190 likes | 406 Views
Password Security. If someone has your password, either from you giving it out or them figuring out, they could:. Send abusive or threatening email from your account Use your network storage to store illegal files that you may then be responsible for Send SPAM to the Internet from your account
E N D
If someone has your password, either from you giving it out or them figuring out, they could: • Send abusive or threatening email from your account • Use your network storage to store illegal files that you may then be responsible for • Send SPAM to the Internet from your account • Gain access to confidential information stored on your network account • All of the above (and MORE!)
The point of this particular lesson is that your password is the key to access to all that you have access to. If you want to maintain the integrity and confidentiality of information that you account has access to and prevent the other situations as indicated above, you must protect your password at all times. This also means periodic changes as the longer you have a particular password the odds are increased that someone can obtain it. This is also emphasized in the UM system Human Resources Policy Manual HR-518 Computer Utilization.
Long, complex passwords are used at the UM System to: • Annoy the users • Ensure that passwords cannot be easily guessed • Ensure that the Information Security personnel have something to do • Slow down your access to the system to avoid peak server loading
The reason that the UM System requires longer, complex passwords is multifold. Complex passwords are very hard to guess and they cannot be easily cracked through brute force attempts. Longer passwords using multiple character sets like upper and lower case, numbers and symbols take even longer to crack through brute force attempts. Thus long, complex passwords have become an industry best practice to protect against unauthorized account use .
Keeping your system up to date on patches helps • Protect your system from being exploited through vulnerabilities • Keeps the licenses up to date • Ensures you have the latest drivers • Keeps the digital rights updated
Systems must be kept up to date on system and software patches to avoid being exploited. There are vulnerabilities that are discovered weekly which could lead to someone externally exploiting the vulnerability and taking over your system. By using auto update on your operating system, you can help reduce the chances of this occurring. There are also vulnerabilities that are found frequently in software applications like word processors and web browsers and thus applications need to be kept up to date as well. Many of the vulnerabilities found in applications are not remotely exploitable, although by visiting the wrong website or opening an email attachment, your system can be exploited through these vulnerabilities.
What should you do when you leave a computer system, even if just for a few minutes: • Turn off the computer • Log off the computer • Screen lock the computer • Any of the above
Unauthorized access to your system or account can occur rather quickly if you leave the system logged in and the screen unlocked. Once someone has access, they are many nefarious things the person could do. All of which will look like it came from you. The simple rule is to never leave your account logged in and unsecured can go a long way to protect your account, data, email, etc.
What is the goal of Phishing? • To verify if your email is working • To trick users into disclosing personal information like SSN, credit card, accounts/password or other confidential information • To advertise a company’s products • To find out if you are going to be out of your home on vacation at any point
Phishing is a social engineering attack where the miscreants attempt to lure a person to a site which looks as authentic as possible in the attempt to get the person to give up some sort of information they would not normally reveal. By making a web site match a campus password changer, or a bank’s account portal, people are tricked into thinking they are actually at the official location for the proper entry, when in fact they are not. Any data entered can then be captured by the phishers and then used against you. Identifying these attempts can be difficult, but remember that legitimate sites like banks and the campuses in the UM System already have your userid/account information and there is no need to ask for it. So, if an email appears touting some security issue has occurred and then they ask for your SSN, bank information or other personal information for verification, it is likely a scam. Remember that social engineering relies on trust. Please be careful in who you trust, especially if someone calls you on the phone asking for information.
What is the best way to report a problem, abusive or phishing email? • Delete the offending email message and send a description to abuse@mst.edu • Forward the abusive message to all your friends and family so they are aware of the issue. • Forward the abusive message to abuse@mst.edu and wait for further instructions without deleting or moving the message from your inbox. • Reply to the abusive message and tell the sender to leave you alone.
Forwarding the entire message to abuse@mst.edu will ensure that the proper staff members can analyze the email and take appropriate action. If you modify or just send description of the email, we cannot determine where the mail came from nor take the appropriate action in all cases. It is very important to forward, not reply, the email to make sure we get all the information contained in the email.
When is personal electronic information on the University network or equipment subject to inspection? • It is necessary to maintain or improve the functioning of University computing resources. • There is a suspicion of misconduct under University policies, or suspicion of violation of Federal or State laws. • It is necessary to comply with or verify compliance with Federal or State law. • All of the above
Under the Collected Rules and Regulations 110.005 Acceptable Use Policy, all of the three conditions above are clearly spelled out. This policy applies to users including faculty, staff, students and guest users connecting to the campus network resources.