Security Awareness 101 - PowerPoint PPT Presentation


Title: Security Awareness 101


1
Security Awareness 101
  • Wayne Donald
  • Information Technology Security Officer
  • Randy Marchany
  • Director Information Technology Security Lab

2
Why Todays Presentation?
  • Creating an awareness of the technology risks is
    a step in helping the Virginia Tech user
    community take necessary precautions
  • There is a need to be more proactive when it
    comes to technology security
  • We need to understand that in many cases,
    technology alone cannot solve security problems
  • Providing users with information that can be used
    to help make their technology environment more
    secure is a win-win situation

3
Technology Issues in Higher Education
  • Laptop with 98,000 names stolen at UC-Berkeley
  • University of Northern Colorado missing hard
    drive with personal information
  • Boston College reveals alumni data breach
  • Students use smart phones to get answers to
    test
  • Southern University says hundreds altered grades
  • Hackers set up shop in State agencys server
  • Tufts warns 106,000 alumni donors of security
    breach
  • Auditors find sensitive data on surplus computer
  • Student installs device on teachers computer to
    sell tests
  • An externally managed server at Tufts University
    compromised by hackers
  • Carnegie Mellon business school reports data
    breach
  • Hackers plot more phishing, mobile viruses

4
What Makes a University Community Attractive for
Hackers?
  • Insecure machines are common
  • Usually find a high bandwidth network
  • Sophisticated computing capacity
  • Often an unsophisticated user population
  • An open network security environment
  • Too few security experts and weak tools
  • Not enough policies regarding systems security
  • Insufficient funding!

5
(No Transcript)
6
University Attacks
  • University campuses present a particularly
    inviting security target, experts say, because
    their systems house large amounts of personal
    data. But protecting the information is more
    complex than for a typical business because
    universities are built to foster collaboration
    and free exchange of information.
  • Rodney Peterson, security task force coordinator
    for EDUCAUSE, said this meant few policies and
    few restrictions on how computer networks were to
    be accessed and used. But now our greatest
    strength is now a weakness.

7
(No Transcript)
8
(No Transcript)
9
A Growing Concern Malware
  • A generic term for bad software that ends up on
    computers
  • Viruses and worms either standalone or carried
    by a program, document, or image
  • Trojan horses malicious software that looks
    like youre downloading something good
  • Adware designed to enhance the effectiveness of
    targeted advertising
  • Spyware gathers information about you and sends
    to it someone else then comes the spam
  • As much as 80-90 of todays email is spam

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
A Growing Concern Phishing
  • A scam technique that seeks to get personal
    information (bank account, credit card, users
    password, etc.)
  • Basically a malicious form of spam
  • Emails that appear to come from legitimate
    sources (online retailers, banks, etc.)
  • Many will direct the user to a fake website
  • Often try to fool users by alarming or surprising
    them (Your account will be shut down)
  • Confirmation of your address can be made by you
    clicking on the unsubscribe option
  • Newest on the block Pharming designed to
    harvest identity, financial, and other key pieces
    of information for identify theft.
  • Often will not require any action by the user
    for example, may redirect you from legitimate web
    site to fraudulent one

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Additional Security Threats
  • Tiny storage devices such as pocketsize hard
    drives, USB hard drives, and other memory media
    present new challenges
  • Digital cameras as well as new smart phones
    provide hackers and cheaters with additional
    tools
  • Handheld devices (Blackberrys, for example) that
    provide users with even greater access
    capabilities are another threat
  • User logon and password values give someone easy
    access and the opportunity to impersonate

18
(No Transcript)
19
What Needs to be Done to Ensure YOU Have a More
Secure Computing Environment
20
Operating System
  • An updated operating system helps protect your
    computer from viruses, worms, and other threats
    as they are discovered
  • With Windows you can utilize the Automatic Update
    feature
  • Click Start, and then click Control Panel
  • If there is not an Automatic Update icon, click
    on the System icon and then click on Automatic
    Updates
  • If your preference is to do the updates manually,
    visit the Windows Update site
    http//windowsupdate.microsoft.com

21
(No Transcript)
22
(No Transcript)
23
Operating System
  • You can schedule updates for any time of the day
  • However, your computer must be on for the updates
    to be installed
  • Also recommend it not be a time when you might be
    doing other tasks
  • If you do select Automatic Updates and forget to
    leave your computer on, you will receive a
    notification and will have to install manually

