1 / 29

Protecting Yourself Keeping Your Secrets Secret November 11, 2004

Learn practical information and guidelines for protecting yourself and your information on the internet. Understand risks, scams, viruses, phishing, and other online threats.

seabrooks
Download Presentation

Protecting Yourself Keeping Your Secrets Secret November 11, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting YourselfKeeping Your Secrets SecretNovember 11, 2004 Arlene Yetnikoff Director of Information Security DePaul University

  2. Information Security at DePaul • Who we are • Information Services - Business Continuity and Security Group (BCS) • Web Site • http://is.depaul.edu/security/information_security/ • http://security.depaul.edu • Email Addresses for BCS team • Bill Eaheart - weaheart@depaul.edu • Eric Pancer – epancer@security.depaul.edu • Arlene Yetnikoff – ayetniko@depaul.edu • Ed Gregory – egregory@depaul.edu • Cheryl Barkby - cbarkby@depaul.edu • Maybelline Davis - mdavis@depaul.edu • Reporting security incidents • security@depaul.edu • abuse@depaul.edu Information Security

  3. Today • Provide practical information • General guidelines for protecting yourself and your information on the Internet • No Silver Bullet • Understanding risks and scams is critical • Presentation available at: • http://is.depaul.edu/security/information_security/presentations.sap Information Security

  4. Agenda • Viruses • Phishing • Other scams • Spam • Cryptography • Email Tips • Questions and Discussion Information Security

  5. Viruses • What do they look like? • Attachment • From someone you don’t know or someone you know very well • Usually will have a very impersonal note in it • How do they work? • Automated • Honor system • What should you do when you get one? • Delete key • Stinger - http://vil.nai.com/vil/stinger/ Information Security

  6. Viruses • How can you prevent all viruses? • How can you prevent many viruses? • AVG – www.grisoft.com • Symantec security check - http://www.symantec.com/cgi-bin/securitycheck.cgi • Are some files more likely than others to carry viruses? • Errrr…..well…..yes • But don’t let that make you feel comfortable with other files. Information Security

  7. Phishing • Attempts to get personal information for the objective of identity theft or theft of money • What do phishing scams look like? • I checked the url in the email – it looks okay, can I click? • Fun Practice • phishing IQ test • http://survey.mailfrontier.com/survey/quiztest.html • http://www.netriplex.com/phishfraud/phishing_test.aspx • Unsure? • Ask us – security@depaul.edu Information Security

  8. Other Scams • Nigerian – 419 fraud • Foreign lotteries • Postcard drives, name frequency surveys Information Security

  9. Spam • What is Spam? • Why do people send Spam? • How can I tell who it is from? • How do ‘spammers’ get my email? • If I ‘unsubscribe’ will it stop? • What is an open relay? • How can I prevent Spam? Information Security

  10. What is Spam? • Email • Unwanted • Inappropriate • Unsolicited (UCE) Information Security

  11. Why do people send Spam? • Equivalent to junk mail • Difference • junk mail is a cost for the sender • spam is a cost for everyone else • Attempting to sell products and services Information Security

  12. How can I tell who it is from? • Majority of the time you cannot tell the origin • Very sophisticated • open mail relays • Ethical? • Check the email headers • one time accounts • forged headers Information Security

  13. What is an open relay? • Open mail relay • mail server processes a mail message where neither the sender nor the recipient is a local user • Problems • In the past, third party mail relaying was a useful tool – remote users • Open mail relays pose a significant threat to the usefulness of email. • Abuse occurs when massive amounts of mail are relayed through an otherwise unrelated server. • Costs – storage space, bandwidth, time Information Security

  14. Open Mail Relay Information Security

  15. Email Headers • Viewing email headers on Groupwise • Open the offending email • Choose File > Attachments > View. • You can view the message headers by clicking on the attachment ‘Mime.822’ Information Security

  16. Reading Email Headers • http://www.stopspam.org/email/headers.html • Check www.google.com for more Information Security

  17. How do ‘spammers’ get my email? • Harvesting WebPages • Harvesting Newsgroups • Guessing • Buying lists from other spammers or companies • From a mailing list • By people themselves • Other ways Information Security

