Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Cyber Security Best Practices
Bill Stevens, ISSMMaui High Performance Computing Center
March 28, 2012
Aloha Industrial Security Awareness Council
2
3
Risks &Threats
It can be Dangerous on the Internet …
• Viruses• Hackers• Con Artists• Scams• Thieves• International / Industrial Espionage• Porn Sites• Spam
4
Best Practices
• Strong Passwords• Anti-Virus Software• Anti-Spyware• Firewall• Configuration Management• Automatic Updates• Browser Security
5
Passwords
6
25 Weakest Passwords
November 28, 2011 -- Government Computer News reported:
Security company SplashData published its list of the worst passwords of 2011, compiled from millions of stolen passwords that hackers had posted online
7
25 Weakest Passwords
1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passwOrd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
8
Good Passwords
• What makes a good password?• At least 8 or 9 characters – but more is better
• Random character sequence
• Multiple character types (upper case, lower case, number, special)
• Goal: Password resistant to guessing and automated cracking tools
9
Creating a Strong Password
• Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3)
• Substitute words for numbers (one, two , three...)
• Combine both the of above (0ne, thr33, f1ve)
• Use capitalization in random places (bLue, happY)
• Use special characters ( !@#$%^&*(){}[] ) to punctuate and separate words
• Create passwords out of words, numbers or phrases you'll remember
• Misspell words
10
Password Examples
Michael is Awesome
M1cha3l$Aw3s0m3!
FwtBT@1943!!
For whom the Bell Tolls
For whom the Bell Tolls
FwtBT@1943!!
11
12
13
Palin Security Questions
• When is your birthday?• February 11, 1964• 02/11/1964
• What is your zip code?• 99623• 99629• 99654• 99687
• Where did you meet your spouse?• Wasilla High School• High School• Wasilla High
14
Revised Yahoo Security Questions
15
Malicious Software
(Malware)
16
How does a Virus Spread?
• Email Attachments
• Instant Messenger file transfers and web links
• File downloads from hacked or untrustworthy web sites
• Using infected floppy disks, CD-ROMs, USB flash drives, etc.
• Insecure computers being hacked and configured to send out viruses
17
Protect Yourself!
Do not open unknown or unsolicited e-mail attachments.
Unsolicited e-mail attachments sometimes contain pictures, Microsoft Word or Excel documents, or other similar files. These files may actually be Trojan horses or worms that intend to spread themselves to others. If you do not know the source of the e-mail, and you were not expecting it, you should not open the attachment. Even if a message appears to come from a friend, it may not be safe. Many newer e-mail viruses will automatically send themselves out to addresses found in an infected computer’s address book.
18
Protect Yourself!
Do not download files from websites you do not recognize or trust.
While most websites that you’ll likely visit are well known and trustworthy, files that get downloaded on to your computer are coming from a source that is outside of your control. If you do not know the source of a file, or you did not request to download the file, do not open it. For other files that you download, use your anti- virus scanner to verify that the file is safe and not infected with a virus.
19
Protect Yourself!
Do not use file sharing software such as LimeWire or Kazaa.
File-sharing programs are notorious for their use to illegally trade copyrighted music, movies and computer programs. They also spread viruses through the files they download, since the documents being traded can themselves be viruses or infected with viruses. If you don’t know or trust the source, then you should be suspicious of the file you’re receiving. In addition, many file-sharing programs come packaged with programs that show advertisements and monitor the use of your computer, which can also leave you more susceptible to virus outbreaks.
20
Common Anti-Virus Solutions
• Commercial Products• Symantec• McAfee VirusScan• PC Tools• Etc.
• Free Products **• CLAM Anti-Virus• AVG Anti-Virus Free 2012• Avira Free Anti-Virus 2012• Ad-Aware Free Internet Security 9• Etc.
** For more info see PC Magazine February 17, 2012
21
Desirable Anti-Virus Characteristics
• Regular Updates• The anti-virus program should update
itself frequently, to ensure it effectively deals with new virus threats
• Background Operations• The product should run in the
background at all times, the system tray, catching viruses as soon as they appear
• Virus Clean-up Help• The program should guide you through
removing viruses
22
23
Spyware & Adware
• Spyware: a program that hides itself and runs on your computer, collecting data about you. Spyware typically targets the websites you’ve visited, your passwords or your credit card numbers. This data is then transmitted to a company or individual on the Internet.
• Adware: a program that hides itself and runs on your computer, showing pop-up advertisements at random times, even when you’re not connected to the Internet.
• Example Anti-Spyware Solutions• Windows Defender• Spybot – Search and Destroy• Norton 360 version 6.0• Etc.
24
Software Updates
• Updates and Patches• Microsoft Windows Operating System
(XP, Vista, Windows 7)• Microsoft Office (Word, Excel,
Powerpoint)• Browser (IE, Firefox, Chrome, etc)• Anti-Virus (Symantec, McAfee)• Adobe Reader• Flash• Sun Java
25
Configure Automatic Updates
26
27
Configure Automatic Updates
28
Configure Automatic Updates
29
Configure Automatic Updates
30
Configure Automatic Updates
31
Firewalls
32
33
Firewall Examples
• Software Based• Microsoft Windows Firewall• McAfee Firewall (part of McAfee security
bundle)
• Hardware• Corporate (Cisco)• Home (Linksys, Netgear, etc)
34
Configuring a Firewall
35
Configuring a Firewall
36
Firewall Blocking
37
Phishing & Other Scams
38
USPS Example
39
Here’s the Real URL
40
LinkedIn Example
41
IRS Example
42
Info on IRS Scam
43
IRS Response
44
Amazon Example
45
Issues in Amazon Email
46
Nigerian 419 Scam Variant
47
Rogueware
48
49
50
Questions?