Computer Security Awareness Symposium

1
Computer Security Awareness Symposium

• General Desktop Security
• Kasey Dennler, ITS

2
General Desktop Security

• Definition of Desktop Security
• Desktop Computers. the primary display screen of
  a graphical user interface, on which various
  icons represent files, groups of files, programs,
  or the like, which can be moved, accessed, added
  to, put away, or thrown away in ways analogous to
  the handling of file folders, documents, notes,
  etc., on a real desk.
• Security Freedom from danger, risk, etc.
  safety.

3
General Desktop Security

• Definition of Desktop Security cont.
• Putting the two together you have
• Desktop Security Freedom from danger or risk
  when using your desktop computer in your office.
  Safely transferring, accessing, and manipulating
  information necessary for your day to day
  operations.

4
General Desktop Security

• Updating and patching your systems
• The Anti-Section section
• Securing your systems
• Smart surfing
• Backing up
• Dealing with old systems

5
Updating and Patching

• I got Firefox 3, how about you?

6
Updating and Patching

• Why is it important to keep your systems up to
  date?
• How do you keep your system up to date and still
  functional?
• How often should I update, or will auto update
  save me?

7
Updating and Patching

• Why is it important to update my machine?
• The consequences of your actions..

8
Updating and Patching

• I did not update
• Remote code execution
• Worms, viruses, Trojans
• Confidential Material compromised
• HTTP/FTP server setup for illegal/illicit
  materials
• Key loggers
• Total destruction
• I now have to wipe and re-install everything

• I did update
• My machine has the latest code fixes
• I am free from Viruses, Worms, Trojans
• My confidential info is still confidential
• No servers running here
• I can still be productive and get my work done
  today

9
Updating and Patching

• I think I want to keep my machine updated, how?
• Microsoft Updates
• Auto updates
• Only installs critical updates!
• Manual updates
• You must go out and get them, but you do get them
  all
• Machine specific updates
• Lenovo system update
• Updates specific to your machine for both
  hardware and software
• Tune in later today for Software Updating tools
  with Ben Kirchmeier.

10
The Anti-section section

• I got a whole bag of Anti- here with your name on
  it

11
The Anti-Section section

• Anti-Virus software
• Anti-Adware / Anti-Spyware software
• Anti-Malware software
• Anti-Venom

12
Anti-Virus

• What does Anti-Virus software really do?
• Which one should I use?
• AVG, its free you know
• McAfee, I bought it cause it looked cool
• Trend Micro, is it really trendy
• Norton, because you know it is different than
  Symantec, right
• Symantec from the UI, I like the UI

13
Anti-Virus

• Definition of Antivirus
• A software program designed to identify and
  remove a known or potential computer virus.
• What does antivirus mean to me

14
Anti-Virus

• Antivirus
• A program that runs on my computer and actively
  scans all programs and then compares them to a
  database of definitions managed by the program to
  determine if they are a virus or not

15
Anti-Virus

• AVG
• Not really a good idea, as the EULA states it is
  for private use only, and not in an Academic
  environment
• McAfee
• You can use it on campus, but it is not ITS
  supported software.
• Trend Micro
• Same as MacAfee, you can use it, but it is not
  supported.
• Norton
• Same company as Symantec, with many differences.
  Not supported by ITS

16
Anti-Virus

• Anti-Virus protection
• Get it
• From the UI
• Use it
• Make sure it is turned on and scanning actively
• Update it
• Make sure auto updates are turned on and are done
  regularly
• Check it
• Make sure you are using the latest version of
  Symantec. You can check your version by clicking
  on the help and support button in 11.0 and newer.
  In version 10.2 you can open Symantec and view
  the version on the main page.

17
Anti-Virus
18
Anti-Virus
19
Anti-Adware / Anti-Spyware

• What is adware?
• What is spyware?
• Why do I need to worry about them?

20
Anti-Adware / Anti-Spyware

• Adware definition
• a software application in which advertisements
  are displayed while the program is running, esp.
  in pop-up windows or banners, and which often is
  installed without the users knowledge or consent
  also called advertising-supported software

21
Anti-Adware / Anti-Spyware

• Spyware definition
• any software that covertly gathers information
  about a user while he/she navigates the Internet
  and transmits the information to an individual or
  company who then uses it for marketing or other
  purposes.

22
Anti-Adware / Anti-Spyware

• Why worry you ask
• Adware is the cause of a great deal of
  frustrations to many users.
• Spyware is always watching you.
• When you go to your banks website
• When you bought those expensive pumps online
• When you checked your paystub on Vandalweb
• When you asked ask.com about the rash on

23
Anti-Adware / Anti-Spyware

• Great holy bag of crazy monkeys, I have pop-up
  craziness. Help me ITS superstars
• Ad-aware
• Free version downloadable from www.download.com
• Spybot search and destroy
• Free version downloadable from www.download.com
• Windows Defender
• Is standard on Vista, and is downloadable from
  Microsoft website for XP users
• Symantec AV 11 has built in Anti-Spyware
  protection
• If you have AV from us it is already working for
  you

24
Anti-Malware

• Mal-what?
• Malware definition
• software, such as viruses, intended to damage or
  disable a computer system short for malicious
  software also written mal-ware.
• Malware can be removed with most Anti-Virus
  software, but may require specialty software to
  effectively render your system back to a safe
  condition.

25
Securing your system

• What, you mean this has to be secure?

