traveling safely sirt it security roundtable harvard townsend it security officer harv@ksu.edu may...
Post on 31-Mar-2015
214 Views
Preview:
TRANSCRIPT
Traveling SafelySIRT IT Security Roundtable
Harvard TownsendIT Security Officerharv@ksu.eduMay 8, 2009
Agenda
What and where are the risks? Using Internet cafes and WiFi hot spots safely (is
that possible?!) Protecting your eID and other passwords Protecting your personal and financial info Airport risks Laptop security Things to do before you leave Beware of export restrictions on certain
technologies K-State VPN service
2
What are the risks?
Identity theft Financial fraud/theft Physical theft (like your laptop) Information loss/theft (personal,
institutional, passwords, acct info)
3
Where are the risks?
Internet cafés WiFi hot spots Any public computer, even some
private ones (e.g. hotel business center)
Airports ATM machines
4
Internet Cafés
Technology typically not managed well. Susceptible to: Worms, Trojan horses, etc. Keyloggers USB thumb drive infections
Browser cache, temporary files, deleted files, log data leave a trace of your activity
Staff sometimes part of the conspiracy5
Internet Cafés What can you do about it?
Avoid them altogether, or just use them for innocuous activities like checking the weather, bus/train/flight schedules, tourist sites
Research locations before you leave or ask someone you trust (hotel concierge?) to determine which ones are reputable
Never use them for financial transactions If at all possible, don’t use your K-State eID and password Make sure it has antivirus software running and up-to-date – do
a manual scan if possible; check for firewall too Or run a free web-based AV check (like Trend’s HouseCall -
http://housecall.trendmicro.com/), although this can be time-consuming and you’re paying for your time on the computer
Check installed programs, programs running in memory for anything suspicious
6
Internet Cafés What can you do about it?
When you delete a file, use a secure delete tool like “Eraser” (if you can install programs on the computer)
NEVER let it save your login/account informationin the browser
Clear the browser cache, cookies, history beforeyou leave Firefox – Pull down Tools menu, select “Clear Private Data”, check all the
boxes, select “Clear Private Data now” IE – Pull down Tools menu, select “Delete Browsing History…”, select
“Delete All” Watch for shoulder-surfing Don’t leave your computer unattended with any sensitive
information showing, or authenticated sessions open (lock the screen)
Carry your own programs on a USB flash drive (browser, AV software, email client, password safe, VPN client, Secure erase, etc.)
Summary – AVOID or BE PARANOID!7
Other public computers
Treat them ALL with suspicion Hotel business centers
Probably better than Internet café, esp. at reputable hotel, but even those are not without risk
They typically use an acct with Administrator privileges, so anyone can install anything
Use same precautions as Internet Cafés Don’t use for financial transactions, your
eID/password, or other sensitive sessions if at all possible
Plug your own laptop in if possible; turn off File/Printer sharing
8
Other public computers
Public libraries In U.S., have extensive filtering that can
prevent some malware too. Might be better managed than other public computers, depending on the staff at that library
Public Kiosks “Danger, Will Robinson!” (just check the
weather and news)9
The WiFi Dilemma
It’s SOOO useful and SOOO risky Unsecured wireless networks are very easy to
snoop – someone near you or even across the street can watch ALL of your traffic
Are freely available programs that watch WiFi traffic looking for anything that looks like a username and password, or account info
Hotels – just because you have to register or authenticate doesn’t mean it’s secure. They typically are not encrypted and you don’t know who is in the room next to you.
