Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Not to Have Your Research Stolen or Corrupted

Published byCathleen Gilbert Modified over 6 years ago

Similar presentations

Presentation on theme: "How Not to Have Your Research Stolen or Corrupted"— Presentation transcript:

1 How Not to Have Your Research Stolen or Corrupted
Security Best Practices and Resources at Brandeis Melanie Radik Brandeis Library Brandeis University October 2017 Our goal today is to introduce you to some best practices, tools, and services available to you at Brandeis, and some strategies you can use to make sure you’re not one of the half dozen or so researchers every year who lose some or all of their data to a hacker or virus corruption.

2 Best Practice Overview
Everyone strong passwords password protect all devices secure wireless update software and OS antivirus manage permissions for networked files physically secure all devices Advanced encryption electronic signatures watermarking firewalls intrusion detection software Everyone, every single user of an electronic device or researcher recording data, should do the things in the everyone column. They are simple to implement (or may be automated) and if you have run into issues setting any of these up the Tech Help Desk can help you troubleshoot. Researchers working with sensitive data, particularly personally identifiable data and data which falls under HIPAA, should look into advanced levels of security for their data. When thinking about security, there may be laws that dictate what you must do, particularly if you are using HIPAA or other personally identifiable data. You may wish to protect your data against a competitor trying to scoop your results. And everyone should be on guard against hackers who might steal or destroy your data just for fun.

3 Creating Passphrases Passphrase requirements Protect all devices
length variety of characters change it regularly Protect all devices laptop or desktop tablet phone USB drive The length of passphrases here at Brandeis was dictated by the latest information on hacking technology. We don’t do it to be mean. Use of a phrase that is meaningful only to you is often a good way to generate a unique password that is easily remembered. Adding punctuation such as commas and semicolons within the phrase can further strengthen the pass phrase. You could make it a line from you favorite song, book, or poem. You could make it something about Brandeis. You could make it a string of nonsense that makes you smile. Ideally, don’t save any passwords or important info in those auto-fill fields on your computer. Don’t stay logged in if you step away from your computer. If you really need to write down your passwords, save that file in a password-protected place; maybe your Brandeis Box account. If it’s written on paper, store it in a locked file cabinet.

4 Managing Passphrases Use different ones for each account
banking vs. social media vs. , etc. isolates hacking breach allows for easier site-based creation Secure your passphrase list don’t write it down unless kept locked up don’t use browser auto-fill Lastpass or KeePass More on passphrases in Brandeis Knowledge Base (KB) You can take thinking about passwords beyond Brandeis. Think about the password you use on your banking or credit card site. Is it the same as the one on your , Facebook, Amazon, or other social media and accounts? If so, that means that someone just has to hack one of those to get at everything, and each of those sites fends off millions of attacks a day. But who can remember dozens of passwords? We recommend coming up with a system for creating passwords. Maybe you base it on the name of the site. You’re on Amazon: maybe your password could be ‘rain_forest_river,’ with the appropriate capitalizations and number and symbol substitutions to meet the requirements. Or maybe all of your passwords are song lyrics from your favorite band. What song does shopping on Amazon make you think of? If you know that all of your passwords come from the same band, it gives you a starting place and makes it much easier to remember. Ideally, don’t save any passwords or important info in those auto-fill fields on your computer. Don’t stay logged in if you step away from your computer. If you really need to write down your passwords, save that file in a password-protected place; maybe your Brandeis Box account. If it’s written on paper, store it in a locked file cabinet. Passwords may be created by a password manager. A password manager is software that securely stores passwords. Most of these store your password in the 'cloud' and provide a way for you to access your passwords from anywhere. Typically you'll use one super strong password or passphrase to access all your others. The two that we recommend are Lastpass and KeePass. Lastpass is cloud based and comes with a plugin for your web browser. It'll securely store your passwords (even generating them for you), fill in login forms for you, and can even evaluate all your passwords telling you which ones are weak and should be changed. KeePass is a small program that stores your passwords (again, securely!) in a small file you can store almost anywhere. Both are free. Lastpass has a fee based version as well which includes a mobile app. KeePass has iOS and Android versions (Mini KeePass and KeePassDroid, respectively) which can read the same database file. You will need to manually sync devices, though. Whatever you use, a password manager will make your life easier - but spend a few minutes getting used to it before racing off and changing all your passwords. Please note: Lastpass is browser based. This means that it can't be used to log into your workstation or laptop.

5 Secure Wireless Wireless on campus Wireless off campus
secure = eduroam not secure = brandeis_guest, brandeis_open Wireless off campus password protect home wireless Pulse Secure VPN: more details in KB Wormhole, wormhole.brandeis.edu: more details in KB Remote Desktop setup details available in KB Eduroam or Junos Pulse secure connections are very important to protect all of the sensitive things that travel over the wireless connection, from you send to the licensed software you download. Brandeis does maintain other wireless networks, such as brandeis_open and brandeis_guest. We maintain them for the convenience of visitors who don’t have eduroam accounts and they are unsecured (a.k.a., open) wireless connections. Anyone who cares to can see exactly what is sent over these connections. Junos Pulse is a standalone program that allows you to connect to a "Virtual Private Network," or VPN without using your web browser. Brandeis currently supports Junos Pulse for Mac and Windows computers. Wormhole is Brandeis's portal to the VPN. This is a tool that allows you to securely access resources on the Brandeis network when you are off campus. With Wormhole, you can connect to your UNet filespace, the files.brandeis.edu fileserver, browse websites that are restricted to campus such as BUSS, and even connect to your office computer from home. All communication using Wormhole is securely encrypted between your computer off campus and the VPN gateway at Brandeis. Wormhole is not available to alumni.

