Upload
quek-lilian
View
424
Download
5
Tags:
Embed Size (px)
Citation preview
LimKokWing University
Security and Windows 7
SanjayW – MVP (Security)Azra Rizal – MVP (Security)
TopicsWhy anyone should care about information security?Introduction & GoalsThe 10 security misconceptionsNew and emerging threatsProtecting privacy and information with Windows 7 and other Microsoft solutions
Demos
Certifications – Your competitive advantage
Why anyone should care about information security?
Just about every professional discipline uses computersKeeping your data, yoursThe InternetSocial engineering
Knowledge is power
Threat of espionage If you don’t then who will?It is your responsibility, legally speaking!It’s a lifelong benefit
Introduction
You
Your data
YourNetworkExposures
Exploit
You
Your data
YourNetworkExposures
Exploit
Our Goal
Top ten security myths1. I’ve got antivirus, I’m good to go2. I have a strong password on my
laptop, no one can access my data
3. I don’t use Windows, I’m already secure
4. No one can see what I do in a public/private WiFi/network
5. The campus IT guys got me covered
Top ten security myths –Cont’d
6. I never visit “bad” internet sites, I will be safe7. I hide all my stuff in
hidden folders and such, my data is safe
8. I never add anyone Idon’t know on socialnetworking sites, blogs, etc..
9. I install lots of security software, I think I am fine
10. I store all my data externally and I carry that everywhere safely
Why Antivirus alone isn’t enough?
Antivirus rely on patterns, i.e. it’s as good as the pattern you useWorms can potentially disarm protection and access to security websitesThus, most exploits become successful because of one primary thing:
Lack of patching, both application and OS
P@sswords?What constitute a good password?Definitely not a passWORD, should a passPHRASE insteadFACT! - Longer passwords are better than short complex ones
5 characters (all lowercase) takes about a minute to crack @ 500,000 passwords/sec10 characters (all lowercase) would take approximately 10 years @ 500,000 passwords/secOf course, don’t use known (dictionary) words la..
Security problems are everywhere, anywhere..
Which is more secure? Unix/Linux or Windows? Or Mac?Security is as strong as it’s weakest linkSometimes (actually most of the time) it’s the human factor
E.g. lack of patchingE.g. lack of security updates in applicationsE.g. use of weak passwords
Wired/Wireless Network
Which is “better”?Use of public networks (e.g. hotspots)
Do’s Don’ts
Organizational security
Protects a lot but not enoughThe perimeter should be your own machine
Moving out of the orgUsing 3G modems, wireless peer, 3rd party connectivity
Threats come uninvited (too)
Almost 50% of threats finds its own way to youThe rest are probably invited ones Plug an unpatched, unprotected computer out on an unprotected internet connection
Takes approximately 20 minutes to get it ridiculed with worms and viruses
Obscurity
Security through obscurity is not securityIt’s merely hidingE.g. hiding a folder in your computerUsing “hide tools”
Hiding is fine, just as long you know, it’s not securing
Online Friends
The issue is not whether who you add or allow to see your private data
Social networking, blogs, picture sites etc..
It’s human to trust friends, disallowing people you don’t knowThin line between friends and foes
Beefing up security
The fact is, the more you have isn’t always the best when the sum of it mattersThat doesn’t also mean, the less is betterThe important thing to remember, the easier the better
That you understand, you best useThat you don’t you may misuse
Mobile storage
Easiest way to access your dataDoes not carry any security by defaultPassword protection on those drives can be easily defeated
New and emerging threats
Social networkingMobile devicesWeb 2.0
Social NetworkingFacebook/Tweeter – The open book of one’s life
Be careful what you post and update in thereThere’s always search engines to profile you
Read the prints
Always check what an application, website etc is asking you for..
Read the prints
Google’s ad sensing technology
Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.
Mobile devices
PDA/SmartphonesiPods etc…Any device that has data, and its mobile and it can connect to the internet
Web 2.0
Blogs, youtube, photos, online spaces, virtual worlds
Try searching yourself from here
www.123people.com
Other stuff that make it to the headlines
How much information you can deduce from this..?
A facebook status message I saw 2 days ago..“We are packed and ready for Singapore. Peace and quiet!Then, some friends replied, including this..
“Don’t worry bro, Goggles is in good hands..”
How much information you can deduce from this..?1) The person is not contactable2) The person will most likely be away on a holiday/not
working3) He’s not travelling alone4) They have not left *yet*, safe bet, 1 day top5) Most likely Fluff is dog/cat/fish, and his house will be
empty!!!!! 6) His pet’s name is Googles 7) His friend (probably a neighbor) will either frequent the
house to feed the animal..