1 / 42

Security Awareness security.nsu

Security Awareness http://security.nsu.edu. Protect Your PC. Security Awareness: Protect your PC: Update. Update your OS Operating Systems are not perfect. As they get older, vulnerabilities and errors are found and exploited. Updates are intended to fix these.

rea
Télécharger la présentation

Security Awareness security.nsu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Awarenesshttp://security.nsu.edu Protect Your PC

  2. Security Awareness:Protect your PC: Update • Update your OS • Operating Systems are not perfect. As they get older, vulnerabilities and errors are found and exploited. • Updates are intended to fix these. • Windows has a built in feature called Automatic Updates. Enabling it will ensure your system stays up to date. • http://windowsupdate.microsoft.com • Update all other Software • Microsoft Office can be updated online. • Most other third party applications contain a way to update them. Many are automated.

  3. Security Awareness:Protect your PC: Update

  4. Security Awareness:Protect your PC: Passwords • Passwords are a primary way of accessing your or your institutions data. They need to be strong. Make sure all accounts have one. • Do not use personal information. Names, addresses, nicknames, hobbies, etc are easy to guess. • Do not use the same password for everything • When asked to change, do not use the same password with a minor change.

  5. Security Awareness:Protect your PC: Passwords • Strong passwords are comprised of • Minimum of 8 characters • Combination of at least three of the following • Lower case letters: a b c • Upper case letters: A B C • Numbers: 1 2 3 • Symbols: ! @ #

  6. Security Awareness:Protect your PC: Passwords • Passphrases can used • Take a phrase and use the first letter of each word. • Punctuation marks can be used • Capitalize some of the letters • Switch symbols for letters

  7. Security Awareness:Protect your PC: Passwords • Passphrase example: • Mary had a little lamb, its fleece was white as snow. • M h a l l , i f w w a s . • Mhall,ifwwas. • Mh411,!fWW45>

  8. Security Awareness:Protect your PC: Login • Disable Automatic Login • For newer versions of Windows, setting a password will prevent the system from booting into an account • Disable the Welcome Screen • This is will cause Windows to use the classic login screen instead of advertising accounts that are available.

  9. Security Awareness:Protect your PC: Login

  10. Security Awareness:Protect your PC: Accounts • Windows has two administrator accounts for users when installed. • Set strong passwords for both • Only use admin accounts for admin tasks like installing software or making operating system changes • Create user accounts for all users • This adds privacy and security to individual’s data • Prevents unauthorized users from installing software or changing the operating system • When online, some sites will attempt to install software, some of it is malicious in nature • Disable the Guest account • This is the default state for newer operating system, so verify

  11. Security Awareness:Protect your PC: Accounts

  12. Security Awareness:Protect your PC: Firewall • Windows has a built in Firewall. • Firewalls prevent unauthorized traffic from entering the computer • Example: PCs can be remotely controlled. A firewall can prevent remote users from doing this • Verify the Windows Firewall is enabled • Enabled by default in service pack 2 and above • There are third party firewalls available • ZoneAlarm • Free for personal use • http://www.zonelabs.com • Hardware based firewalls can be incorporated into routers • Used predominantly with home networks • Only use one at a time

  13. Security Awareness:Protect your PC: Firewall

  14. Security Awareness:Protect your PC: Anti-Virus • Virus is a term that is used to refer to malicious software. In reality, it is one of many types of software that has malicious intent (malware). • Viruses • Worms • Trojan Horses • Key-loggers • etc… • Can • Destroy data • Cause hardware failure • send sensitive information to others • etc…

  15. Security Awareness:Protect your PC: Anti-Virus • Malware is spread through • Email • Web Browsing • Intentionally included in what looks like legitimate software. The user is usually prompted for installation. • Example: Gator is part of some screensaver installs • Intentionally included in web site • Web site is hacked and when visited, malware is downloaded • External data devices • CDs • External Hard Drives • Floppy • Flash (USB) drives • Remote attacks

  16. Security Awareness:Protect your PC: Anti-Virus • Protect your PC by installing an Anti-Virus program • Update it daily, automatically if possible. • Scan your PC on a regular basis. If possible, setup automatic scanning. • Although it is possible, it is not recommended to use multiple AV programs on the same PC at the same time. • Some Manufacturers will include AV software in a suite that provides other protection • Example: Norton’s Internet Security includes: • Firewall • Spam filter • Parental Controls

