Security AwarenessSecurity Awarenesshttp://security.nsu.edu
Protect Your PC
Security Awareness:Security Awareness:Protect your PC: UpdateProtect your PC: Update
Update your OSOperating Systems are not perfect. As they get older, vulnerabilities and errors are found and exploited.Updates are intended to fix these.Windows has a built in feature called Automatic Updates. Enabling it will ensure your system stays up to date.http://windowsupdate.microsoft.com
Update all other SoftwareMicrosoft Office can be updated online.Most other third party applications contain a way to update them. Many are automated.
Security Awareness:Security Awareness:Protect your PC: UpdateProtect your PC: Update
Security Awareness:Security Awareness:Protect your PC: PasswordsProtect your PC: Passwords
Passwords are a primary way of accessing your or your institutions data. They need to be strong. Make sure all accounts have one.Do not use personal information. Names, addresses, nicknames, hobbies, etc are easy to guess.Do not use the same password for everythingWhen asked to change, do not use the same password with a minor change.
Security Awareness:Security Awareness:Protect your PC: PasswordsProtect your PC: Passwords
Strong passwords are comprised ofMinimum of 8 charactersCombination of at least three of the following
Lower case letters: a b cUpper case letters: A B CNumbers: 1 2 3Symbols: ! @ #
Security Awareness:Security Awareness:Protect your PC: PasswordsProtect your PC: Passwords
Passphrases can usedTake a phrase and use the first letter of each word.Punctuation marks can be usedCapitalize some of the lettersSwitch symbols for letters
Security Awareness:Security Awareness:Protect your PC: PasswordsProtect your PC: Passwords
Passphrase example:Mary had a little lamb, its fleece was white as snow.M h a l l , i f w w a s .Mhall,ifwwas.Mh411,!fWW45>
Security Awareness:Security Awareness:Protect your PC: LoginProtect your PC: Login
Disable Automatic LoginFor newer versions of Windows, setting a password will prevent the system from booting into an account
Disable the Welcome ScreenThis is will cause Windows to use the classic login screen instead of advertising accounts that are available.
Security Awareness:Security Awareness:Protect your PC: LoginProtect your PC: Login
Security Awareness:Security Awareness:Protect your PC: AccountsProtect your PC: Accounts
Windows has two administrator accounts for users when installed.
Set strong passwords for bothOnly use admin accounts for admin tasks like installing software or making operating system changes
Create user accounts for all usersThis adds privacy and security to individual’s dataPrevents unauthorized users from installing software or changing the operating system
When online, some sites will attempt to install software, some of it is malicious in nature
Disable the Guest accountThis is the default state for newer operating system, so verify
Security Awareness:Security Awareness:Protect your PC: AccountsProtect your PC: Accounts
Security Awareness:Security Awareness:Protect your PC: FirewallProtect your PC: Firewall
Windows has a built in Firewall.Firewalls prevent unauthorized traffic from entering the computer
Example: PCs can be remotely controlled. A firewall can prevent remote users from doing this
Verify the Windows Firewall is enabledEnabled by default in service pack 2 and above
There are third party firewalls availableZoneAlarm
Free for personal usehttp://www.zonelabs.com
Hardware based firewalls can be incorporated into routersUsed predominantly with home networks
Only use one at a time
Security Awareness:Security Awareness:Protect your PC: FirewallProtect your PC: Firewall
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
Virus is a term that is used to refer to malicious software. In reality, it is one of many types of software that has malicious intent (malware).
VirusesWormsTrojan HorsesKey-loggersetc…
CanDestroy dataCause hardware failuresend sensitive information to othersetc…
Malware is spread throughEmailWeb Browsing
Intentionally included in what looks like legitimate software. The user is usually prompted for installation.
Example: Gator is part of some screensaver installs
Intentionally included in web siteWeb site is hacked and when visited, malware is downloaded
External data devicesCDsExternal Hard DrivesFloppyFlash (USB) drives
Remote attacks
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
Protect your PC by installing an Anti-Virus programUpdate it daily, automatically if possible.Scan your PC on a regular basis. If possible, setup automatic scanning.Although it is possible, it is not recommended to use multiple AV programs on the same PC at the same time.Some Manufacturers will include AV software in a suite that provides other protection
Example: Norton’s Internet Security includes:FirewallSpam filterParental Controls
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
AvailableFree
AVGFree for personal usehttp://free.grisoft.com
AvastFree for Personal usehttp://www.avast.com
Nominal FeeMcAfee
Can be purchased as part of a security suite Http://www.mcafee.com
NortonCan be purchased as part of a security suitehttp://www.symantec.com
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
Spyware is another type of Malware. The main purpose behind Spyware is to monitor your activities and transmit them to a third party, usually, without your consent.