24
Internet Firewall
  • An internet firewall can help protect your
    computer against hacker attacks
  • You can purchase firewall software but new
    systems (both Windows and Mac) now come with
    build-in firewall software
  • Click Start, and then click Control Panel you
    can then click on the Windows Firewall icon to
    see the status
  • The firewall settings will prevent certain tasks
    so each individual user may have to determine an
    acceptable risk level

25
(No Transcript)
26
(No Transcript)
27
Antivirus
  • Antivirus software helps protect your computer
    from known viruses
  • Antivirus software works by comparing files on
    your computer against a file containing known
    virus definitions
  • Click Start, and then click Programs to see if
    you have antivirus software installed
  • NOTE Having two different antivirus programs
    installed on one computer can cause problems
  • Check the Virginia Tech antivirus site to
    download free Symantec software
    http//antivirus.vt.edu

28
(No Transcript)
29
(No Transcript)
30
Other Helpful Efforts
  • VTNet CD is available free to Tech personnel from
    Software Distribution off the Bridge
  • Vendor sites and organizational sites can provide
    information that is helpful in securing your
    environment
  • More tools to address issues such as spam and
    spyware are appearing on the market
  • Traditionally computers have been delivered to
    customers with ALL features turned on but some
    vendors are now beginning to lock systems down
    prior to shipping recommend asking that systems
    be locked down

31
Other Precautions
  • Dont assume physical security
  • A regular backup routine can ensure recovery from
    an incident
  • A secure password is the first line of defense
  • Remember email is not secure
  • Be aware of social engineering activities
  • Accessing the web can bring unwanted results

32
Passwords Help Ensure Privacy
  • The purpose of a login process is to establish
    who you are, and establish a level of security
  • If someone learns of your password, they can log
    on as you (and even share your password)
  • If a person does something malicious while logged
    on as you, it will likely be blamed on you
  • If you think someone knows your password CHANGE
    IT!
  • Password rules have become essential to help
    ensure privacy

33
Other Precautions
  • Dont assume physical security
  • A regular backup routine can ensure recovery from
    an incident
  • A secure password is the first line of defense
  • Remember email is not secure
  • Be aware of social engineering activities
  • Accessing the web can bring unwanted results

34
Helpful Sites
  • Primary Virginia Tech machine vendors
  • http//www.microsoft.com/security/it
  • http//www.apple.com/security
  • Spyware tools
  • Ad-aware http//www.lavasoftusa.com
  • Spybot Search Destroy http//security.kolla.de
  • Safe Networking http//www.safenetworking.org
  • MacScan http//macscan.securemac.com/
  • Virginia Tech sites
  • Security site http//security.vt.edu
  • Computing site http//computing.vt.edu
  • Engineering and Agriculture Life Sciences sites

35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
(No Transcript)
47
Other Helpful References
  • CheckNet individual system scanning available
    from IT Security Lab
  • VA SCAN Virginia Alliance for Secure Computing
    and Networking
  • http//www.vascan.org/
  • List of 100 best web site for security
  • http//www.uribe100.com/index100.htm
  • Professional Associations
  • http//www.educause.edu/security/
  • http//www.sans.org/
  • http//www.cisecurity.org/index.html

48
IT Security Lab
  • The laboratorys mission
  • Design, develop and implement training materials
    and classes for University technical and general
    users
  • Test computer hardware and software for security
    vulnerabilities and provide guidance for
    addressing these vulnerabilities

49
In Summary
  • Absolute security is unattainable
  • However, its important we take a proactive
    approach to technology security
  • Understand the risks in using technology and what
    puts you at danger
  • Users should consider making security an integral
    part of their daily plans
  • Utilize available security tools
  • We dont have all the answers

50
Contact Information
  • Security web site http//security.vt.edu
  • VT Computing site http//computing.vt.edu
  • IT Security Office and IT Security Lab
  • 1300 Torgersen Hall
  • Wayne Donald wdonald_at_vt.edu
  • Randy Marchany marchany_at_vt.edu
View by Category
About This Presentation
Title:

Security Awareness 101

Description:

