PCC Training - Security

1,511 views

Published on

MRRL staff training

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,511
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PCC Training - Security

  1. 1. PCC Training Track – Lesson 3 <ul><li>Security </li></ul>
  2. 2. Security <ul><li>Objectives </li></ul><ul><li>Demonstrate an understanding of security-conscious computer use </li></ul><ul><li>Understand the effects of public access computing security on user privacy </li></ul>
  3. 3. Demonstrate an understanding of security-conscious computer use <ul><li>Be able to explain the difference between a user name and a password </li></ul><ul><li>Know how to create a secure password </li></ul><ul><li>Recognize suspicious email attachments and instant messages and advise patrons on how to handle them </li></ul><ul><li>Recognize “phishing” scams & advise patrons on how to handle them </li></ul><ul><li>Explain why email clients (Outlook Express, etc.) are a risk and web-based email is recommended </li></ul>
  4. 4. Be able to explain the difference between a user name and a password <ul><li>User Name </li></ul><ul><ul><li>Unique identifier of a user on a network or service </li></ul></ul><ul><li>Password </li></ul><ul><ul><li>A key that, with a user name, grants a user access to a network or service </li></ul></ul><ul><li>The user name identifies & must be unique. The password unlocks access to an account and is only unique when combined with a user name to make a user/pass combination. </li></ul>
  5. 5. Know how to create a secure password <ul><li>Guidelines from Wikipedia : </li></ul><ul><ul><li>Include numbers, symbols, upper and lowercase letters </li></ul></ul><ul><ul><li>Length should be around 12 to 14 characters </li></ul></ul><ul><ul><li>Avoid using repetition, dictionary words, letter or number sequences, user names, relative or pet names or biographical info (birthday, ID numbers, etc.) </li></ul></ul><ul><li>Extra reading is linked from this lessons web page </li></ul>
  6. 6. Recognize suspicious email attachments and instant messages and advise patrons on how to handle them <ul><li>Any email attachment that ends in .exe is questionable – those are executable files! </li></ul><ul><li>Most email attachments that are from MS Office formats (.xls, .ppt, .doc) are questionable unless you specifically requested them </li></ul><ul><li>Most email attachments that are zipped (end in the .zip file extension) are a problem – many virus scanners can’t read inside them and they may contain viruses </li></ul><ul><li>Most web-based email (Yahoo! & Gmail) will scan the attachment for viruses, the user doesn’t have to worry. If they don’t, our virus scanner will! </li></ul>
  7. 7. Recognize suspicious email attachments and instant messages and advise patrons on how to handle them <ul><li>Don’t click on links from IM – retype the URL by hand into the browser’s address bar </li></ul><ul><li>Don’t accept files via IM – ever </li></ul><ul><li>Don’t answer security questions over an IM chat – they are not encrypted, so anyone can read the information you send </li></ul><ul><li>Block any IM user who tries to send files, links or ask for security information </li></ul>
  8. 8. Recognize “phishing” scams & advise patrons on how to handle them <ul><li>Phishing = sending an email that “fishes” for bank or financial information from the recipient </li></ul><ul><li>Usually try to look like they come from a bank/financial institution, corporation or social networking site </li></ul><ul><li>Always ask for personal data and usually hide the URL they ask you to click </li></ul><ul><ul><li>Gmail gives the true URL in the status bar of the browser (at the bottom) </li></ul></ul><ul><ul><li>Never click a link to a site like the ones above – type the address into your browser’s address bar yourself </li></ul></ul>
  9. 9. <ul><li>Tell patrons to be wary of any email that says it is from your bank – none will ask for user/pass information via email </li></ul><ul><li>Tell patrons to type in addresses from email instead of clicking </li></ul><ul><li>Let patrons know that it is very easy to steal a bank or company’s logo and to distrust any communication that asks for personal info – even if looks legitimate </li></ul>Recognize “phishing” scams & advise patrons on how to handle them
  10. 10. Explain why email clients (Outlook Express, etc.) are a risk and web-based email is recommended <ul><li>Email clients save information – they are designed for single-user computing, not public computing </li></ul><ul><li>Personal emails, email addresses and user/pass information can be retrieved from an email client </li></ul><ul><li>Web-based email is preferred because it is designed to be used at a public computer – it doesn’t save information </li></ul><ul><ul><li>Advise patrons to log out of all email sessions when they are done </li></ul></ul>
  11. 11. Understand the effects of public access computing security on user privacy <ul><li>Know how the public access security set-up retains records in the form of cookies, Internet history or saved files between user sessions </li></ul><ul><li>Know how to remove saved records upon patron request </li></ul><ul><li>Inform patrons of their options for saving files created in a user session </li></ul>
  12. 12. Know how the public access security set-up retains records in the form of cookies, Internet history or saved files between user sessions <ul><li>When user sessions are finished, all PCC machines reboot – and all cookies, Internet history files and saved files are deleted </li></ul>
  13. 13. Know how to remove saved records upon patron request <ul><li>For files saved on the desktop or on a removable storage device (other than a CD) </li></ul><ul><ul><li>Select the file by single-clicking it </li></ul></ul><ul><ul><li>Press the Delete key on the keyboard </li></ul></ul><ul><ul><li>Ensure that the machine reboots after the session is closed </li></ul></ul><ul><li>For files saved on CD </li></ul><ul><ul><li>Destroy the CD itself – they weren’t meant to be erased & reused </li></ul></ul>
  14. 14. Inform patrons of their options for saving files created in a user session <ul><li>Desktop storage – they can save temporarily to the desktop for uploading or emailing files </li></ul><ul><li>Removable storage – we support USB flash drives, CD-R or RW burning and we have external floppy drives, all of which can save files </li></ul><ul><li>We can provide a USB flash drive for temp storage until the file is emailed (emailing a file to yourself can be used as a storage solution, too) – delete all files saved on the drive after it is returned </li></ul>
  15. 15. Security Quiz <ul><li>Go to http://www.classmarker.com/my_tests.php </li></ul><ul><li>And take the quiz for the Security Section of this course. Your responses will be mailed to Robin. Finish the other courses in this track to get your PCC Tech Certificate. </li></ul>

×