1 / 38

Computer Security Awareness and Training (CSAT) Seminar

Computer Security Awareness and Training (CSAT) Seminar. TTU QEP Service Learning Project By Blue Team Students – Computer Science Department CSC 4575/5575 Information Assurance and Security Spring 2011. Cost of Security Incidents in USA.

jayme
Download Presentation

Computer Security Awareness and Training (CSAT) Seminar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Awareness and Training (CSAT) Seminar TTU QEP Service Learning Project By Blue Team Students – Computer Science Department CSC 4575/5575 Information Assurance and Security Spring 2011

  2. Cost of Security Incidents in USA In 2009, dollar loss reported for Internet crime reached all time high ~$560 million Internet Crime (IC3) Annual Report – March 2010 60 percent of financial losses were due to non-malicious actions by insiders Computer Crime and Security Survey, 2009

  3. Perpetrator Map 65.4% perpetrators in United States Internet Crime (IC3) Annual Report – March 2010

  4. What’s up for sale in the Cyber Black Market? http://www.symantec.com/content/en/us/enterprise/white_papers/b-symc_intelligence_qtrly_july_to_sept_WP_21157366.en-us.pdf

  5. Who is hit hardest? http://www.symantec.com/content/en/us/enterprise/white_papers/b-symc_intelligence_qtrly_july_to_sept_WP_21157366.en-us.pdf

  6. Goal of the CSAT Seminar • To inform on issues most closely related to the handling of sensitive/non-sensitive data with emphasis on TTU policies and general proper practices • Sensitive Data: Social Security numbers, Credit Cards, Birthdates, Medical information, Passwords, etc.

  7. Topics To Cover • Spyware • Anti-Virus • Email Spam • Top 10 Scams • Phishing • Social Engineering • Passwords • HTTPS • Wireless Fidelity (Wi-Fi)

  8. Spyware • Type of malware that collects user data from their computer without them knowing • Common Spyware: • Fake Anti-Virus • Keyloggers

  9. Spyware • Scareware/Ransomware: Fake Anti-Virus • Uses convincing names: “Antivirus 2010”, “PC Antispy”, “Spyware Protect”, “Win Defender” • Constant pop-ups saying you are not protected • Will disable common programs • Keyloggers • Records keystrokes and reports them to a program or person • Can be obtained through many bad practices

  10. Features of Spyware • Spyware has many common features • Requires system resources • Changes computer settings to lock commonly used features • Attempts to disable Anti-Virus • Redirects web browser

  11. Anti-Virus • What is Anti-Virus Software? • “Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms” – Microsoft • Who provides it? • Symantec – The software used by TTU Campus • McAfee • AVG • Microsoft

  12. Anti-Virus • How do you know if it’s working? • Check your task-bar at the bottom-right of your desktop • Windows Security Center • Be sure to note: • Make sure you have the option to real-time scan • Keep the software up to date • TTU Policy1: Updates are automatic, but users are responsible for notifying ITS if there are complications with the update 1 http://www.tntech.edu/itspolicies/viruspolicy/

  13. Free Anti-Virus • Some things to consider about free Anti-Virus: • Be sure to download from reputable distributers such as AVG, AntiVir, AVAST • Don’t download these from a 3rd party site • Easy questions to ask before downloading • Do I want to pay or get free protection? • What am I protecting? • Is the software going to slow my system down? • Some distributer’s sites provide statistics

  14. Email Spam • Junk email or unsolicited bulk e-mail • Examples we all know • Free gifts • Weight loss • Debt help • “36 Million Americans report purchasing drugs from unlicensed online sellers” – Sophos Security Threat Report 2011

  15. Stay protected! • Tips to avoiding scams: • Protect your personal information • Know who you’re dealing with • Take your time – Stop.Think.Connect • Always read the fine print • Never pay for “free gift” • IF IT SEEMS TOO GOOD TO BE TRUE, IT PROBABLY IS!

