Security Awareness http:security.nsu.edu

1
Security Awarenesshttp//security.nsu.edu

• Protect Your PC

2
Security AwarenessProtect your PC Update

• Update your OS
• Operating Systems are not perfect. As they get
  older, vulnerabilities and errors are found and
  exploited.
• Updates are intended to fix these.
• Windows has a built in feature called Automatic
  Updates. Enabling it will ensure your system
  stays up to date.
• http//windowsupdate.microsoft.com
• Update all other Software
• Microsoft Office can be updated online.
• Most other third party applications contain a way
  to update them. Many are automated.

3
Security AwarenessProtect your PC Update
4
Security AwarenessProtect your PC Passwords

• Passwords are a primary way of accessing your or
  your institutions data. They need to be strong.
  Make sure all accounts have one.
• Do not use personal information. Names,
  addresses, nicknames, hobbies, etc are easy to
  guess.
• Do not use the same password for everything
• When asked to change, do not use the same
  password with a minor change.

5
Security AwarenessProtect your PC Passwords

• Strong passwords are comprised of
• Minimum of 8 characters
• Combination of at least three of the following
• Lower case letters a b c
• Upper case letters A B C
• Numbers 1 2 3
• Symbols ! _at_

6
Security AwarenessProtect your PC Passwords

• Passphrases can used
• Take a phrase and use the first letter of each
  word.
• Punctuation marks can be used
• Capitalize some of the letters
• Switch symbols for letters

7
Security AwarenessProtect your PC Passwords

• Passphrase example
• Mary had a little lamb, its fleece was white as
  snow.
• M h a l l , i f w
  w a s .
• Mhall,ifwwas.
• Mh411,!fWW45

8
Security AwarenessProtect your PC Login

• Disable Automatic Login
• For newer versions of Windows, setting a password
  will prevent the system from booting into an
  account
• Disable the Welcome Screen
• This is will cause Windows to use the classic
  login screen instead of advertising accounts that
  are available.

9
Security AwarenessProtect your PC Login
10
Security AwarenessProtect your PC Accounts

• Windows has two administrator accounts for users
  when installed.
• Set strong passwords for both
• Only use admin accounts for admin tasks like
  installing software or making operating system
  changes
• Create user accounts for all users
• This adds privacy and security to individuals
  data
• Prevents unauthorized users from installing
  software or changing the operating system
• When online, some sites will attempt to install
  software, some of it is malicious in nature
• Disable the Guest account
• This is the default state for newer operating
  system, so verify

11
Security AwarenessProtect your PC Accounts
12
Security AwarenessProtect your PC Firewall

• Windows has a built in Firewall.
• Firewalls prevent unauthorized traffic from
  entering the computer
• Example PCs can be remotely controlled. A
  firewall can prevent remote users from doing this
• Verify the Windows Firewall is enabled
• Enabled by default in service pack 2 and above
• There are third party firewalls available
• ZoneAlarm
• Free for personal use
• http//www.zonelabs.com
• Hardware based firewalls can be incorporated into
  routers
• Used predominantly with home networks
• Only use one at a time

13
Security AwarenessProtect your PC Firewall
14
Security AwarenessProtect your PC Anti-Virus

• Virus is a term that is used to refer to
  malicious software. In reality, it is one of
  many types of software that has malicious intent
  (malware).
• Viruses
• Worms
• Trojan Horses
• Key-loggers
• etc
• Can
• Destroy data
• Cause hardware failure
• send sensitive information to others
• etc

15
Security AwarenessProtect your PC Anti-Virus

• Malware is spread through
• Email
• Web Browsing
• Intentionally included in what looks like
  legitimate software. The user is usually
  prompted for installation.
• Example Gator is part of some screensaver
  installs
• Intentionally included in web site
• Web site is hacked and when visited, malware is
  downloaded
• External data devices
• CDs
• External Hard Drives
• Floppy
• Flash (USB) drives
• Remote attacks

16
Security AwarenessProtect your PC Anti-Virus

• Protect your PC by installing an Anti-Virus
  program
• Update it daily, automatically if possible.
• Scan your PC on a regular basis. If possible,
  setup automatic scanning.
• Although it is possible, it is not recommended to
  use multiple AV programs on the same PC at the
  same time.
• Some Manufacturers will include AV software in a
  suite that provides other protection
• Example Nortons Internet Security includes
• Firewall
• Spam filter
• Parental Controls

