Upload
jocelyn-jacobs
View
213
Download
0
Embed Size (px)
Citation preview
Danger! Internet Ahead!Danger! Internet Ahead!Copyright Daniel Elswit, 2007. This work is Copyright Daniel Elswit, 2007. This work is the intellectual property of the author. the intellectual property of the author. Permission is granted for this material to be Permission is granted for this material to be shared for non-commercial, educational shared for non-commercial, educational purposes, provided that this copyright purposes, provided that this copyright statement appears on the reproduced statement appears on the reproduced materials and notice is given that the copying materials and notice is given that the copying is by permission of the author. To disseminate is by permission of the author. To disseminate otherwise or to republish requires written otherwise or to republish requires written permission from the author.permission from the author.
Daniel ElswitDaniel Elswit
College of Agriculture & Life College of Agriculture & Life SciencesSciences
IT Security OfficerIT Security Officer
Online security and privacy without a Online security and privacy without a lot of jargonlot of jargon
Danger!Danger!Internet Ahead!Internet Ahead!
Cornell’s College of Agriculture & Life Sciences
About 30 departmentsAbout 4,000 workstationsPredominantly Windows XPLoosely centralized IT structure and
services
Accessible to non-technical audiences Help the audience think for themselves Local and late-breaking anecdotes 40 minute time limit not counting
questions Usable as both a standalone presentation
and an “insert” into other venues Live contact with end-users
Technical staff Review unfamiliar technical concepts Double-check facts
Non-technical staff What was most relevant to them? What did they already know? What do they want to know more about
Faculty
Form a pilot group of trusted facultyAsk for critique of delivery as well as
contentWith faculty input “Danger…”
became More focused More interesting Shorter (40 minutes instead of 75) Handout was added
Start off with one of the following: Tell a story Do a demonstration Do something to make them realize that this relates to them
Security: Why Should We Care?
State and federal laws Cornell policy Cornell’s image
Prospective students Alumni Research and academic communities
Clean-up costs in time and dollars
What do the bad guys do?
Viruses, worms, and hacking are often associated with, among other things:
Backdoors – secret access to a computerBotnets – large groups of hacked computers
attacking targets en-masseKeyloggers – all keystrokes are captured
Do not install unnecessary software Consult IT prior to installing software Examples of common software with known
security concerns: Instant Messaging applications Weatherbug Web Shots Gator Google Desktop Voice-Over-IP applications
Avoiding Email Traps Red flags:
Requesting personal information Urgent tone (“Respond within 24 hours or…) Anonymous salutation (“Dear Valued Customer”) Asking you to install something by clicking on a link
Do not use “preview panes” Verify if unsure
Many companies have verification sites Contact IT if unsure
Passwords
An 8-letter password, all lowercase, can be cracked in less than 2 seconds
Cornell’s password policy:8 characters long minimum Must include letters, numbers, symbolsNetid passwords cannot be shared
The Internet and Email are Not Private Places
Networks are routinely monitored by good guys and eavesdropped on by bad guys
Most off-campus email (GMail, Yahoo, etc.), instant messaging, web, and ftp traffic can be easily intercepted and read online
If properly configured, messages sent via campus email are private (but not web mail)
The Internet from Cornell to Stanford
`
You
Em
ail
serv
er
at
Co
rne
ll
Co
rne
ll b
ord
er
Ne
w Y
ork
City
Ch
ica
go
De
nve
r
Ind
ian
ap
olis
Ka
nsa
s C
ity
Sa
n F
ran
cisc
o
Sta
nfo
rd b
ord
er `
Your colleagueat Stanford
Em
ail
serv
er
at
Sta
nfo
rd
Many potential eavesdropping locations
Be Wary of Wireless
“Party line” – everyone hears everything
Far more susceptible to eavesdropping than wired networks
Public wireless (airports, hotels, Starbucks, etc.) should never be considered private or secure
Limit File Sharing File sharing can open your computer to
hackers
File sharing, especially of sensitive data, should be confined to dedicated servers
Custodians of sensitive data should inform IT of where such data resides