10
Wireless security
Use K-State’s VPN service to access K-State systems; this does NOT protect your other Internet traffic
Don’t do financial transactions or other sensitive work in public WiFi zones, if possible
General wireless security:www.onguardonline.gov/wireless.html
Wireless terminology:www.onguardonline.gov/wireless.html#glossary
11
Protecting your eID
12
Avoid using it in Internet Cafés and other public computers, if possible
Use K-State VPN service to access K-State resources when possible
Change your eID password when you get home as a precaution
Protecting Your Personaland Financial Information
Take all the online precautions mentioned thus far Always know where your passport is
Stow it securely on your person Hide it in your hotel room or put it in a safe
Beware of pick-pockets Conceal your valuables Don’t let a vendor/server take your credit card out of
your sight Pay with cash as much as possible (so you don’t have to
use your credit card) Let your credit card companies know your travel
destination and dates (can now do this online with some major credit cards)
13
ATM security
“ATM skimming” devices rampant in Europe, happens inU.S. too
Organized crime involved Look for indicators of tampering with the keypad
or card swipe/feed mechanism Only use ATMs in the lobby of reputable banks;
esp. beware of solitary ATMs in secluded places at night
Watch for people looking over your shoulder Make a few large withdrawals instead of many
smaller ones14
Airports
High risk of theft 16,000 laptops lost or stolen in airports in
US and Europe PER WEEK!! Will cover laptop security later Don’t let valuables out of your site,
esp. at security screening; criminals target airports and create diversions to distract you while they steal your laptop
15
Airports
Use same precautions with the public WiFi in airports that you would in any public WiFi hot spot
Beware of the oft-seenbut bogus“Free Public WiFi” ad hoc/computer-to-computer wireless network – don’t try to connect to it
General rule – don’t connect to unknown wireless networks
16
17
Laptop Security
Never leave unsecured laptop unattended Use a locking security cable
Hotel room Public locations, coffee shop Conferences, training sessions Cost $15-$50, combination or key lock
Don’t leave it in view in your vehicle Don’t trust the trunk - remember the quick release lever
inside the vehicle? Use strong password on all accounts Don’t store sensitive info on it, but if you have to,
encrypt the entire hard drive (K-State uses PGP Whole Disk Encryption software for this purpose): http://www.k-state.edu/infotech/security/pgp
18
Laptop Security
Don’t let it out of your sight when you travel Be particularly watchful at airport security
checkpoints Always take it in your carry-on luggage
Never put it in checked luggage Use a nondescript carrying case
One that doesn’t look like a laptop carrying case Remove the manufacturer logo from the case
Be careful when you take a nap in the airport Wrap the carrying case strap around your body Use the locking security cable to secure it
19
Tracking & RecoverySoftware
If stolen, the computer contacts the company the next time it’s on the Internet; the company then traces it and contacts law enforcement to recover it; inconsistent results outside the U.S.
Computrace LoJack for Laptops from Absolute Software (www.absolute.com) is an example
Pre-installed in BIOS on many laptops Dell HP
Have to buy the license to activate Costs about $30-$50 per year
Before you leave home
Backup your data Record identification information
Record make, model, serial number of laptop Take pictures of it Label it with ownership and contact info
Write down credit card acct. numbers and phone numbers for credit/debit card companies (and take it with you)
If leaving the country, notify the financial institutions whose accounts you will use (destination and dates of travel)
Notify the U.S. state department if going to a volatile location: https://travelregistration.state.gov
20
Export Controls
“Export” broadly defined by Feds, includes “actual shipment of any covered goods or items”
Export Administration Regulations (EAR) by the Commerce Dept. controls technology
Int’l Traffic in Arms Regulations (ITAR) by the State Dept. controls weapons (duh)
K-State’s University Research Compliance Office (URCO) has training available http://urco.ksu.edu/
21
Cisco VPN client?
“Civilian Solutions: Restricted Encryption and Unrestricted”
Cisco's restricted strong encryption solutions may be exported or re-exported to most civilian/commercial end users located in all territories except the embargoed destinations and countries designated as supporting terrorist activities. Countries listed in Part 746 of the EAR as embargoed destinations requiring a license are Cuba, Iran, North Korea, Sudan, and Syria.
See list of countries with embargos at http://www.bis.doc.gov/policiesandregulations/regionalconsiderations.htm
22
Cisco VPN client?
“Government Solutions: Restricted Encryption” Government entities not located in the following
countries require a U.S. export license in order to obtain restricted non-retail strong encryption items: Austria, Australia, Belgium, Canada, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.
23
24
Virtual Private Network (VPN)
Encrypts all network traffic between your computer and the K-State border
Makes your computer appear to be on campus to get access to restricted resources
Does NOT necessarily encrypt everything that goes to the Internet (“split tunneling”)
Also does not encrypt traffic once it is on campus
25
26
Virtual Private Network (VPN)
Must install “VPN Client” software Information and software available at:
http://www.k-state.edu/infotech/networks/vpn/
Cannot use it on campus yet (to secure your wireless, for example); will be able to soon.
If can get to Internet but not K-State, modify the “Transport” configuration: Enable Transparent Tunneling IPSec over TCP
27Disconnected Connected
What’s on your mind?
28
USB Flash Drive Security
No confidential data! Too easy to lose, easy target of theft
Don’t use it as a backup device “Erase” files so they aren’t recoverable Encrypt files on it with TrueCrypt or - Encrypted USB flash drives
Ironkey very popular - https://www.ironkey.com/
View demo?
29
top related