... Tech antivirus site to download free Symantec software http://antivirus.vt.edu ... VTNet CD is available free to Tech personnel from Software ... – PowerPoint PPT presentation

Number of Views:424
Avg rating:3.0/5.0
Slides: 51
Provided by: wayned1
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Awareness 101


1
Security Awareness 101
  • Wayne Donald
  • Information Technology Security Officer
  • Randy Marchany
  • Director Information Technology Security Lab

2
Why Todays Presentation?
  • Creating an awareness of the technology risks is
    a step in helping the Virginia Tech user
    community take necessary precautions
  • There is a need to be more proactive when it
    comes to technology security
  • We need to understand that in many cases,
    technology alone cannot solve security problems
  • Providing users with information that can be used
    to help make their technology environment more
    secure is a win-win situation

3
Technology Issues in Higher Education
  • Laptop with 98,000 names stolen at UC-Berkeley
  • University of Northern Colorado missing hard
    drive with personal information
  • Boston College reveals alumni data breach
  • Students use smart phones to get answers to
    test
  • Southern University says hundreds altered grades
  • Hackers set up shop in State agencys server
  • Tufts warns 106,000 alumni donors of security
    breach
  • Auditors find sensitive data on surplus computer
  • Student installs device on teachers computer to
    sell tests
  • An externally managed server at Tufts University
    compromised by hackers
  • Carnegie Mellon business school reports data
    breach
  • Hackers plot more phishing, mobile viruses

4
What Makes a University Community Attractive for
Hackers?
  • Insecure machines are common
  • Usually find a high bandwidth network
  • Sophisticated computing capacity
  • Often an unsophisticated user population
  • An open network security environment
  • Too few security experts and weak tools
  • Not enough policies regarding systems security
  • Insufficient funding!

5
(No Transcript)
6
University Attacks
  • University campuses present a particularly
    inviting security target, experts say, because
    their systems house large amounts of personal
    data. But protecting the information is more
    complex than for a typical business because
    universities are built to foster collaboration
    and free exchange of information.
  • Rodney Peterson, security task force coordinator
    for EDUCAUSE, said this meant few policies and
    few restrictions on how computer networks were to
    be accessed and used. But now our greatest
    strength is now a weakness.

7
(No Transcript)
8
(No Transcript)
9
A Growing Concern Malware
  • A generic term for bad software that ends up on
    computers
  • Viruses and worms either standalone or carried
    by a program, document, or image
  • Trojan horses malicious software that looks
    like youre downloading something good
  • Adware designed to enhance the effectiveness of
    targeted advertising
  • Spyware gathers information about you and sends
    to it someone else then comes the spam
  • As much as 80-90 of todays email is spam

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
A Growing Concern Phishing
  • A scam technique that seeks to get personal
    information (bank account, credit card, users
    password, etc.)
  • Basically a malicious form of spam
  • Emails that appear to come from legitimate
    sources (online retailers, banks, etc.)
  • Many will direct the user to a fake website
  • Often try to fool users by alarming or surprising
    them (Your account will be shut down)
  • Confirmation of your address can be made by you
    clicking on the unsubscribe option
  • Newest on the block Pharming designed to
    harvest identity, financial, and other key pieces
    of information for identify theft.
  • Often will not require any action by the user
    for example, may redirect you from legitimate web
    site to fraudulent one

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Additional Security Threats
  • Tiny storage devices such as pocketsize hard
    drives, USB hard drives, and other memory media
    present new challenges
  • Digital cameras as well as new smart phones
    provide hackers and cheaters with additional
    tools
  • Handheld devices (Blackberrys, for example) that
    provide users with even greater access
    capabilities are another threat
  • User logon and password values give someone easy
    access and the opportunity to impersonate

18
(No Transcript)
19
What Needs to be Done to Ensure YOU Have a More
Secure Computing Environment
20
Operating System
  • An updated operating system helps protect your
    computer from viruses, worms, and other threats
    as they are discovered
  • With Windows you can utilize the Automatic Update
    feature
  • Click Start, and then click Control Panel
  • If there is not an Automatic Update icon, click
    on the System icon and then click on Automatic
    Updates
  • If your preference is to do the updates manually,
    visit the Windows Update site
    http//windowsupdate.microsoft.com