  17. Security Awareness:Protect your PC: Anti-Virus • Available • Free • AVG • Free for personal use • http://free.grisoft.com • Avast • Free for Personal use • http://www.avast.com • Nominal Fee • McAfee • Can be purchased as part of a security suite • Http://www.mcafee.com • Norton • Can be purchased as part of a security suite • http://www.symantec.com

  18. Security Awareness:Protect your PC: Anti-Virus

  19. Security Awareness:Protect your PC: Anti-Virus

  20. Security Awareness:Protect your PC: Anti-Spyware • Spyware is another type of Malware. The main purpose behind Spyware is to monitor your activities and transmit them to a third party, usually, without your consent. • Example: Popup Ads • Spyware is generally installed via malicious or hacked web sites, but, it is possible to get spyware the same way as a virus. • Example: Cool Web Search Toolbar

  21. Security Awareness:Protect your PC: Anti-Spyware • Install an Anti-Spyware Program. • In most cases, more than one can be used. • Keep it up to date. Automatic updating is available in some. • Scan your PC on a regular basis. If possible, setup automatic scanning. • Micorsoft provides an Anti-Spyware program called Windows Defender. It is currently in Beta, which means it is still being tested, but available to general public without warranty. • Updated via Automatic Updates • http://www.microsoft.com/athome/security/spyware/software/default.mspx

  22. Security Awareness:Protect your PC: Anti-Spyware • There are many free third party Anti-Spyware programs available. (Be careful though, some spyware programs are actually spyware.) • Spybot Search and Destroy • Free • http://www.safer-networking.org/ • Lavasoft’s Ad-Aware • Free for Personal Use • http://www.lavasoft.com • SpywareBlaster • Free • Prevents Spyware from being installed. • http://www.javacoolsoftware.com/spywareblaster.html

  23. Security Awareness:Protect your PC: Anti-Spyware

  24. Security Awareness:Protect your PC: Anti-Spyware

  25. Security Awareness:Protect your PC: Anti-Spyware

  26. Security Awareness:Protect your PC: Lock-it or Logout • Lock your PC when you leave it unattended. • Many times, users will be working on sensitive information and leave for a break, meeting or other need, leaving this and other potentially sensitive data accessible from their desk. • Lock the screen by: • Press and release, at the same time, the CTRL+ALT+DEL keys (not the “+” key) to bring up the Window Security window and click “Lock Computer” • Set up a screensaver, set it for a short period of time (5 minutes) and set it to prompt for a password on resume. • Press and release, at the same time, the Windows+L keys. • If you don’t want to lock-it, then logout or shutdown. • If the PC is off, people can’t attack it or access its data.

  27. Security Awareness:Protect your PC: Lock-it or Logout

  28. Security Awareness:Protect your PC: Lock-it or Logout

  29. Security Awareness:Protect your PC: Lock-it/Logout

  30. Security Awareness:Protect your PC: Wireless • Wireless home • Use encryption: • Changes the format of the data between the access point and your PC • WEP: Wired Equivalent Privacy (insecure) • WPA: Wi-Fi Protected Access • Uses a passphrase/pre-shared key • WPA2 • Use preferred networks • Those that you setup or know who owns them (NSUWIFI) • Use access points, not PC to PC communication (ad hoc) • Public access points allow anyone to connect, which means anyone can see what you are sending • Disable your wireless network adapter when not in use • Using another persons access point without their consent is illegal

  31. Security Awareness:Protect your PC: Wireless • NSUWIFI provides wireless access for faculty, staff and students • Information available at http://www.nsu.edu/wifi/ • WPA2 is used for encryption • TKIP (Temporal Key Integrity Protocol) • Changes keys dynamically to prevent attackers from finding the (single) key used for encrypting data • NSU userid and password required to gain access to the wireless network • NSU monitors for unauthorized access points • Future plans for guest access

  32. Security Awareness:Protect your PC: Wireless • Bluetooth • Designed for short wireless communications over short distances • Bluesnarfing: • Acquiring phonebooks, pictures, calendar • Paris Hilton’s phone was cracked • Bluetracking: • Tracking your movement based on the unique address of the device • Bluebugging: • Send commands to a bluetooth device • Make it call you which means an attacker could be listening • Bluetooth sniper rifle • How To: Building a BlueSniper Rifle - Part 1 • http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1