17
Security AwarenessProtect your PC Anti-Virus

• Available
• Free
• AVG
• Free for personal use
• http//free.grisoft.com
• Avast
• Free for Personal use
• http//www.avast.com
• Nominal Fee
• McAfee
• Can be purchased as part of a security suite
• Http//www.mcafee.com
• Norton
• Can be purchased as part of a security suite
• http//www.symantec.com

18
Security AwarenessProtect your PC Anti-Virus
19
Security AwarenessProtect your PC Anti-Virus
20
Security AwarenessProtect your PC Anti-Spyware

• Spyware is another type of Malware. The main
  purpose behind Spyware is to monitor your
  activities and transmit them to a third party,
  usually, without your consent.
• Example Popup Ads
• Spyware is generally installed via malicious or
  hacked web sites, but, it is possible to get
  spyware the same way as a virus.
• Example Cool Web Search Toolbar

21
Security AwarenessProtect your PC Anti-Spyware

• Install an Anti-Spyware Program.
• In most cases, more than one can be used.
• Keep it up to date. Automatic updating is
  available in some.
• Scan your PC on a regular basis. If possible,
  setup automatic scanning.
• Micorsoft provides an Anti-Spyware program called
  Windows Defender. It is currently in Beta, which
  means it is still being tested, but available to
  general public without warranty.
• Updated via Automatic Updates
• http//www.microsoft.com/athome/security/spyware/s
  oftware/default.mspx

22
Security AwarenessProtect your PC Anti-Spyware

• There are many free third party Anti-Spyware
  programs available. (Be careful though, some
  spyware programs are actually spyware.)
• Spybot Search and Destroy
• Free
• http//www.safer-networking.org/
• Lavasofts Ad-Aware
• Free for Personal Use
• http//www.lavasoft.com
• SpywareBlaster
• Free
• Prevents Spyware from being installed.
• http//www.javacoolsoftware.com/spywareblaster.htm
  l

23
Security AwarenessProtect your PC Anti-Spyware
24
Security AwarenessProtect your PC Anti-Spyware
25
Security AwarenessProtect your PC Anti-Spyware
26
Security AwarenessProtect your PC Lock-it or
Logout

• Lock your PC when you leave it unattended.
• Many times, users will be working on sensitive
  information and leave for a break, meeting or
  other need, leaving this and other potentially
  sensitive data accessible from their desk.
• Lock the screen by
• Press and release, at the same time, the
  CTRLALTDEL keys (not the key) to bring up
  the Window Security window and click Lock
  Computer
• Set up a screensaver, set it for a short period
  of time (5 minutes) and set it to prompt for a
  password on resume.
• Press and release, at the same time, the
  WindowsL keys.
• If you dont want to lock-it, then logout or
  shutdown.
• If the PC is off, people cant attack it or
  access its data.

27
Security AwarenessProtect your PC Lock-it or
Logout
28
Security AwarenessProtect your PC Lock-it or
Logout
29
Security AwarenessProtect your PC
Lock-it/Logout
30
Security AwarenessProtect your PC Wireless

• Wireless home
• Use encryption
• Changes the format of the data between the access
  point and your PC
• WEP Wired Equivalent Privacy (insecure)
• WPA Wi-Fi Protected Access
• Uses a passphrase/pre-shared key
• WPA2
• Use preferred networks
• Those that you setup or know who owns them
  (NSUWIFI)
• Use access points, not PC to PC communication (ad
  hoc)
• Public access points allow anyone to connect,
  which means anyone can see what you are sending
• Disable your wireless network adapter when not in
  use
• Using another persons access point without their
  consent is illegal

31
Security AwarenessProtect your PC Wireless

• NSUWIFI provides wireless access for faculty,
  staff and students
• Information available at http//www.nsu.edu/wifi/
• WPA2 is used for encryption
• TKIP (Temporal Key Integrity Protocol)
• Changes keys dynamically to prevent attackers
  from finding the (single) key used for
  encrypting data
• NSU userid and password required to gain access
  to the wireless network
• NSU monitors for unauthorized access points
• Future plans for guest access

32
Security AwarenessProtect your PC Wireless

• Bluetooth
• Designed for short wireless communications over
  short distances
• Bluesnarfing
• Acquiring phonebooks, pictures, calendar
• Paris Hiltons phone was cracked
• Bluetracking
• Tracking your movement based on the unique
  address of the device
• Bluebugging
• Send commands to a bluetooth device
• Make it call you which means an attacker could be
  listening
• Bluetooth sniper rifle
• How To Building a BlueSniper Rifle - Part 1
• http//www.tomsnetworking.com/2005/03/08/how_to_bl
  uesniper_pt1

