SlideShare a Scribd company logo

An Introduction To IT Security And Privacy for Librarians and Libraries

An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more.

1 of 56
Download to read offline
IT Security For Librarians
Blake Carver
LYRASIS Systems Administrator
Week One: Intro
Who and How and What
Privacy & Security in general
Why this is all important
5 Basic Things
Week Two: Outrunning The Bear
Privacy
Passwords
Securing Devices
Web Browsers
Email
Staying Safe On-line (General Tips)
Week Three: Outrunning The Bear @ Your Library
Training: Thinking & Behavior
Threat modeling
Hardware and networks
Week Four: Websites & Everything Else!
Web Servers and Networks
Backups
Drupal and Wordpress and Joomla
Servers in general
Everything You Need To Know
• Use Good Passwords
• Stay Paranoid & Vigilant
• Use Routine Backups
• Keep Everything Patched / Updated
• Think Before You Share Or Connect
Intro
Other Things
l Install Updates NOW
l Passwords are Key
l ALL Software Has Flaws
l Security Is Complicated
l Everyone Plays A Part
Common Security Myths
• You have nothing worth stealing
• Patches and updates make things worse and
break them
• You can look at a web site and know it's safe
• No one will guess this password
• Social Media Sites Are Safe
• I’m safe! I use Anti-virus / firewall
• There’s only malware on Desktops not phones
• If I'm compromised I will know it
• I'm too smart to get infected
Intro
Common Security Excuses
• But nobody would do that [Exploit Method/Thing]
• I can't remember all these passwords.
• Firewalls / AV / Security just gets in the way
• They won't be able to see that; it's hidden.
• It's safe because you have to log in first.
Intro

Recommended

An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
An Introduction To IT Security And Privacy In Libraries
 An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 

More Related Content

What's hot

Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNetLockSmith
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcareNicholas Davis
 
Cyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th GradersCyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th GradersStephen Thomas, CISSP
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteAngelito Quiambao
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Internet Security
Internet SecurityInternet Security
Internet Securitymjelson
 
Cyber security; one banker s perspective
Cyber security; one banker s perspectiveCyber security; one banker s perspective
Cyber security; one banker s perspectiveMohammad Ibrahim Fheili
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Cyber security awareness for students
 Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Moumita Chatterjee
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 

What's hot (20)

Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Cyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th GradersCyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th Graders
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Cyber security; one banker s perspective
Cyber security; one banker s perspectiveCyber security; one banker s perspective
Cyber security; one banker s perspective
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
Cyber security awareness for students
 Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
New internet security
New internet securityNew internet security
New internet security
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber Hygiene
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Data breach
Data breachData breach
Data breach
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDS
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 

Similar to An Introduction To IT Security And Privacy for Librarians and Libraries

Essay On Computer Crimes
Essay On Computer CrimesEssay On Computer Crimes
Essay On Computer CrimesAmanda Hengel
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 
Computer Security Case Study
Computer Security Case StudyComputer Security Case Study
Computer Security Case StudyPatricia Adams
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityAshley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet SecurityJFashant
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation  Advance network (1)N3275466 - Final Presentation  Advance network (1)
N3275466 - Final Presentation Advance network (1)Christopher Lisasi
 
Online Security and How to Make Money Online
Online Security and How to Make Money Online Online Security and How to Make Money Online
Online Security and How to Make Money Online Nader Alkeinay
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
Internet Security And The Security System
Internet Security And The Security SystemInternet Security And The Security System
Internet Security And The Security SystemAngie Lee
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things The Center for Identity
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Abzetdin Adamov
 

Similar to An Introduction To IT Security And Privacy for Librarians and Libraries (20)

Users guide
Users guideUsers guide
Users guide
 
Essay On Computer Crimes
Essay On Computer CrimesEssay On Computer Crimes
Essay On Computer Crimes
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
 
Essay Viruses And Internet Security
Essay Viruses And Internet SecurityEssay Viruses And Internet Security
Essay Viruses And Internet Security
 
My Fears Essay
My Fears EssayMy Fears Essay
My Fears Essay
 
INT 1010 10-3.pdf
INT 1010 10-3.pdfINT 1010 10-3.pdf
INT 1010 10-3.pdf
 
Internet Safety And Young Children Essays
Internet Safety And Young Children EssaysInternet Safety And Young Children Essays
Internet Safety And Young Children Essays
 
Computer Security Case Study
Computer Security Case StudyComputer Security Case Study
Computer Security Case Study
 
Security On The Internet Essay
Security On The Internet EssaySecurity On The Internet Essay
Security On The Internet Essay
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation  Advance network (1)N3275466 - Final Presentation  Advance network (1)
N3275466 - Final Presentation Advance network (1)
 
Online Security and How to Make Money Online
Online Security and How to Make Money Online Online Security and How to Make Money Online
Online Security and How to Make Money Online
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
Internet Security And The Security System
Internet Security And The Security SystemInternet Security And The Security System
Internet Security And The Security System
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Internet Privacy Essay
Internet Privacy EssayInternet Privacy Essay
Internet Privacy Essay
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 

Recently uploaded

Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...ISPMAIndia
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
Utilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsUtilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsIES VE
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, TripadvisorProduct School
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsInflectra
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxNeo4j
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 
Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Product School
 

Recently uploaded (20)

Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
 
Utilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsUtilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding Applications
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 
Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...
 

