1 / 65

Security Awareness Month: Security Tips for Protecting Ourselves Online

Security Awareness Month: Security Tips for Protecting Ourselves Online. Friday, October 30th, 2009 Brian Allen ballen@wustl.edu Network Security Analyst, Washington University in St. Louis http ://nso.wustl.edu/presentations/. Let’s Talk About…. Home Wireless Router Security:

oistin
Download Presentation

Security Awareness Month: Security Tips for Protecting Ourselves Online

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Awareness Month:Security Tips for Protecting Ourselves Online Friday, October 30th, 2009Brian Allen ballen@wustl.eduNetwork Security Analyst,Washington University in St. Louishttp://nso.wustl.edu/presentations/

  2. Let’s Talk About… • Home Wireless Router Security: • Facebook/Social Network Security: • Password Security: • AV Products: • Laptop Security: • Parental Control software: • Browsing with Firefox Addons: • Online Banking:

  3. pics1

  4. Twitter Phish 1 of 2

  5. Twitter Phish 2 of 2

  6. Password Topics

  7. Parents’ Password Cracked On First Try The Onion News Feb 27, 2002 • REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password. “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account. • Experts advise parents to secure Internet accounts with any password besides the name of a family pet

  8. Free Password Managers 1. Password Safe: www.schneier.com/passsafe.html • Bruce Schneier’s Project 2. KeePass: keepass.info • LastPass: lastpass.com - Firefox Plugin 4. Mac KeyChain: 5. PassPack: www.passpack.com • An online password manager

  9. Commercial Password Managers 1Password - 1passwd.com Keeps track of all web passwords, automates sign-in, guards from identity theft for $39.95 Roboform - www.roboform.com $29.95 for the Professional version

  10. Some Key Threats to Passwords Brute force or dictionary attacks Keystroke loggers Social engineering/Phishing

  11. Three KeePass Features • Require two factor authentication to access your keepass database

  12. KeePass – Opening the Database

  13. KeePass – The Main Interface

  14. KeePass – Individual Entry

  15. A Few KeePass Features • Require two factor authentication to access your keepass database • Drag and drop username and passwords into forms

  16. Drag & Drop

  17. A Few KeePass Features • Require two factor authentication to access your keepass database • Drag and drop username and passwords into forms • Autotype username and passwords into forms – a bit advanced

  18. Some Solutions You really need two factor authentication to protect the password database Don't trust any machine other than your own to enter a password that protects anything sensitive Using a machine you don’t trust? Carry a Live CD of your favorite flavor of linux and boot off that

  19. Long Password ExpirationsCan Be Good Prevention of brute force password theft primarily comes from having strong passwords, not from regularly changed passwords Strong passwords are more likely to be remembered if they are not changed often

  20. Extra Long Password Expirations Could Be Bad We assume users will share their passwords: with Students with Staff with Friends with Family, etc. Putting a ceiling on the life of a password will keep these from lasting forever

  21. Antivirus • I look for: • the fastest • update themselves automatically • have an easy to use interface • Symantec Endpoint • AVG = http://free.avg.com • AntiVir = http://www.free-av.com • Avast = http://www.avast.com

  22. Symantec Endpoint (Symantec 11)

  23. From CNET.com Editor Reviews AVG Popularity: * Total downloads 227,792,675 * Downloads last week 1,737,919 AntiVir Popularity: * Total downloads 61,994,231 * Downloads last week 905,902 Avast Popularity:  * Total downloads 60,978,532 * Downloads last week 737,028

  24. Avira Interface

  25. AVG Interface

  26. AVG Will Check Every Email

  27. AVAST Interface

  28. Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family

  29. Change The Default Password

  30. Firewall Is On By Default

  31. WPA2

  32. MAC Address Filtering

  33. Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family

  34. Laptop Tracking Software

  35. Key Questions to Consider • How hard is it to disable or remove the software? • Who will have access to the collected data? • A department? • The company? • Individuals? • What type of data is collected? • How many laptops are lost or stolen every year?

  36. LoJack Pros • Very difficult to disable • Asset tracking • The company, only with the user’s permission can log in to: • Take pictures • Erase the hard drive • Will work with police to recover the laptop

  37. LoJack Bios Compatibility Asus Dell Gammatech Getac Gateway General Dynamics HP Fujitsu Lenovo (IBM Thinkpad) Motion Computing Panasonic Toshiba

  38. LoJack Cons • Bios compatibility does not include Macintosh • 40% student machines are Macs • Most Expensive - $49 per laptop • The company can get access into laptops, although it is only to be initiated by the owner after it is reported stolen

More Related