Security Awarenesshttp://security.nsu.edu Protect Your PC
Security Awareness:Protect your PC: Update • Update your OS • Operating Systems are not perfect. As they get older, vulnerabilities and errors are found and exploited. • Updates are intended to fix these. • Windows has a built in feature called Automatic Updates. Enabling it will ensure your system stays up to date. • http://windowsupdate.microsoft.com • Update all other Software • Microsoft Office can be updated online. • Most other third party applications contain a way to update them. Many are automated.
Security Awareness:Protect your PC: Passwords • Passwords are a primary way of accessing your or your institutions data. They need to be strong. Make sure all accounts have one. • Do not use personal information. Names, addresses, nicknames, hobbies, etc are easy to guess. • Do not use the same password for everything • When asked to change, do not use the same password with a minor change.
Security Awareness:Protect your PC: Passwords • Strong passwords are comprised of • Minimum of 8 characters • Combination of at least three of the following • Lower case letters: a b c • Upper case letters: A B C • Numbers: 1 2 3 • Symbols: ! @ #
Security Awareness:Protect your PC: Passwords • Passphrases can used • Take a phrase and use the first letter of each word. • Punctuation marks can be used • Capitalize some of the letters • Switch symbols for letters
Security Awareness:Protect your PC: Passwords • Passphrase example: • Mary had a little lamb, its fleece was white as snow. • M h a l l , i f w w a s . • Mhall,ifwwas. • Mh411,!fWW45>
Security Awareness:Protect your PC: Login • Disable Automatic Login • For newer versions of Windows, setting a password will prevent the system from booting into an account • Disable the Welcome Screen • This is will cause Windows to use the classic login screen instead of advertising accounts that are available.
Security Awareness:Protect your PC: Accounts • Windows has two administrator accounts for users when installed. • Set strong passwords for both • Only use admin accounts for admin tasks like installing software or making operating system changes • Create user accounts for all users • This adds privacy and security to individual’s data • Prevents unauthorized users from installing software or changing the operating system • When online, some sites will attempt to install software, some of it is malicious in nature • Disable the Guest account • This is the default state for newer operating system, so verify
Security Awareness:Protect your PC: Firewall • Windows has a built in Firewall. • Firewalls prevent unauthorized traffic from entering the computer • Example: PCs can be remotely controlled. A firewall can prevent remote users from doing this • Verify the Windows Firewall is enabled • Enabled by default in service pack 2 and above • There are third party firewalls available • ZoneAlarm • Free for personal use • http://www.zonelabs.com • Hardware based firewalls can be incorporated into routers • Used predominantly with home networks • Only use one at a time
Security Awareness:Protect your PC: Anti-Virus • Virus is a term that is used to refer to malicious software. In reality, it is one of many types of software that has malicious intent (malware). • Viruses • Worms • Trojan Horses • Key-loggers • etc… • Can • Destroy data • Cause hardware failure • send sensitive information to others • etc…
Security Awareness:Protect your PC: Anti-Virus • Malware is spread through • Email • Web Browsing • Intentionally included in what looks like legitimate software. The user is usually prompted for installation. • Example: Gator is part of some screensaver installs • Intentionally included in web site • Web site is hacked and when visited, malware is downloaded • External data devices • CDs • External Hard Drives • Floppy • Flash (USB) drives • Remote attacks
Security Awareness:Protect your PC: Anti-Virus • Protect your PC by installing an Anti-Virus program • Update it daily, automatically if possible. • Scan your PC on a regular basis. If possible, setup automatic scanning. • Although it is possible, it is not recommended to use multiple AV programs on the same PC at the same time. • Some Manufacturers will include AV software in a suite that provides other protection • Example: Norton’s Internet Security includes: • Firewall • Spam filter • Parental Controls
Security Awareness:Protect your PC: Anti-Virus • Available • Free • AVG • Free for personal use • http://free.grisoft.com • Avast • Free for Personal use • http://www.avast.com • Nominal Fee • McAfee • Can be purchased as part of a security suite • Http://www.mcafee.com • Norton • Can be purchased as part of a security suite • http://www.symantec.com