Example: Popup Ads
Spyware is generally installed via malicious or hacked web sites, but, it is possible to get spyware the same way as a virus.
Example: Cool Web Search Toolbar
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
Install an Anti-Spyware Program.In most cases, more than one can be used.Keep it up to date. Automatic updating is available in some.Scan your PC on a regular basis. If possible, setup automatic scanning.Micorsoft provides an Anti-Spyware program called Windows Defender. It is currently in Beta, which means it is still being tested, but available to general public without warranty.
Updated via Automatic Updateshttp://www.microsoft.com/athome/security/spyware/software/default.mspx
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
There are many free third party Anti-Spyware programs available. (Be careful though, some spyware programs are actually spyware.)
Spybot Search and DestroyFreehttp://www.safer-networking.org/
Lavasoft’s Ad-AwareFree for Personal Usehttp://www.lavasoft.com
SpywareBlasterFreePrevents Spyware from being installed.http://www.javacoolsoftware.com/spywareblaster.html
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware
Security Awareness:Security Awareness:Protect your PC: Lock-it or LogoutProtect your PC: Lock-it or Logout
Lock your PC when you leave it unattended.Many times, users will be working on sensitive information and leave for a break, meeting or other need, leaving this and other potentially sensitive data accessible from their desk.Lock the screen by:
Press and release, at the same time, the CTRL+ALT+DEL keys (not the “+” key) to bring up the Window Security window and click “Lock Computer”Set up a screensaver, set it for a short period of time (5 minutes) and set it to prompt for a password on resume.Press and release, at the same time, the Windows+L keys.
If you don’t want to lock-it, then logout or shutdown.
If the PC is off, people can’t attack it or access its data.
Security Awareness:Security Awareness:Protect your PC: Lock-it or LogoutProtect your PC: Lock-it or Logout
Security Awareness:Security Awareness:Protect your PC: Lock-it or LogoutProtect your PC: Lock-it or Logout
Security Awareness:Security Awareness:Protect your PC: Lock-it/LogoutProtect your PC: Lock-it/Logout
Security Awareness:Security Awareness:Protect your PC: WirelessProtect your PC: Wireless
Wireless homeUse encryption:
Changes the format of the data between the access point and your PCWEP: Wired Equivalent Privacy (insecure)WPA: Wi-Fi Protected Access
Uses a passphrase/pre-shared keyWPA2
Use preferred networksThose that you setup or know who owns them (NSUWIFI)
Use access points, not PC to PC communication (ad hoc)Public access points allow anyone to connect, which means anyone can see what you are sendingDisable your wireless network adapter when not in useUsing another persons access point without their consent is illegal
Security Awareness:Security Awareness:Protect your PC: WirelessProtect your PC: Wireless
NSUWIFI provides wireless access for faculty, staff and students
Information available at http://www.nsu.edu/wifi/WPA2 is used for encryptionTKIP (Temporal Key Integrity Protocol)
Changes keys dynamically to prevent attackers from finding the (single) key used for encrypting data
NSU userid and password required to gain access to the wireless networkNSU monitors for unauthorized access pointsFuture plans for guest access
Security Awareness:Security Awareness:Protect your PC: WirelessProtect your PC: Wireless
BluetoothDesigned for short wireless communications over short distancesBluesnarfing:
Acquiring phonebooks, pictures, calendarParis Hilton’s phone was cracked
Bluetracking:Tracking your movement based on the unique address of the device
Bluebugging:Send commands to a bluetooth deviceMake it call you which means an attacker could be listening
Bluetooth sniper rifleHow To: Building a BlueSniper Rifle - Part 1
http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1
Security Awareness:Security Awareness:Protect your PC: Parental ControlsProtect your PC: Parental Controls
Parental Controls allow parents to control what their children do online.
