Irongeek.com Adrian Crenshaw Joseph Hollingsworth.

Slides:



Advertisements
Similar presentations
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Advertisements

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Day Wipe, Recover, Replace, Archives Remote fallback wipe, recover, replace 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Back Up and Recovery Sue Kayton February 2013.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Internet Security In the 21st Century Presented by Daniel Mills.
Security SIG August 19, 2010 Justin C. Klein Keane
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
Security for Seniors SeniorNet Help Desk
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Tim Vander Kooi Systems
Staying Safe Online Keep your Information Secure.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
In the old days... You Your computer. Then came... The Network.
 Physical protection and Simple measures  Passwords  Firewalls  Anti-Virus, Spyware and Malware  Web browsers   Patches  Wireless  Encryption.
Don’t Get Taken Judicial Information Technology Office Protecting yourself from scams, malware, and phishing.
Network Operating Systems versus Operating Systems Computer Networks.
Backing up, Updates, and New Installs… Oh My!. How often do you hear… “Everybody needs to make sure and back up their files.” But what does that really.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Module 6: Designing Security for Network Hosts
INTERNET SAFETY FOR KIDS
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Cosc 4750 Backups Why Backup? In case of failure In case of loss of files –User and system files Because you will regret it, if you don’t. –DUMB = Disasters.
HalFILE 2.1 Network Protection & Disaster Recovery.
KTAC Security Task Force Superintendents Update April 23, 2015.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
Society & Computers PowerPoint
Security SIG August 19, 2010 Justin C. Klein Keane
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Cloud Computing 10 Cloud Computing 10. Cloud Computing 10 You’ll have heard about the ‘Cloud’ Lots of you will use it! But you need to be clear about.
Online Data Storage Companies MY Docs Online. Comparison Name Personal Edition Enterprise Edition Transcription Edition Price $9.95 monthly rate $4.99.
Your data, protected and under control wherever they go SealPath Enterprise – IRM
Windows Vista Configuration MCTS : Network Security.
WHAT IS CLOUD COMPUTING? Pierce County Library System.
Library IT - Security and Remote Access
Joseph J. Malone Security for Seniors Joseph J. Malone
Methods of Securing Data in Windows Networks
Security Awareness: Asking the Right Questions to Protect Information
Unit 4 IT Security.
Grades4sure PDF Dumps CompTIA Security + Certification Exam
46elks Add-In for Microsoft Office 365 Excel Makes it Easy to Add SMS and Voice to Any Website or App – Just Install, Select Numbers, and Hit Send OFFICE.
OWASP CONSUMER TOP TEN SAFE WEB HABITS
Your Computer Wants To Ruin Your Life
Backup your Data © EIT, Author Gay Robertson, 2017.
Education – Partnership – Solutions
Things To Avoid: 1-Never your password to anyone.
Determined Human Adversaries: Mitigations
Cybersecurity Strategy
Bethesda Cybersecurity Club
BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Information Security Awareness
Chapter 3: Protecting Your Data and Privacy
Implementing Client Security on Windows 2000 and Windows XP Level 150
Securing Windows 7 Lesson 10.
Online software and backups
Module 3 Using Linux.
Determined Human Adversaries: Mitigations
Presentation transcript:

Irongeek.com Adrian Crenshaw Joseph Hollingsworth

Irongeek.com Joe  Professor at Indiana University Southeast  Computer Science & Informatics departments  Director of professional development for faculty Adrian  Runs Irongeek.com  Has an interest in InfoSec education  (ir)Regular on the ISDPodcast

Irongeek.com  Given only 25 minutes, tell us what a small business could do to help their security posture?  You can expect a lot of “buts” and “except fors” because that’s the nature of the business.

Irongeek.com The CIA Triad  Confidentiality  Who needs to know it?  Integrity  Has anyone changed it?  Availability  Can the people that need to access it, get to it? Confidentiality Integrity Availability Stuff that will ring your bell security wise

Irongeek.com  Not cool or sexy, but important  How often? Daily, Weekly, Monthly?  Offsite storage! Why?  Check to make sure you can restore from the backup  What to use? Tape, another box, cloud?  Not sure of a “cloud” provider to recommend, but check the provider’s:  Privacy Policy  Liability for lost data

Irongeek.com  Don't run as admin on your own machine  This somewhat mitigates what malware can do on a system  File shares with too open a permissions set?  Lots of Windows software is badly designed to require more rights than it needs  Tools to help with this include  ProcMon  RegFrom App  ProcessActivityView

Irongeek.com  Always unique is best, but…  Levels and domains  Different passwords for different purposes (financial, social network, etc.)  Users sharing a password?  Pass phrases  More secure and easier to remember  Do you store passwords in apps where others can access them?  Password Vaults  KeyPass -

Irongeek.com  Microsoft  Remember patch Tuesday and keep it holy  Somewhat automated  May want to do testing first  Windows Server Update Services  Linux  apt-get is lovely for package management, but hand installed web apps are a pain  3rd Party  Adobe auto updating?  Shavlik NetChk  GFI Languard  Secunia PSI/CSI

Irongeek.com  Not a magic bullet  If the malware is custom, you are out of luck  Should help against wide spread common malware  Concentrate on user awareness, patches, and least privilege  Some suggestions:  Microsoft Security Essentials  AVG  Malware Bytes

Irongeek.com  Do you have a perimeter (hint not totally)  Sites and browser issues  WiFi – (decreasing levels of protection)  WPA Enterprise > WPA > WEP > Open  Forget about MAC filtering and SSID cloaking  VPN  Built into Windows  DD-WRT  OpenVPN

Irongeek.com  What if someone gets access to the physical storage of your data?  For  Public and private keys  GPG  For hard drives/data  Truecrypt

Irongeek.com  Only hardware that goes public:  Donations  Trashed  Stolen  Format may not remove as much as you think  Data carving  File and Drive wiping  Secure Erase  DBAN

Irongeek.com  Louisville Infosec Sept 29th  DerbyCon 2011, Louisville Ky Sept 30 - Oct 2

Irongeek.com 42