Security Awareness:Protect your PC: Anti-Spyware • Spyware is another type of Malware. The main purpose behind Spyware is to monitor your activities and transmit them to a third party, usually, without your consent. • Example: Popup Ads • Spyware is generally installed via malicious or hacked web sites, but, it is possible to get spyware the same way as a virus. • Example: Cool Web Search Toolbar
Security Awareness:Protect your PC: Anti-Spyware • Install an Anti-Spyware Program. • In most cases, more than one can be used. • Keep it up to date. Automatic updating is available in some. • Scan your PC on a regular basis. If possible, setup automatic scanning. • Micorsoft provides an Anti-Spyware program called Windows Defender. It is currently in Beta, which means it is still being tested, but available to general public without warranty. • Updated via Automatic Updates • http://www.microsoft.com/athome/security/spyware/software/default.mspx
Security Awareness:Protect your PC: Anti-Spyware • There are many free third party Anti-Spyware programs available. (Be careful though, some spyware programs are actually spyware.) • Spybot Search and Destroy • Free • http://www.safer-networking.org/ • Lavasoft’s Ad-Aware • Free for Personal Use • http://www.lavasoft.com • SpywareBlaster • Free • Prevents Spyware from being installed. • http://www.javacoolsoftware.com/spywareblaster.html
Security Awareness:Protect your PC: Lock-it or Logout • Lock your PC when you leave it unattended. • Many times, users will be working on sensitive information and leave for a break, meeting or other need, leaving this and other potentially sensitive data accessible from their desk. • Lock the screen by: • Press and release, at the same time, the CTRL+ALT+DEL keys (not the “+” key) to bring up the Window Security window and click “Lock Computer” • Set up a screensaver, set it for a short period of time (5 minutes) and set it to prompt for a password on resume. • Press and release, at the same time, the Windows+L keys. • If you don’t want to lock-it, then logout or shutdown. • If the PC is off, people can’t attack it or access its data.
Security Awareness:Protect your PC: Wireless • Wireless home • Use encryption: • Changes the format of the data between the access point and your PC • WEP: Wired Equivalent Privacy (insecure) • WPA: Wi-Fi Protected Access • Uses a passphrase/pre-shared key • WPA2 • Use preferred networks • Those that you setup or know who owns them (NSUWIFI) • Use access points, not PC to PC communication (ad hoc) • Public access points allow anyone to connect, which means anyone can see what you are sending • Disable your wireless network adapter when not in use • Using another persons access point without their consent is illegal
Security Awareness:Protect your PC: Wireless • NSUWIFI provides wireless access for faculty, staff and students • Information available at http://www.nsu.edu/wifi/ • WPA2 is used for encryption • TKIP (Temporal Key Integrity Protocol) • Changes keys dynamically to prevent attackers from finding the (single) key used for encrypting data • NSU userid and password required to gain access to the wireless network • NSU monitors for unauthorized access points • Future plans for guest access
Security Awareness:Protect your PC: Wireless • Bluetooth • Designed for short wireless communications over short distances • Bluesnarfing: • Acquiring phonebooks, pictures, calendar • Paris Hilton’s phone was cracked • Bluetracking: • Tracking your movement based on the unique address of the device • Bluebugging: • Send commands to a bluetooth device • Make it call you which means an attacker could be listening • Bluetooth sniper rifle • How To: Building a BlueSniper Rifle - Part 1 • http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1
Security Awareness:Protect your PC: Parental Controls • Parental Controls allow parents to control what their children do online. • Block web sites, chat, pop-ups • Allows you to monitor activity • Web sites visited • Keyloggers • A few that get decent ratings and are a nominal fee: • CyberPatrol (Appears to be the highest rated overall) • http://www.cyberpatrol.com/ • CYBERsitter • http://www.cybersitter.com/ • NetNanny • http://www.netnanny.com
Security Awareness:Protect your PC: Add-ons • Many Web sites or files require additional software to be installed in order to view. • These viewers are usually free and easily accessible. • Adobe Acrobat Reader is needed to view PDF documents. • Windows Media Player or QuickTime may be required to watch certain videos or listen to music • Other sites may have programs that will improve your computing experience • Firefox is another popular web browser • Google Toolbar will prevent pop-ups in Internet Explorer while providing a quick way to search the internet. • To get these, go directly to the manufacturer’s site. • Acrobat Reader is available from Adobe • The latest version of Windows Media Player is available through Microsoft • QuickTime is available through Apple • If not sure, research the program. If still not sure, don’t install.
