Embed Size (px)
Citation preview
Avoiding the Dark Alleys of the Internet
Extension in the Connected Age
NC Cooperative Extension March 24, 2009
Presented by Greg ParmerAlabama Cooperative Extension System
Security is kind of like air. It is easy to take for granted until
it goes missing.
Security TopicsUpdates/Patches
PasswordsE-MailSurfing
Router/Firewall
Updates/PatchesWhy “if it ain’t broke, don’t fix it” doesn’t apply here!
Updates/PatchesOperating System
Anti-virusApplications
@Risk ExampleWidely Deployed Software(1) CRITICAL: Adobe Acrobat and Reader
JavaScript Method Buffer Overflow Vulnerability (APSB09-04)
(2) CRITICAL: Autonomy KeyView SDK "wp6sr.dll" Buffer Overflow Vulnerability
(3) MODERATE: GNOME glib Base64 Functions Mutiple Integer Overflow Vulnerabilities
(4) MODERATE: PPLive Multiple URI Handlers Code Execution Vulnerabilities
MS Windows Security• Install virus protection software• Turn on the Windows firewall• Turn on Windows updates• Use Windows Security Center• Use limited accounts• Use password for every account
Virus Protection Software
Install & routinely update virus protection software• Sophos• McAfee• AVG• ClamAV
Windows FirewallChoose “On” Only unblock programs
that you trust
Windows Updates
Select “Automatic (recommended)”
Select “Everyday”Choose an
appropriate timeLeave computer on!
(check sleep/ hibernate)
Security CenterEnsures:
• Firewall is on• Automatic
updates are installed
• Virus protection installed & up-to-date
Security Center
You don’t want the RED or Yellow shield
Click on the shield to fix the problem
Limited AccountsProhibited from installing software
• Prevents installation of malware/viruses• User has access to currently installed
softwareProhibited from accessing Administrator’s
documents & settings• Prevents changes to administrator
password• Prevents access to Administrator’s
Documents, Desktop, etc.Create/modify system accounts under
“Control Panel/User Accounts”
Limited Accounts
Easily switch between accounts
Leave programs running while others login (windows-L)
Passwords?How to stop the sharing
madness
PasswordsHR system controls your $$Banks control your $$No reason to share passwords because
you can use:• Network file shares• Shared files/folders• Remote Desktop• E-mail Proxy• Web 2.0 products
Managing PasswordsTrade-offs
• Different passwords for different systems• Require passwords to change
Password Managers• Password Safe
http://passwordsafe.sourceforge.net• Others
http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html
Choosing a good passphrase• “1wbiDCH” (I was born in Dale County Hospital)http://www.aces.edu/extconnections/2006/10/
Safely Using EmailAvoid hoaxes and phishing
attempts
HoaxesTrickery
Please forwardUsually harmless
Waste time and resources
Phishing Clues Return address appears to be legitimateWarns of consequences unless urgent action is takenNo personal info or account name/number in messageName of link doesn’t match destination
• Name of link: https://www.firstnational.com• Destination of link:
http://www.sargonas.con/firstnational/login.htm
http://www.wikipedia.org/wiki/Phishinghttp://jdorner.blogspot.com/2007/03/every-now-and-then-i-
come-across.htmlhttp://www.aces.edu/extconnections/2006/12
Viruses & TrojansWhen you receive an attachment via e-
mail, think about it before you click to open. Is there ANYTHING suspicious about the message?
Just because you know the “sender” doesn’t mean the message is legitimate.
Don’t Become A Victim“Google” a sentence from the message
to see if it’s a hoax or phishing attempt – add snopes to the search terms
Be wary of any web links you get via e-mail
SurfingRead the Warnings
S is for securePasswords deserve
• “https”Check the SSL box
• “imaps”• “pops”
Read & Heed
Plain-text Protocols
Secure Protocol
Home RoutersInsurance that works for you!
Home RoutersOne internet connection,
multiple computersFirewall protectionAccess restrictions
One Internet Connection
Firewall ProtectionOne-way valve that lets you out, but
doesn’t let intruders in• Prevents unauthorized access to your
computer(s)• Hides your computer(s) from the internet
while still allowing access to the internet
Access Restrictions
Control when a computer can access the internet
• Deny/Allow by website or keyword
Multiple configurations
• Everyday or only on school days etc.
• All the time, or only between 4p.m. & 10p.m, etc.
Secure WirelessDisable wireless, if you’re not using itMost routers can be configured w/a CDWhat can be done manually?
• Change the SSID (wireless network name)• Disable SSID Broadcast (make it invisible)• Require a password to join the wireless
network• Restrict by MAC address
Other ReferencesSANS
https://www.sans.org/newsletters/The National Institute on Media and the
Familyhttp://www.mediafamily.org/
network_guides.shtmlBruce Schneier
“Beyond Fear”http://www.schneier.com
Thank You
Greg Parmergparmer @ auburn.edu
