HackingPhishing

PasswordsSourendu Gupta (TIFR)

Computer security: why?

Hackers with access to your account will break laws and the consequences will be yours.

Break-ins first result in machines being infected and sending millions/billions of messages: closing down the network and causing our system to be black listed.

Intruders may destroy data: scientific, pay roll ... Hackers may launch attacks from your machine

on more sensitive installations: banks, defence

What can you do about hacking?

System administrators all over TIFR are required to safeguard you from hacking.

...but only if you take commonsense precautions: inspect login messages to see your last login date and time, close sessions and log out if you don't plan to use a session again very soon

If you administer your own machine, such as a laptop, ask a system administrator for tips.

Be aware of social hacking tricks like phishing

Varieties of social hacking

Social hacking=confidence tricking to get sensitive information (passwords, PINs, ...)

Identify sensitive information and refuse to give it without checking back face to face or over a channel known to you independently.

Refuse free goodies unless trusted sources have used it for some time: downloads from the net, used memory sticks

Most emergencies are concocted. Check back.

What can you do?

Your passwords are secret. Do not give them away. Legitimate users and system administrators never ask for your password.

Choose strong passwords: explained next Choose a different password for every

application. How do you remember so many passwords? Answer coming up in 2 slides

Log out of every application when you leave a public terminal

What can you do?

Your passwords are secret. Do not give them away. Legitimate users and system administrators never ask for your password.

Choose strong passwords: explained next Choose a different password for every

application. How do you remember so many passwords? Answer coming up in 2 slides

Log out of every application when you leave a public terminal

What is a strong password?

Not silly ones like tifr123 or abcd1234. Don't try to be clever and use the password “password”. Never use personal information: that can always be found out.

Use random combinations of any character that you have on the keyboard: gH5(?/qP

You can use dictionary words, but intersperse them with some odd characters: cA-nuS3e or ;y5OuCa.n

How do you remember passwords?

High tech solution: your browser can remember passwords for you. Then lock the set using a single strong password

High tech solution: use ssh keyrings to store the passwords that you need often. Encrypt this using a single strong password

Low tech solution: use the same security that you use for your money; keep them in your wallet or lock it up in a drawer. But encrypt them before writing them down.

Main points to remember

You are liable for crimes committed in your name: so protect your identity from theft.

In cyberspace protect your passwords. They must be secret, strong and all different. System administrators never ask for your password.

Be suspicious of all attempts to get personal information by email or phone. Check back with legitimate persons immediately.