0
Helping Students Stay Secure         Mark Ciampa
Time Remaining
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad
Things Are Still Bad•    Web pages that infect by simply looking at     them (6,000 new infected pages daily, or 1     eve...
Things Are Still Bad• 431 million adults experienced  cybercrime in last year• 1+ million daily victims (14 each  second)•...
Things Are Still Bad• New zero-day attack• Bypasses sandbox protection in  Adobe Reader 10 and 11• Bypasses Windows ASLR (...
Things Are Still Bad• Opens decoy PDF document contains  travel visa application• Also drops and executes a malware  downl...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Users Are Still Confused•   Massive data breach from computers    belonging to South Carolinas Department of    Revenue (D...
Users Are Still Confused•   2012 survey of American, British and    German adult computer users•   40% not always update s...
Uses Are Still Confused• 88% use their home computer for online  banking, stock trading, reviewing personal  medical infor...
Users Are Still Confused• 44% don’t understand firewalls• 25% have not even heard of the term  “phishing” and only 13% can...
Why Increase In Attacks•   Speed of attacks•   More sophisticated attacks•   Simplicity of attack tools•   Faster detectio...
User Confusion• Confusion over different attacks:  Worm or virus? Adware or  spyware? Rootkit or Trojan?• Confusion over d...
Think Of a User• Will you grant permission to  open this port?• Is it safe to un-quarantine this  attachment?• May I insta...
User Misconceptions• I don’t have anything on my  computer they want• I have antivirus software so I’m  protected• The IT ...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Students Want Be Secure• Surveyed 679 students at both university andcommunity college• First day of Introduction to Compu...
Students Want Be Secure                 29
Anti-virus Software               30
Using Firewall             31
Securing Wireless              32
Protecting From Phishing                   33
Using Spam Filters              34
Students Want Be Secure• Surveyed 479 students at university• First day of Introduction to Computers class priorto any ins...
Students Want Be Secure•On the basis of gender females significantly morelikely to indicate specific security tasks areimp...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Security Education In Schools• Teach comprehensive enterprise  security in CIS security track• Teach network security to C...
Calls for Vigilance• “Securing your home computer helps you and  your family, and it also helps your nation . . . by  redu...
Calls for Training• National Strategy to Secure Cyberspace (NSSC)  document, created by U.S. President’s National  Infrast...
Calls for Training• Action and Recommendation 3-4 of NSSC calls upon  colleges and universities to model user awareness  p...
Calls for Training•   Researchers state that institutions of higher education (IHEs) should be    responsible for providin...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
Security Education Challenge• Need educate all students about practical  computer security in all of our courses• “Users s...
Objections• Students don’t care about  security• I’m not a security expert so I  can’t teach it• I don’t have time to teac...
Experts Not Needed• Attacks are targeting user confusionand misconceptions• Need teach basic practical securityskills and ...
I Don’t Have Time To Teach It • Is there a skill that is more important and more useful than practical security? •We can t...
Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to le...
How To Teach Security             Yes               NoTopics       Practical steps   Learn definitionsFocus        End use...
How To Teach Security
Practical Security Topics    Personal          Computer          Internet             MobilePasswords         Malware     ...
Password Paradox• Password paradox – For password to remain secure  it should never be written down but must be  committed...
Weak Passwords• Common word (Eagles)• Short passwords (ABCDEF)• Personal information (name of a child or  pet)• Write pass...
Top 10 Passwords
Password Principles1. Any password that can be   memorized is a weak   password2. Any password that is   repeated on multi...
Password Management Application• Use technology instead of our memory for password  management• Password management applic...
My PasswordÞtq⃠GøÑÆ»¬ŠñB±.Û©¸ùÏŽ "$@m            gÉ                     57
Password Management Application• In-memory protection - Passwords are encrypted while the  application is running to conce...
KeePass      59
KeePass      60
Which Is Better?• thisisaverylongpassword• Xp4!e%• Length always trumps  complexity
Length Over Complexity Number-of-Keyboard-Keys ^ Password-Length = Total-           Number-of-Possible-Passwords    Keyboa...
If You Rely On Memory Only• Length is more important than complexity -  longisthislongerpassword over u$^#16• Do not use p...
Use Nonkeyboard Characters• Make passwords stronger with special  characters not on keyboard• Created by holding down ALT ...
Use Nonkeyboard Characters                   65
Test Passwords• Online password creators• Password Security Tester• How Secure Is My  Password• Check Your Password• The P...
