PCC Training Track – Lesson 3 Security

Security

Security Objectives Demonstrate an understanding of security-conscious computer use Understand the effects of public access computing security on user privacy

Objectives

Demonstrate an understanding of security-conscious computer use

Understand the effects of public access computing security on user privacy

Demonstrate an understanding of security-conscious computer use Be able to explain the difference between a user name and a password Know how to create a secure password Recognize suspicious email attachments and instant messages and advise patrons on how to handle them Recognize “phishing” scams & advise patrons on how to handle them Explain why email clients (Outlook Express, etc.) are a risk and web-based email is recommended

Be able to explain the difference between a user name and a password

Know how to create a secure password

Recognize suspicious email attachments and instant messages and advise patrons on how to handle them

Recognize “phishing” scams & advise patrons on how to handle them

Explain why email clients (Outlook Express, etc.) are a risk and web-based email is recommended

Be able to explain the difference between a user name and a password User Name Unique identifier of a user on a network or service Password A key that, with a user name, grants a user access to a network or service The user name identifies & must be unique. The password unlocks access to an account and is only unique when combined with a user name to make a user/pass combination.

User Name

Unique identifier of a user on a network or service

Password

A key that, with a user name, grants a user access to a network or service

The user name identifies & must be unique. The password unlocks access to an account and is only unique when combined with a user name to make a user/pass combination.

Know how to create a secure password Guidelines from Wikipedia : Include numbers, symbols, upper and lowercase letters Length should be around 12 to 14 characters Avoid using repetition, dictionary words, letter or number sequences, user names, relative or pet names or biographical info (birthday, ID numbers, etc.) Extra reading is linked from this lessons web page

Guidelines from Wikipedia :

Include numbers, symbols, upper and lowercase letters

Length should be around 12 to 14 characters

Avoid using repetition, dictionary words, letter or number sequences, user names, relative or pet names or biographical info (birthday, ID numbers, etc.)

Extra reading is linked from this lessons web page

Recognize suspicious email attachments and instant messages and advise patrons on how to handle them Any email attachment that ends in .exe is questionable – those are executable files! Most email attachments that are from MS Office formats (.xls, .ppt, .doc) are questionable unless you specifically requested them Most email attachments that are zipped (end in the .zip file extension) are a problem – many virus scanners can’t read inside them and they may contain viruses Most web-based email (Yahoo! & Gmail) will scan the attachment for viruses, the user doesn’t have to worry. If they don’t, our virus scanner will!

Any email attachment that ends in .exe is questionable – those are executable files!

Most email attachments that are from MS Office formats (.xls, .ppt, .doc) are questionable unless you specifically requested them

Most email attachments that are zipped (end in the .zip file extension) are a problem – many virus scanners can’t read inside them and they may contain viruses

Most web-based email (Yahoo! & Gmail) will scan the attachment for viruses, the user doesn’t have to worry. If they don’t, our virus scanner will!

Recognize suspicious email attachments and instant messages and advise patrons on how to handle them Don’t click on links from IM – retype the URL by hand into the browser’s address bar Don’t accept files via IM – ever Don’t answer security questions over an IM chat – they are not encrypted, so anyone can read the information you send Block any IM user who tries to send files, links or ask for security information

Don’t click on links from IM – retype the URL by hand into the browser’s address bar

Don’t accept files via IM – ever

Don’t answer security questions over an IM chat – they are not encrypted, so anyone can read the information you send

Block any IM user who tries to send files, links or ask for security information

Recognize “phishing” scams & advise patrons on how to handle them Phishing = sending an email that “fishes” for bank or financial information from the recipient Usually try to look like they come from a bank/financial institution, corporation or social networking site Always ask for personal data and usually hide the URL they ask you to click Gmail gives the true URL in the status bar of the browser (at the bottom) Never click a link to a site like the ones above – type the address into your browser’s address bar yourself

Phishing = sending an email that “fishes” for bank or financial information from the recipient

Usually try to look like they come from a bank/financial institution, corporation or social networking site

Always ask for personal data and usually hide the URL they ask you to click

Gmail gives the true URL in the status bar of the browser (at the bottom)

Never click a link to a site like the ones above – type the address into your browser’s address bar yourself

Tell patrons to be wary of any email that says it is from your bank – none will ask for user/pass information via email Tell patrons to type in addresses from email instead of clicking Let patrons know that it is very easy to steal a bank or company’s logo and to distrust any communication that asks for personal info – even if looks legitimate Recognize “phishing” scams & advise patrons on how to handle them

Tell patrons to be wary of any email that says it is from your bank – none will ask for user/pass information via email

Tell patrons to type in addresses from email instead of clicking

Let patrons know that it is very easy to steal a bank or company’s logo and to distrust any communication that asks for personal info – even if looks legitimate

Explain why email clients (Outlook Express, etc.) are a risk and web-based email is recommended Email clients save information – they are designed for single-user computing, not public computing Personal emails, email addresses and user/pass information can be retrieved from an email client Web-based email is preferred because it is designed to be used at a public computer – it doesn’t save information Advise patrons to log out of all email sessions when they are done

Email clients save information – they are designed for single-user computing, not public computing

Personal emails, email addresses and user/pass information can be retrieved from an email client

Web-based email is preferred because it is designed to be used at a public computer – it doesn’t save information

Advise patrons to log out of all email sessions when they are done

Understand the effects of public access computing security on user privacy Know how the public access security set-up retains records in the form of cookies, Internet history or saved files between user sessions Know how to remove saved records upon patron request Inform patrons of their options for saving files created in a user session

Know how the public access security set-up retains records in the form of cookies, Internet history or saved files between user sessions

Know how to remove saved records upon patron request

Inform patrons of their options for saving files created in a user session

Know how the public access security set-up retains records in the form of cookies, Internet history or saved files between user sessions When user sessions are finished, all PCC machines reboot – and all cookies, Internet history files and saved files are deleted

When user sessions are finished, all PCC machines reboot – and all cookies, Internet history files and saved files are deleted

Know how to remove saved records upon patron request For files saved on the desktop or on a removable storage device (other than a CD) Select the file by single-clicking it Press the Delete key on the keyboard Ensure that the machine reboots after the session is closed For files saved on CD Destroy the CD itself – they weren’t meant to be erased & reused

For files saved on the desktop or on a removable storage device (other than a CD)

Select the file by single-clicking it

Press the Delete key on the keyboard

Ensure that the machine reboots after the session is closed

For files saved on CD

Destroy the CD itself – they weren’t meant to be erased & reused

Inform patrons of their options for saving files created in a user session Desktop storage – they can save temporarily to the desktop for uploading or emailing files Removable storage – we support USB flash drives, CD-R or RW burning and we have external floppy drives, all of which can save files We can provide a USB flash drive for temp storage until the file is emailed (emailing a file to yourself can be used as a storage solution, too) – delete all files saved on the drive after it is returned

Desktop storage – they can save temporarily to the desktop for uploading or emailing files

Removable storage – we support USB flash drives, CD-R or RW burning and we have external floppy drives, all of which can save files

We can provide a USB flash drive for temp storage until the file is emailed (emailing a file to yourself can be used as a storage solution, too) – delete all files saved on the drive after it is returned

Security Quiz Go to http://www.classmarker.com/my_tests.php And take the quiz for the Security Section of this course. Your responses will be mailed to Robin. Finish the other courses in this track to get your PCC Tech Certificate.

Go to http://www.classmarker.com/my_tests.php

And take the quiz for the Security Section of this course. Your responses will be mailed to Robin. Finish the other courses in this track to get your PCC Tech Certificate.