Identity TheftIdentity Theftandand

Safe ComputingSafe Computing

Keeping yourself Keeping yourself YouYou by good by good habits and good technologyhabits and good technology

The ThreatsThe Threats

MalwareMalwareAdwareAdwareSpywareSpywareWormsWormsVirusesVirusesTrojan HorsesTrojan HorsesBots/ZombiesBots/Zombies

The ThreatsThe Threats

Phishing and PharmingPhishing and Pharming

Safe ComputingSafe Computing

Safe Surfing (safe web, email, IM)Safe Surfing (safe web, email, IM)

Safe PasswordsSafe Passwords

Safe Systems (making your computer help Safe Systems (making your computer help you) you)

Safe SurfingSafe Surfing

Windows popup or web popup?Windows popup or web popup?

Careful where you clickCareful where you click

URL SpoofingURL SpoofingVulnerabilities (IE/Firefox spoofs)Vulnerabilities (IE/Firefox spoofs)OthersOthers

Safe SurfingSafe Surfing

URL Spoofing examples:URL Spoofing examples: http://www.ebay.com-SECURITYCHECKw8grHGA889yK@evilhackersRus.comhttp://www.ebay.com-SECURITYCHECKw8grHGA889yK@evilhackersRus.com

MouseoversMouseoversHEX EncodingHEX EncodingDecimal IP addressDecimal IP addressEmail and webEmail and web

Safe SurfingSafe Surfing

Under Lock and KeyUnder Lock and KeySSLSSLTerminologyTerminology

CertificateCertificateCertificate AuthorityCertificate Authority

How to Check itHow to Check it

(Shows live phishing sites)

Safe SurfingSafe Surfing

Safe EmailSafe EmailUnexpected attachmentsUnexpected attachmentsGuilty until proven innocentGuilty until proven innocent

No real securityNo real securityFrom/Reply-to arbitraryFrom/Reply-to arbitrary

Encryption / AuthenticationEncryption / Authentication

Safe SurfingSafe Surfing

Email SpoofingEmail SpoofingEmbedded formsEmbedded formsURL spoofing in emailURL spoofing in email ‘‘Account Updates’Account Updates’ ‘‘Security Notices’Security Notices’

Safe SurfingSafe Surfing

Safe IMSafe IMSimilar to emailSimilar to email

Same defensesSame defenses

Safe SurfingSafe Surfing

SummarySummaryEmail is untrustworthyEmail is untrustworthy

Watch the URLsWatch the URLs

Common senseCommon sense

Safe PasswordsSafe Passwords

New Campus PoliciesNew Campus Policieshttp://www.it.ufl.edu/policies/passwords.htmlhttp://www.it.ufl.edu/policies/passwords.html

Why do we have this policy?Why do we have this policy?Single point of failureSingle point of failureTradeoffsTradeoffs

Safe PasswordsSafe Passwords

Making good passwordsMaking good passwordsPhrasesPhrasesLyrics, poems, quotesLyrics, poems, quotesObfuscateObfuscate

Storing your passwordStoring your passwordProtect like a credit cardProtect like a credit cardPassword vaultPassword vaultMulti-factor protectionMulti-factor protection

Safe SystemsSafe Systems

Check with your local support staffCheck with your local support staff

Anti-virusAnti-virusMcAfee is FREE!McAfee is FREE!

http://www.software.ufl.edu/mcafeehttp://www.software.ufl.edu/mcafee

Necessary, but not enough to be safeNecessary, but not enough to be safe

Safe SystemsSafe Systems

Anti-spywareAnti-spywareAd-awareAd-aware

http://www.lavasoftusa.com/software/adaware/http://www.lavasoftusa.com/software/adaware/

Spybot Search and DestroySpybot Search and Destroyhttp://www.safer-networking.org/en/index.htmlhttp://www.safer-networking.org/en/index.html

Still not enough!Still not enough!

Safe SystemsSafe Systems

Automatic UpdatesAutomatic Updateshttp://windowsupdate.microsoft.com/http://windowsupdate.microsoft.com/ http://net-services.ufl.edu/security/public/patches.shtmlhttp://net-services.ufl.edu/security/public/patches.shtml

Most important, and very nearly enoughMost important, and very nearly enough

Safe SystemsSafe Systems

Alternate BrowsersAlternate Browsers IE vulnerabilitiesIE vulnerabilities

OperaOperahttp://www.opera.com/http://www.opera.com/

Firefox (mozilla)Firefox (mozilla)http://www.mozilla.org/products/firefox/http://www.mozilla.org/products/firefox/

SummarySummary

Secure your machineSecure your machine

Choose good passwords and protect themChoose good passwords and protect them

Be careful how you surfBe careful how you surf

At Home / At WorkAt Home / At Work

Questions?Questions?Jordan WiensJordan WiensSecurity TeamSecurity Team

http://infosec.ufl.edu/http://infosec.ufl.edu/

352-392-2061352-392-2061ufirt@ufl.eduufirt@ufl.edu