Network Security Keeping your Online Identity Safe and Secure
Your Online Identity Real-World Perspective
Today your identity online is as important as your physical identity
How the world sees and responds to you.
Losing of control of your email, User Id and/or passwords can be more destructive and damaging today than losing your wallet or purse.
Protecting this identity must become a priority
Threats to everyone's online identity continues to increase every year.
Source: SANS Institute
Security “Incidents” Are on the Rise
1988 - 6 Reports
1991 – 406
1994 – 2340
1997 – 2,134
2000 – 21,756
2001 – 52,658
2002 – 97,812
Projected 2003 – 149,652
What are the Threats?
Threats to Personal Data
Unauthorized Use or Disclosure of Personal Financial Information
Alteration of passwords, records, addresses
Threats to Organizations
Misappropriation of Resources
Denial of Service
Destruction of Systems or Infrastructure
Creating more Secure Passwords
Observing the following rules when you create a password will help produce a more secure password:
Create as long a password as you can remember--passwords that are longer are almost always much harder to crack than those that are short, four to six characters in length.
Passwords must never contain the user ID.
Passwords should not contain any simple pattern of letters or numbers such as "qwertyxx" or "xyz123xx.“
Passwords should not include the user's own or a close friend's or relative's name, employee number, Social Security Number, birthdate, telephone number, or any information about him or her that the user believes could be readily learned or guessed.
Avoid common words in the news (including names of people, car makes, sports teams, cities, and so on);
Include numbers and special symbols in your password. (Passwords containing a nonnumeric letter or symbol in the first and last positions are very secure)
BCC Password Standards
Password must be 5-8 alpha/numeric characters
Passwords can be changed anytime you sign on.
Password should be changed in both Novell & Groupwise. (Each program can have separate password however, this is not recommended)
Currently Novell/Groupwise passwords do not expire and there is no limit on sign-on attempts.
BCC Password Standards
Unisearch/NetSearch (Imaging System)
Password must be 6-8 alpha/numeric characters
Passwords can be changed anytime by using the original Netsearch sign-on screen.
Unisearch/NetSearch will force a Password change every 60 days.
Risks to your Online Identity
Phishing (Personal Identity Theft)
Spoofing (Website Identity Theft)
Consumers are the target of an increasingly popular scam called "phishing," in which victims receive unsolicited, phony mass e-mails that try to lure them into revealing personal financial information. Often, the scammers pretend to be real companies, such as banks, credit card companies or Internet providers, and claim there has been a problem with billing or that the customer may have been a fraud victim. The message directs victims to click on a link to a fake Web site that looks just like the company's real one, where they are asked to type in personal information, such as Social Security numbers, mother's maiden name and bank and credit card numbers. The scam uses that information to steal identities and run up credit cards or order new ones.
Posing as America Online, the con artist sent consumers e-mail messages claiming that there had been a problem with the billing of their AOL account. The e-mail warned consumers that if they didn’t update their billing information, they risked losing their AOL accounts and Internet access. The message directed consumers to click on a hyperlink in the body of the e-mail to connect to the “AOL Billing Center.” When consumers clicked on the link they landed on a site that contained AOL’s logo, AOL’s type style, AOL’s colors, and links to real AOL Web pages. It appeared to be AOL’s Billing Center. But it wasn’t. The defendant had hijacked AOL’s identity and was going to use it to steal consumers’ identities.
The defendant’s AOL look-alike Web page directed consumers to enter the numbers from the credit card they had used to charge their AOL account. It then asked consumers to enter numbers from a new card to correct the problem. It also asked for consumers’ names, mothers’ maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords - the kind of data that would help the defendant plunder consumers’ credit and debit card accounts and assume their identity online.
Example of Phishing Email
February 1, 2004
Subject: your access to bid or buy on Ebay has been restricted!
Dear Ebay member # 12674539!
It has come to our attention that your account may be used by third party in a fraudulent activity with Ebay. as a result, your access to bid or buy on Ebay has been restricted. according to our site policy you will have to confirm that you are the real owner of the Ebay account by entering your credit card information.
please click on the link below to get to the Ebay security update page and complete the form that will appears. after that your account information will be verified and you will be redirected to the Ebay home page. thank you. ...
What can you do?
Be wary any email that directs you a website.
Never enter your financial information on a website were you have not entered the WWW address yourself.
Always make sure the site is secure before entering your credit card information
Questions? Doug Kirby Information Technology [email_address]