26
Securing your system

• What do you mean by securing my system?
• How can I secure my system?
• How can I make sure no one has accessed my stuff?
• What do I do if someone has accessed my machine?

27
Securing your system

• What do you mean securing your system.
• Not only do you need to think about password
  security, but physical security, biometrics,
  firewalls, computer privileges, and data
  encryption.

28
Securing your system

• Ok, so how do I secure my system?
• Physical Security
• Where is my computer located
• Biometrics
• Fingerprint reader / Retinal scanner
• Data encryption
• Are my files accessible if they are taken from my
  machine?
• Administrator Privileges
• Do I really, really need to be an administrator?
• Firewalls
• You shall not pass!
• Strong passwords
• shs1Yp?

29
Securing your system

• How do I make sure no one got into my system?
• Tamper protecting software
• Tamper protection hardware

30
Securing your system

• What if someone accessed my machine, what do I
  do?
• Verify something happened
• Unplug the network cable
• Report the incident to your supervisor
• Report the incident to security_at_uidaho.edu
• Call the police if necessary
• Change all of your passwords
• Change your encryption pass phrase
• Mitigate the damage, check your bank records and
  other personal accounts for suspicious activity

31
Smart Surfing

• How to catch an internet wave and not crash and
  burn

32
Smart Surfing

• Are things really that bad out there?
• Basic ideas to keep you safe and still enjoy the
  internet
• P2P file sharing
• Phishing scams

33
Smart Surfing

• Are things really that bad out there?
• Yes, they are.
• According to the Privacy Rights Clearinghouse,
  there have been more than 240 million records
  containing sensitive personal information
  involved in security breaches to-date nationally.
  from MS-ISAC

34
Safe Surfing

• How do I surf the web safely?
• Common sense is your best friend
• Update your web browser
• Keep your operating system updated
• Enable the pop-up blocker functionality
• Keep an eye on JavaScript, Java, and ActiveX
  controls
• Try noscript.net

35
Smart Surfing

• P2P file sharing.
• P2P
• Connections between two or more computers
  directly
• File sharing
• refers to the providing and receiving of digital
  files over a network, usually following the
  peer-to-peer (P2P) model, where the files are
  stored on and served by personal computers of the
  users.
• Common P2P programs
• BitTorrent / eDonkey / Ares / Napster / Freenet

36
Smart Surfing

• Ok, so what does P2P mean to me
• With P2P clients you have no control over the
  content you are receiving
• Most clients also set up services for you to
  serve content from your machine as well as
  download
• Most things you get could be laced with viruses
• Downloaded content is most likely illegal
• Your machine is now open to the outside while
  serving content

37
Smart Surfing

• Phishing Scams
• Phishing
• the practice of luring unsuspecting Internet
  users to a fake Web site by using
  authentic-looking email with the real
  organizations logo, in an attempt to steal
  passwords, financial or personal information, or
  introduce a virus attack the creation of a Web
  site replica for fooling unsuspecting Internet
  users into submitting personal or financial
  information or passwords.

38
Smart Surfing

• Tips for not getting caught
• Do not click on links listed in e-mail messages,
  and watch out for attachments
• Do not enter information in pop-ups
• If it looks fishy, it probably is. Just delete
  it.
• Enable phishing filters in your web browsers
• Do not respond with personal information to
  e-mail requests. Legit places will never ask for
  information via e-mail.

39
Backing up your data

• How I avoided total melt down when my hard drive
  melted down

40
Backing up your data

• Why should I back up my data?
• What do I need to know in order to back up my
  data?
• How do I back up my data?

41
Backing up your data

• Why should you back up your data?
• What if the building burns down?
• Is all my information still around?
• So, my computer just got stolen. Can I go back to
  work now?
• I left my laptop in the airport, and they found
  it. Phew, but it will take 6 weeks to get it
  mailed back to me. What do I do?
• My hard drive is playing disco music when it
  spins up. Is everything ok?

42
Backing up your data

• What do I need to know
• Step 1
• Plan a backup strategy
• What do I need to backup?
• Only back up important info you will need in the
  future
• How quickly will I need it in the future?
• Time may be critical, choose an application which
  can restore quickly
• Do I need multiple backups or will one do?
• It is always good to have multiple backups, as
  long as they are all up to date
• When during the day should I do the backup?
• When you are not using your machine for a few
  hours. Backups take time and could hold your
  computer up for several hours.
• It is convenient to use this backup software?
• It should be, otherwise you probably wont use is
  on a regular basis

43
Backing up your data

• Step 2
• Execute your plan
• Make sure you are keeping up to date on your
  backups.
• Backups are only as good as they are usable. If
  your backup is really, really outdated, then it
  is useless.
• Keep track of your backups.
• Dont keep your backups in the same place as your
  machine, separate and save.

44
Backing up your data

• Step 3
• Diligence is the key to success
• Make sure you continue sticking to your plan

45
Surplus

• What the heck do I do with all of this old stuff
  in my office?

46
Surplus

• What do I do with my old stuff?
• Where can I find out more?

47
Surplus

• Surplus is your friend, and you can even make
  some money back from the sale of your old stuff.
• UI APM Chapter 10.41 covers how to go about
  sending your old systems to surplus.
• http//www.uihome.uidaho.edu/default.aspx?pid8437
  7

48
Surplus

• So now I know where to send my stuff, what do I
  do?
• Stay tuned for Sean Sullivans presentation on PC
  lifecycle and Maintenance

49
Questions?

• No really, you guys got any questions?

50
General Desktop Security

• May the force be with you.