Block web sites, chat, pop-upsAllows you to monitor activity
Web sites visitedKeyloggers
A few that get decent ratings and are a nominal fee:
CyberPatrol (Appears to be the highest rated overall)http://www.cyberpatrol.com/
CYBERsitterhttp://www.cybersitter.com/
NetNannyhttp://www.netnanny.com
Security Awareness:Security Awareness:Protect your PC: Add-onsProtect your PC: Add-ons
Many Web sites or files require additional software to be installed in order to view.
These viewers are usually free and easily accessible.Adobe Acrobat Reader is needed to view PDF documents.Windows Media Player or QuickTime may be required to watch certain videos or listen to music
Other sites may have programs that will improve your computing experience
Firefox is another popular web browserGoogle Toolbar will prevent pop-ups in Internet Explorer while providing a quick way to search the internet.
To get these, go directly to the manufacturer’s site.Acrobat Reader is available from AdobeThe latest version of Windows Media Player is available through MicrosoftQuickTime is available through Apple
If not sure, research the program. If still not sure, don’t install.
Security Awareness:Security Awareness:Protect your PC: BrowsingProtect your PC: Browsing
Be careful when browsingMisspelling or mistyping a word, even one character off, can take you to a web site that may be objectionable or malicious in nature.
Use an alternate browser.Helps avoid site redirects or phishing.Prevents certain sites from taking advantage of flaws in Internet ExplorerFirefox has additional add-ons that can be used for additional security
FreeSecond most used web browser (behind Internet Explorer) and gaining more ground each day.http://www.getfirefox.com
Watch for redirection. Redirection is when you click a link on a site and end up at another web site. Phishing scams can take advantage of this.Watch the contents of the location or address bar. This is where you will detect the redirection.When going to a site that may need personal information, go directly to the web site.Disable pop-ups.
Security Awareness:Security Awareness:Protect your PC: BrowsingProtect your PC: Browsing
Security Awareness:Security Awareness:Protect your PC: EmailProtect your PC: Email
Be wary of email from addresses you do not know.Typically SPAM or phishing attempts
Use caution with attachments.Programs should not be sent through email.
Avoid sending personal information through email.Email is in clear text.Do not send social security numbers or credit card info.Do not send usernames or passwords.
Do not click links for banking institutions.Financial Institutions do not ask for personal information through email. It is only used to distribute information.Contact your financial institution in person or telephone.
There are alternative email clients available, but they may require additional computing skills.
Security Awareness:Security Awareness:Protect your PC: BackupProtect your PC: Backup
Backup your data regularlyWindows has a built in backup utility.Backup programs with automation are available.
Simple methods include:Burning specific files to CD.Copying them to flash (USB) drives or memory cards.Copy the data to another computerFee based subscriptions are available online.
Floppy Disks are too small for most data.
Security Awareness:Security Awareness:Protect your PC: NSU PoliciesProtect your PC: NSU Policies
NSU policies are available from:http://www.nsu.edu/policies
Policy 60.201: Acceptable Use of Technology ResourcesPolicy 62.002: Computer Systems Passwords
http://www.nsu.edu/formsResource Authorization Request / OIT Request Form & Information Security Access Agreement
http://www.nsu.edu/oit/policiesPolicy 61.002: Electronic Data Privacy and Ownership
Security Awareness:Security Awareness:Protect your PC: Further InfoProtect your PC: Further Info
Credit Reports1 free report per yearhttps://www.annualcreditreport.com
Symantec Security CheckOnline check for exposure and or common viruseshttp://security.symantec.com/sscv6
National Security Agency Security Configuration Guidehttp://www.nsa.gov/snac
National Institute of Standards and Technology (NIST): Computer Security Resource Center (CSRC)
http://csrc.nist.gov/National Do Not Call Registry
http://www.donotcall.govChild Safety Online
http://www.fbi.gov/publications/pguide/pguidee.htmhttp://www.microsoft.com/athome/security/children
Security Awareness:Security Awareness:Protect your PC: AdvancedProtect your PC: Advanced
These options are available, but, generally recommended for advanced users:
Disable/Remove Windows ComponentsDisable unnecessary Windows servicesUse alternate email client
Thunderbirdhttp://www.getthunderbird.com
Enable AuditingMicrosoft Baseline AnalyzerPort Reporter and ParserRoot Kit Detection toolsHiJackThis.exeUse encryption for files and emailUse GeSWall
Security Awareness:Security Awareness:Protect your PC: AdvancedProtect your PC: Advanced
Advanced options:USE LINUX