Security Awareness 101

1
Security Awareness 101

• Wayne Donald
• Information Technology Security Officer
• Randy Marchany
• Director Information Technology Security Lab

2
Why Todays Presentation?

• Creating an awareness of the technology risks is
  a step in helping the Virginia Tech user
  community take necessary precautions
• There is a need to be more proactive when it
  comes to technology security
• We need to understand that in many cases,
  technology alone cannot solve security problems
• Providing users with information that can be used
  to help make their technology environment more
  secure is a win-win situation

3
Technology Issues in Higher Education

• Laptop with 98,000 names stolen at UC-Berkeley
• University of Northern Colorado missing hard
  drive with personal information
• Boston College reveals alumni data breach
• Students use smart phones to get answers to
  test
• Southern University says hundreds altered grades
• Hackers set up shop in State agencys server
• Tufts warns 106,000 alumni donors of security
  breach
• Auditors find sensitive data on surplus computer
• Student installs device on teachers computer to
  sell tests
• An externally managed server at Tufts University
  compromised by hackers
• Carnegie Mellon business school reports data
  breach
• Hackers plot more phishing, mobile viruses

4
What Makes a University Community Attractive for
Hackers?

• Insecure machines are common
• Usually find a high bandwidth network
• Sophisticated computing capacity
• Often an unsophisticated user population
• An open network security environment
• Too few security experts and weak tools
• Not enough policies regarding systems security
• Insufficient funding!

5
(No Transcript)
6
University Attacks

• University campuses present a particularly
  inviting security target, experts say, because
  their systems house large amounts of personal
  data. But protecting the information is more
  complex than for a typical business because
  universities are built to foster collaboration
  and free exchange of information.
• Rodney Peterson, security task force coordinator
  for EDUCAUSE, said this meant few policies and
  few restrictions on how computer networks were to
  be accessed and used. But now our greatest
  strength is now a weakness.

7
(No Transcript)
8
(No Transcript)
9
A Growing Concern Malware

• A generic term for bad software that ends up on
  computers
• Viruses and worms either standalone or carried
  by a program, document, or image
• Trojan horses malicious software that looks
  like youre downloading something good
• Adware designed to enhance the effectiveness of
  targeted advertising
• Spyware gathers information about you and sends
  to it someone else then comes the spam
• As much as 80-90 of todays email is spam

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
A Growing Concern Phishing

• A scam technique that seeks to get personal
  information (bank account, credit card, users
  password, etc.)
• Basically a malicious form of spam
• Emails that appear to come from legitimate
  sources (online retailers, banks, etc.)
• Many will direct the user to a fake website
• Often try to fool users by alarming or surprising
  them (Your account will be shut down)
• Confirmation of your address can be made by you
  clicking on the unsubscribe option
• Newest on the block Pharming designed to
  harvest identity, financial, and other key pieces
  of information for identify theft.
• Often will not require any action by the user
  for example, may redirect you from legitimate web
  site to fraudulent one

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Additional Security Threats

• Tiny storage devices such as pocketsize hard
  drives, USB hard drives, and other memory media
  present new challenges
• Digital cameras as well as new smart phones
  provide hackers and cheaters with additional
  tools
• Handheld devices (Blackberrys, for example) that
  provide users with even greater access
  capabilities are another threat
• User logon and password values give someone easy
  access and the opportunity to impersonate

18
(No Transcript)
19
What Needs to be Done to Ensure YOU Have a More
Secure Computing Environment
20
Operating System

• An updated operating system helps protect your
  computer from viruses, worms, and other threats
  as they are discovered
• With Windows you can utilize the Automatic Update
  feature
• Click Start, and then click Control Panel
• If there is not an Automatic Update icon, click
  on the System icon and then click on Automatic
  Updates
• If your preference is to do the updates manually,
  visit the Windows Update site
  http//windowsupdate.microsoft.com

