WATCH YOUR BACK Let’s Talk Web Safety and Personal Identity Theft

Overview Password Security Email Security Virus Scanners Social Engineering Home/Wireless Security

Password Security

Email Security

Virus Scanners

Social Engineering

Home/Wireless Security

PASSWORD SECURITY

Best Practices Writing down passwords If you must, store securely, and destroy when no longer needed

Writing down passwords

If you must, store securely, and destroy when no longer needed

Best Practices NEVER share passwords

NEVER share passwords

Best Practices Use different passwords for every account

Use different passwords for every account

Best Practices Change immediately if a password is compromised

Change immediately if a password is compromised

Best Practices Be careful about storing on your computer

Be careful about storing on your computer

Best Practices Always use strong passwords

Always use strong passwords

Strong Passwords A strong password: Should be at least 7 characters long Does not contain your user name, real name, or company name Does not contain a complete dictionary word Is significantly different from previous passwords Incremental (password 1, password 2…) are not strong Contains uppercase, lowercase, numerical, and at least one special character

A strong password:

Should be at least 7 characters long

Does not contain your user name, real name, or company name

Does not contain a complete dictionary word

Is significantly different from previous passwords

Incremental (password 1, password 2…) are not strong

Contains uppercase, lowercase, numerical, and at least one special character

Common Password

Common Password Themes Children’s Names Birthdates Spouse’s Name Religious Username Pet’s Name Sports Team

Children’s Names

Birthdates

Spouse’s Name

Religious

Username

Pet’s Name

Sports Team

EMAIL SECURITY

Email Spoofing Reading email headers Recognizing Spoofed emails

Reading email headers

Recognizing Spoofed emails

Top 10 Spam Subject Lines You’ve received a greeting ecard Virtualization Webinar Masters degree with no efforts Career Advancement Opportunities – July of 2009 Webinar: Think Big: Create Efficiencies With an Enterprise-Wide Non-Profit job from home Administrative Certification: Increase Productivity with Superior Organizational Skills Administrative Certification: Gain Credibility by Maximizing Your Productivity you can wear tag heuer watch now; you can wear cartier watch now Source: http://www.mcafee.com/us/threat_center/anti_spam/spam_top10.html

You’ve received a greeting ecard

Virtualization Webinar

Masters degree with no efforts

Career Advancement Opportunities – July of 2009

Webinar: Think Big: Create Efficiencies With an Enterprise-Wide

Non-Profit job from home

Administrative Certification: Increase Productivity with Superior Organizational Skills

Administrative Certification: Gain Credibility by Maximizing Your Productivity

you can wear tag heuer watch now;

you can wear cartier watch now

Source: http://www.mcafee.com/us/threat_center/anti_spam/spam_top10.html

Do Not Download These Types of Files Source: http://www.novatone.net/mag/mailsec.htm File Extension Description File Extension Description ADE Microsoft Access Project Extension MDB Microsoft Access Application ADP Microsoft Access Project MDE Microsoft Access MDE Database BAS Visual Basic® Class Module MSC Microsoft Common Console Document BAT Batch File MSI Windows Installer Package CHM Compiled HTML Help File MSP Windows Installer Patch CMD Windows NT® Command Scrip MST Visual Test Source File COM MS-DOS® Application PCD Photo CD Image CPL Control Panel Extension PIF Shortcut to MS-DOS Program CRT Security Certificate REG Registration Entries EXE Application SCR Screen Saver HLP Windows® Help File SCT Windows Script Component HTA HTML Applications SHS Shell Scrap Object INF Setup Information File URL Internet Shortcut (Uniform Resource Locator) INS Internet Communication Settings VB VBScript File ISP Internet Communication Settings VBE VBScript Encoded Script File JS JScript® File VBS VBScript Script File JSE JScript Encoded Script File WSC Windows Script Component LNK Shortcut WSF Windows Script File WSH Windows Scripting Host Settings File

Safe File Extensions for Email Downloads Source: http://www.novatone.net/mag/mailsec.htm File Extension Description GIF Picture - Graphics Interchange Format (ConmuServe) JPG or JPEG Picture - Joint Photographic Expert Group TIF or TIFF Picture - Tagged Image File Format (Adobe) MPG or MPEG Movie - Motion Picture Expert Group MP3 Sound – MPEG compressed audio WAV Sound – Audio (Microsoft)

VIRUS SCANNERS

AVG Free Get a free virus scanner at: http://free.avg.com/ Hint: Don’t install the tool bar!

