640 likes | 784 Views
Security Awareness: Security Tips for Protecting Ourselves Online. Friday, May 20, 2011 Brian Allen, CISSP brianallen@wustl.edu Network Security Analyst Washington University in St. Louis http ://nso.wustl.edu/presentations/. Let’s Talk About…. Facebook /Social Networking
E N D
Security Awareness:Security Tips for Protecting Ourselves Online Friday, May 20, 2011Brian Allen, CISSPbrianallen@wustl.eduNetwork Security AnalystWashington University in St. Louishttp://nso.wustl.edu/presentations/
Let’s Talk About… • Facebook/Social Networking • Password Security • AV Products • Home Wireless Router Security • Laptop Security • Safe Web Browsing • Phishing Examples • Online Banking • Virus Example and Case Study
Parents’ Password Cracked On First Try The Onion News Feb 27, 2002 • REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password. • “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account.
Free Password Managers • KeePass– I use this one • Password Safe • Bruce Schneier’sProject • PassPack • An online password manager Commercial Password Manager: • 1Password -”Works great on iPhone and OS X”
Antivirus • I look for: • the fastest • update themselves automatically • have an easy to use interface • AVG = http://free.avg.com • AntiVir = http://www.free-av.com • Avast = http://www.avast.com
From CNET.com Editor Reviews AVG Popularity: * Total downloads 227,792,675 AviraAntiVirPopularity: * Total downloads 61,994,231 Avast Popularity: * Total downloads 60,978,532
Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family
Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family
Key Questions to Consider • How hard is it to disable or remove the software? • Who will have access to the collected data? • How many laptops are lost or stolen every year?
LoJack Pros • Very difficult to disable • The company, only with the user’s permission, can log in to: • Take pictures • Erase the hard drive • Will work with police to recover the laptop
LoJack Bios Compatibility Asus Dell Gammatech Getac Gateway General Dynamics HP Fujitsu Lenovo (IBM Thinkpad) Motion Computing Panasonic Toshiba
LoJack Cons • Bios compatibility does not include Macintosh • 40% student machines are Macs • Most Expensive - $49 per laptop • The company can get access into laptops, although it is only to be initiated by the owner after it is reported stolen
Laptop/USB Encryption • USB Hardware Encryption – IronKey $$$ • Laptop/USB Encryption – TrueCrypt (Free!)
Four OS Security Tips • Make sure the operating system has: • Update automatically • Firewall turned on • All accounts have strong passwords • Up-to-date Anti-virus tool
Link Security Tips • Don’t click links or open attachments in emails. • If you have any doubt, get confirmation directly from the sender. • Be wary of messages that include attractive offers or urgent requests. • Watch out for links that require you to immediately provide a login and password. • Type the URL directly into Google.
Browser Security Tips • I use Firefox as myregular browser. • Firefox will automatically update itself. • Firefox 3 and 4 have Phishing and Malware Protection on by default. • Use the Add Block Plus Firefox Addon.
Spear Phishing Example <http://michaelkellett com/ez/wustl.html>