Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Email and Web Browsing Sébastien Dellabella – Computer Security Team.

Published byDominic Berry Modified over 10 years ago

Similar presentations

Presentation on theme: "Secure Email and Web Browsing Sébastien Dellabella – Computer Security Team."— Presentation transcript:

1 Secure Email and Web Browsing Sébastien Dellabella – Computer Security Team

2 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 2 Overview Main attack types Consequences of a successful attack Survival guide on the wild Internet Understanding the details Examples

3 Main attacks types

4 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 4 Main attacks types Social Engineering Someone calls you and asks you for personal information Someone lost an USB Stick and you found it. Password Phishing Forged mail Tabnabbing. NEW! Malicious Program wish to run as admin The program asks you for permission to run…dont allow it! Vulnerability Exploits Visiting a website, opening an attachment, connecting a USB stick, its enough to be exploited. Using a compromised computer You dont know it, but everything you type is recorded. User interaction needed User Interaction NOT needed Understanding the attack makes it ineffective

5 Consequences of Attacks

6 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 6 Consequences of Attacks Computer remotely controlled to: Send SPAM Infect other machines on the local network Host illegal or copyrighted data (software, movies, porn, banking data, private data) Relay illegal connections Computer used for criminal purpose: Loss of confidential work Money extortion (private data encryption) Join BotNet to attack other systems on the Internet (DoS)

7 Survival Guide

8 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 8 Survival Guide (1/2) User awareness No credentials (login/password) over email No same password for different place/software/service (CERN email, MSN, private email account, banking, Facebook, etc.) No clicking on links sent by your online contacts before confirmation (mail, phone call, etc.) No use of untrusted media (USB stick you found in the street, CD, DVD or hard-drive your friend gave to you) No use of Internet randomly downloaded software (how can you trust them?) No forwarding of unverified information to your contacts. Check [ http://www.hoaxbuster.com ] or [ http://www.scambusters.org ] http://www.hoaxbuster.com http://www.scambusters.org Read before you click and If you have any doubt, dont click

9 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 9 Survival Guide (2/2) Work without Administrator rights Standard on Windows VISTA, Windows 7, MAC, Linux Use NICE Admin on Windows XP Up-to-date OS and software Average survival time of a machine on the Internet is: 4min [http://www.dshield.org/survivaltime.html]http://www.dshield.org/survivaltime.html CMF updates at CERN Windows Update at home Antivirus with latest pattern files Install CERN Antivirus at home, its FREE for CERN users ! [https://cern.ch/win/Help/?kbid=051092]https://cern.ch/win/Help/?kbid=051092

10 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 10 Why you cant trust messages you receive By E-mail By Instant Messenger (MSN, Skype, ICQ, etc.) By contacts on social networking website (Facebook, etc.) What is the URL? URL (Uniform Resource Locator) is an internet address What you see is NOT always what you get! Understanding the details

11 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 11 Understanding the details What links to www.ebay.com ? http://secure-ebay.com http://www.ebay.com\cgi-bin\login?ds=1%204324@%31%33%37 %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d http://www.eba.com/ws/eBayISAPI.dll?SignIn http://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo&siteid=0& co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default This IS Not EVEN obvious FOR professionals !

12 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 12 Understanding the details Internet Browser improvements New heuristics & enhanced telemetry Anti-Malware support

13 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 13 Understanding the details In Private Browsing Available on Internet Explorer 8 and Firefox: lets you control whether or not the browser saves your browsing history, cookies, and other data Internet Explorer: Safety -> In Private Browsing Firefox: Tools -> Start Private Browsing

14 Examples

15 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 15 Examples Phishing (1/3)

16 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 16 Examples Phishing (2/3)

17 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 17 Examples Phishing (3/3)

18 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 18 Examples Tabnabbing

19 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 19 Examples Untrusted software: Scareware

20 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 20 Summary User awareness No credentials (login/password) over email No same password for different place/software/service No clicking on links sent by your contacts before confirmation. No use of untrusted media (USB stick, CD, DVD, Hard-drive) No use of Internet randomly downloaded software No forwarding of unverified information to your contacts Read before you click and If you have any doubt, dont click Up-to-date OS, Antivirus and software Work without Administrator rights Standard on Windows VISTA, Windows 7, Mac OS, Linux Use NICE Admin on XP SEC_RITY is not complete without U ! The Security Team is ready to help you: computer.security@cern.chcomputer.security@cern.ch

21 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 21 Q&A

22 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 22 Resources CERN Computer Security web site http://cern.ch/security CERN Antivirus Help Section https://cern.ch/win/Help/?fdid=13 NICE Services – How to install Antivirus at home? https://cern.ch/win/Help/?kbid=051050 CERN Security – Advice on SPAM http://cern.ch/security/recommendations/en/bad_mails.shtml NICE Services – Spam fighting configuration https://cern.ch/mmm/Help/?kbid=101030

23 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 Computer.Security@cern.ch Computer Security Day slide 23

Download ppt "Secure Email and Web Browsing Sébastien Dellabella – Computer Security Team."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 2 Getting Started.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 2 Getting Started.
Slide 1 FastFacts Feature Presentation October 24, 2013 To dial in, use this phone number and participant code… Phone number: 888-651-5908 Participant.

Slide 1 FastFacts Feature Presentation October 24, 2013 To dial in, use this phone number and participant code… Phone number: Participant.
Slide 1 FastFacts Feature Presentation September 21, 2010 We are using audio during this session, so please dial in to our conference line… Phone number:

Slide 1 FastFacts Feature Presentation September 21, 2010 We are using audio during this session, so please dial in to our conference line… Phone number:
Online Privacy A Module of the CYC Course – Personal Security 8-9-10.

Online Privacy A Module of the CYC Course – Personal Security
1 Advanced E-mail with GMail A CYC Electives Module 10-15-10.

1 Advanced with GMail A CYC Electives Module
DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.

DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,

4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Services Course Office Web Apps Participant Guide.

Services Course Office Web Apps Participant Guide.
Computer Security: Best Practices for Home Computing Presented by Student Help Desk Merced Community College.

Computer Security: Best Practices for Home Computing Presented by Student Help Desk Merced Community College.
Phishing, what you should know L kout Initiative.

Phishing, what you should know L kout Initiative.
Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.

Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
© John Wallace 2013 1 Mobile and Online Banking Security John Wallace Consultant, Resources Global Professionals.

© John Wallace Mobile and Online Banking Security John Wallace Consultant, Resources Global Professionals.
LFCDS SkyMail & SkyDrive Full Student Orientation 2011-04-11.

LFCDS SkyMail & SkyDrive Full Student Orientation
OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing Technology & Assessment Coordinator Training.

OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing Technology & Assessment Coordinator Training.
OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing In-Depth Technology Training January 13,

OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing In-Depth Technology Training January 13,

Similar presentations

Ads by Google