Phishing• Social engineering - Relies on deceiving someone to obtain secure  information• Phishing - Common form of social...
Phishing Tests• Mailfrontier• Antiphishing.org• Antiphishing Phil• Paypal
Social Networking Attacks• Grouping individuals and organizations into clusters or  groups based on affiliation called soc...
Social Network Defenses• Consider carefully who is accepted as a friend – Once  person has been accepted as friend that pe...
Social Network Defenses
Backups
Personal Firewall•       Two-way personal software firewall -        Inspects network traffic passing through it        an...
Test Firewall                74
Test Firewall                75
Test Firewall                76
Patch Management             77
Antivirus            78
Antivirus• Test antivirus settings• Disinfect
Windows Action Center
User Account Control (UAC)•  User attempts to perform task that   requires administrative access then   prompted for appro...
User Account Control (UAC)
User Account Control (UAC)
Does Wireless Security Matter?• Get into any folder set with file  sharing enabled• See wireless transmissions• Access net...
Does Wireless Security Matter?• Barry A. get even with neighbors• Broke WiFi WEP encryption• Created fictitious MySpace pa...
Does Wireless Security Matter?• Barry e-mailed the same  pornography to the husbands co-  workers• Sent flirtatious e-mail...
Does Wireless Security Matter?• Husband’s law office hired forensics  investigator installed a protocol  analyzer• In data...
Does Wireless Security Matter?• Offered 2-year sentence but turned it  down, so prosecutors piled on more  charges• Pled g...
1. Lock Down Device• Create strong Password  (over 15 characters)• Disable Remote  Management (cannot  access settings via...
2. Turn on WPA2•   On wireless router set WPA2 Personal•   WPA2 Personal security option, which    may be labeled as WPA2-...
2. Turn on WPA2             91
2. Turn on WPA2•   After turning on WPA2 Personal on    wireless router and entering a key    value, the same key value mu...
3. Beware of Imposters                  93
4. Disable Bluetooth•   When using a smartphone or tablet that    supports Bluetooth, it is advisable to    disable Blueto...
Student Comments• As for the material presented in this class, it is great. I  have found all the hands on projects to be ...
New Approaches• “Security Across the Curriculum”• Adding practical security to Introduction to  Computers course• Content ...
URL References•   Test firewall - www.grc.com “Shields UP!!”•   Test antivirus settings - www.eicar.org/anti_virus_test_fi...
Security Awareness 4e• Security Awareness: Applying Practical Security  in Your World, 4e• Published December 2012• Basic ...
Helping Students Stay Secure      mark.ciampa@wku.edu
Upcoming SlideShare
Loading in...5
×

Course Tech 2013, Mark Ciampa, Helping Students Stay Secure

4,025

Published on

Smartphones, socialmedia, downloading MP3music files,watchingmovies on tablet computers—these are the types
of activities that our students are constantly engaged in. However, these are the same activities that attackers are
targeting today, yet very fewof our students knowhowto protectthemselves fromthese targeted attacks. In this
presentation we will look at practical security instruction that can be added to any computer course in order to help
our students stay secure.
PresIDIo 1 & 2 WhAT shoulD I geT ouT

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
4,025
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Smartphones, social media, downloading MP3 music files, watching movies on tablet computers—these are the types of activities that are students are constantly engaged in. However, these are the same activities that attackers are targeting today. Yet very few of our students know how to protect themselves from these targeted attacks. In this presentation we will look at practical security instruction that can be added to any computer course in order to help our students stay secure.
