Upload
vuanh
View
221
Download
1
Embed Size (px)
Citation preview
Information Security Awareness
IT Security
Agenda
Recognizing Confidential Information
Protecting Yourself
Your Password
Recognizing Secure Websites
Email Security
Phishing
Protect Your Computer
Antivirus
Software Updates
Virtual Private Network
Useful Links
Recognizing Confidential Information
Create Strong, Memorable Passwords
1. Think of a sentence you can remember
“My son Aiden is three years old.”
2. Does the system allow passphrases?
3. Convert phrase to password
“msaityo”
4. Add complexity
“My SoN Ayd3N is 3 yeeRs old”
“MsAy3yo”
5. Substitute some special characters
“MySoN 8N i$ 3 yeeR$ old”
“M$8ni3y0”
Password Strategies to Avoid
Avoid sequences or repeated characters
“12345678”, “222222”, “abcdefg”, “asdfjkl;”
Avoid using only look-alike substitutions of numbers or
symbols
“M1cr0$0ft”, “P@ssw0rd”
Do not use your login name
Avoid dictionary words in any language
Avoid using the same password everywhere
Sticky notes under the keyboard (or elsewhere)
Keep Your
Password Secret
Do not reveal to others
Protect any recorded
passwords
NEVER provide your
password over e-mail or
based on an e-mail request
Change your passwords at least once a semester
Do not type passwords on
computers that you do not
control (trust)
Only enter passwords into
secure sites
Recognizing Secure Websites
https://
Yellow lock in location or status bars
Blue or green location bar
Firefox Examples
Internet Explorer Examples
Email Security
Most email communication within Bowdoin (a „bowdoin.edu‟ address) is secure
Any message forwarded or sent outside of Bowdoin is 100% insecure** – think of it like a posting on a bulletin board
Do not automatically forward your mail to an outside email account
Be wary of who you forward or send email to within Bowdoin – they may forward mail outside of Bowdoin
** Encryption may be used to secure some communications
Email Security (2)
Do not trust that an email came from the person in the
“From” field
Be wary of attachments received by email – they can
contain viruses
Even Word, Excel, PDF, and picture documents can contain
viruses!
An attachment from someone you know can contain a virus
If you access mail from a mobile device (iPhone, Treo,
Blackberry, etc):
Use a PIN or password to lock the device when not in use
Report lost or stolen devices immediately
Phishing
Mass email sent claiming to be from reputable / trusted organization
May include links to a fake website
May ask you to reply with your username and password
May ask for other personal information (credit card, social security, mother‟s maiden name, etc)
Some are poorly written
Generally do not make sense (out of context)
Mail may originate from or reply to free mail services (Yahoo, Gmail, Hotmail, etc)
Bowdoin will NEVER request your password be sent by email
Antivirus
Sophos is used by the college and available for use on
your home computer
Your work computer is managed and updated by IT
If you do work at home, your home computer must have
an updated antivirus package
Sophos Active
(blue)
Sophos Inactive
(grey)
Automatic Updates and Firewall
Virtual Private Network
Creates a protected connection to the Bowdoin network
Think of it as a dedicated tunnel through the Internet –
no one can see what is in your tunnel
Download from IT software site
QUIZ
Is this a secure site? Why?
Is this a secure site? YES!
Is this Phishing? Why?
Is this phishing? YES!
Is this Phishing? Why?
Is this Phishing? YES!
Is this Phishing? Why?
Is this Phishing? YES!
Is Sophos Working? Why?
Is Sophos Working? Sort of…
Is this Phishing? Why?
Is this Phishing? YES!
Questions?
Reference
Bowdoin Software Download Site (Sophos, VPN)
https://www.bowdoin.edu/agreements/
VPN Instructions
https://www.bowdoin.edu/it/network/vpn/index.shtml
Password Change Website
https://mymail.bowdoin.edu
Information Security Policies
http://www.bowdoin.edu/it/contact/security.shtml