security awareness security.nsu

Security AwarenessSecurity Awarenesshttp://security.nsu.edu

Protect Your PC

http://security.nsu.edu/

Security Awareness:Security Awareness:Protect your PC: UpdateProtect your PC: Update

Update your OSOperating Systems are not perfect. As they get older, vulnerabilities and errors are found and exploited.Updates are intended to fix these.Windows has a built in feature called Automatic Updates. Enabling it will ensure your system stays up to date.http://windowsupdate.microsoft.com

Update all other SoftwareMicrosoft Office can be updated online.Most other third party applications contain a way to update them. Many are automated.

http://windowsupdate.microsoft.com/

Security Awareness:Security Awareness:Protect your PC: UpdateProtect your PC: Update

Security Awareness:Security Awareness:Protect your PC: PasswordsProtect your PC: Passwords

Passwords are a primary way of accessing your or your institutions data. They need to be strong. Make sure all accounts have one.Do not use personal information. Names, addresses, nicknames, hobbies, etc are easy to guess.Do not use the same password for everythingWhen asked to change, do not use the same password with a minor change.


Strong passwords are comprised ofMinimum of 8 charactersCombination of at least three of the following

Lower case letters: a b cUpper case letters: A B CNumbers: 1 2 3Symbols: ! @ #


Passphrases can usedTake a phrase and use the first letter of each word.Punctuation marks can be usedCapitalize some of the lettersSwitch symbols for letters


Passphrase example:Mary had a little lamb, its fleece was white as snow.M h a l l , i f w w a s .Mhall,ifwwas.Mh411,!fWW45>

Security Awareness:Security Awareness:Protect your PC: LoginProtect your PC: Login

Disable Automatic LoginFor newer versions of Windows, setting a password will prevent the system from booting into an account

Disable the Welcome ScreenThis is will cause Windows to use the classic login screen instead of advertising accounts that are available.

Security Awareness:Security Awareness:Protect your PC: LoginProtect your PC: Login

Security Awareness:Security Awareness:Protect your PC: AccountsProtect your PC: Accounts

Windows has two administrator accounts for users when installed.

Set strong passwords for bothOnly use admin accounts for admin tasks like installing software or making operating system changes

Create user accounts for all usersThis adds privacy and security to individual’s dataPrevents unauthorized users from installing software or changing the operating system

When online, some sites will attempt to install software, some of it is malicious in nature

Disable the Guest accountThis is the default state for newer operating system, so verify

Security Awareness:Security Awareness:Protect your PC: AccountsProtect your PC: Accounts

Security Awareness:Security Awareness:Protect your PC: FirewallProtect your PC: Firewall

Windows has a built in Firewall.Firewalls prevent unauthorized traffic from entering the computer

Example: PCs can be remotely controlled. A firewall can prevent remote users from doing this

Verify the Windows Firewall is enabledEnabled by default in service pack 2 and above

There are third party firewalls availableZoneAlarm

Free for personal usehttp://www.zonelabs.com

Hardware based firewalls can be incorporated into routersUsed predominantly with home networks

Only use one at a time

http://www.zonelabs.com/

Security Awareness:Security Awareness:Protect your PC: FirewallProtect your PC: Firewall

Security Awareness:Security Awareness:Protect your PC: Anti-VirusProtect your PC: Anti-Virus

Virus is a term that is used to refer to malicious software. In reality, it is one of many types of software that has malicious intent (malware).

VirusesWormsTrojan HorsesKey-loggersetc…

CanDestroy dataCause hardware failuresend sensitive information to othersetc…

Malware is spread throughEmailWeb Browsing

Intentionally included in what looks like legitimate software. The user is usually prompted for installation.

Example: Gator is part of some screensaver installs

Intentionally included in web siteWeb site is hacked and when visited, malware is downloaded

External data devicesCDsExternal Hard DrivesFloppyFlash (USB) drives

Remote attacks



Protect your PC by installing an Anti-Virus programUpdate it daily, automatically if possible.Scan your PC on a regular basis. If possible, setup automatic scanning.Although it is possible, it is not recommended to use multiple AV programs on the same PC at the same time.Some Manufacturers will include AV software in a suite that provides other protection

Example: Norton’s Internet Security includes:FirewallSpam filterParental Controls


AvailableFree

AVGFree for personal usehttp://free.grisoft.com

AvastFree for Personal usehttp://www.avast.com

Nominal FeeMcAfee

Can be purchased as part of a security suite Http://www.mcafee.com

NortonCan be purchased as part of a security suitehttp://www.symantec.com

http://free.grisoft.com/

Security Awareness:Security Awareness:Protect your PC: Anti-SpywareProtect your PC: Anti-Spyware

Spyware is another type of Malware. The main purpose behind Spyware is to monitor your activities and transmit them to a third party, usually, without your consent.

