Profiles are

1
Profiles are
Forever
Forever
Forever
Forever
Forever
Safe Surfing Social Networking
Forever
Forever
Kelley Bogart, CISSP Senior Information Security
Specialist University Information Security Office
2
Agenda

• Social Networking
• Privacy Policies and End User License Agreements
• Email
• Instant Messaging
• Browser Security
• Downloading
• Typosquatting
• File Sharing and Peer to Peer (P2P)
• General Security Tips

3
Meet Freddi
72 divulged one or more email address 84
listed their full date of birth 87 provided
details about their education or workplace 78
their current address or location 23 their
current phone number 26 provided their instant
messaging screen name

• Gained access to
• photos of family and friends
• information about likes and dislikes
• hobbies
• employment details
• names of their significant other

41 of agreed divulged personal information
4
Safety Tips for Social Networking

• Adjust privacy settings to help protect your
  identity
• Set profiles to private
• Think carefully about who you allow to become
  your friend
• Facebook Security Guide
• http//security.arizona.edu/files/facebooksecurity
  .pdf
• Myspace Security Guide
• http//security.arizona.edu/myspacesecurity.pdf

5
Safety Tips for Social Networking

• Limit the personal information you provide online
• Information that can be used as security secret
  question
• Birth date
• Where and when you attended high school
• Favorite pets name
• Name of significant other
• Hobbies and interest
• Information that can affect your physical safety
• Address
• Where you work or attend school

6
Safety Tips for Social Networking
7
Privacy Polices and End User License Agreements

• Read Carefully
• Understand the agreement
• Do not agree to questionable activities

Spyware Guide EULA Analyzer by FaceTime Security
Labs http//www.spywareguide.com/analyze/index.php
EULAlyzer by Javacool Software http//www.javaco
olsoftware.com/eulalyzer.html
8
Privacy Polices and End User License Agreements
http//security.arizona.edu/skype
9
Email

• Understand the open nature of email
• Do not send information in a email that you would
  not put on a postcard
• Free email services
• Privacy Policy and End User Agreement
• Security

10
Instant Messaging

• Understand the open nature of IM
• Do no send personal information via IM

11
Browser Security
12
Browser Security
13
Download Rules

• Only download what you trust, and even then be
  wary!
• Dont take downloads from strangers
• What else are you getting with the free stuff?
• Free music file sharing programs are wide
  open doors for hackers
• Limit what you download to your computer

14
Surf Safely
http//www.siteadvisor.com/
15
Administrator vs. Limited Account

• Administrator is the boss of the system. An
  Administrator decides who uses the computer,
  which system-wide settings to use and the
  software that can be installed.
• Limited user accounts are the normal users.
  They can run software already installed and
  change their own account picture and password and
  documents, but that's about it.

16
File Sharing

• Risks associated with file sharing
• Exposure of sensitive or personal information
• More susceptible to attack
• Installation of malicious code

17
Peer-to-Peer (P2P)
18
Typo / Cyber Squatting
Swapped Characters Swap characters one at a
time. Example yuotube.com. Replaced Characters
Replace characters one at a time. Example
wschovia.com. Inserted Characters Insert one
character. Example Newgroounds.com. Deleted
Character Remove one character at a time.
Example cartonnetwork.com. Missing dot Remove
the dot between the www and the domain.
Example wwwmicrosoft.com.
19
Typo / Cyber Squatting
Example where Google.cm re-directs to this site
which resulted in 482 spammy e-mails
20
Typo / Cyber Squatting
Example where Google.cm re-directs to this site
which resulted in 482 spammy e-mails
21
Use of public access computers

• Limit what you do
• Erase your tracks (clear history)
• IE (Tools, Internet Options, General tab, Delete
  Browsing History)
• Firefox (Tools, Options, Privacy tab, clear
  private data)
• Do not save files locally
• Dont save passwords
• Watch for over the shoulder
• Delete temporary files
• Exit programs and close browser when you leave

22
Other General Awareness Sessions

• ANTIVIRUS IS NOT ENOUGH  Securing Home Computers
  
• LICENSE TO STEAL  What Your IT Staff CAN'T Do
  For You  
• FROM RUSSIA WITHOUT LOVE  Identity Theft
  Phishing  
• SPY ANOTHER DAY  Botnets and Spyware  
• NOT FOR YOUR EYES ONLY  Securing Wireless and
  Mobile Devices  
• PROFILES ARE FOREVER  Safe Surfing Social
  Networking

http//security.arizona.edu/SAFE08
23
Questions?
Kelley Bogart Senior Information Security
Specialist bogartk_at_email.arizona.edu University
Information Security Office iso_at_u.arizona.edu 626-
8476 (UISO) Awareness Presentations will be
available at http//security.arizona.edu/safe08