ftp traffic can be
  easily intercepted and read online
• If properly configured, messages sent via campus
  email are private (but not web mail)

19
(No Transcript)
20
When is Web Browsing Private?
21
Be Wary of Wireless

• Party line everyone hears everything
• Easier to eavesdrop on than wired networks
• Public wireless (airports, hotels, Starbucks,
  etc.) should never be considered secure
• Most of Red Rover is not secure
• CITs VPN service provides some security on
  wireless

22
Computer security has no single solution.
FACT
23
Cornell Policy

• Cornell University expects all individuals
  using information technology devices connected to
  the Cornell network to take appropriate measures
  to manage the security of those devices.