21
(No Transcript)
22
(No Transcript)
23
Operating System
  • You can schedule updates for any time of the day
  • However, your computer must be on for the updates
    to be installed
  • Also recommend it not be a time when you might be
    doing other tasks
  • If you do select Automatic Updates and forget to
    leave your computer on, you will receive a
    notification and will have to install manually

24
Internet Firewall
  • An internet firewall can help protect your
    computer against hacker attacks
  • You can purchase firewall software but new
    systems (both Windows and Mac) now come with
    build-in firewall software
  • Click Start, and then click Control Panel you
    can then click on the Windows Firewall icon to
    see the status
  • The firewall settings will prevent certain tasks
    so each individual user may have to determine an
    acceptable risk level

25
(No Transcript)
26
(No Transcript)
27
Antivirus
  • Antivirus software helps protect your computer
    from known viruses
  • Antivirus software works by comparing files on
    your computer against a file containing known
    virus definitions
  • Click Start, and then click Programs to see if
    you have antivirus software installed
  • NOTE Having two different antivirus programs
    installed on one computer can cause problems
  • Check the Virginia Tech antivirus site to
    download free Symantec software
    http//antivirus.vt.edu

28
(No Transcript)
29
(No Transcript)
30
Other Helpful Efforts
  • VTNet CD is available free to Tech personnel from
    Software Distribution off the Bridge
  • Vendor sites and organizational sites can provide
    information that is helpful in securing your
    environment
  • More tools to address issues such as spam and
    spyware are appearing on the market
  • Traditionally computers have been delivered to
    customers with ALL features turned on but some
    vendors are now beginning to lock systems down
    prior to shipping recommend asking that systems
    be locked down

31
Other Precautions
  • Dont assume physical security
  • A regular backup routine can ensure recovery from
    an incident
  • A secure password is the first line of defense
  • Remember email is not secure
  • Be aware of social engineering activities
  • Accessing the web can bring unwanted results

32
Passwords Help Ensure Privacy
  • The purpose of a login process is to establish
    who you are, and establish a level of security
  • If someone learns of your password, they can log
    on as you (and even share your password)
  • If a person does something malicious while logged
    on as you, it will likely be blamed on you
  • If you think someone knows your password CHANGE
    IT!
  • Password rules have become essential to help
    ensure privacy

33
Other Precautions
  • Dont assume physical security
  • A regular backup routine can ensure recovery from
    an incident
  • A secure password is the first line of defense
  • Remember email is not secure
  • Be aware of social engineering activities
  • Accessing the web can bring unwanted results

34
Helpful Sites
  • Primary Virginia Tech machine vendors
  • http//www.microsoft.com/security/it
  • http//www.apple.com/security
  • Spyware tools
  • Ad-aware http//www.lavasoftusa.com
  • Spybot Search Destroy http//security.kolla.de
  • Safe Networking http//www.safenetworking.org
  • MacScan http//macscan.securemac.com/
  • Virginia Tech sites
  • Security site http//security.vt.edu
  • Computing site http//computing.vt.edu
  • Engineering and Agriculture Life Sciences sites

35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
(No Transcript)
47
Other Helpful References
  • CheckNet individual system scanning available
    from IT Security Lab
  • VA SCAN Virginia Alliance for Secure Computing
    and Networking
  • http//www.vascan.org/
  • List of 100 best web site for security
  • http//www.uribe100.com/index100.htm
  • Professional Associations
  • http//www.educause.edu/security/
  • http//www.sans.org/
  • http//www.cisecurity.org/index.html

48
IT Security Lab
  • The laboratorys mission
  • Design, develop and implement training materials
    and classes for University technical and general
    users
  • Test computer hardware and software for security
    vulnerabilities and provide guidance for
    addressing these vulnerabilities

49
In Summary
  • Absolute security is unattainable
  • However, its important we take a proactive
    approach to technology security
  • Understand the risks in using technology and what
    puts you at danger
  • Users should consider making security an integral
    part of their daily plans
  • Utilize available security tools
  • We dont have all the answers

50
Contact Information
  • Security web site http//security.vt.edu
  • VT Computing site http//computing.vt.edu
  • IT Security Office and IT Security Lab
  • 1300 Torgersen Hall
  • Wayne Donald wdonald_at_vt.edu
  • Randy Marchany marchany_at_vt.edu
About PowerShow.com