33
Security AwarenessProtect your PC Parental
Controls

• Parental Controls allow parents to control what
  their children do online.
• Block web sites, chat, pop-ups
• Allows you to monitor activity
• Web sites visited
• Keyloggers
• A few that get decent ratings and are a nominal
  fee
• CyberPatrol (Appears to be the highest rated
  overall)
• http//www.cyberpatrol.com/
• CYBERsitter
• http//www.cybersitter.com/
• NetNanny
• http//www.netnanny.com

34
Security AwarenessProtect your PC Add-ons

• Many Web sites or files require additional
  software to be installed in order to view.
• These viewers are usually free and easily
  accessible.
• Adobe Acrobat Reader is needed to view PDF
  documents.
• Windows Media Player or QuickTime may be required
  to watch certain videos or listen to music
• Other sites may have programs that will improve
  your computing experience
• Firefox is another popular web browser
• Google Toolbar will prevent pop-ups in Internet
  Explorer while providing a quick way to search
  the internet.
• To get these, go directly to the manufacturers
  site.
• Acrobat Reader is available from Adobe
• The latest version of Windows Media Player is
  available through Microsoft
• QuickTime is available through Apple
• If not sure, research the program. If still not
  sure, dont install.

35
Security AwarenessProtect your PC Browsing

• Be careful when browsing
• Misspelling or mistyping a word, even one
  character off, can take you to a web site that
  may be objectionable or malicious in nature.
• Use an alternate browser.
• Helps avoid site redirects or phishing.
• Prevents certain sites from taking advantage of
  flaws in Internet Explorer
• Firefox has additional add-ons that can be used
  for additional security
• Free
• Second most used web browser (behind Internet
  Explorer) and gaining more ground each day.
• http//www.getfirefox.com
• Watch for redirection. Redirection is when you
  click a link on a site and end up at another web
  site. Phishing scams can take advantage of this.
• Watch the contents of the location or address
  bar. This is where you will detect the
  redirection.
• When going to a site that may need personal
  information, go directly to the web site.
• Disable pop-ups.

36
Security AwarenessProtect your PC Browsing
37
Security AwarenessProtect your PC Email

• Be wary of email from addresses you do not know.
• Typically SPAM or phishing attempts
• Use caution with attachments.
• Programs should not be sent through email.
• Avoid sending personal information through email.
• Email is in clear text.
• Do not send social security numbers or credit
  card info.
• Do not send usernames or passwords.
• Do not click links for banking institutions.
• Financial Institutions do not ask for personal
  information through email. It is only used to
  distribute information.
• Contact your financial institution in person or
  telephone.
• There are alternative email clients available,
  but they may require additional computing skills.

38
Security AwarenessProtect your PC Backup

• Backup your data regularly
• Windows has a built in backup utility.
• Backup programs with automation are available.
• Simple methods include
• Burning specific files to CD.
• Copying them to flash (USB) drives or memory
  cards.
• Copy the data to another computer
• Fee based subscriptions are available online.
• Floppy Disks are too small for most data.

39
Security AwarenessProtect your PC NSU Policies

• NSU policies are available from
• http//www.nsu.edu/policies
• Policy 60.201 Acceptable Use of Technology
  Resources
• Policy 62.002 Computer Systems Passwords
• http//www.nsu.edu/forms
• Resource Authorization Request / OIT Request Form
  Information Security Access Agreement
• http//www.nsu.edu/oit/policies
• Policy 61.002 Electronic Data Privacy and
  Ownership

40
Security AwarenessProtect your PC Further Info

• Credit Reports
• 1 free report per year
• https//www.annualcreditreport.com
• Symantec Security Check
• Online check for exposure and or common viruses
• http//security.symantec.com/sscv6
• National Security Agency Security Configuration
  Guide
• http//www.nsa.gov/snac
• National Institute of Standards and Technology
  (NIST) Computer Security Resource Center (CSRC)
• http//csrc.nist.gov/
• National Do Not Call Registry
• http//www.donotcall.gov
• Child Safety Online
• http//www.fbi.gov/publications/pguide/pguidee.htm
  
• http//www.microsoft.com/athome/security/children

41
Security AwarenessProtect your PC Advanced

• These options are available, but, generally
  recommended for advanced users
• Disable/Remove Windows Components
• Disable unnecessary Windows services
• Use alternate email client
• Thunderbird
• http//www.getthunderbird.com
• Enable Auditing
• Microsoft Baseline Analyzer
• Port Reporter and Parser
• Root Kit Detection tools
• HiJackThis.exe
• Use encryption for files and email
• Use GeSWall

42
Security AwarenessProtect your PC Advanced

• Advanced options
• USE LINUX