  • Transcript of "Course Tech 2013, Mark Ciampa, Helping Students Stay Secure"

    1. 1. Helping Students Stay Secure Mark Ciampa
    2. 2. Time Remaining
    3. 3. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    4. 4. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    5. 5. Things Are Still Bad
    6. 6. Things Are Still Bad
    7. 7. Things Are Still Bad
    8. 8. Things Are Still Bad
    9. 9. Things Are Still Bad
    10. 10. Things Are Still Bad
    11. 11. Things Are Still Bad
    12. 12. Things Are Still Bad
    13. 13. Things Are Still Bad
    14. 14. Things Are Still Bad• Web pages that infect by simply looking at them (6,000 new infected pages daily, or 1 every 14 seconds)• More attacks originate in U.S. than any other country (33%)• Home users were the most highly targeted sector (93% all targeted attacks)• An infected U.S. computer has an average of 8 instances of malware• U.S. has highest number of infected computers 14
    15. 15. Things Are Still Bad• 431 million adults experienced cybercrime in last year• 1+ million daily victims (14 each second)• 79% Internet users online 49+ hours per week been victims• 1 in 2.27 = odds consumer become cybercrime victim• $388 billion total cost cybercrime 15
    16. 16. Things Are Still Bad• New zero-day attack• Bypasses sandbox protection in Adobe Reader 10 and 11• Bypasses Windows ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention)• Starts by having Windows users clicking on a malicious PDF file delivered in an e-mail message 16
    17. 17. Things Are Still Bad• Opens decoy PDF document contains travel visa application• Also drops and executes a malware downloader that connects to remote server and downloads additional components to steal passwords, gather information about system configuration, log keystrokes• Communication between the malware and the command-and-control server is compressed with zlib and encrypted with AES (Advanced Encryption Standard) 17
    18. 18. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    19. 19. Users Are Still Confused• Massive data breach from computers belonging to South Carolinas Department of Revenue (DOR)• Exposed Social Security numbers of 3.8 million taxpayers plus credit card & bank account data for total of 74.7 GB• Started with employees computer infected with malware after user opened phishing e- mail• Attacker captured the persons username and password• Installed tools that captured user account passwords on 6 servers• Eventually gained access to 36 other systems 19
    20. 20. Users Are Still Confused• 2012 survey of American, British and German adult computer users• 40% not always update software on computers when they initially prompted• 25% said do not clearly understand what software updates do• 25% said do not understand the benefits of updating regularly• 75% said saw update notifications but over half said needed to see notification between 2-5 five times before decided• 25% said do not know how to check if their software needs updating 20
    21. 21. Uses Are Still Confused• 88% use their home computer for online banking, stock trading, reviewing personal medical information, and storing financial information, health records, and resumes• 98% agree important to be able to know risk level of a web site before visiting it (But 64% admit don’t know how to)• 92% think that their anti-virus software is up to date (But only 51% have current anti-virus software that been updated within last 7 days) 21
    22. 22. Users Are Still Confused• 44% don’t understand firewalls• 25% have not even heard of the term “phishing” and only 13% can accurately define it• 22% have anti-spyware software installed, an enabled firewall, and anti- virus protection that has been updated within last 7 days 22
    23. 23. Why Increase In Attacks• Speed of attacks• More sophisticated attacks• Simplicity of attack tools• Faster detection weaknesses• Delays in user patching• Distributed attacks• Exploit user ignorance & confusion 23
    24. 24. User Confusion• Confusion over different attacks: Worm or virus? Adware or spyware? Rootkit or Trojan?• Confusion over different defenses: Antivirus? Firewall? Patches?• Users asked to make security decisions and perform technical procedures 24
    25. 25. Think Of a User• Will you grant permission to open this port?• Is it safe to un-quarantine this attachment?• May I install this add-in? 25
    26. 26. User Misconceptions• I don’t have anything on my computer they want• I have antivirus software so I’m protected• The IT Department takes care of security here at school or work• My Apple computer is safe 26
    27. 27. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    28. 28. Students Want Be Secure• Surveyed 679 students at both university andcommunity college• First day of Introduction to Computers class• Students had received no instruction aboutsecurity in class• Students had no previous computer courses atthe school• Asked if specific security items were importantto them 28
    29. 29. Students Want Be Secure 29
    30. 30. Anti-virus Software 30
    31. 31. Using Firewall 31
    32. 32. Securing Wireless 32
    33. 33. Protecting From Phishing 33
    34. 34. Using Spam Filters 34
    35. 35. Students Want Be Secure• Surveyed 479 students at university• First day of Introduction to Computers class priorto any instruction about specific security items wereimportant to them•Students also rated themselves regarding their useand knowledge of technology, personal ownershipof devices, gender, age, and employment status•Elements were then correlated with studentresponses regarding their perceived importance ofthe common computer literacy topics in order todetermine if any associations exist 35