Current Virus Threats Change Daily Scheduled Signature Updates Sources of Latest Threat and Severity

Change Daily

Scheduled Signature Updates

Sources of Latest Threat and Severity

What to do with a Virus Isolate Cure Identify Source

Isolate

Cure

Identify Source

SOCIAL ENGINEERING

Phone Calls Know who you’re talking to Provide no confidential data Call them back

Know who you’re talking to

Provide no confidential data

Call them back

Phishing Definition In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details to “catch” financial information and passwords. Source: http://en.wikipedia.org/wiki/Phishing

Definition

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details to “catch” financial information and passwords.

Top 10 Phishing Scams security alert! account notification! account notification please confirm your data! Chase Bank: online banking notification Chase Bank: necessary to be read! Chase Bank: important notice Chase Bank: important security notice Chase Bank: account secure confirmation Chase Bank customer service: security alert Source: http://www.mcafee.com/us/threat_center/anti_phishing/phishing_top10.html

security alert!

account notification!

account notification

please confirm your data!

Chase Bank: online banking notification

Chase Bank: necessary to be read!

Chase Bank: important notice

Chase Bank: important security notice

Chase Bank: account secure confirmation

Chase Bank customer service: security alert

Source: http://www.mcafee.com/us/threat_center/anti_phishing/phishing_top10.html

Top Brands Exploited by Phishing Scams http://www.mcafee.com/us/threat_center/anti_phishing/phishing_top10.html

Flash Drive Example USB Flash Drives Pose Security Risk

USB Flash Drives Pose Security Risk

HOME/WIRELESS SECURITY

Set-Up You may be at risk by default Create a strong administrative password Do not share your connection

You may be at risk by default

Create a strong administrative password

Do not share your connection

Password/Encryption The key to your data Lock them away physically and electronically

The key to your data

Lock them away physically and electronically

Definition: Firewall A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

Definition: IP Address Internet Protocol ( IP ) address - a numerical label that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its devices.

Internet Protocol ( IP ) address - a numerical label that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its devices.

Photo Credits http://www.flickr.com/photos/9483141@N02/1043482672/ http://www.flickr.com/photos/35034348736@N01/6091103/ http://www.flickr.com/photos/30055137@N05/2874818735/ http://www.flickr.com/photos/71038389@N00/2335148856/ http://www.flickr.com/photos/80682954@N00/3168425434/ http://www.flickr.com/photos/26811362@N05/3169491395/ http://www.braswellcomputers.com/images/hackers.jpg http://www.flickr.com/photos/26260213@N05/3093056683/ http://www.flickr.com/photos/34957438@N05/3416525003/ http://static.howstuffworks.com/ http://www.esat.kuleuven.be/ http://www.computermantorbay.com/ http://www.amsys.co.uk/ http://engageology.wordpress.com/ http://www.cscisd.net/ http://www.vietnamalbum.com/ http://www.noticebored.com/ http://www.ehow.com/ http://www.gadgetsnews.co.uk/ http://www.webmastersbydesign.com/ http://www.reasoft.com/solutions/

http://www.flickr.com/photos/9483141@N02/1043482672/

http://www.flickr.com/photos/35034348736@N01/6091103/

http://www.flickr.com/photos/30055137@N05/2874818735/

http://www.flickr.com/photos/71038389@N00/2335148856/

http://www.flickr.com/photos/80682954@N00/3168425434/

http://www.flickr.com/photos/26811362@N05/3169491395/

http://www.braswellcomputers.com/images/hackers.jpg

http://www.flickr.com/photos/26260213@N05/3093056683/

http://www.flickr.com/photos/34957438@N05/3416525003/

http://static.howstuffworks.com/

http://www.esat.kuleuven.be/

http://www.computermantorbay.com/

http://www.amsys.co.uk/

http://engageology.wordpress.com/

http://www.cscisd.net/

http://www.vietnamalbum.com/

http://www.noticebored.com/

http://www.ehow.com/

http://www.gadgetsnews.co.uk/

http://www.webmastersbydesign.com/

http://www.reasoft.com/solutions/

RODNEY SABRSULA Schipul Personal Brand: rsabrsula Facebook: http://facebook.com/sabrsula Twitter: http://twitter.com/rsabrsula

Personal Brand: rsabrsula

Facebook: http://facebook.com/sabrsula

Twitter: http://twitter.com/rsabrsula

JENNIFER BROOKS Schipul Personal Brand: jbrooks Facebook: http://facebook.com/jbrooks Twitter: http://twitter.com/jbrooks Find this presentation here: www.schipulcon.com/presentations

Personal Brand: jbrooks

Facebook: http://facebook.com/jbrooks

Twitter: http://twitter.com/jbrooks

Find this presentation here: www.schipulcon.com/presentations