6 Keep Things Up-To-Date
Things to update Operating systems on all devices Installed software and plug-ins home wireless router Routines to implement when a program asks to update, let it shut down your computer and programs on a regular basis uninstall programs you no longer use Tech Help Desk is available to help troubleshoot XKCD created by Randall Munroe Every program on your computer will ask to update eventually, from Adobe to Firefox to your operating system (OS). Many of these updates are to fix a reported vulnerability that a hacker can use to infect your computer. You can either set your programs to notify you for permission to update, schedule a regular time of day to check for updates, allow it to check only at startup, update automatically, or any variation. You might want to set your OS to update automatically but make Firefox and Adobe only update on startup. If you have have issues setting things up the Tech Help Desk can help you troubleshoot.

7 Malware Protection Antivirus software
Symantec Endpoint Protection (SEP) More info in KB Download from: brandeis.onthehub.com Malwarebytes More info in KB Premium licensed for university-owned computers personal computers eligible for discounted Premium or download free version at AdBlock Plus available free, More on malware and anti-virus tools in KB Antivirus programs run on your computer and check your files for anything that looks suspicious. This could be a virus, worm, rootkit, or any number of other harmful pieces of code. Ideally, the antivirus program will be able to identify and delete anything harmful from your system. It’s best to have one program running in the background all the time, to spot new threats in real time. Best practice is to also run a second antivirus program periodically, as different programs will have different strengths and may identify different things. The Tech Help Desk can assist you with installing and setting up antivirus programs. Ad blockers on web browsers are also useful tools in protecting your computer from harmful viruses. Basically, whenever an ad shows on a page, there is an opportunity to download something to your computer without you even noticing. Even though things downloaded from filesharing sites are still the most likely vector for an infection, just browsing the Internet leaves your computer vulnerable to attack. Adblock Plus and other browser plugins stop the ads from even loading. Most importantly, if you notice your computer acting funny (e.g. slow, popups, weird error messages) please bring it to the Tech Help Desk as soon as you can. Viruses get worse and more entrenched the longer they are on your system. Too long and they may corrupt your files and destroy your data. The Tech Help Desk can run additional antivirus scanners and other tools to clean it up, but the sooner you get it to them the easier and faster it will be.

8 Who Has Access? Manage permissions Physical security
Google Apps (Drive, Sites, etc.) Brandeis Box Brandeis networked drives User accounts on devices Physical security Who has the key? Rooms locked or devices cable locked? (Both!) Mobile devices require extra care User IDs and passwords should be assigned to one person and one person only. Role-specific access levels to data can then be assigned. Just like you can hide things on Facebook, set posts to only be seen by specific people, Google Drive, Box, and Brandeis file shares can be set up with role-based permissions at the folder and file levels. One user can be given permission to view files while another can be given editing privileges. Within a single folder, I can share a document with the world, while only sharing another file with specific coworkers, and allow my co-worker to edit one file but not the other. Google sites can be set to show one thing to the public, and something else to users with permission to login. Networked drives can give permission to everyone in a department, everyone in a research group, or just to a single person (default for your UNET Home Space). Computers can also have different levels of permissions assigned to different user accounts. If you use a shared computer in your research group, best practice is to have user accounts for each researcher. Security starts at the physical level. Make sure that office doors are locked when you leave. Cable locks can secure laptops to furniture. Locking lugs prevent theft of hard drives from desktops. Set a time out for your desktop so that the screen locks and will not allow anyone access unless the password is re-entered. Mobile devices cannot be protected by the same means as hardwired devices. At present, tablets and smartphones lack the protection provided by antivirus programs and firewalls. The greatest hazard to tablets and smart phone security is loss or theft of the device itself. Don’t just walk away from your device, even in a relatively secure location. It is important to set a password for your device. Make sure a PIN is required to access your home screen. Run the latest version of your OS and be sure all patches are applied. Limit the amount of sensitive data you store on your device. Turn off Wi-Fi and Bluetooth if you are not using them. When you do use Wi-Fi, try to be sure you are on an encrypted network requiring a password. Download apps from reputable or official app stores.

