Dark Alleys/Internet Security


Published on

By Greg Parmer, Auburn University

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Dark Alleys/Internet Security

    1. 1. Avoiding the Dark Alleys of the Internet Extension in the Connected Age NC Cooperative Extension March 24, 2009 Presented by Greg Parmer Alabama Cooperative Extension System
    2. 2. <ul><li>Security is kind of like air. It is easy to take for granted until it goes missing. </li></ul>
    3. 3. Security Topics <ul><li>Updates/Patches </li></ul><ul><li>Passwords </li></ul><ul><li>E-Mail </li></ul><ul><li>Surfing </li></ul><ul><li>Router/Firewall </li></ul>
    4. 4. Updates/Patches Why “if it ain’t broke, don’t fix it” doesn’t apply here!
    5. 5. Updates/Patches <ul><li>Operating System </li></ul><ul><li>Anti-virus </li></ul><ul><li>Applications </li></ul>
    6. 6. @Risk Example <ul><li>Widely Deployed Software </li></ul><ul><li>(1) CRITICAL: Adobe Acrobat and Reader JavaScript Method Buffer Overflow Vulnerability (APSB09-04) </li></ul><ul><li>(2) CRITICAL: Autonomy KeyView SDK &quot;wp6sr.dll&quot; Buffer Overflow Vulnerability </li></ul><ul><li>(3) MODERATE: GNOME glib Base64 Functions Mutiple Integer Overflow Vulnerabilities </li></ul><ul><li>(4) MODERATE: PPLive Multiple URI Handlers Code Execution Vulnerabilities </li></ul>
    7. 7. MS Windows Security <ul><li>Install virus protection software </li></ul><ul><li>Turn on the Windows firewall </li></ul><ul><li>Turn on Windows updates </li></ul><ul><li>Use Windows Security Center </li></ul><ul><li>Use limited accounts </li></ul><ul><li>Use password for every account </li></ul>
    8. 8. Virus Protection Software <ul><li>Install & routinely update virus protection software </li></ul><ul><ul><li>Sophos </li></ul></ul><ul><ul><li>McAfee </li></ul></ul><ul><ul><li>AVG </li></ul></ul><ul><ul><li>ClamAV </li></ul></ul>
    9. 9. Windows Firewall <ul><li>Choose “On” </li></ul>Only unblock programs that you trust
    10. 10. Windows Updates <ul><li>Select “Automatic (recommended)” </li></ul><ul><li>Select “Everyday” </li></ul><ul><li>Choose an appropriate time </li></ul><ul><li>Leave computer on! (check sleep/ hibernate) </li></ul>
    11. 11. Security Center <ul><li>Ensures: </li></ul><ul><ul><li>Firewall is on </li></ul></ul><ul><ul><li>Automatic updates are installed </li></ul></ul><ul><ul><li>Virus protection installed & up-to-date </li></ul></ul>
    12. 12. Security Center Click on the shield to fix the problem You don’t want the RED or Yellow shield
    13. 13. Limited Accounts <ul><li>Prohibited from installing software </li></ul><ul><ul><li>Prevents installation of malware/viruses </li></ul></ul><ul><ul><li>User has access to currently installed software </li></ul></ul><ul><li>Prohibited from accessing Administrator’s documents & settings </li></ul><ul><ul><li>Prevents changes to administrator password </li></ul></ul><ul><ul><li>Prevents access to Administrator’s Documents, Desktop, etc. </li></ul></ul><ul><li>Create/modify system accounts under “ Control Panel/User Accounts ” </li></ul>
    14. 14. Limited Accounts <ul><li>Easily switch between accounts </li></ul><ul><li>Leave programs running while others login (windows-L) </li></ul>
    15. 15. Passwords? How to stop the sharing madness
    16. 16. Passwords <ul><li>HR system controls your $$ </li></ul><ul><li>Banks control your $$ </li></ul><ul><li>No reason to share passwords because you can use: </li></ul><ul><ul><li>Network file shares </li></ul></ul><ul><ul><li>Shared files/folders </li></ul></ul><ul><ul><li>Remote Desktop </li></ul></ul><ul><ul><li>E-mail Proxy </li></ul></ul><ul><ul><li>Web 2.0 products </li></ul></ul>
