1 / 18

Annual Safety & Security Briefing - 9/22/04

Annual Safety & Security Briefing - 9/22/04. Teresa Downey – SLAC Computer Security Group & SCS Applications Group. security@slac.stanford.edu (650) 926- HELP (SCS Helpdesk) Leave “critical” message if after work hours, assuming the issue _is_ critical. Computer Security Staff:

billy
Download Presentation

Annual Safety & Security Briefing - 9/22/04

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group

  2. security@slac.stanford.edu (650) 926-HELP (SCS Helpdesk) Leave “critical” message if after work hours, assuming the issue _is_ critical Computer Security Staff: Robert Cowles Security Group Manager x4965 Gary Buhrmaster x2294 John Halperin x2257 Teresa Downey x2903 Computer Security Contact Info

  3. Topics for Today • E-mail Phishing • SLAC E-mail Virus Protection • Computer Patching

  4. E-Mail Phishing • Spoofed e-mails – forged From: address • Usually paired with fraudulent websites • Trying to get personal financial info or accounts/passwords, etc. “identity theft” • Several SLAC personnel have reported these • They are usually tagged as [SPAM:### • Don’t reply to them or click in them

  5. Recent Phishing E-mail URL is a fake Hover mouse over URL to see the real destination

  6. Recent Phishing E-mail Here is the real destination http://12.3.92.86:87/cit/index.htm

  7. Don’t Take the Bait You are giving away your personal information

  8. Forged FDIC E-mail Official-looking, threatening e-mail This slide shows you forged URL and the real one

  9. Fake FDIC Website Most people would not realize this is not the real FDIC.gov website They exploited a flaw in the browser accomplish this redirection

  10. Real FDIC Website THIS is the real FDIC.gov website!

  11. E-mail With Virus Attached A way to get people to download virus and infect their own machine Patches are not sent via email!

  12. SLAC Gateway Exchange Server SLAC E-mail Virus Protection Scan for Virus & Remove Executables Scan for Virus & Remove Executables

  13. E-mail Bypassing SLAC Servers You need to scan all your emails and attachments!

  14. Computer Patching • Automated Patching Strongly Encouraged • Windows Systems in Active Directory • Linux & Solaris Systems running Taylor • Home User Patching Tools • Linux: run an auto-patching tool (e.g. up2date for RedHat) – unsure? Ask unix-admin@slac • Mac OS X: use Software Update tool • Windows: see next 2 slides

  15. Windows Update Website Choose Express or Custom Install Let it scan Take all Critical Updates

  16. Office Update Website Press Check for Updates Let it scan and take all Critical Updates

  17. What is the Most Important Component of SLAC Computer Security?

  18. YOU! • Don’t fall for phishing scams • Don’t reply to or click in unwanted e-mails • Remember vendors do not e-mail patches • Use SLAC e-mail servers or scan the e-mails and attachments yourself • Keep your systems patched • The web is a dangerous place too. Think before you click.

More Related