Dark Alleys Part1

Dark Alleys of the InternetPart 1

Dark Alleys of the InternetPart 1

ACE/NETC 2007June 19, 2007

Albuquerque, NM

SecuritySecurity

» Security is the condition of being protected against danger or loss (http://en.wikipedia.org/wiki/Security)

» Tradeoff between risk to assets & mitigation of risk to those assets

“But I Have Nothing”“But I Have Nothing”» How Wrong!

• Pass your wallets down the row• Pass your cell phones down the

row• Pass your list of phone numbers

down the row

» Recognize that you have something of value on the computer or network

Assets?Assets?

AssetsAssets

» University Financial System» Personally Identifiable

Information (PII)» Clients’ PII» Your account» Credit Cards» Phone Companies

PasswordsPasswords» A common security solution is

password» No reason to share password

because you can:• Share files/folders• Remote Desktop• E-mail Proxy• Online Resources like Google Docs

Managing PasswordsManaging Passwords» Trade-offs

• Different passwords for different systems• Require passwords to change

» Password Managers• Password Safe

http://passwordsafe.sourceforge.net• Others

http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html

» Choosing a good passphrase• “1wbiDCH” (I was born in Dale County Hospital)http://www.aces.edu/extconnections/2006/10/

Safely Using EmailSafely Using EmailAvoid hoaxes and phishing

attempts

HoaxesHoaxes» Trickery» Please forward» Usually harmless» Waste time and resources

Phishing Clues Phishing Clues » Return address appears to be legitimate» Warns of consequences unless urgent action is taken» No personal info or account name/number in message» Name of link doesn’t match destination

• Name of link: https://www.firstnational.com• Destination of link:

http://www.sargonas.con/firstnational/login.htm» Link is not secure (HTTPS)

http://www.aces.edu/extconnections/2006/12http://www.wikipedia.org/wiki/Phishinghttp://jdorner.blogspot.com/2007/03/every-now-and-then-i-come-across.html

Don’t Become A VictimDon’t Become A Victim

» “Google” a sentence from the message to see if it’s a hoax or phishing attempt

» Never click on web links and be mindful of HTTPS

» Only open attachments which are in expected messages (just because you know the sender doesn’t mean the message is legitimate)

Protecting You and Your Operating System

Protecting You and Your Operating System

Ways to Secure MS WindowsWays to Secure MS Windows

» Install virus protection software» Turn on the Windows firewall» Turn on Windows updates» Use spyware/adware prevention

software» Use Windows Security Center» Use limited accounts» Use password for every account

Virus Protection SoftwareVirus Protection Software» Install & routinely update virus protection

software• McAfee

• Virus Protection Only!• Purchase from any Office Supply Store

• AVG• Free for non-commercial use• Download at www.downloads.com

• Symantec (Norton)• Resource intensive

Windows FirewallWindows Firewall» Choose

“On”» Only unblock

programs that you trust

Windows UpdatesWindows Updates

» Select “Automatic (recommended)”

» Select “Everyday”» Choose an

appropriate time» Leave computer

on! (check sleep/ hibernate)

Spyware/MalwarePrevention Software

Spyware/MalwarePrevention Software

» Preventative—combine w/ Reactive• Windows Defender

http://www.microsoft.com/athome/security/spyware/software/default.mspx

• AVG Anti-Spywarewww.downloads.com

» Reactive (run once a week)• Spybot

www.downloads.com• Adaware

www.downloads.com

Security CenterSecurity Center

» Ensures:• Firewall is on• Automatic

updates are installed

• Virus protection installed & up-to-date

Security CenterSecurity Center

You don’t want the RED or Yellow shield

Click on the shield to fix the problem

Limited AccountsLimited Accounts» Prohibited from installing software

• Prevents installation of malware/viruses• User has access to currently installed

software» Prohibited from accessing Administrator’s

documents & settings• Prevents changes to administrator

password• Prevents access to Administrator’s

Documents, Desktop, etc.» Create/modify system accounts under

“Control Panel/User Accounts”

Limited AccountsLimited Accounts

» Easily switch between accounts

» Leave programs running while others login (windows-L)

Home NetworkingHome NetworkingEveryone Needs a Router!

Home Networking RoutersHome Networking Routers» One internet connection,

multiple computers» Firewall protection» Access restrictions

One Internet ConnectionOne Internet Connection

Firewall ProtectionFirewall Protection» One-way valve that lets you out, but doesn’t

let intruders in• Prevents unauthorized access to your

computer(s)• Hides your computer(s) from the internet while

still allowing access to the internet

» Justification: Attacks on AU (week of 5/28-6/02)

• 90,540 blocked• 25,147 suspicious• 3,893 possibly successful

Access RestrictionsAccess Restrictions

» Control when a computer can access the internet

• Deny/Allow by website or keyword

» Multiple configurations

• Everyday or only on school days etc.

• All the time, or only between 4p.m. & 10p.m, etc.

Secure WirelessSecure Wireless» Disable wireless, if you’re not using it» Most routers can be configured w/a CD» What can be done manually?

• Change the SSID (wireless network name)• Disable SSID Broadcast (make it invisible)• Require a password to join the wireless

network• Restrict by MAC address

Questions?Questions?

Thank You!Greg Parmer, Jonas Bowersock,

Scott Snyder, Anne Adrian