21
(No Transcript)
22
(No Transcript)
23
Operating System

• You can schedule updates for any time of the day
• However, your computer must be on for the updates
  to be installed
• Also recommend it not be a time when you might be
  doing other tasks
• If you do select Automatic Updates and forget to
  leave your computer on, you will receive a
  notification and will have to install manually

24
Internet Firewall

• An internet firewall can help protect your
  computer against hacker attacks
• You can purchase firewall software but new
  systems (both Windows and Mac) now come with
  build-in firewall software
• Click Start, and then click Control Panel you
  can then click on the Windows Firewall icon to
  see the status
• The firewall settings will prevent certain tasks
  so each individual user may have to determine an
  acceptable risk level

25
(No Transcript)
26
(No Transcript)
27
Antivirus

• Antivirus software helps protect your computer
  from known viruses
• Antivirus software works by comparing files on
  your computer against a file containing known
  virus definitions
• Click Start, and then click Programs to see if
  you have antivirus software installed
• NOTE Having two different antivirus programs
  installed on one computer can cause problems
• Check the Virginia Tech antivirus site to
  download free Symantec software
  http//antivirus.vt.edu

28
(No Transcript)
29
(No Transcript)
30
Other Helpful Efforts

• VTNet CD is available free to Tech personnel from
  Software Distribution off the Bridge
• Vendor sites and organizational sites can provide
  information that is helpful in securing your
  environment
• More tools to address issues such as spam and
  spyware are appearing on the market
• Traditionally computers have been delivered to
  customers with ALL features turned on but some
  vendors are now beginning to lock systems down
  prior to shipping recommend asking that systems
  be locked down

31
Other Precautions

• Dont assume physical security
• A regular backup routine can ensure recovery from
  an incident
• A secure password is the first line of defense
• Remember email is not secure
• Be aware of social engineering activities
• Accessing the web can bring unwanted results

32
Passwords Help Ensure Privacy

• The purpose of a login process is to establish
  who you are, and establish a level of security
• If someone learns of your password, they can log
  on as you (and even share your password)
• If a person does something malicious while logged
  on as you, it will likely be blamed on you
• If you think someone knows your password CHANGE
  IT!
• Password rules have become essential to help
  ensure privacy

33
Other Precautions

• Dont assume physical security
• A regular backup routine can ensure recovery from
  an incident
• A secure password is the first line of defense
• Remember email is not secure
• Be aware of social engineering activities
• Accessing the web can bring unwanted results

34
Helpful Sites

• Primary Virginia Tech machine vendors
• http//www.microsoft.com/security/it
• http//www.apple.com/security
• Spyware tools
• Ad-aware http//www.lavasoftusa.com
• Spybot Search Destroy http//security.kolla.de
• Safe Networking http//www.safenetworking.org
• MacScan http//macscan.securemac.com/
• Virginia Tech sites
• Security site http//security.vt.edu
• Computing site http//computing.vt.edu
• Engineering and Agriculture Life Sciences sites

35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
(No Transcript)
46
(No Transcript)
47
Other Helpful References

• CheckNet individual system scanning available
  from IT Security Lab
• VA SCAN Virginia Alliance for Secure Computing
  and Networking
• http//www.vascan.org/
• List of 100 best web site for security
• http//www.uribe100.com/index100.htm
• Professional Associations
• http//www.educause.edu/security/
• http//www.sans.org/
• http//www.cisecurity.org/index.html

48
IT Security Lab

• The laboratorys mission
• Design, develop and implement training materials
  and classes for University technical and general
  users
• Test computer hardware and software for security
  vulnerabilities and provide guidance for
  addressing these vulnerabilities

49
In Summary

• Absolute security is unattainable
• However, its important we take a proactive
  approach to technology security
• Understand the risks in using technology and what
  puts you at danger
• Users should consider making security an integral
  part of their daily plans
• Utilize available security tools
• We dont have all the answers

50
Contact Information

• Security web site http//security.vt.edu
• VT Computing site http//computing.vt.edu
• IT Security Office and IT Security Lab
• 1300 Torgersen Hall
• Wayne Donald wdonald_at_vt.edu
• Randy Marchany marchany_at_vt.edu