    36. 36. Students Want Be Secure•On the basis of gender females significantly morelikely to indicate specific security tasks areimportant (scanning for malware, creating backups,verifying information, using anti-virus software,securing wireless networks, using spam filters)•Significant correlations were found between theuse/knowledge of technology and practical securitytopics such as creating backups, configuring a webbrowser, and creating a strong password•Ownership of a Windows PC and Apple Mac werefound to be significantly associated with scanningfor malware 36
    37. 37. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    38. 38. Security Education In Schools• Teach comprehensive enterprise security in CIS security track• Teach network security to CIS majors• Teach brief coverage of security definitions in Introduction to Computers• Yet we are leaving out practical security awareness for all students 38
    39. 39. Calls for Vigilance• “Securing your home computer helps you and your family, and it also helps your nation . . . by reducing the risk to our financial system from theft, and to our nation from having your computer infected and then used as a tool to attack other computers” Janet Napolitano Department Homeland Security 39
    40. 40. Calls for Training• National Strategy to Secure Cyberspace (NSSC) document, created by U.S. President’s National Infrastructure Advisory Council, calls for comprehensive national security awareness program to empower all Americans, including the general population, “to secure their own parts of cyberspace”• Department of Homeland Security, through the NSSC, calls upon home users to help the nation secure cyberspace “by securing their own connections to it” 40
    41. 41. Calls for Training• Action and Recommendation 3-4 of NSSC calls upon colleges and universities to model user awareness programs and materials• Colloquium for Information Systems Security Education (CISSE), International Federation of Information Processing Working Group 11.8 on Information Security Education (IFIP WISE), and Workshop on Education in Computer Security (WECS) all involved in security training in schools• Bipartisan Cybersecurity Enhancement Act would fund more cybersecurity research, awareness and education (Feb 20 2011) 41
    42. 42. Calls for Training• Researchers state that institutions of higher education (IHEs) should be responsible for providing security awareness instruction, including Crowley (2003), Mangus (2002), Null (2004), Tobin and Ware (2005), Valentine (2005), Werner (2005), and Yang (2001)• Security instruction and training important not only to meet current demands of securing systems but also to prepare students for employment in their respective fields• Location of security awareness instruction and training in a college curriculum should not be isolated in upper-level courses for IT majors, according to Tobin and Ware (2005), Werner (2005), and others• Instruction should be taught to all graduates as a “security awareness” course (Valentine, 2005) along with integrating it across through the curriculum (Yang, 2001)• Long (1999) advocated that security instruction should begin as early as kindergarten. 42
    43. 43. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    44. 44. Security Education Challenge• Need educate all students about practical computer security in all of our courses• “Users should be as fluent with practical security as with using Word”• All our courses all use technology, so make security a “teaching moment”• Security Across the Curriculum
    45. 45. Objections• Students don’t care about security• I’m not a security expert so I can’t teach it• I don’t have time to teach it 45
    46. 46. Experts Not Needed• Attacks are targeting user confusionand misconceptions• Need teach basic practical securityskills and not advanced securitytopics• Often security experts get toocarried away with too many details! 46
    47. 47. I Don’t Have Time To Teach It • Is there a skill that is more important and more useful than practical security? •We can take the opportunity as topics arise •For example, when we ask them to research using the Internet then spend 10 minutes that day talking about Internet security 47
    48. 48. Cut Right To The Chase• Things are still bad in security• Users are still confused about security• Our students want to learn to be secure• Schools are not teaching practical security• We can teach practical security in all our courses• Here’s how to teach practical security
    49. 49. How To Teach Security Yes NoTopics Practical steps Learn definitionsFocus End user EnterpriseEmphasis Defense How it worksDevice Desktop, laptop Tablet, smartphoneResistance Tradeoff Impossible
    50. 50. How To Teach Security
    51. 51. Practical Security Topics Personal Computer Internet MobilePasswords Malware Java Wi-Fi risksPhishing Patches Digital certificates Bluetooth risksSocial networks Anti-virus Hyperlinks Wireless defenses Firewalls Browser settings Public Wi-Fi UAC Backups
    52. 52. Password Paradox• Password paradox – For password to remain secure it should never be written down but must be committed to memory.• Password should also be of a sufficient length and complexity that an attacker cannot easily determine• Paradox: although lengthy and complex passwords should be used and never written down, it is very difficult to memorize these types of passwords.• Users have multiple accounts for computers at work, school, and home, e-mail accounts, banks, online Internet stores, and each account has its own password
