370 likes | 602 Vues
Protecting Yourself in Our Digital World. Jodi Ito • Information Security Officer Information Technology Services jodi@hawaii.edu • (808) 956-2400. From Our President. Today’s Thoughts. Our Digital World Today Threats and Vulnerabilities Mitigation Strategies Security Awareness.
E N D
Protecting Yourself in Our Digital World Jodi Ito • Information Security Officer Information Technology Services jodi@hawaii.edu • (808) 956-2400
Today’s Thoughts • Our Digital World Today • Threats and Vulnerabilities • Mitigation Strategies • Security Awareness
Technologies and Trends • INFORMATION AGE! • NOW Generation • PDAs, laptops, netbooks + (wireless networks/cellular broadband) = Mobile Computing • Cellphones --> Smartphones • “Texting”, “Tweeting”, “Friending” --> Social Networking • WHOLE NEW WORLD!
Sign of Things to Come… • http://www.informationweek.com/news/showArticle.jhtml?articleID=219100621
Fun, Convenience, OR….? • Toy car lets kids spy on others • http://www.networkworld.com/video/?bcpid=60965047001&bclid=1363192037&bctid=68172212001 • Using mobile devices to open hotel doors • http://www.tnooz.com/2010/03/01/mobile/hotel-door-opening-technology-moving-to-mobile-devices/
FTC P2P data leak alarm… • The Federal Trade Commission this week sent letters to almost 100 organizations that personal information, including sensitive data about customers and employees, has been shared from their computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. • Search for “FTC P2P data leak” using your favorite search engine
More P2P Filesharing Risks… • “P2P Snoopers Know What's In Your Wallet” http://www.networkworld.com/news/2010/020710-shmoocon-p2p-snoopers-know-whats.html • “File Sharers, Beware!”http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml
Digital Threats • Viruses, Spyware, Trojans & Other Malicious Software • Botnets • Phishing & Spam • Identity Theft • Cyber Stalking, Cyber Bullying, Online Predators • Etc., etc., etc….
Form Phishing • North Carolina State University Phishing Attack • “Security” email directed recipients to web site to “protect” their accounts • Phishers used NCSU graphics to replicate phishing web page • http://www.ncsu.edu/it/security/webmail-phishing.html
Anti-Phishing Phil http://wombatsecurity.com/antiphishingphil
Useful Information • Federal Trade Commission http://www.onguardonline.gov/ • Department of Homeland Security www.staysafeonline.org
Tapping Your Cell Phone • http://www.wthr.com/Global/story.asp?s=9346833
Booming Cyber Crime Industry! • Botnets: Rent-a-botnet • SPAM generators (steal email accounts and passwords) • $$$ - Stolen sensitive information • Top 3 categories: • Bank account - £5 ($8) • Credit cards - 50 credit cards for £20 ($35) • Personal identities - EU identities are worth more
Underground Economy • Multi-Billion $$$ industry • TJX Data Breach: • Estimated 94 million victims • Estimated losses: $65M - $83M • August 2008: Hacker ring charged with conspiracy, computer intrusion, fraud, & identity theft: http://www.consumeraffairs.com/news04/2008/08/hacker_ring.html
Background Resources • “Botnet probe turns up 70G bytes of personal, financial data” estimated worth $8.3M • http://www.networkworld.com/news/2009/050409-botnet-probe-turns-up-70g.html • UCSB Computer Science Study: • http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html
Data Breaches • Privacy Rights Clearinghouse http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP • Over 260 millions records containing sensitive information are involved in security breaches • Educational Security Incidents: http://www.adamdodge.com/esi/
This Cyber “stuff”… • Affects us all! • Each unprotected/unpatched computer is a threat: • Infected worm/virus/bot • Could be used in a concerted attack against a critical infrastructure • Computers, servers, mobile storage devices with any sensitive information represent a vulnerability
What Do We Do? Practice safe computing!
Keep Your Computers Safe • Update the software on your computer weekly (or more frequently) • Install anti-virus and anti-spyware software and keep it up-to-date • Use accounts and strong passwords • Encrypt sensitive information • http://www.hawaii.edu/askus/729 • Don’t install unknown software from unknown sites • Don’t share your accounts/passwords • Use password protected screen savers
Use STRONG Passwords • Not easily guessable • Do not use dictionary words • Use a combination of upper and lowercase letters, numbers, and special characters • No less than 8 characters • Check your password strength: https://www.microsoft.com/protect/fraud/passwords/checker.aspx
Password Strategies • Replace letters with numbers or characters • Incorporate something memorable to you • Example: • need password for CitiBank online account • got your mortgage in April 2005: • 04C7t7B@nk05 • Use a phrase and turn it into a password • Example: • My Favorite Food is Chocolate Ice Cream • MfFiCiC2010m@r
More on Passwords • Don’t use the same password for all accounts • Change passwords frequently • Use more difficult passwords on more sensitive accounts • Use a password safe (but don’t lose the master password!) • http://passwordsafe.sourceforge.net/ • http://www.hawaii.edu/askus/705
Protect Yourself and Information • Don’t open unknown emails & attachments • Visit only reputable web sites http://safeweb.norton.com/ • Do not reply to SPAM or Phishing emails • Only login to servers for the duration needed - disconnect when done • Don’t let others use your computer irresponsibly • Use a credit card for online shopping • http://www.hawaii.edu/askus/729
DO NOT EVER… • …Give out your personal information in response to an UNSOLICTED email, phone call, voice mail • If in doubt, CHECK IT OUT! • Call the company using another legitimate phone number (not the one provided in the email or phone call) • New scams use social networking sites to get background personal information
Protect Your Sensitive Information • BE SUSPICIOUS! You can’t take back information you’ve already given out • Ask “Why?” when someone asks for your SSN • Check your credit report: www.annualcreditreport.com
Social Networking • Do not post TOO MUCH INFORMATION! • Internet is FOREVER! • Whatever you post may circulate even AFTER you delete it • New scams use social networking sites to get background personal information • Watch what your children do on the computer
TTMI… • Tweeting Too Much Information: http://pleaserobme.com/
Laptops and Mobile Devices • Implement passwords on the device • Backup your data frequently & test backups • Store backups away from the laptop • Encrypt sensitive information • Watch your laptop at all times • Keep your laptop in your possession at all times • Don’t leave it out in your hotel room • Consider using a laptop lock • Consider laptop recovery services • Don’t leave your laptop in a car
Wireless & Public Computers • Be cautious when using open wireless networks • Others using the network maybe be “sniffing” the network • If you must use a public computer, change the password on the account accessed using a secure computer ASAP
Wi-Fi Dangers… • Security Expert Claims Thieves Can Detect Wi-Fi In Sleeping Computers http://www.wired.com/gadgetlab/2010/03/security-expert-claims-thieves-can-detect-wi-fi-in-sleeping-computers/#ixzz0hKGscGjt • Hidden dangers of free public WiFi http://news.zdnet.com/2100-1035_22-149778.html
Questions? Jodi Ito jodi@hawaii.edu (808) 956-2400