Example: Popup Ads

Spyware is generally installed via malicious or hacked web sites, but, it is possible to get spyware the same way as a virus.

Example: Cool Web Search Toolbar


Install an Anti-Spyware Program.In most cases, more than one can be used.Keep it up to date. Automatic updating is available in some.Scan your PC on a regular basis. If possible, setup automatic scanning.Micorsoft provides an Anti-Spyware program called Windows Defender. It is currently in Beta, which means it is still being tested, but available to general public without warranty.

Updated via Automatic Updateshttp://www.microsoft.com/athome/security/spyware/software/default.mspx


There are many free third party Anti-Spyware programs available. (Be careful though, some spyware programs are actually spyware.)

Spybot Search and DestroyFreehttp://www.safer-networking.org/

Lavasoft’s Ad-AwareFree for Personal Usehttp://www.lavasoft.com

SpywareBlasterFreePrevents Spyware from being installed.http://www.javacoolsoftware.com/spywareblaster.html

Security Awareness:Security Awareness:Protect your PC: Lock-it or LogoutProtect your PC: Lock-it or Logout

Lock your PC when you leave it unattended.Many times, users will be working on sensitive information and leave for a break, meeting or other need, leaving this and other potentially sensitive data accessible from their desk.Lock the screen by:

Press and release, at the same time, the CTRL+ALT+DEL keys (not the “+” key) to bring up the Window Security window and click “Lock Computer”Set up a screensaver, set it for a short period of time (5 minutes) and set it to prompt for a password on resume.Press and release, at the same time, the Windows+L keys.

If you don’t want to lock-it, then logout or shutdown.

If the PC is off, people can’t attack it or access its data.

Security Awareness:Security Awareness:Protect your PC: Lock-it or LogoutProtect your PC: Lock-it or Logout

Security Awareness:Security Awareness:Protect your PC: Lock-it/LogoutProtect your PC: Lock-it/Logout

Security Awareness:Security Awareness:Protect your PC: WirelessProtect your PC: Wireless

Wireless homeUse encryption:

Changes the format of the data between the access point and your PCWEP: Wired Equivalent Privacy (insecure)WPA: Wi-Fi Protected Access

Uses a passphrase/pre-shared keyWPA2

Use preferred networksThose that you setup or know who owns them (NSUWIFI)

Use access points, not PC to PC communication (ad hoc)Public access points allow anyone to connect, which means anyone can see what you are sendingDisable your wireless network adapter when not in useUsing another persons access point without their consent is illegal


NSUWIFI provides wireless access for faculty, staff and students

Information available at http://www.nsu.edu/wifi/WPA2 is used for encryptionTKIP (Temporal Key Integrity Protocol)

Changes keys dynamically to prevent attackers from finding the (single) key used for encrypting data

NSU userid and password required to gain access to the wireless networkNSU monitors for unauthorized access pointsFuture plans for guest access


BluetoothDesigned for short wireless communications over short distancesBluesnarfing:

Acquiring phonebooks, pictures, calendarParis Hilton’s phone was cracked

Bluetracking:Tracking your movement based on the unique address of the device

Bluebugging:Send commands to a bluetooth deviceMake it call you which means an attacker could be listening

Bluetooth sniper rifleHow To: Building a BlueSniper Rifle - Part 1

http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1

Security Awareness:Security Awareness:Protect your PC: Parental ControlsProtect your PC: Parental Controls

Parental Controls allow parents to control what their children do online.

Block web sites, chat, pop-upsAllows you to monitor activity

Web sites visitedKeyloggers

A few that get decent ratings and are a nominal fee:

CyberPatrol (Appears to be the highest rated overall)http://www.cyberpatrol.com/

CYBERsitterhttp://www.cybersitter.com/

NetNannyhttp://www.netnanny.com

Security Awareness:Security Awareness:Protect your PC: Add-onsProtect your PC: Add-ons

Many Web sites or files require additional software to be installed in order to view.