    53. 53. Weak Passwords• Common word (Eagles)• Short passwords (ABCDEF)• Personal information (name of a child or pet)• Write password down• Predictable use of characters• Not change password• Reuse same password
    54. 54. Top 10 Passwords
    55. 55. Password Principles1. Any password that can be memorized is a weak password2. Any password that is repeated on multiple accounts is a weak password
    56. 56. Password Management Application• Use technology instead of our memory for password management• Password management application – Allow user to store username and password, along with other account details• Application is itself protected by a single strong password, and can even require the presence of a file on a USB flash drive before the program will open• Allows user to retrieve usernames and passwords without the need to remember or even type them• Allows for very strong passwords:
    57. 57. My PasswordÞtq⃠GøÑÆ»¬ŠñB±.Û©¸ùÏŽ "$@m gÉ 57
    58. 58. Password Management Application• In-memory protection - Passwords are encrypted while the application is running to conceal passwords• Key files - In order to open the password database key file must also be present• Lock to user account - The database can be locked so that it can only be opened by the same person who created it• Password groupings - User passwords can be arranged as a tree, so that a group can have subgroups• Random password generator - A built-in random password generator can create strong random passwords based on different settings
    59. 59. KeePass 59
    60. 60. KeePass 60
    61. 61. Which Is Better?• thisisaverylongpassword• Xp4!e%• Length always trumps complexity
    62. 62. Length Over Complexity Number-of-Keyboard-Keys ^ Password-Length = Total- Number-of-Possible-Passwords Keyboard Keys Password Possible Length Passwords 95 2 9,025 95 3 857,375 95 4 81,450,625 95 6 735,091,890,625 189 6 4.5579633e+13
    63. 63. If You Rely On Memory Only• Length is more important than complexity - longisthislongerpassword over u$^#16• Do not use passwords that consist of dictionary words or phonetic words• Do not use birthdays, family member names, pet names, addresses, or any personal information• Do not repeat characters (xxx) or use sequences (abc, 123, qwerty)• Minimum of 12 characters in length or for accounts that require higher security a minimum of 18 characters is recommended• Consider using a longer passphrase: theraininspainfallsmainlyontheplain• Use nonkeyboard characters
    64. 64. Use Nonkeyboard Characters• Make passwords stronger with special characters not on keyboard• Created by holding down ALT key while simultaneously typing a number on numeric keypad (but not the numbers across the top of the keyboard); ALT + 0163 produces £.• To see a list of all the available non-keyboard characters click Start and Run and enter charmap.exe; click on character and the code ALT + 0xxx will appear in lower-right corner if can be reproduced in Windows 64
    65. 65. Use Nonkeyboard Characters 65
    66. 66. Test Passwords• Online password creators• Password Security Tester• How Secure Is My Password• Check Your Password• The Password Meter 66
    67. 67. Phishing• Social engineering - Relies on deceiving someone to obtain secure information• Phishing - Common form of social engineering is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information• User asked respond to an e-mail or is directed to a Web site where instructed to update personal information, such as passwords, credit card numbers, Social Security numbers, bank account numbers, or other information for which the legitimate organization already has a record• However, Web site is actually a fake and is set up to steal the user’s information
    68. 68. Phishing Tests• Mailfrontier• Antiphishing.org• Antiphishing Phil• Paypal
    69. 69. Social Networking Attacks• Grouping individuals and organizations into clusters or groups based on affiliation called social networking• Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school contacts are called social networking sites and function as an online community of users• User who is granted access to a social networking site can read the profile pages of other members and interact with them• Social networking sites increasingly becoming prime targets of attacks
    70. 70. Social Network Defenses• Consider carefully who is accepted as a friend – Once person has been accepted as friend that person will be able to access any personal information or photographs• Show "limited friends" a reduced version of your profile - Individuals can be designated “limited friends” who only have access to a smaller version of the user’s profile• Disable options and then reopen them only as necessary - Disable options until it becomes apparent that option is needed, instead of making everything accessible and restricting access later after it is too late
    71. 71. Social Network Defenses
    72. 72. Backups
    73. 73. Personal Firewall• Two-way personal software firewall - Inspects network traffic passing through it and denies/permits passage based on rules• Firewall restricts what can come in and go out of your computer across the network – Stops bad stuff from coming in – Stops a compromised computer from infecting other computers on network• Application-aware firewall allows user to specify which desktop applications can connect to the network 73
