1 / 29

Securing Remote Devices and Using Good Internet Security

Securing Remote Devices and Using Good Internet Security. Jay D. Flanagan Manager, Email, IDM & Security University Technology Services Emory University. Agenda. Remote Device Security Blackberry’s Treo’s / Goodlink Laptop’s Internet Security Where am I going? What sites do I access?

eliora
Télécharger la présentation

Securing Remote Devices and Using Good Internet Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Remote Devices and Using Good Internet Security Jay D. Flanagan Manager, Email, IDM & Security University Technology Services Emory University

  2. Agenda • Remote Device Security • Blackberry’s • Treo’s / Goodlink • Laptop’s • Internet Security • Where am I going? • What sites do I access? • What information do I give out? • Desktop security • Tools

  3. Remote Device Security • Mobility • Working from anywhere • Access to data from anywhere • Types of Data • Confidential / Restricted • Public • Storage of Data • Encrypt / Encrypt / Encrypt

  4. Blackberry BLACKBERRY

  5. Blackberry • Built in wireless security features • End-to-end Wireless encryption • Uses AES or Triple DES • Can use RSA SecureID for two-factor authentication • HTTPS for secure data access • S/MIME Support • PGP Support • Digital Certificates • Certs can be generated • Smart Card reader

  6. Blackberry • Security for Stored Data • IT policy enforcement and management • Mandatory authentication • Admins can remotely send commands • Server permits only trusted connections • Certified Secure • Advanced embedded encryption technology • Meets required government security standards • FIPS 140-2

  7. Blackberry • Security Guidelines • Blackberry devices should be password protected (Can be done as part of the encryption process) • Anti-virus protection – Postini, Relays, Server and desktop • Encryption – Transmission of data is already done. Be sure data is encrypted for content on the device – can easily be set up • Always immediately report a lost, stolen or damaged Blackberry device (Help Desk / Local Support) • Regularly back-up data

  8. Blackberry • Blackberry Security Links • Google Blackberry Security • http://www.sans.org/reading_room/whitepapers/pda/258.php • http://na.blackberry.com/eng/ataglance/security/knowledgebase.jsp#tab_tab_whitepapers • http://iase.disa.mil/stigs/checklist/wireless_stig_blackberry_checklist_v5r2-1.pdf

  9. TREO/GOODLINK TREO/ GOODLINK

  10. Treo/Goodlink • Microsoft’s Messaging and Security Feature Pack (MSFP) • Direct push technology • Access Global Address List (GAL) • Supports protection against violations of HIPAA and Gramm-Leach-Bliley Acts • Remote password policy enforcement and data wipe • Password lengths can be set • Set failed password attempts before wiping of data

  11. Treo/Goodlink • Security Guidelines • Treo devices should be password protected • Password protect documents • Anti-virus protection – Postini, Relays, Server and desktop • Encryption – Transmission of data is already done. Be sure data is encrypted for content on the device • Always immediately report a lost, stolen or damaged Treo device (Help Desk / Local Support) • Regularly back-up data • Goodlink Security Page Link: • http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html

  12. Treo/Goodlink • Treo Security Links • Google Treo Security • http://www.lehigh.edu/~inlts/comp/docs/pda/security/palm/ • http://mytreo.net/archives/2006/04/treo-security-msafe-warden-teallock-comparison-review.html • http://www.good.com/documentation/GMM_Admin_Exchange/Stoli%20Exchange%20Admin%20HTML-03-3.html

  13. Laptops

  14. Laptops • Security Guidelines • Basic Security Measures • Enable strong passwords • Asset Tag or Engrave the laptop • Register the laptop with the manufacturer

  15. Laptops • Security Guidelines • Physical Security • Get a cable lock and use it • Use a docking station • Lock up your PCMCIA cards • Consider other security devices based on your needs • Use tracking software to have your laptop call home

  16. Laptops • Security Guidelines • Protecting your Sensitive Data • Use the NTFS file system • Disable the Guest Account • Rename the administrator account • Consider creating a dummy administrator account • Prevent the last logged-in user name from being displayed • Use a personal firewall • Consider other security devices based on your needs • Encrypt your data – Full Disk Encryption • Backup your data

  17. Laptops • Security Guidelines • Encrypting the hard drive • http://www.guardianedge.com/products/Encryption_Anywhere/Hard_Disk.html • http://www.dekart.com/howto/encrypt_hard_drive/ • http://www.dekart.com/products/encryption/private_disk/ • http://www.safenet-inc.com/products/data_at_rest_protection/Protectdrive.asp • http://www.truecrypt.org/ • http://www.magic2003.net/scrypt/index.htm

  18. Laptops • Security Guidelines • Preventing Laptop Theft • No place is safe • Use a non descript carry case • Beware of pay phones • Be aware of your laptop at all times • When traveling by air • When traveling by car • While staying in a hotel • When attending conventions and conferences • Make security a habit

  19. Laptops • Security Guideline Links • Google on Laptop Security • http://labmice.techtarget.com/articles/laptopsecurity.htm • http://www.securitydocs.com/library/3399 • http://www.microsoft.com/atwork/stayconnected/laptopsecurity.mspx • http://infosecuritymag.techtarget.com/articles/february01/features_laptop_security.shtml

  20. Safe Internet Security Practices • The Internet is great • for searching • for gathering information • for purchasing products and services • But………………………

  21. Safe Internet Security Practices • Where am I going on the internet and why am I going there? • What information am I going to give out when I go to a web site? • Do you ask yourself these questions when surfing? • You should • More and more sites gather information on you when you surf • Some with your knowledge and some without • Key loggers, trojans, worms and social engineering are just some of the things that reside on web sites waiting for you to come along. • Precautions must be taken • Desktop security tools will help • But so will being security aware

  22. Safe Internet Security Practices • Desktop Security Tools • Virus Scanning • Be sure to have anti-virus software installed, running and DAT files up to date • Update DAT files and software automatically • Schedule regular scans • Spam Scanning • Manage Postini spam filtering • Set up filters on email client – think hard about this • Some anti-virus software will also do some limited spam scanning

  23. Safe Internet Security Practices • Desktop Security Tools • Personal Firewall • Install and set up personal firewall • Windows XP / Vista • Other Vendors • Symantec • Zone Alarm • Keep it up to date • Review logs regularly • Anti-spyware Scanning • Install anti-spyware software • Spybot • Yahoo Anti-Spyware • MS Anti-Spyware • Keep it up to date • Scan regularly

  24. Safe Internet Security Practices • Desktop Security Tools • Other host based security tools • Host based IPS • Host based IDS • URL and Content Filters

  25. Summary • Mobility and access to data • Blackberry’s, Treo/Goodlink, Laptops • Keep these mobile devices secure • Steps that should be taken • Being safe and secure on the Internet • Security Awareness • Security Tools

  26. Contact Information • Jay D. Flanagan, Emory University • Email • Jay.d.flanagan@emory.edu • Phone • 404-727-4962 • Web Page • http://it.emory.edu/security

  27. ? Questions QUESTIONS?

More Related