Security Awareness:Protect your PC: Browsing • Be careful when browsing • Misspelling or mistyping a word, even one character off, can take you to a web site that may be objectionable or malicious in nature. • Use an alternate browser. • Helps avoid site redirects or phishing. • Prevents certain sites from taking advantage of flaws in Internet Explorer • Firefox has additional add-ons that can be used for additional security • Free • Second most used web browser (behind Internet Explorer) and gaining more ground each day. • http://www.getfirefox.com • Watch for redirection. Redirection is when you click a link on a site and end up at another web site. Phishing scams can take advantage of this. • Watch the contents of the location or address bar. This is where you will detect the redirection. • When going to a site that may need personal information, go directly to the web site. • Disable pop-ups.
Security Awareness:Protect your PC: Email • Be wary of email from addresses you do not know. • Typically SPAM or phishing attempts • Use caution with attachments. • Programs should not be sent through email. • Avoid sending personal information through email. • Email is in clear text. • Do not send social security numbers or credit card info. • Do not send usernames or passwords. • Do not click links for banking institutions. • Financial Institutions do not ask for personal information through email. It is only used to distribute information. • Contact your financial institution in person or telephone. • There are alternative email clients available, but they may require additional computing skills.
Security Awareness:Protect your PC: Backup • Backup your data regularly • Windows has a built in backup utility. • Backup programs with automation are available. • Simple methods include: • Burning specific files to CD. • Copying them to flash (USB) drives or memory cards. • Copy the data to another computer • Fee based subscriptions are available online. • Floppy Disks are too small for most data.
Security Awareness:Protect your PC: NSU Policies • NSU policies are available from: • http://www.nsu.edu/policies • Policy 60.201: Acceptable Use of Technology Resources • Policy 62.002: Computer Systems Passwords • http://www.nsu.edu/forms • Resource Authorization Request / OIT Request Form & Information Security Access Agreement • http://www.nsu.edu/oit/policies • Policy 61.002: Electronic Data Privacy and Ownership
Security Awareness:Protect your PC: Further Info • Credit Reports • 1 free report per year • https://www.annualcreditreport.com • Symantec Security Check • Online check for exposure and or common viruses • http://security.symantec.com/sscv6 • National Security Agency Security Configuration Guide • http://www.nsa.gov/snac • National Institute of Standards and Technology (NIST): Computer Security Resource Center (CSRC) • http://csrc.nist.gov/ • National Do Not Call Registry • http://www.donotcall.gov • Child Safety Online • http://www.fbi.gov/publications/pguide/pguidee.htm • http://www.microsoft.com/athome/security/children
Security Awareness:Protect your PC: Advanced • These options are available, but, generally recommended for advanced users: • Disable/Remove Windows Components • Disable unnecessary Windows services • Use alternate email client • Thunderbird • http://www.getthunderbird.com • Enable Auditing • Microsoft Baseline Analyzer • Port Reporter and Parser • Root Kit Detection tools • HiJackThis.exe • Use encryption for files and email • Use GeSWall
Security Awareness:Protect your PC: Advanced • Advanced options: • USE LINUX