1

Cyber Security Best Practices

Bill Stevens, ISSMMaui High Performance Computing Center

March 28, 2012

Aloha Industrial Security Awareness Council

2

3

Risks &Threats

It can be Dangerous on the Internet …

• Viruses• Hackers• Con Artists• Scams• Thieves• International / Industrial Espionage• Porn Sites• Spam

4

Best Practices

• Strong Passwords• Anti-Virus Software• Anti-Spyware• Firewall• Configuration Management• Automatic Updates• Browser Security

5

Passwords

6

25 Weakest Passwords

November 28, 2011 -- Government Computer News reported:

Security company SplashData published its list of the worst passwords of 2011, compiled from millions of stolen passwords that hackers had posted online

7

25 Weakest Passwords

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passwOrd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

8

Good Passwords

• What makes a good password?• At least 8 or 9 characters – but more is better

• Random character sequence

• Multiple character types (upper case, lower case, number, special)

• Goal: Password resistant to guessing and automated cracking tools

9

Creating a Strong Password

• Substitute numbers for letters and vice versa. (o instead of 0, 4 instead of A, 1 instead of L, E instead of 3)

• Substitute words for numbers (one, two , three...)

• Combine both the of above (0ne, thr33, f1ve)

• Use capitalization in random places (bLue, happY)

• Use special characters ( !@#$%^&*(){}[] ) to punctuate and separate words

• Create passwords out of words, numbers or phrases you'll remember

• Misspell words

10

Password Examples

Michael is Awesome

M1cha3l$Aw3s0m3!

FwtBT@1943!!

For whom the Bell Tolls

For whom the Bell Tolls

FwtBT@1943!!

11

12

13

Palin Security Questions

• When is your birthday?• February 11, 1964• 02/11/1964

• What is your zip code?• 99623• 99629• 99654• 99687

• Where did you meet your spouse?• Wasilla High School• High School• Wasilla High

14

Revised Yahoo Security Questions

15

Malicious Software

(Malware)

16

How does a Virus Spread?

• Email Attachments

• Instant Messenger file transfers and web links

• File downloads from hacked or untrustworthy web sites

• Using infected floppy disks, CD-ROMs, USB flash drives, etc.

• Insecure computers being hacked and configured to send out viruses

17

Protect Yourself!

Do not open unknown or unsolicited e-mail attachments.

Unsolicited e-mail attachments sometimes contain pictures, Microsoft Word or Excel documents, or other similar files. These files may actually be Trojan horses or worms that intend to spread themselves to others. If you do not know the source of the e-mail, and you were not expecting it, you should not open the attachment. Even if a message appears to come from a friend, it may not be safe. Many newer e-mail viruses will automatically send themselves out to addresses found in an infected computer’s address book.

18

Protect Yourself!

Do not download files from websites you do not recognize or trust.

While most websites that you’ll likely visit are well known and trustworthy, files that get downloaded on to your computer are coming from a source that is outside of your control. If you do not know the source of a file, or you did not request to download the file, do not open it. For other files that you download, use your anti- virus scanner to verify that the file is safe and not infected with a virus.

19

Protect Yourself!

Do not use file sharing software such as LimeWire or Kazaa.

File-sharing programs are notorious for their use to illegally trade copyrighted music, movies and computer programs. They also spread viruses through the files they download, since the documents being traded can themselves be viruses or infected with viruses. If you don’t know or trust the source, then you should be suspicious of the file you’re receiving. In addition, many file-sharing programs come packaged with programs that show advertisements and monitor the use of your computer, which can also leave you more susceptible to virus outbreaks.

20

Common Anti-Virus Solutions

• Commercial Products• Symantec• McAfee VirusScan• PC Tools• Etc.

• Free Products **• CLAM Anti-Virus• AVG Anti-Virus Free 2012• Avira Free Anti-Virus 2012• Ad-Aware Free Internet Security 9• Etc.

** For more info see PC Magazine February 17, 2012

21

Desirable Anti-Virus Characteristics

• Regular Updates• The anti-virus program should update

itself frequently, to ensure it effectively deals with new virus threats

• Background Operations• The product should run in the

background at all times, the system tray, catching viruses as soon as they appear

• Virus Clean-up Help• The program should guide you through

removing viruses

22

23

Spyware & Adware

• Spyware: a program that hides itself and runs on your computer, collecting data about you. Spyware typically targets the websites you’ve visited, your passwords or your credit card numbers. This data is then transmitted to a company or individual on the Internet.

• Adware: a program that hides itself and runs on your computer, showing pop-up advertisements at random times, even when you’re not connected to the Internet.

• Example Anti-Spyware Solutions• Windows Defender• Spybot – Search and Destroy• Norton 360 version 6.0• Etc.

24

Software Updates

• Updates and Patches• Microsoft Windows Operating System

(XP, Vista, Windows 7)• Microsoft Office (Word, Excel,

Powerpoint)• Browser (IE, Firefox, Chrome, etc)• Anti-Virus (Symantec, McAfee)• Adobe Reader• Flash• Sun Java

25

Configure Automatic Updates

26

27

Configure Automatic Updates

28

Configure Automatic Updates

29

Configure Automatic Updates

30

Configure Automatic Updates

31

Firewalls

32

33

Firewall Examples

• Software Based• Microsoft Windows Firewall• McAfee Firewall (part of McAfee security

bundle)

• Hardware• Corporate (Cisco)• Home (Linksys, Netgear, etc)

34

Configuring a Firewall

35

Configuring a Firewall

36

Firewall Blocking

37

Phishing & Other Scams

38

USPS Example

39

Here’s the Real URL

40

LinkedIn Example

41

IRS Example

42

Info on IRS Scam

43

IRS Response

44

Amazon Example

45

Issues in Amazon Email

46

Nigerian 419 Scam Variant

47

Rogueware

48

49

50

Questions?