Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply



Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Introduction Who Am I Qualifications
  • Yearly Security incidents average increase is greater than 50%
  • Network Security Attacks have grown in sophistication from simple password guessing to automated network probes & scans, spoofing & denial of service. At the same time the level of technical knowledge needed by intruders to perform these attacks have fallen radically.
  • BCC’s passwords are currently limited to 8 alpha-numeric characters.
  • Passwords can be changed by signing onto the original (previous) NetSearch sign-on screen. The next version of NetSearch XL (will be released in a few months) will have the change password feature included.
  • Transcript

    • 1. Network Security Keeping your Online Identity Safe and Secure
    • 2. Your Online Identity Real-World Perspective
      • Today your identity online is as important as your physical identity
        • How the world sees and responds to you.
        • Losing of control of your email, User Id and/or passwords can be more destructive and damaging today than losing your wallet or purse.
        • Protecting this identity must become a priority
        • Threats to everyone's online identity continues to increase every year.
      Source: SANS Institute
    • 3. Security “Incidents” Are on the Rise
      • 1988 - 6 Reports
      • 1991 – 406
      • 1994 – 2340
      • 1997 – 2,134
      • 2000 – 21,756
      • 2001 – 52,658
      • 2002 – 97,812
      • Projected 2003 – 149,652
      Source: CERT
    • 4. Security Incidents
    • 5. What are the Threats?
      • Threats to Personal Data
        • Unauthorized Use or Disclosure of Personal Financial Information
        • Alteration of passwords, records, addresses
      • Threats to Organizations
        • Misappropriation of Resources
        • Denial of Service
        • Destruction of Systems or Infrastructure
    • 6. Creating more Secure Passwords
      • Observing the following rules when you create a password will help produce a more secure password:
      • Create as long a password as you can remember--passwords that are longer are almost always much harder to crack than those that are short, four to six characters in length.
      • Passwords must never contain the user ID.
      • Passwords should not contain any simple pattern of letters or numbers such as "qwertyxx" or "xyz123xx.“
      • Passwords should not include the user's own or a close friend's or relative's name, employee number, Social Security Number, birthdate, telephone number, or any information about him or her that the user believes could be readily learned or guessed.
      • Avoid common words in the news (including names of people, car makes, sports teams, cities, and so on);
      • Include numbers and special symbols in your password. (Passwords containing a nonnumeric letter or symbol in the first and last positions are very secure)
    • 7. BCC Password Standards
      • Novell/Groupwise
      • Password must be 5-8 alpha/numeric characters
      • Passwords can be changed anytime you sign on.
      • Password should be changed in both Novell & Groupwise. (Each program can have separate password however, this is not recommended)
      • Currently Novell/Groupwise passwords do not expire and there is no limit on sign-on attempts.
    • 8. BCC Password Standards
      • Unisearch/NetSearch (Imaging System)
      • Password must be 6-8 alpha/numeric characters
      • Passwords can be changed anytime by using the original Netsearch sign-on screen.
      • Unisearch/NetSearch will force a Password change every 60 days.
    • 9. Risks to your Online Identity
      • Phishing (Personal Identity Theft)
      • Spoofing (Website Identity Theft)
    • 10. Phishing
      • Consumers are the target of an increasingly popular scam called "phishing," in which victims receive unsolicited, phony mass e-mails that try to lure them into revealing personal financial information. Often, the scammers pretend to be real companies, such as banks, credit card companies or Internet providers, and claim there has been a problem with billing or that the customer may have been a fraud victim. The message directs victims to click on a link to a fake Web site that looks just like the company's real one, where they are asked to type in personal information, such as Social Security numbers, mother's maiden name and bank and credit card numbers. The scam uses that information to steal identities and run up credit cards or order new ones.
    • 11. Phishing Example
      • Posing as America Online, the con artist sent consumers e-mail messages claiming that there had been a problem with the billing of their AOL account. The e-mail warned consumers that if they didn’t update their billing information, they risked losing their AOL accounts and Internet access. The message directed consumers to click on a hyperlink in the body of the e-mail to connect to the “AOL Billing Center.” When consumers clicked on the link they landed on a site that contained AOL’s logo, AOL’s type style, AOL’s colors, and links to real AOL Web pages. It appeared to be AOL’s Billing Center. But it wasn’t. The defendant had hijacked AOL’s identity and was going to use it to steal consumers’ identities.
      • The defendant’s AOL look-alike Web page directed consumers to enter the numbers from the credit card they had used to charge their AOL account. It then asked consumers to enter numbers from a new card to correct the problem. It also asked for consumers’ names, mothers’ maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords - the kind of data that would help the defendant plunder consumers’ credit and debit card accounts and assume their identity online.
    • 12. Example of Phishing Email
      • February 1, 2004
      • Subject: your access to bid or buy on Ebay has been restricted!
      • Dear Ebay member # 12674539!
      • It has come to our attention that your account may be used by third party in a fraudulent activity with Ebay. as a result, your access to bid or buy on Ebay has been restricted. according to our site policy you will have to confirm that you are the real owner of the Ebay account by entering your credit card information.
      • please click on the link below to get to the Ebay security update page and complete the form that will appears. after that your account information will be verified and you will be redirected to the Ebay home page. thank you. ...
    • 13. What can you do?
      • Be wary any email that directs you a website.
      • Never enter your financial information on a website were you have not entered the WWW address yourself.
      • Always make sure the site is secure before entering your credit card information
    • 14. Secure Websites
    • 15. Secure Websites
    • 16. Questions? Doug Kirby Information Technology [email_address]