Identity Theft Am I Really at Risk

1
Identity Theft(Am I Really at Risk?)

• Bill Wilson
• Senior Technology Engineer
• Longwood University
• Institute for Teaching through Technology
• and Innovative Practices (ITTIP)
• Southside Virginia Regional Technology Consortium
  (SVRTC)
• 434-517-0717
• bill_at_ittip.us
• The Italian Job

2

• Identity Theft,
• Am I Really at Risk?

3
And the Answer is

• Yes !!
• The End.
• Thank you for Coming!

4

• Actually, You are always at risk
• to a greater or lesser degree.

5
Session

• What is Identity Theft?
• How can it happen?
• What can I do?
• Will it be expensive?
• Making True BelieversDo I need convincing?
• Do I still need convincing?
• Are there any free tools available?
• Where can I get more Information?

6
What is Identity Theft?

• Identity theft occurs when somebody steals your
  name and other personal information for
  fraudulent purposes. Identity theft is a form of
  identity crime (where somebody uses a false
  identity to commit a crime). (www.netalert.net.au
  /01990-Glossary.asp)
• The act of impersonating another, by means of
  using the person's information, such as birth
  date, Social Security number, address, name, and
  bank account information. (www.white-collar-crime
  s.com/criminal_terms.shtml)

7
How Does it Happen?

• By Having
• No personal and/or Central Firewalls
  orImproperly Configured Firewalls
• No Anti-Virus (Personal or Networked)
• No adhered-to Network Policies (anything goes,
  etcthe no-parking sign syndrome)
• No SPAM Firewall (Email Phishing)
• No Password Policies (Using the same password for
  many accounts)
• Or by accessing, unsecured, Web Sites (no SSL,
  unencrypted passwords, etc.)
• Etc, etc, etc,

8
and last, but not least,

• Ignorance!!
• (Perhaps the 1 Cause)

9
Making True Believers

• I dont need to Update my software. It really
  doesnt make that much difference anyway.
• I dont need to change my password. Do it often
  you say! You gotta be kidding! I can hardly
  remember the one I have!!
• I dont need to worry about Phishing because I
  never visit bad Web sites.

10
What do you think??
11
Not Convinced?

• ACL Stats.log

12
Still Not Convinced?

• Barracuda SPAM FireWall Stats

13
Youre Still Not Convinced? Okay, then try this
One

• Stolen Identity 101

14
What can I do?

• Passwords
• Have a good, enforced, password policy
• Use long passwords
• Alphanumeric
• Upper and lower case
• Spaces and special characters (if allowed)
• Change often
• Use unique passwords

15
What Can I Do (continued)?

• Security Updates
• Automatic updates from the source or from a proxy
  location
• Consider ALL software being usednot just
  Microsoft or the OS (remember VNC 4.11?)
• Netadmins
• Use a Central Management and Deployment Tool
  (i.e. Trackit! Patch Manager, etc.)
• Network Mitigators (i.e. Campus Manager, etc.)

16
What Can I Do (continued)?

• Firewalls
• Network
• At the Edge of your Network
• Full Featured (VPNs, etc.)
• Include Log Analysis Options
• Includes compatibility with ALL currently
  accepted, non-proprietary, standards
• Stay on top of updates, ios changes,
  subscriptions, support contracts, etc.
• Personal
• Microsoft Personal Firewall
• ZoneAlarm, Black Ice, etc.
• Apply routine Updates to the firewalls
• Dont leave it turned Off!

17
What Can I Do (continued)?

• Anti-Virus
• Be sure to Use One!
• Maintain subscriptions for updates
• Apply patches when available
• Update it Daily, make it automatic
• Anti-Virus Engine
• Virus Pattern Files
• Turn on Email filtering options
• Other options as appropriate

18
What Can I Do (continued)?

• Identify MalWare or Malicious Software. Some
  types are
• SpyWare
• Browser Hi-Jackers (Changes settings in Browser)
• Adware (Annoying Pop-ups) (at least)
• Browser Plug-ins (Search bars w/trackers)
• Back Doors (Remote Access to a computer)
• Keystroke Loggers (records the keystrokes on a
  computer)
• Worms (Self-Replicating)
• Trojans
• Spyware Removal Tools
• Adaware, Spy Sweeper, AVG, McAfee, Symantec, etc.
• Schedule routine updates and scanning
• Delete or remove anything deemed malicious

19
Intrusion Prevention

• Inspects traffic coming into the network at the
  perimeter
• Initiates actions based on pre-defined rules
• IPS Results

20
A Few Helpful Tools

• Microsoft SysInternals - Free
• PRParser - Who is your computer talking to (Log
  File Parser)
• AccessEnum - Who has access privileges to folders
• PortMon Provides a list of ports in use on your
  computer
• (http//www.microsoft.com/technet/sysinternals/)
• Wireshark Network Protocol Analyzer(http//www.
  wireshark.org/ - Free)
• Microsoft Update (http//update.microsoft.com/ -
  Free)
• AVG Anti-Spyware Anti-Virus (http//free.grisoft
  .com/ - Free)
• Adaware Anti-Spyware (http//www.lavasoftusa.com/
  - Free)
• PRTG Network Traffic Grapher (http//www.paessler
  .com/prtg - Free)
• Top Layer IPS (www.toplayer.com/ - NOT Free)
• Reflex IPS (www.reflexsecurity.com/products/ips.ph
  p Not Free)

21
More Information

• www.educause.edu
• www.cert.org/
• www.ftc.com
• www.fraud.org
• www.consumer.gov/idtheft
• www.antiphishing.org
• Symantec, McAfee, Etc.

22
More Information

• Information Security Management,Tipton/Krause,
  Auerbach
• Hacking Exposed, Network Security Secrets
  Solutions, McClure/Scambray/Jurtz, Osborne

23
Vendor Sponsors

• Intrusion Prevention Systems, SPAM Firewalls,
  Other Security Systems, Traffic Management, etc.
• Data Network Solutions (DNS)Buddy Davis(919)
  524-8014buddy.davis_at_dnscoinc.com
• Enterprise Network Services, Inc.Ike B.
  Bunn919-510-0510 X 23ike_at_ens-nc.com

24
Identity Theft(Am I Really at Risk?)

• Bill Wilson
• Senior Technology Engineer
• bill_at_ittip.us
• Institute for Teaching through Technology
• and Innovative Practices (ITTIP)
• Southside Virginia Regional Technology Consortium
  (SVRTC)
• 434-517-0717