Dark Alleys of the InternetPart 1
Dark Alleys of the InternetPart 1
ACE/NETC 2007June 19, 2007
Albuquerque, NM
SecuritySecurity
» Security is the condition of being protected against danger or loss (http://en.wikipedia.org/wiki/Security)
» Tradeoff between risk to assets & mitigation of risk to those assets
“But I Have Nothing”“But I Have Nothing”» How Wrong!
• Pass your wallets down the row• Pass your cell phones down the
row• Pass your list of phone numbers
down the row
» Recognize that you have something of value on the computer or network
Assets?Assets?
AssetsAssets
» University Financial System» Personally Identifiable
Information (PII)» Clients’ PII» Your account» Credit Cards» Phone Companies
PasswordsPasswords» A common security solution is
password» No reason to share password
because you can:• Share files/folders• Remote Desktop• E-mail Proxy• Online Resources like Google Docs
Managing PasswordsManaging Passwords» Trade-offs
• Different passwords for different systems• Require passwords to change
» Password Managers• Password Safe
http://passwordsafe.sourceforge.net• Others
http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html
» Choosing a good passphrase• “1wbiDCH” (I was born in Dale County Hospital)http://www.aces.edu/extconnections/2006/10/
Safely Using EmailSafely Using EmailAvoid hoaxes and phishing
attempts
HoaxesHoaxes» Trickery» Please forward» Usually harmless» Waste time and resources
Phishing Clues Phishing Clues » Return address appears to be legitimate» Warns of consequences unless urgent action is taken» No personal info or account name/number in message» Name of link doesn’t match destination
• Name of link: https://www.firstnational.com• Destination of link:
http://www.sargonas.con/firstnational/login.htm» Link is not secure (HTTPS)
http://www.aces.edu/extconnections/2006/12http://www.wikipedia.org/wiki/Phishinghttp://jdorner.blogspot.com/2007/03/every-now-and-then-i-come-across.html
Don’t Become A VictimDon’t Become A Victim
» “Google” a sentence from the message to see if it’s a hoax or phishing attempt
» Never click on web links and be mindful of HTTPS
» Only open attachments which are in expected messages (just because you know the sender doesn’t mean the message is legitimate)
Protecting You and Your Operating System
Protecting You and Your Operating System
Ways to Secure MS WindowsWays to Secure MS Windows
» Install virus protection software» Turn on the Windows firewall» Turn on Windows updates» Use spyware/adware prevention
software» Use Windows Security Center» Use limited accounts» Use password for every account
Virus Protection SoftwareVirus Protection Software» Install & routinely update virus protection
software• McAfee
• Virus Protection Only!• Purchase from any Office Supply Store
• AVG• Free for non-commercial use• Download at www.downloads.com
• Symantec (Norton)• Resource intensive
Windows FirewallWindows Firewall» Choose
“On”» Only unblock
programs that you trust
Windows UpdatesWindows Updates
» Select “Automatic (recommended)”
» Select “Everyday”» Choose an
appropriate time» Leave computer
on! (check sleep/ hibernate)
Spyware/MalwarePrevention Software
Spyware/MalwarePrevention Software
» Preventative—combine w/ Reactive• Windows Defender
http://www.microsoft.com/athome/security/spyware/software/default.mspx
• AVG Anti-Spywarewww.downloads.com
» Reactive (run once a week)• Spybot
www.downloads.com• Adaware
www.downloads.com
Security CenterSecurity Center
» Ensures:• Firewall is on• Automatic
updates are installed
• Virus protection installed & up-to-date
Security CenterSecurity Center
You don’t want the RED or Yellow shield
Click on the shield to fix the problem
Limited AccountsLimited Accounts» Prohibited from installing software
• Prevents installation of malware/viruses• User has access to currently installed
software» Prohibited from accessing Administrator’s
documents & settings• Prevents changes to administrator
password• Prevents access to Administrator’s
Documents, Desktop, etc.» Create/modify system accounts under
“Control Panel/User Accounts”
Limited AccountsLimited Accounts
» Easily switch between accounts
» Leave programs running while others login (windows-L)
Home NetworkingHome NetworkingEveryone Needs a Router!
Home Networking RoutersHome Networking Routers» One internet connection,
multiple computers» Firewall protection» Access restrictions
One Internet ConnectionOne Internet Connection
Firewall ProtectionFirewall Protection» One-way valve that lets you out, but doesn’t
let intruders in• Prevents unauthorized access to your
computer(s)• Hides your computer(s) from the internet while
still allowing access to the internet
» Justification: Attacks on AU (week of 5/28-6/02)
• 90,540 blocked• 25,147 suspicious• 3,893 possibly successful
Access RestrictionsAccess Restrictions
» Control when a computer can access the internet
• Deny/Allow by website or keyword
» Multiple configurations
• Everyday or only on school days etc.
• All the time, or only between 4p.m. & 10p.m, etc.
Secure WirelessSecure Wireless» Disable wireless, if you’re not using it» Most routers can be configured w/a CD» What can be done manually?
• Change the SSID (wireless network name)• Disable SSID Broadcast (make it invisible)• Require a password to join the wireless
network• Restrict by MAC address
Questions?Questions?
Thank You!Greg Parmer, Jonas Bowersock,
Scott Snyder, Anne Adrian