An Introduction To IT Security And Privacy for Librarians and Libraries

  • 1. IT Security For Librarians Blake Carver LYRASIS Systems Administrator
  • 2. Week One: Intro Who and How and What Privacy & Security in general Why this is all important 5 Basic Things Week Two: Outrunning The Bear Privacy Passwords Securing Devices Web Browsers Email Staying Safe On-line (General Tips) Week Three: Outrunning The Bear @ Your Library Training: Thinking & Behavior Threat modeling Hardware and networks Week Four: Websites & Everything Else! Web Servers and Networks Backups Drupal and Wordpress and Joomla Servers in general
  • 3. Everything You Need To Know • Use Good Passwords • Stay Paranoid & Vigilant • Use Routine Backups • Keep Everything Patched / Updated • Think Before You Share Or Connect Intro
  • 4. Other Things l Install Updates NOW l Passwords are Key l ALL Software Has Flaws l Security Is Complicated l Everyone Plays A Part
  • 5. Common Security Myths • You have nothing worth stealing • Patches and updates make things worse and break them • You can look at a web site and know it's safe • No one will guess this password • Social Media Sites Are Safe • I’m safe! I use Anti-virus / firewall • There’s only malware on Desktops not phones • If I'm compromised I will know it • I'm too smart to get infected Intro
  • 6. Common Security Excuses • But nobody would do that [Exploit Method/Thing] • I can't remember all these passwords. • Firewalls / AV / Security just gets in the way • They won't be able to see that; it's hidden. • It's safe because you have to log in first. Intro
  • 7. So What Are We Talking About ● ● ● ● ● ● ● ● Intro
  • 8. The Way Things Are Vs. The Way Things Oughtta Be
  • 9. But the state argued that because cell phones constantly reveal their locations to carriers by pinging nearby cell towers, Andrews “voluntarily shared this information with third parties,” including the police, merely by keeping his phone on. In other words, if you don't shut off your phone, you're asking to be tracked. “While cell phones are ubiquitous, they all come with 'off' switches,” the state responded in the brief. “Because Andrews chose to keep his cell phone on, he was voluntarily sharing the location of his cell phone with third parties.” “The government has indeed repeatedly argued that there is no [reasonable expectation of privacy] in cell phone location information, in court and out,” Nathan Wessler, a staff attorney with the ACLU's speech, privacy and technology project, told Motherboard in an email. “In cases involving historical cell site location information, the government has danced around this argument, arguing that phone users give up their expectation of privacy in their location information merely by making and receiving calls.” State of MD Vs Kerron Andrews
  • 11. If Vs. When Somethings are IFs, somethings are WHENs Perhaps things are Likely and Possible
  • 12. ● ● ● ● ● ● ● ● Bad Guys? Hackers? Crackers? Criminals? Intro
  • 16. ● ● ● ● ● ● ● ● Security Cyber Security? IT Security? Safety? Information Security? Information Literacy? The Digital Divide? Intro
  • 17. “Security is two different things: It's a feeling & It's a reality ” Bruce Schneier – TedxPSU Intro
  • 19. ● ● ● ● ● ● ● ● Privacy Cyber Privacy? IT Privacy? Online Privacy? Information Literacy? The Digital Divide? Intro
  • 20. What will be the consequences of participation in this data set? https://github.com/frankmcsherry/blog/blob/master/posts/2016-02-06.md
  • 21. Are we helping people avoid being added to more and more datasets? Are we increasing their digital foot prints?
  • 22. Security & Privacy are, Getting Better, But they're Getting Worse FasterIntro
  • 23. Why does this keep happening? The Internet was built for openness and speed More Things Online – More Targets Old, out-of-date systems and budget shortfalls New poorly designed systems Surveillance is the business of the Internet
  • 28. Not much of this crime is new Automation Distance "Technique Propagation" (“Only the first attacker has to be skilled; everyone else can use his software.”) Intro
  • 29. The technology of the internet makes the bad guys vastly more efficient. Intro
  • 30. It's Safe Behind The Keyboard Hacking is a really safe crime. Comparatively. To other real life crime
  • 31. Intro
  • 32. Where Are They Working? • Social Networks • Search Engines • Advertising • Email • Web Sites • Web Servers • Home Computers • Mobile Devices Intro
  • 33. This is the work of a rogue industry, not a roguish teenager Intro
  • 34. *Thanks to Brian Krebs for sharing screenshots: krebsonsecurity.com And to Dr. Mark Vriesenga, BAE systems Examples Intro
  • 35. What Are They After? • PINs • Passwords • Credit Cards • Bank Accounts • Usernames • Contact Lists • Emails • Phone Numbers • Your Hardware... Intro
  • 37. Personal information is the currency of the underground economy Intro
  • 38. Personal information is the currency of the entire Internet economy Intro
  • 40. What's It Worth?Credit Cards: $5-$30 Basic or “Random” $5-$8 With Bank ID# $15 With Date of Birth $15 With Fullzinfo $30 Payment service accounts: $20-$300 containing from US$400 to $1,000 between $20 and $50 containing from $5,000 to $8,000 range from $200 to $300 Bank login credentials: $190-$500 A $2,200 balance account selling for $190. $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance Online premium content services: $.55-$15 Online video streaming($0.25 to $1) premium cable channel streaming services ($7.50) premium comic book services ($0.55) professional sports streaming ($15) Loyalty, community accounts: $20-$1400 A major hotel brand loyalty account with 100,000 points for sale for $20 An online auction community account with high reputation marks priced at $1,400 "The Hidden Data Economy" study by MacAfee October 2015
  • 42. The Era Of Steal Everything Everything has some value Intro
  • 43. Against a sufficiently motivated and equipped adversary, no device is impenetrable. Intro
  • 44. There is no such thing as a secure computer Intro
  • 45. We are making things safER Intro
  • 46. "None of this is about being "unhackable"; it’s about making the difficulty of doing so not worth the effort." Intro
  • 47. Intro
  • 49. Think Different… Have A Hacker Mindset Have A Security Mindset Intro
  • 51. Everything You Need To Know Use Great Passwords Strong (Long, Complex) Unique Stay Paranoid & Vigilant Never Trust Anything or Anyone Always Double Check Intro
  • 53. Everything You Need To Know Use Great Passwords Strong (Long, Complex) Unique Stay Paranoid & Vigilant Never Trust Anything or Anyone Always Double Check Think Before You Click Use Routine Backups Keep Everything Patched / Updated Think Before You Share Intro
  • 54. Avoid The Worstest Things • Moving Slow on updates • Thoughtlessness  Surfing/Clicking/Following/Sharing • Over Sharing • Reusing Weak Passwords • Not Backing Up • Thinking It Can’t Happen To You
  • 55. Week One: Intro Who and How and What Privacy & Security in general Why this is all important 5 Basic Things Week Two: Outrunning The Bear Passwords Securing Devices Browsers & Tor Email Staying Safe On-line (General Tips) Week Three: Outrunning The Bear @ Your Library Training: Thinking & Behavior Threat modeling Hardware and networks Week Four: Websites & Everything Else Web Servers and Networks Backups Drupal and Wordpress and Joomla Servers in general
  • 56. IT Security For Librarians Blake Carver LYRASIS Systems Administrator