    17. 17. Managing Passwords <ul><li>Trade-offs </li></ul><ul><ul><li>Different passwords for different systems </li></ul></ul><ul><ul><li>Require passwords to change </li></ul></ul><ul><li>Password Managers </li></ul><ul><ul><li>Password Safe </li></ul></ul><ul><ul><ul><li>http://passwordsafe.sourceforge.net </li></ul></ul></ul><ul><ul><li>Others </li></ul></ul><ul><ul><ul><li>http://www.lifehack.org/articles/technology/10-free-ways-to-track-all-your-passwords.html </li></ul></ul></ul><ul><li>Choosing a good pass phrase </li></ul><ul><ul><li>“ 1wbiDCH” (I was born in Dale County Hospital) </li></ul></ul><ul><ul><li>http://www.aces.edu/extconnections/2006/10/ </li></ul></ul>
    18. 18. Safely Using Email Avoid hoaxes and phishing attempts
    19. 19. Hoaxes <ul><li>Trickery </li></ul><ul><li>Please forward </li></ul><ul><li>Usually harmless </li></ul><ul><li>Waste time and resources </li></ul>
    20. 20. Phishing Clues <ul><li>Return address appears to be legitimate </li></ul><ul><li>Warns of consequences unless urgent action is taken </li></ul><ul><li>No personal info or account name/number in message </li></ul><ul><li>Name of link doesn’t match destination </li></ul><ul><ul><li>Name of link: https://www.firstnational.com </li></ul></ul><ul><ul><li>Destination of link: http://www.sargonas.con/firstnational/login.htm </li></ul></ul><ul><li>http://www.wikipedia.org/wiki/Phishing </li></ul><ul><li>http://jdorner.blogspot.com/2007/03/every-now-and-then-i-come-across.html </li></ul><ul><li>http://www.aces.edu/extconnections/2006/12 </li></ul>
    21. 21. Viruses & Trojans <ul><li>When you receive an attachment via e-mail, think about it before you click to open. Is there ANYTHING suspicious about the message? </li></ul><ul><li>Just because you know the “sender” doesn’t mean the message is legitimate. </li></ul>
    22. 22. Don’t Become A Victim <ul><li>“ Google” a sentence from the message to see if it’s a hoax or phishing attempt – add snopes to the search terms </li></ul><ul><li>Be wary of any web links you get via e-mail </li></ul>
    23. 23. Surfing Read the Warnings
    24. 24. S is for secure <ul><li>Passwords deserve </li></ul><ul><ul><li>“ https” </li></ul></ul><ul><li>Check the SSL box </li></ul><ul><ul><li>“ imaps” </li></ul></ul><ul><ul><li>“ pops” </li></ul></ul>
    25. 25. Read & Heed
    26. 26. Plain-text Protocols
    27. 27. Secure Protocol
    28. 28. Home Routers Insurance that works for you!
    29. 29. Home Routers <ul><li>One internet connection, multiple computers </li></ul><ul><li>Firewall protection </li></ul><ul><li>Access restrictions </li></ul>
    30. 30. One Internet Connection
    31. 31. Firewall Protection <ul><li>One-way valve that lets you out, but doesn’t let intruders in </li></ul><ul><ul><li>Prevents unauthorized access to your computer(s) </li></ul></ul><ul><ul><li>Hides your computer(s) from the internet while still allowing access to the internet </li></ul></ul>
    32. 32. Access Restrictions <ul><li>Control when a computer can access the internet </li></ul><ul><ul><li>Deny/Allow by website or keyword </li></ul></ul><ul><li>Multiple configurations </li></ul><ul><ul><li>Everyday or only on school days etc. </li></ul></ul><ul><ul><li>All the time, or only between 4p.m. & 10p.m, etc. </li></ul></ul>
    33. 33. Secure Wireless <ul><li>Disable wireless, if you’re not using it </li></ul><ul><li>Most routers can be configured w/a CD </li></ul><ul><li>What can be done manually? </li></ul><ul><ul><li>Change the SSID (wireless network name) </li></ul></ul><ul><ul><li>Disable SSID Broadcast (make it invisible) </li></ul></ul><ul><ul><li>Require a password to join the wireless network </li></ul></ul><ul><ul><li>Restrict by MAC address </li></ul></ul>
    34. 34. Other References <ul><li>SANS </li></ul><ul><ul><li>https://www.sans.org/newsletters/ </li></ul></ul><ul><li>The National Institute on Media and the Family </li></ul><ul><ul><li>http://www.mediafamily.org/network_guides.shtml </li></ul></ul><ul><li>Bruce Schneier </li></ul><ul><ul><ul><li>“ Beyond Fear” </li></ul></ul></ul><ul><ul><li>http://www.schneier.com </li></ul></ul>
    35. 35. Thank You Greg Parmer gparmer @ auburn.edu