9 Mandated Security for Data
Official policies dictate the security you must provide for Personally Identifiable Information (PII) Brandeis policy on PII Massachusetts regulations HIPPAA (federal) data concerning National Security (DOD research) Trade Secrets, Patents, Copyright, Licensing The IRB board oversees research compliance with security as part of its approval process. Some people need to store personally identifiable information or other sensitive information on their computers (e.g. professors and TAs have students’ grades, a researcher may have SSNs of subjects in a research study, etc.). HIPAA data in particular has stringent requirements for security which are regulated by federal law. Other federal and state regulations may apply. Campus staff who deal with such data (e.g. registrar, bursar, human resources, etc.) are subject to the training and requirements of the Information Security Plan. For researchers on campus, the IRB board oversees compliance with security as part of its approval process. Please investigate the legal requirements to securing your research data and other sensitive information. In one extreme case here on campus, the analysis step of the research is conducted on a computer with no wireless card, no access to the internet whatsoever, and only one authorized user. You can consult with the IT Security office for assistance in determining necessary actions. The Tech Help Desk or Research Technology group can help with implementing measures.

10 High-Security Storage
Network Shares data encryption while data is at rest or in transit access allowed only on Brandeis secure network or through approved VPN robust permissions management Brandeis Box support for WebDAV and FTPS apps for mobile devices In order to comply with the security requirements you must have on sensitive data, in addition to implementing the security measures mentioned so far, you may require a higher level of security on your data storage than Google Drive can provide. The network shares provided by Brandeis and the Brandeis institutional Box accounts provide the highest level of security for remote storage. Box is the recommended storage location for HIPAA data. For research of the most sensitive nature, you may want to employ one or more of the following advanced security techniques. Not all of these are officially supported by Brandeis, which means that the folks at the Tech Help Desk will not have had training on these tools. They may be willing to help troubleshoot anyway but these security measures are really intended for tech-savvy researchers.

11 Encryption Protects information by encoding the data in an unreadable format, which can be decoded with a key. Full Disk Encryption Bitlocker - Windows TruCrypt - Windows, Mac, or Linux Folder-Specific Encryption FileVault - Mac Encrypted File System (EFS) - Windows WinZip Encryption is coding information so that it cannot be read or deciphered unless someone has the decoding key. Encryption can be used for data in transit (being moved across the network) or data at rest in a storage medium. Brandeis Tech Services recommends and can support these programs, which are freely available by operating system.

12 Electronic Signatures
A digital signature typically consists of three algorithms; A key generation algorithm outputs the private key and a corresponding public key. A signing algorithm that, given a message and a private key, produces a signature. A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity. Public Key Encryption can be used on , PDFs, Word docs, any electronically generated document. A digital signature (standard electronic signature) seals documents by providing evidence of the user’s identity and the data integrity, and authenticity of the document. Changes made to a document after it has been signed in this manner invalidate the signature thereby protecting the document from information tampering. Two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature. Brandeis does not officially endorse any specific Electronic Signature program or protocol.

13 Watermarking Embeds a digital marker for authorship in ‘noisy’ files; audio, video, graphic images (usually not text files) Only perceptible under certain conditions, i.e. after using some algorithm, and imperceptible otherwise Can raise an alert if alterations made to original file Can be used in distribution of works to track source Example of commercially available tool: Digimarc Watermarking embeds a digital marker for authorship verification and can alert someone of alterations made to data files. It is most often used with media and images. Watermarking software exists for tampering detections and to embed metadata. Brandeis does not officially endorse any specific Watermarking program or protocol.

14 Firewalls Monitor network traffic Software-based Hardware-based
block hackers block viruses and malware Software-based Windows, Mac, Linux all have built-in settings Hardware-based home router Remote Desktop Access involves adjusting firewalls check out Remote Desktop Access best practices at Brandeis consult the Tech Help Desk with any problems The function of a firewall is to block unwanted network traffic from reaching your computer or server. By limiting network traffic that is not “allowed” you reduce the threat of malevolent intrusion. By limiting unwanted network traffic you limit the potential infections or malware. Firewalls can be both software-based and hardware-based. Windows, Linux, and Mac OS include software-based firewalls as OS defaults, which can be modified. The simplest form of hardware–based firewall is your typical home router. Setting up Remote Desktop Access involves adjusting the firewall settings on your computers. Please be aware of these best practices around Remote Desktop Access and consult the Tech help Desk with any problems.

15 Intrusion Detection Systems
Brandeis maintains a Network Intrusion Detection System (NIDS) Host-based Intrusion Detection Systems (HIDS) Snort OSSEC OSSIM While a firewall functions to block unwanted traffic while permitting legitimate communications, intrusion detection software detects and alerts administrators about intrusion attempts. It does not block these attempts. Whereas a firewall can be thought of as a security guard that stops unwanted traffic, intrusion detection software is more of a surveillance camera that show you an intrusion in progress. The lines between anti-virus and intrusion-detection software have gotten blurred as anti-virus programs became more sophisticated and aggressive. While anti-virus programs often monitor system state, they also spend a lot of their time looking at who is doing what inside a computer - and whether a given program should or should not have access to particular system resources. Intrusion detection systems analyze processes, changes and connections in order to spot activity that indicates foul play. Brandeis does not officially endorse any specific Intrusion Detection program or protocol.

Download ppt "How Not to Have Your Research Stolen or Corrupted"

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.

Similar presentations

Ads by Google