Editor's Notes

  1. The following slides outline what I mean here. Things *should* be better.
  2. This news article on Privacy tried to load a REDICULOUS number of trackers.
  3. IF the NSA comes after you, they’ll get you. Ain’t nobody got time for that kind of defense. WHEN a bot finds your open ports / not updated WordPRess site then you’re dead. The NSA isn’t very likely. The bot WILL happen.
  4. I like to use bad guys.
  5. Bad guys or good guys?
  6. Bad guys! The bears we want to out run. Bots and other things that are crawling IP address 24/7
  7. Evidence of bots looking for insecure PHPMyAdmin installs
  8. I like IT Security Let’s make it a part of Information Literacy!
  9. Things aren’t SECURE or NOT It’s not all black and white.
  10. The link is there, a really interesting read as it applies to privacy.
  11. Read that prvious link
  12. Professionals, who are good at what they do, and smart and talented. But then everyone else follows what they do.
  13. Good guys? All these “good guys” are doing their best to track our every move.
  14. Would you rather risk going out and robbing people in real life, or sit behind a keyboard?
  15. Got this from http://www.verizonenterprise.com/DBIR/resources/2013/
  16. http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
  17. https://www.teachprivacy.com/the-health-data-breach-and-id-theft-epidemic/
  18. An example of being careful. That “Click Here” link had a really scary link in it. Turns out it’s just a constantcontact link, nothing bad, but holy cow it looks scary.