1 / 45

Secure Web Browsing Stan Waddell PMP, CISSP, ABD Executive Director and ISO

Secure Web Browsing Stan Waddell PMP, CISSP, ABD Executive Director and ISO. October 6th, 2011. Cyber Security Awareness Month.

erasmus-karsten
Télécharger la présentation

Secure Web Browsing Stan Waddell PMP, CISSP, ABD Executive Director and ISO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Web BrowsingStan Waddell PMP, CISSP, ABDExecutive Director and ISO October 6th, 2011

  2. Cyber Security Awareness Month • President Obama officially declared October to be National Cyber Security Awareness Month and stated that individuals, businesses and governments have a responsibility to work together to improve cyber security.

  3. Agenda • Internet overview • Using strong passwords • Maintaining your computer • Using good software sources • Establishing confidence in websites

  4. Scope of Briefing • Security basics for the average web browser user. • Will not cover ways to counter threats that require web application configuration techniques. • Examples: • SQL Injection • Remote Code Execution

  5. Internet Overview • What is the Internet? • What is Internet browsing? • What are some common threats?

  6. What is the Matrix…I mean the Internet • A global loose collection of computers that are networked together . • Uses the Internet Protocol Suite(TCP/IP) to connect the computers. • Serves billions of users worldwide. • Has no centralized governance for either technology or policies that govern access or usage.

  7. The Internet

  8. What is Web Browsing • IMHO, Web browsing is the practice of visiting websites with no specific destination in mind. • Not the same as using specific sites purposefully. • Can be likened to trying to navigate a mine field or betting against the “house” in Vegas.

  9. Common Web Security Issues • Trojan Horse and Other Malicious Software - Web servers may become infected with malicious software which may then spread to your machine.

  10. Common Threats • Malicious Software • Viruses • Trojans • Worms • Scare ware • Exploit code • Hackers

  11. Hacker Motivations Or Money, Money, Money… Reports exist that assert that cybercrime now exceeds the drug trade in terms of profit 73,000 new pieces of malware daily Up from 58,000 (26%) from 2010 According to one security company (Dasient) 1.3 Million websites hosted malware in 2010

  12. This Can Appear Daunting… • But, there are things we can do to protect ourselves.

  13. Using Strong Passwords • Using passphrases instead of passwords. • Don’t use the same password for all sites. • Use a password manager.

  14. Usernames and PasswordsGeneral Tips • Choose a complex password that is easy to remember. • Hddtc@tfJ&jwuth2 = 14 characters • with special characters and numbers Or • Ih2bs&Dll@l = 11 characters • with special characters and numbers

  15. Usernames and PasswordsGeneral Tips • Leverage things you know. • Nursery rhymes • Songs • Etc.

  16. Usernames and PasswordsGeneral Tips • Hddtc@tfJ&jwuth2 • Hey diddle-diddle the cat and the fiddle Jack and Jill went up the hill

  17. Usernames and PasswordsGeneral Tips • Ih2bs&Dll@l • It’s hip to be square and dude looks like a lady

  18. Don’t Use the Same Password for Multiple Sites • If you only have one password and it is compromised, then all of your accounts are vulnerable. • At the very least, do not share passwords across account types. • Financial accounts • Social Networking • Email • Storage

  19. Use a Password Manager • TIP: Use a password manager. • KeePass • Password Safe • USB password managers • IronKey • Data Store Traveler

  20. Maintaining your Computer • Operating System Patches • Application Patches • Anti-Virus

  21. Operating System Updates • Accept them when they come out.

  22. Application Updates • Again apply them as they arrive. • Be careful. When in doubt close the browser before applying updates. • TIP: Use a browser software scanner. • https://browsercheck.qualys.com/

  23. Use Anti-Virus Software • There are any number of software programs out there that protect against malware • Many are free • AVG Free • ClamAV for MAC and LINUX • Symantec Endpoint Protection is available for University computers and for home use on computers used for work purposes

  24. Using Good Software Sources • Use reputable software vendors. • Read reviews of software before installing. • Download software and scan with AV. • Never accept unsolicited software.

  25. Reputable software vendors • These days you can find free or cheap software just about anywhere. • Free and Cheap don’t = Good. • Free and Cheap could = Malware. • Know your vendors: MS, Apple, Google, etc. • Don’t get pirated software (usually = malware). Pirated software is illegal.

  26. Establishing Confidence in Websites • Use HTTPS when dealing with sensitive information. • Make sure you are where you wanted to go. • Don’t click on unsolicited links or questionable sites. • Use a site security rater.

  27. Common Web Security Issues • Phishing – The user is tricked into clicking a link for a bogus web site that is designed to appear exactly like a legitimate site. • Confidential information is then captured • Password, Account Numbers, Social Security Number, etc. • Data interception – Confidential data is transmitted in clear text and intercepted. • Hosted Malware – A site is compromised and is hosting malware designed to infect your computer.

  28. HTTPS is better…

  29. Make Sure you are Where you Meant to Go • Phishers sometimes try to get you to their site instead of a legitimate site

  30. Examples of Fakes

  31. Phishing Indicator • Internet Explorer will display a Phishing Indicator if a page being displayed could be an imposter.

  32. Phishing Indicator Phishing Indicator

  33. Phishing Indicator Click on the Phishing Indicator to check the validity of the site you are visiting. http://www.cert.org/

  34. Secure Transmission Indicators Secure Transmission Indicator HTTPS indicates an encrypted transmission

  35. Secure Transmission • All confidential information should only be transmitted through a secure form of communication. • A graphic emblem of a lock will appear at the top of the web browser when a secure transmission technique has been invoked.

  36. Secure Transmission It is possible to verify the fact that the transmission is encrypted. https://www.fidelity.com/ http://www.chase.com https://chaseonline.chase.com/

  37. Website Raters • There are tools designed to rate the trustworthiness of sites that you are trying to visit. • MacAfee SiteAdvisor • Web Of Trust (WOT) “Truthiness”

  38. Site Advisor

  39. Web of Trust

  40. Additional Protection • Avoid use of kiosks and wireless networks that have not been secured. • Often found in hotels and airports • When traveling use VPN to connect sensitive resources • Treat with suspicion any new email from a source you would not normally expect.

  41. Windows Firewall • Windows XP, Vista, and 7 include a host based firewall. • The firewall will protect against network traffic from unsolicited sources. • To ensure the firewall is turned on • Click Start • Click Control Panel • Double-click Windows Firewall

  42. Additional Protection • If you believe your computer has been infected with a virus or other malicious software contact: Call the Help Desk • Phone: 962-HELP (919-962-4357) • Contact Departmental Support or ISL • If sensitive UNC-CH information is at risk place a critical ticket to the ITS Information Security Office.

  43. Resources • http://its.unc.edu/InfoSecurity/index.htm • http://help.unc.edu/CCM3_020433 • http://keepass.info/ • http://passwordsafe.sourceforge.net/ • https://www.ironkey.com/ • http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm

  44. Questions?

More Related