    74. 74. Test Firewall 74
    75. 75. Test Firewall 75
    76. 76. Test Firewall 76
    77. 77. Patch Management 77
    78. 78. Antivirus 78
    79. 79. Antivirus• Test antivirus settings• Disinfect
    80. 80. Windows Action Center
    81. 81. User Account Control (UAC)• User attempts to perform task that requires administrative access then prompted for approval or administrator password if standard user• Displays authentication dialog box must be answered before continuing – Administrators - Click Continue or Cancel – Standard users - Enter admin password
    82. 82. User Account Control (UAC)
    83. 83. User Account Control (UAC)
    84. 84. Does Wireless Security Matter?• Get into any folder set with file sharing enabled• See wireless transmissions• Access network behind firewall can inject malware• Download harmful content linked to unsuspecting owner
    85. 85. Does Wireless Security Matter?• Barry A. get even with neighbors• Broke WiFi WEP encryption• Created fictitious MySpace page with the husbands name on it and posted picture of child pornography• Included note that husband was a lawyer and could get away "doing anything“
    86. 86. Does Wireless Security Matter?• Barry e-mailed the same pornography to the husbands co- workers• Sent flirtatious e-mail to women in the husbands office• Sent threatening e-mails to the Vice President of U.S. from husbands Yahoo account saying he was a terrorist and would kill the VP
    87. 87. Does Wireless Security Matter?• Husband’s law office hired forensics investigator installed a protocol analyzer• In data surrounding threatening VP e-mail was Barrys name and account information• FBI searched Barrys house, found evidence also done the same to a previous neighbor
    88. 88. Does Wireless Security Matter?• Offered 2-year sentence but turned it down, so prosecutors piled on more charges• Pled guilty and sentenced to 18 years in prison and to forfeit his house• Defense was he sharing a jail cell with a double-murderer who was "terrorizing" him
    89. 89. 1. Lock Down Device• Create strong Password (over 15 characters)• Disable Remote Management (cannot access settings via Internet) 89
    90. 90. 2. Turn on WPA2• On wireless router set WPA2 Personal• WPA2 Personal security option, which may be labeled as WPA2-PSK [AES], is turned on by clicking the appropriate option button• A key value, sometimes called a preshared key (PSK), WPA2 shared key, or passphrase, must be entered; this key value can be from 8 to 63 characters in length 90
    91. 91. 2. Turn on WPA2 91
    92. 92. 2. Turn on WPA2• After turning on WPA2 Personal on wireless router and entering a key value, the same key value must also be entered on each mobile device that has permission to access the Wi-Fi network• A mobile device that attempts to access a wireless network with WPA2 Personal will automatically ask for the key value• Once the key value is entered, the mobile device can retain the value and does need to ask for it again 92
    93. 93. 3. Beware of Imposters 93
    94. 94. 4. Disable Bluetooth• When using a smartphone or tablet that supports Bluetooth, it is advisable to disable Bluetooth and turn on this service only as necessary• Bluetooth devices should be turned off when not being used or when in a room with unknown people• Another option is to set Bluetooth on the device as undiscoverable, which keeps Bluetooth turned on in a state where it cannot be detected by another device 94
    95. 95. Student Comments• As for the material presented in this class, it is great. I have found all the hands on projects to be very useful. I would recommend this class to all students. Very useful!• I have to say that I was dreading this course because I am definitely not a "techie", but I have been surprised by how much I have enjoyed it so far. I love the hands on projects!• Your class is interesting, informative, and would help anyone learn about what threats are out there, and what needs to be done to secure their system.• Im actually having an awesome time with this class. Its kind of making me question switching my major to something more involved in the field of computer technology.
    96. 96. New Approaches• “Security Across the Curriculum”• Adding practical security to Introduction to Computers course• Content added to freshman orientation course• Substitute practical security course for advanced Office applications course• Adding 1 hour ethics & practical security course
    97. 97. URL References• Test firewall - www.grc.com “Shields UP!!”• Test antivirus settings - www.eicar.org/anti_virus_test_file.htm• Disinfect - www.symantec.com/norton/security_response/removaltools.jsp• Software inspector - secunia.com/vulnerability_scanning/personal/• Online password creators - www.grc.com/passwords.htm• Online password graders - www.microsoft.com/protect/yourself/password/checker.mspx• Password manager – keepass.info• Phishing tests: – survey.mailfrontier.com/survey/quiztest.cgi – www.antiphishing.org/phishing_archive.html – cups.cs.cmu.edu/antiphishing_phil/• Backups – www.macrium.com, www.todo-backup.com• Recommended free antivirus - http://www.microsoft.com/Security_Essentials/
    98. 98. Security Awareness 4e• Security Awareness: Applying Practical Security in Your World, 4e• Published December 2012• Basic introduction to practical computer security for all users, from students to home users to business professionals
    99. 99. Helping Students Stay Secure mark.ciampa@wku.edu
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×