Security Awareness Our security depends on you

What IT Security Protects ECU Campus network and everything attached to it Information –personal data –patient/student records and billing –payroll –research –

IT Security Affects You We all share the same network and networked resources We all share responsibility for security If the network goes down, nobody can access , Internet, Purchase Order system, patient records and billing, secured areas, VOIP devices (telephones), etc.

Security Fallacies We have antivirus software, so we’re secure. We have a firewall, so we’re secure. Most security threats come from outside. I don’t care about security because I backup my data daily. Responsibility for security rests with IT Security staff.

Security Assessment Open ports and mail relays Software patches Weak passwords We do not scan your personal data If we detect weaknesses, we do not exploit them We report weaknesses to you for your benefit

Security Policies Continuous cooperative effort between IT Security staff and all users Develop, implement, and enforce effective security policies and procedures Provide maximal security with minimal inconvenience to users

IT Security Components Firewalls Intrusion Detection Systems Antivirus software Updated OS and apps Continual education for staff and users User cooperation and compliance –most critical component –most difficult to achieve

Security Threats Malware—viruses, worms, trojans, etc. Security patches not applied Hacking and network scanning Social engineering Chat and Instant Messaging software Weak passwords Ignorance, carelessness, and…

File Sharing Software Kazaa, eDonkey, Morpheus, etc. Contains trojans and spyware Advertises your computer on Internet Hogs shared network capacity Sharing copyrighted material—music, video, or data—violates federal law Violators referred to appropriate authorities

Hacking Steps Reconnaissance –high tech: network port scans –mid tech: impersonation, phone calls, phishing –low tech: dumpster diving Identification Coordination Exploitation

What You Can Do Use/update antivirus software Patch OS and apps Use strong passwords Use prudently Don’t use chat or IM software Don’t use P2P file sharing software Don’t use personal firewalls

Campus Antivirus Policy All networked Windows and Macintosh computers must run AV software Site license for Symantec Antivirus –free copy for every Windows or Macintosh computer on campus –free copy to load on your home computer Infected computers removed from the network until cleaned

Free Antivirus Software Sources for antivirus software: –ITCS installs on campus computers –CD-ROMs available in Austin 208 –Download from ITCS website Instructions on ITCS web page: –go to Software, Software Documentation –get, install, configure, use, update

Use Antivirus Software Always use the latest version Update definitions daily, before retrieving Scan all files weekly Beware of virus hoaxes Campus computer infected? –notify IT Support Services at –notify your coworkers

Patch Your Software Windows Update website –critical updates for OS –Start menu, Windows Update Microsoft Office Update website –link on Windows Update web page Microsoft Baseline Security Analyzer –checks for security flaws –analyzes OS, IE, Office, IIS, SQL

Windows Update Go to Start, Windows Update (Win2k and XP) Three update types –Critical: Apply all of these. –Windows: Apply those marked “recommended” and avoid the others. –Drivers: Don’t apply these. Get them from your hardware vendor.

Office Update Linked from the Windows Update web page Find link at top of WU page Apply all updates for English versions of Office Avoid updates for foreign language versions

Baseline Security Analyzer Free download from Microsoft Checks OS, Office, IE, IIS, SQL Direct links to missing hotfixes Updates every time you run it Additional security advice

Passwords At least 8 characters long, including: –at least one letter –at least one number –at least one special character (e.g., #, ?, >) –no repeated characters Make it obscure. Keep it secret. When in doubt, change it NOW 90-day expiration

Exchange Never open attachments –save the attachment to your hard drive –scan the attachment with SAV Don’t spam other users –spam is electronic junk mail –if you wouldn’t want to receive it, don’t send it Don’t use other programs on campus: AOL, Yahoo, Hotmail, etc.

Personal Firewalls Designed to work on stand-alone home computers, not complex networks No centralized management Interfere with antivirus software Interfere with network management Not supported by ITCS

Use Common Sense Be suspicious—don’t believe unknown visitors or phone calls Use your locks—door and computer Going home? Turn off your computer! Don’t reveal your password to anybody Don’t reveal confidential information Don’t install unauthorized software If you’ve been hacked, change all your passwords

Problems and Questions? Don’t call individual ITCS employees Call IT Support Services at –single point of contact –all calls forwarded to appropriate consultant Open a Service Request – –go to Client Services section

Questions?