Chris Schroeder, vice president of information security with Lowe's Companies, Inc., presents tips and advice on protecting your personal information online as part of the Project Ignite series of forums.
2. Welcome!
Chris Schroeder, CISM,
Lowe’s Companies, Inc.
Ken Robey, CISSP
Security in Focus, Inc.
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 2
4. a
Learn how to protect your personal data wherever you go.
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 4
5. Today’s Roadmap to Protecting Your Data
● Avoid “scammers”
● Learn wireless network basics
● Picking passwords
Creation
Protection
● Backing up your data
● Q&A
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 5
6. 6 Rules to Avoid Scammers
1. Don’t share personal info with anyone who calls you to ask for it.
2. Don’t share passwords.
3. Treat unexpected emails suspiciously.
4. Don’t respond to company emails requesting personal info.
5. Confirm the identity of anyone asking for personal info.
6. ALWAYS follow the correct procedure; don’t make exceptions.
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 6
7. Wireless Network Basics
4 Ways to Protect
Yourself from Network
Attackers 4
1 Enabling
Renaming your password
default SSID protection
2 3
Preventing SSID Using
broadcasting encryption
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 7
8. 1
Wireless Network Basics
Renaming your
default SSID
• By default, the wireless access point’s SSID will typically
be some form of a the manufacturer’s name example,
Linksys wireless access points have SSIDs of “Linksys”.
• Renaming the default SSID is the first step to hardening a
wireless network from attacks.
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 8
9. 2 Wireless Network Basics
Preventing SSID
broadcasting
● Turn off SSID broadcasting on your wireless access point
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 9
10. Wireless Network Basics
3
Using
encryption
• Utilizing encryption ensures that someone cannot start a
network analyzer and easily view all of the data you have
transmitted to and/or received from the wireless access
point.
• Common wireless security specifications include, from
weakest to strongest:
• WEP (Bad)
• WPA (Better)
• WPA2 (Best)
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 10
11. 4 Wireless Network Basics
Enabling
password
protection
• By default, wireless access points do not require a
password; the default to published admin password.
Leaving your network open allows for unauthorized access.
• Secure your network by requiring a password and changing
the default administrative password.
**Password Hint**
The longer and more complex the hard to crack.
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 11
12. Creating and Protecting Passwords
Do Your ● While servers tend to have passwords
on accounts, did you know that most
Passwords workstations do not?
Pass the ● We all believe our systems have
passwords – have you ever checked
Test? every system?
● Do you have strong passwords?
● Do you know what is a strong
password?
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 12
13. Passing the Password Test
Length Characters Alpha
The longer the Numeric
better Casing
Special
Example: Alpha, Numeric and Casing (16 Characters Long)
‘Passw0rdPassw0rd’
47,672,401,706,823,533,450,263,330,816 (47 octillion combinations)
53,493,822,905,617 53 trillion years to crack
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 13
14. Password Protection
• Use a Password Safe to
securely store your
passwords
• LastPass.com
• Passwordsafe.sourceforge.net
• Keypass.info
• Do not use the same
password on every
site/system
• If one is compromised, so are
the others
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 14
15. What is Your Backup Plan?
Sooner or later, you You MUST backup
will lose your data your data
Hard-drive will crash
Back up regularly
Computer gets stolen
Back up on-site
Building burns down
Back up off-site
Phone lost/stolen
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 15
16. Backups
• Ensure the backups are encrypted
• Use a cloud based backup for off-site, $5.00/month
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 16
17. Protecting Your Personal Data on the Street
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 17
18. Protecting Your Personal Data
What’s wrong with
this ATM?
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 18
19. Protecting Your Personal Data
A card reader is placed
over the original!
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 19
20. Protecting Your Personal Data
Anything wrong here?
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 20
21. Protecting Your Personal Data
The pamphlet holder
has a camera!
NPower Charlotte Region | Proprietary and Confidential | Not for Distribution 21