Computer and Internet Security Issues Its going to effect YOU PowerPoint PPT Presentation
1 / 22
Title: Computer and Internet Security Issues Its going to effect YOU
1
Computer and Internet Security Issues Its
going to effect YOU!
- Guy Starsnic, Network Security Analyst
- Neal Vines, IT Director
- Michelle Weaver, IT Manager
2
We deal with a lot of data
- One Terabit is roughly equivalent to 32 million
two-hundred fifty page books - By that measure, for the high month during the
first six months of 2006, the data backbone
transferred the equivalent of approximately
88,000,000,000 two-hundred fifty page books. (Or
2,838,709,677 of them per day on average).
3
Penn State - More Numbers
- On any given day more than 100,000 individual
computers are connected to the Penn State network - On 28 February, more than 54,000 of them
communicated out to the Internet - On February 28, 2006 more than 2,900,000
separate systems attempted to talk to Penn State
from the Internet - 10 of the traffic coming from the Internet to
Penn State that day was blocked by filtering at
the border (In other words, it was likely hostile
activity subject to simple blocks)
4
Hostile Probes February 28, 2006
- Exploits against Penn State were attempted from
multiple locations in the United States and
abroad including Korea, Japan, China, Brazil,
United Kingdom, Russia, Chile, Austria, Uruguay,
Turkey, Taiwan, Switzerland, Spain, Peru, Mexico,
Kuwait, Italy, India, Hungary, Hong Kong, France,
Argentina, Africa - Top hostile probe award went to a system in Spain
with 948,708 hostile attempts
5
3 and 31Perhaps the Scariest Numbers
- Average time between public disclosure of a
vulnerability and the existence of an exploit for
it - 3 days - Average time between public disclosure of a
vulnerability and a patch for it - 31 days - Approximately 28 days (average) from the time an
exploit was released until there is a patch
6
Universities in General HaveIssues we MUST
Correct
- Educational institutions accounted for over 50 of
the more than 300 major data breaches in 2006,
according to the Privacy Rights Clearinghouse,
exposing Social Security numbers, bank account
information and other sensitive personal data - According to the Treasury Institute for Higher
Education of the 321 information security
breaches nationwide reported in 2006, 84 or 26
were at education institutions. This 26 share
for Education is particularly disproportionate
when we consider that education represents only a
small percent of total payment activity
nationwide. As a result, financial institutions
and card issuers increasingly view education
institutions as risky merchants
7
University Initiatives
- Password change policy
- IPAS
- Phase I (credit card security)
- Phase II (data security)
- Firewall security
- Identity and Access Management
- These initiatives will impact everyone
affiliated - with Penn State.
8
IPAS
9
University of Iowa-May 18, 2005
- Unauthorized accessed to a computer containing
credit card numbers and student / employee ID
numbers of 30,000 people - One card was fraudulently used
- American Express conducted an Investigation
- Publicly damaged the reputation of University of
Iowa
10
UCLA-December 12, 2006
- A database with information on over 800,000
people is fraudulently accessed - Exploited vulnerability in the application
- An Investigation revealed that SSNs of 28,500
staff were illegally retrieved. - UCLA had to send out 800,000 notification letters
and setup a hotline for affected individuals.
11
US Department of Ag
- OIG report stated -
- 95 computers were stolen between October 2005 and
May 2006 - Lack of policies or procedures to adequately
report thefts - No controls to prevent employees from storing
Privacy Act / Sensitive Information
12
Information, Privacy and Security (IPAS) Project
- University-wide mission to enhance the data
security practices at Penn State. - Primary goal is the assure the privacy of
critical information and to comply with internal
policies and external regulations affecting Penn
State.
13
Information, Privacy and Security (IPAS) Project
- Will require departmental commitment of staff
time and budget allocations to implement and
maintain a secure environment.
14
Information, Privacy and Security (IPAS) Project
- Phase I affects how the University processes
credit card transactions in compliance with a
consortium of credit card companies. (Payment
Card Industry) - Phase II ensuring the security and privacy of
all Penn State institutional information
15
IPAS Phase I
- There are risks to processing credit card
transactions - IPAS - Phase I directs how that risk must be
reduced period. - Reduced risk helps protect consumers and Penn
States reputation
16
IPAS Phase I
- A secure environment must be created and
maintained when processing credit card
transactions - Written Policies
- Secure computers and networks
- Paper
- People
17
IPAS Phase I
- The College must
- Create, maintain, and enforce a secure
environment - Perform audits of equipment and personnel
conducting credit card transactions regularly.
18
IPAS Phase I
- University will audit the College
- Payment Card Industry will audit the University
- Compliance No action taken
- Non-Compliance Hefty fines can result, and/or
loss of ability to process credit cards
19
IPAS Phase II
- Protect Penn State Institutional Information
- Data Classification
- HIPPA, FERPA, GLBA
- State and Federal Laws
- State and Federal Agency Polices and Regulations
20
Prevention
- Read and send e-mail as Text Only
- Avoid using Preview Pane
- Keep Outlook up-to-date
- If you dont know the sender of an unsolicited
e-mail, delete it - Never purchase from or respond to spam, dont
click links in spam
21
- Think before you provide your e-mail address
online - Have 1 or 2 secondary e-mail addresses for online
purchases or web registrations
22
- Protect your passwords
- dont share
- dont write them down
- Create secure passwords
- use symbols, numbers, and a mix of capital and
lower case letters - Regularly change your passwords
- Dont click on links in e-mails type in the URL
Recommended