  18. If I ‘unsubscribe’ will it stop? • Do not respond to spam • By responding you: • Verify that your email address is valid. • Verify that you actually read the mail, and took the time to reply to it. • Show a lack of anti-spam knowledge to the spammer • Increase the chances that you will receive more spam Information Security

  19. How can I prevent Spam? • May be able to limit spam • Use a separate email address when you post to newsgroups and mailing lists • NEVER buy anything from a company that spams. Don't visit their sites or ask for more information. • Do not forward chain letters, petitions, mass mailings, or virus warnings • Protect your email address • Filter from your inbox • Use a commercial product. • Some email services may have a spam report feature. Information Security

  20. Filtering Email • Researching Possibilities • Pro’s • May limit some spam • Con’s • Can slow mail delivery • May drop legitimate mail • Managing filters • New ways to deliver Information Security

  21. Cryptography • Terms • What is PGP? • How does it work? • Examples • Tutorial Information Security

  22. Terms • Cryptography • Mathematical manipulation of data • Encryption • Process of scrambling information • Decryption • To undo the encryption process • Cipher Text • Mangled information • Public Key cryptography (asymmetric) • Encryption and Decryption are performed with different keys • Secret Key cryptography (symmetric) • Same key is used for Encryption and Decryption Information Security

  23. What is PGP? • PGP – Pretty Good Privacy • Strong encryption software • Authored by Phillip Zimmerman • Scrambles emails and files Information Security

  24. Why should I use it? • Security • Privacy • Options - Free versions available • PGP • some licensing restrictions may apply for newer versions • http://www.pgp.com/ • GNU Privacy Guard – gpg • completely free • http://www.gnupg.org/ • S/MIME • http://www.mozilla.org/projects/security/pki/psm/smime_guide.html Information Security

  25. Privacy? C:\mailscan2.is.depaul.edu Tracing route to mailscan2.is.depaul.edu [140.192.20.71] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 192.168.0.1 2 22 ms 23 ms 23 ms dsl081-226-001.chi1.dsl.speakeasy.net [192.168..2.1] 3 21 ms 23 ms 22 ms border5.ge3-2.speakeasy-28.chg.pnap.net [64.94.35.212] 4 23 ms 24 ms 22 ms core5.ge3-0-bbnet2.chg.pnap.net [64.94.32.78] 5 23 ms 21 ms 24 ms gigabitethernet8-0-519.ipcolo1.Chicago1.Level3.net [209.247.34.165] 6 25 ms 22 ms 22 ms gigabitethernet5-2.core2.Chicago1.Level3.net [209.244.8.21] 7 23 ms 22 ms 22 ms p5-1.chcgil2-cr2.bbnplanet.net [209.0.227.70] 8 23 ms 23 ms 22 ms p0-0.icnet.bbnplanet.net [4.24.203.66] 9 24 ms 24 ms 24 ms rtr-cst-bs-int2-a1-0.netequip.depaul.edu [206.220.243.169] 10 25 ms 24 ms 21 ms mfc-cst-bs-a-v865.netequip.depaul.edu [140.192.9.58] 11 27 ms 24 ms 23 ms mfc-cst-5a-v19.netequip.depaul.edu [140.192.19.122] 12 25 ms 26 ms 27 ms smtp.depaul.edu [140.192.20.71] Trace complete. Information Security

  26. How does it work? Information Security

  27. Example • Plain text • Hello world • Encrypt with public key • Encrypting created Ciphertext -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey /tWpLjVBtb8vsD+djRm/3OBxj+VXRdJJynk3+HHrqpvBDLkMCK+p2JSnqT2w2jK6 biDVKNtKao7Vq5sQYWZ1UAHXuH53Ph9NZIYuk6NKoNljeomSbYs46lx/SHzotB+M w3+ou7xausaUn0/Q24+YclFPdyVDHbyThEWGSCZvMjCZcLqACAC1sLhpDZUwgW1g cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k= =ScLD -----END PGP MESSAGE----- • Decrypt with private key • Plaintext • Hello World Information Security

  28. Email Tips • Be smart about your password • Keep browsers up-to-date • Trust your instincts • Do not open suspicious attachments • Do not respond to spam • Log out of your email account • Email should not be considered private. Confidential information should not be sent by email. • Use encryption when possible Information Security

  29. The End! Thank you Any questions http://security.depaul.edu security@depaul.edu Information Security

More Related