  16. Top 10 Email Scams • “Nigerian” Email Scam - Message claiming to need a large amount of money to be transferred out of their country. Usually offering you a percentage. • Email or popup claiming to be a business you may deal with • Work-At-Home Scams - Get rich quick by stuffing envelopes, assembling products, data entry, etc. • Weight Loss Claims • Foreign Lotteries • Cure-All Products • Check Overpayment - Receive a check overpaying what was owed and asked to wire back what was overpaid. The check then bounces. • Pay-in-Advance Credit Offers • Debt Relief • Investment Scams http://www.onguardonline.gov/topics/email-scams.aspx

  17. Dealing With Email Spam • Reporting the spam! • Forward the spam to Microsupport@tntech.edu • If the email appears to be impersonating a bank or company forward the message to the actual organization

  18. Phishing • Attempting to acquire sensitive information such as passwords, credit cards, social security numbers through legitimate sounding offers and warnings • Phishing reports have risen over 100% in last two years - Sophos Security Threat Report 2011

  19. Phishing –January 2011 Source: http://techblog.avira.com/2011/02/22/phishing-spam-and-malware-statistics-for-january-2011/en/

  20. Dealing With Phishing • Tips to avoid Phishing scams: • Don’t email personal or financial information • Be cautious with opening or downloading attachments received in email, especially on university computers • Report the emails to Microsupport@tntech.edu • Use proper Anti-Virus • Check links inside emails before clicking them • Never enter personal information into a pop-up

  21. Checking links on web pages

  22. Social Engineering • “You could spend a fortune purchasing technology and services… and your network infrastructure could still remain vulnerable to old-fashioned manipulation” - Kevin Mitnick

  23. Social Engineering • Dumpster Diving • Pretexting • Gimmies • Quid pro Quo • Carelessly disposing of sensitive information • Using pre-mediated scenario to persuade a target • Exploiting curiosity/carlessness to deliver malware • Trading for information

  24. Social Engineering • Shoulder Surfing • Smoking Area • Phishing • Someone you would not suspect looking over your shoulder • Socializing at a company’s designated break area

  25. Poll: • My password is ab1234 or abcdef or abc123. (True/False) • I have not yet changed the default password given to me. (True/False) • I use the same password for multiple sites. (True/False) • I never change my password. (True/False) • I have written down the password “somewhere”. (True/False) • I have given my password to “X”. (True/False)

  26. Passwords • Things to consider: • Usernames and passwords are designed for personal use • Try not to use the same password for multiple logins • Do not write down passwords in easy to find locations • Have a strong password

  27. Passwords • Making a strong password • Include letters, numbers, special characters, capitalization • Should be 8 to 12 characters long • Try not to include words • Do not reuse passwords

  28. Passwords www.lockdown.co.uk

  29. ITS Password Policy http://www.tntech.edu/itspolicies/password-policy/

  30. HTTPS • Hypertext Transfer Protocol Secure • A protocol that creates a secure connection between your computer and the web site you are connecting to

  31. HTTPS • ITS Policy1 • Encryption is recommended when sending non-public or internal data. • Encryption is required if any data is confidential or restricted • How do I know it’s in use? • Internet Explorer • Firefox • Chrome 1 http://www.tntech.edu/itspolicies/datasecuritypolicy/

  32. Wireless Fidelity • Note1: “Confidential University business should not be conducted via the wireless network due to data security issues.” • Firesheep • Packet sniffer • Simplified stealing information 1 www.tntech.edu/its/wirelessaccess

  33. Wireless Fidelity • Way to protect yourself on an open network • Use HTTPS • Ways to protect your network at home • Use WPA2 with a pre-shared key to secure your router

  34. Additional Resources • Can be found at • http://users.csc.tntech.edu/~jlnorris21/csat

  35. Credits • Alan Oberg • Shaun Tipton • Bret Human • Michael Altom • Jay Patel • Nicolas Castellani • Jeffrey Norris • Hassan Alslame • KenisonVrabcak • Patrick Birdwell • Ryan Flood Team Leader / Content Delivery Content Delivery / Post Assessment Content Delivery / Content Management Team Leader / Needs Assessment Post Assessment / Event Coordination Needs Assessment / Website Website / Content Development Content Development / Content Management Event Coordination / Content Management Content Management / Website Advertisement

  36. Acknowledgement • QEP Committee • Computer Science Department • Valerie Nash

  37. Thank you for your time • Please remember to take our Post Survey at: • http://users.csc.tntech.edu/~jlnorris21/csat • Certificate - needs to be done by April 29th!

More Related