Network Security

1
Network Security

• Keeping your Online Identity Safe and Secure

2
Your Online IdentityReal-World Perspective

• Today your identity online is as important as
  your physical identity
• How the world sees and responds to you.
• Losing of control of your email, User Id and/or
  passwords can be more destructive and damaging
  today than losing your wallet or purse.
• Protecting this identity must become a priority
• Threats to everyone's online identity continues
  to increase every year.

Source SANS Institute
3
Security Incidents Are on the Rise

• 1988 - 6 Reports
• 1991 406
• 1994 2340
• 1997 2,134
• 2000 21,756
• 2001 52,658
• 2002 97,812
• Projected 2003 149,652

Source CERT
4
Security Incidents
5
What are the Threats?

• Threats to Personal Data
• Unauthorized Use or Disclosure of Personal
  Financial Information
• Alteration of passwords, records, addresses
• Threats to Organizations
• Misappropriation of Resources
• Denial of Service
• Destruction of Systems or Infrastructure

6
Creating more Secure Passwords

• Observing the following rules when you create a
  password will help produce a more secure
  password
• Create as long a password as you can
  remember--passwords that are longer are almost
  always much harder to crack than those that are
  short, four to six characters in length.
• Passwords must never contain the user ID.
• Passwords should not contain any simple pattern
  of letters or numbers such as "qwertyxx" or
  "xyz123xx.
• Passwords should not include the user's own or a
  close friend's or relative's name, employee
  number, Social Security Number, birthdate,
  telephone number, or any information about him or
  her that the user believes could be readily
  learned or guessed.
• Avoid common words in the news (including names
  of people, car makes, sports teams, cities, and
  so on)
• Include numbers and special symbols in your
  password.(Passwords containing a nonnumeric
  letter or symbol in the first and last positions
  are very secure)

7
BCC Password Standards

• Novell/Groupwise
• Password must be 5-8 alpha/numeric characters
• Passwords can be changed anytime you sign on.
• Password should be changed in both Novell
  Groupwise. (Each program can have separate
  password however, this is not recommended)
• Currently Novell/Groupwise passwords do not
  expire and there is no limit on sign-on attempts.

8
BCC Password Standards

• Unisearch/NetSearch (Imaging System)
• Password must be 6-8 alpha/numeric characters
• Passwords can be changed anytime by using the
  original Netsearch sign-on screen.
• Unisearch/NetSearch will force a Password change
  every 60 days.

9
Risks to your Online Identity

• Phishing (Personal Identity Theft)
• Spoofing (Website Identity Theft)

10
Phishing

• Consumers are the target of an increasingly
  popular scam called "phishing," in which victims
  receive unsolicited, phony mass e-mails that try
  to lure them into revealing personal financial
  information. Often, the scammers pretend to be
  real companies, such as banks, credit card
  companies or Internet providers, and claim there
  has been a problem with billing or that the
  customer may have been a fraud victim.The
  message directs victims to click on a link to a
  fake Web site that looks just like the company's
  real one, where they are asked to type in
  personal information, such as Social Security
  numbers, mother's maiden name and bank and credit
  card numbers. The scam uses that information to
  steal identities and run up credit cards or order
  new ones.

11
Phishing Example

• Posing as America Online, the con artist sent
  consumers e-mail messages claiming that there had
  been a problem with the billing of their AOL
  account. The e-mail warned consumers that if they
  didnt update their billing information, they
  risked losing their AOL accounts and Internet
  access. The message directed consumers to click
  on a hyperlink in the body of the e-mail to
  connect to the AOL Billing Center. When
  consumers clicked on the link they landed on a
  site that contained AOLs logo, AOLs type style,
  AOLs colors, and links to real AOL Web pages. It
  appeared to be AOLs Billing Center. But it
  wasnt. The defendant had hijacked AOLs identity
  and was going to use it to steal consumers
  identities.
• The defendants AOL look-alike Web page directed
  consumers to enter the numbers from the credit
  card they had used to charge their AOL account.
  It then asked consumers to enter numbers from a
  new card to correct the problem. It also asked
  for consumers names, mothers maiden names,
  billing addresses, social security numbers, bank
  routing numbers, credit limits, personal
  identification numbers, and AOL screen names and
  passwords - the kind of data that would help the
  defendant plunder consumers credit and debit
  card accounts and assume their identity online.

12
Example of Phishing Email

• February 1, 2004
• Subject your access to bid or buy on Ebay has
  been restricted!
• Dear Ebay member 12674539!
• It has come to our attention that your account
  may be used by third party in a fraudulent
  activity with Ebay. as a result, your access to
  bid or buy on Ebay has been restricted. according
  to our site policy you will have to confirm that
  you are the real owner of the Ebay account by
  entering your credit card information.
• please click on the link below to get to the Ebay
  security update page and complete the form that
  will appears. after that your account information
  will be verified and you will be redirected to
  the Ebay home page. thank you. ...

13
What can you do?

• Be wary any email that directs you a website.
• Never enter your financial information on a
  website were you have not entered the WWW address
  yourself.
• Always make sure the site is secure before
  entering your credit card information

14
Secure Websites
15
Secure Websites
16
Questions?
Doug Kirby Information Technology Dkirby_at_broward.e
du