  33. Security Awareness:Protect your PC: Parental Controls • Parental Controls allow parents to control what their children do online. • Block web sites, chat, pop-ups • Allows you to monitor activity • Web sites visited • Keyloggers • A few that get decent ratings and are a nominal fee: • CyberPatrol (Appears to be the highest rated overall) • http://www.cyberpatrol.com/ • CYBERsitter • http://www.cybersitter.com/ • NetNanny • http://www.netnanny.com

  34. Security Awareness:Protect your PC: Add-ons • Many Web sites or files require additional software to be installed in order to view. • These viewers are usually free and easily accessible. • Adobe Acrobat Reader is needed to view PDF documents. • Windows Media Player or QuickTime may be required to watch certain videos or listen to music • Other sites may have programs that will improve your computing experience • Firefox is another popular web browser • Google Toolbar will prevent pop-ups in Internet Explorer while providing a quick way to search the internet. • To get these, go directly to the manufacturer’s site. • Acrobat Reader is available from Adobe • The latest version of Windows Media Player is available through Microsoft • QuickTime is available through Apple • If not sure, research the program. If still not sure, don’t install.

  35. Security Awareness:Protect your PC: Browsing • Be careful when browsing • Misspelling or mistyping a word, even one character off, can take you to a web site that may be objectionable or malicious in nature. • Use an alternate browser. • Helps avoid site redirects or phishing. • Prevents certain sites from taking advantage of flaws in Internet Explorer • Firefox has additional add-ons that can be used for additional security • Free • Second most used web browser (behind Internet Explorer) and gaining more ground each day. • http://www.getfirefox.com • Watch for redirection. Redirection is when you click a link on a site and end up at another web site. Phishing scams can take advantage of this. • Watch the contents of the location or address bar. This is where you will detect the redirection. • When going to a site that may need personal information, go directly to the web site. • Disable pop-ups.

  36. Security Awareness:Protect your PC: Browsing

  37. Security Awareness:Protect your PC: Email • Be wary of email from addresses you do not know. • Typically SPAM or phishing attempts • Use caution with attachments. • Programs should not be sent through email. • Avoid sending personal information through email. • Email is in clear text. • Do not send social security numbers or credit card info. • Do not send usernames or passwords. • Do not click links for banking institutions. • Financial Institutions do not ask for personal information through email. It is only used to distribute information. • Contact your financial institution in person or telephone. • There are alternative email clients available, but they may require additional computing skills.

  38. Security Awareness:Protect your PC: Backup • Backup your data regularly • Windows has a built in backup utility. • Backup programs with automation are available. • Simple methods include: • Burning specific files to CD. • Copying them to flash (USB) drives or memory cards. • Copy the data to another computer • Fee based subscriptions are available online. • Floppy Disks are too small for most data.

  39. Security Awareness:Protect your PC: NSU Policies • NSU policies are available from: • http://www.nsu.edu/policies • Policy 60.201: Acceptable Use of Technology Resources • Policy 62.002: Computer Systems Passwords • http://www.nsu.edu/forms • Resource Authorization Request / OIT Request Form & Information Security Access Agreement • http://www.nsu.edu/oit/policies • Policy 61.002: Electronic Data Privacy and Ownership

  40. Security Awareness:Protect your PC: Further Info • Credit Reports • 1 free report per year • https://www.annualcreditreport.com • Symantec Security Check • Online check for exposure and or common viruses • http://security.symantec.com/sscv6 • National Security Agency Security Configuration Guide • http://www.nsa.gov/snac • National Institute of Standards and Technology (NIST): Computer Security Resource Center (CSRC) • http://csrc.nist.gov/ • National Do Not Call Registry • http://www.donotcall.gov • Child Safety Online • http://www.fbi.gov/publications/pguide/pguidee.htm • http://www.microsoft.com/athome/security/children

  41. Security Awareness:Protect your PC: Advanced • These options are available, but, generally recommended for advanced users: • Disable/Remove Windows Components • Disable unnecessary Windows services • Use alternate email client • Thunderbird • http://www.getthunderbird.com • Enable Auditing • Microsoft Baseline Analyzer • Port Reporter and Parser • Root Kit Detection tools • HiJackThis.exe • Use encryption for files and email • Use GeSWall

  42. Security Awareness:Protect your PC: Advanced • Advanced options: • USE LINUX

More Related