650 likes | 1.01k Views
Security Awareness Month: Security Tips for Protecting Ourselves Online. Friday, October 30th, 2009 Brian Allen ballen@wustl.edu Network Security Analyst, Washington University in St. Louis http ://nso.wustl.edu/presentations/. Let’s Talk About…. Home Wireless Router Security:
E N D
Security Awareness Month:Security Tips for Protecting Ourselves Online Friday, October 30th, 2009Brian Allen ballen@wustl.eduNetwork Security Analyst,Washington University in St. Louishttp://nso.wustl.edu/presentations/
Let’s Talk About… • Home Wireless Router Security: • Facebook/Social Network Security: • Password Security: • AV Products: • Laptop Security: • Parental Control software: • Browsing with Firefox Addons: • Online Banking:
Parents’ Password Cracked On First Try The Onion News Feb 27, 2002 • REDONDO BEACH, CA – Nick Berrigan, 14, successfully hacked into his parents’ AOL account on the first try Tuesday, correctly guessing that “Digby” was their password. “They actually used the dog’s name,” said Berrigan, deactivating the parental controls on his AOL account. • Experts advise parents to secure Internet accounts with any password besides the name of a family pet
Free Password Managers 1. Password Safe: www.schneier.com/passsafe.html • Bruce Schneier’s Project 2. KeePass: keepass.info • LastPass: lastpass.com - Firefox Plugin 4. Mac KeyChain: 5. PassPack: www.passpack.com • An online password manager
Commercial Password Managers 1Password - 1passwd.com Keeps track of all web passwords, automates sign-in, guards from identity theft for $39.95 Roboform - www.roboform.com $29.95 for the Professional version
Some Key Threats to Passwords Brute force or dictionary attacks Keystroke loggers Social engineering/Phishing
Three KeePass Features • Require two factor authentication to access your keepass database
A Few KeePass Features • Require two factor authentication to access your keepass database • Drag and drop username and passwords into forms
A Few KeePass Features • Require two factor authentication to access your keepass database • Drag and drop username and passwords into forms • Autotype username and passwords into forms – a bit advanced
Some Solutions You really need two factor authentication to protect the password database Don't trust any machine other than your own to enter a password that protects anything sensitive Using a machine you don’t trust? Carry a Live CD of your favorite flavor of linux and boot off that
Long Password ExpirationsCan Be Good Prevention of brute force password theft primarily comes from having strong passwords, not from regularly changed passwords Strong passwords are more likely to be remembered if they are not changed often
Extra Long Password Expirations Could Be Bad We assume users will share their passwords: with Students with Staff with Friends with Family, etc. Putting a ceiling on the life of a password will keep these from lasting forever
Antivirus • I look for: • the fastest • update themselves automatically • have an easy to use interface • Symantec Endpoint • AVG = http://free.avg.com • AntiVir = http://www.free-av.com • Avast = http://www.avast.com
From CNET.com Editor Reviews AVG Popularity: * Total downloads 227,792,675 * Downloads last week 1,737,919 AntiVir Popularity: * Total downloads 61,994,231 * Downloads last week 905,902 Avast Popularity: * Total downloads 60,978,532 * Downloads last week 737,028
Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family
Home Wireless Router Tips • Change Default Password • Firewall is on by Default • WPA2, not WPA or WEP • MAC Address Filtering • Leave SSID on • No personal info in SSID like Smith_Family
Key Questions to Consider • How hard is it to disable or remove the software? • Who will have access to the collected data? • A department? • The company? • Individuals? • What type of data is collected? • How many laptops are lost or stolen every year?
LoJack Pros • Very difficult to disable • Asset tracking • The company, only with the user’s permission can log in to: • Take pictures • Erase the hard drive • Will work with police to recover the laptop
LoJack Bios Compatibility Asus Dell Gammatech Getac Gateway General Dynamics HP Fujitsu Lenovo (IBM Thinkpad) Motion Computing Panasonic Toshiba
LoJack Cons • Bios compatibility does not include Macintosh • 40% student machines are Macs • Most Expensive - $49 per laptop • The company can get access into laptops, although it is only to be initiated by the owner after it is reported stolen