These viewers are usually free and easily accessible.Adobe Acrobat Reader is needed to view PDF documents.Windows Media Player or QuickTime may be required to watch certain videos or listen to music

Other sites may have programs that will improve your computing experience

Firefox is another popular web browserGoogle Toolbar will prevent pop-ups in Internet Explorer while providing a quick way to search the internet.

To get these, go directly to the manufacturer’s site.Acrobat Reader is available from AdobeThe latest version of Windows Media Player is available through MicrosoftQuickTime is available through Apple

If not sure, research the program. If still not sure, don’t install.

Security Awareness:Security Awareness:Protect your PC: BrowsingProtect your PC: Browsing

Be careful when browsingMisspelling or mistyping a word, even one character off, can take you to a web site that may be objectionable or malicious in nature.

Use an alternate browser.Helps avoid site redirects or phishing.Prevents certain sites from taking advantage of flaws in Internet ExplorerFirefox has additional add-ons that can be used for additional security

FreeSecond most used web browser (behind Internet Explorer) and gaining more ground each day.http://www.getfirefox.com

Watch for redirection. Redirection is when you click a link on a site and end up at another web site. Phishing scams can take advantage of this.Watch the contents of the location or address bar. This is where you will detect the redirection.When going to a site that may need personal information, go directly to the web site.Disable pop-ups.

Security Awareness:Security Awareness:Protect your PC: BrowsingProtect your PC: Browsing

Security Awareness:Security Awareness:Protect your PC: EmailProtect your PC: Email

Be wary of email from addresses you do not know.Typically SPAM or phishing attempts

Use caution with attachments.Programs should not be sent through email.

Avoid sending personal information through email.Email is in clear text.Do not send social security numbers or credit card info.Do not send usernames or passwords.

Do not click links for banking institutions.Financial Institutions do not ask for personal information through email. It is only used to distribute information.Contact your financial institution in person or telephone.

There are alternative email clients available, but they may require additional computing skills.

Security Awareness:Security Awareness:Protect your PC: BackupProtect your PC: Backup

Backup your data regularlyWindows has a built in backup utility.Backup programs with automation are available.

Simple methods include:Burning specific files to CD.Copying them to flash (USB) drives or memory cards.Copy the data to another computerFee based subscriptions are available online.

Floppy Disks are too small for most data.

Security Awareness:Security Awareness:Protect your PC: NSU PoliciesProtect your PC: NSU Policies

NSU policies are available from:http://www.nsu.edu/policies

Policy 60.201: Acceptable Use of Technology ResourcesPolicy 62.002: Computer Systems Passwords

http://www.nsu.edu/formsResource Authorization Request / OIT Request Form & Information Security Access Agreement

http://www.nsu.edu/oit/policiesPolicy 61.002: Electronic Data Privacy and Ownership

Security Awareness:Security Awareness:Protect your PC: Further InfoProtect your PC: Further Info

Credit Reports1 free report per yearhttps://www.annualcreditreport.com

Symantec Security CheckOnline check for exposure and or common viruseshttp://security.symantec.com/sscv6

National Security Agency Security Configuration Guidehttp://www.nsa.gov/snac

National Institute of Standards and Technology (NIST): Computer Security Resource Center (CSRC)

http://csrc.nist.gov/National Do Not Call Registry

http://www.donotcall.govChild Safety Online

http://www.fbi.gov/publications/pguide/pguidee.htmhttp://www.microsoft.com/athome/security/children

Security Awareness:Security Awareness:Protect your PC: AdvancedProtect your PC: Advanced

These options are available, but, generally recommended for advanced users:

Disable/Remove Windows ComponentsDisable unnecessary Windows servicesUse alternate email client

Thunderbirdhttp://www.getthunderbird.com

Enable AuditingMicrosoft Baseline AnalyzerPort Reporter and ParserRoot Kit Detection toolsHiJackThis.exeUse encryption for files and emailUse GeSWall

Security Awareness:Security Awareness:Protect your PC: AdvancedProtect your PC: Advanced

Advanced options:USE LINUX

security awareness security.nsu

Documents