Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Session October 23, 2006

Similar presentations


Presentation on theme: "Information Security Session October 23, 2006"— Presentation transcript:

1 Information Security Session October 23, 2006
11/24/2018 Information Security Session October 23, 2006 Bill Eaheart Network Security Coordinator DePaul University NIDS with Snort

2 Information Security at DePaul
Who we are Information Services - Business Continuity and Security Group (BCS) Web Site Addresses for BCS team Bill Eaheart - Arlene Yetnikoff – Reporting security incidents 11/24/2018 Information Security

3 Today Provide practical information
General guidelines for secure computing Question and Answer Presentation available on this web page: 11/24/2018 Information Security

4 Truths about computers
Computers (all operating systems) is vulnerable to attacks Connecting a computer to the Internet allows the Internet to connect to your computer Good news – real time access to news, collaboration, information, videos, applications … Bad news – vulnerable to attacks from viruses, worms and individuals 11/24/2018 Information Security

5 Survival Time http://isc.sans.org/survivalhistory.php 11/24/2018
Information Security

6 Types of Attacks Coordinated Opportunistic
Your computer is specifically targeted Opportunistic Software available to conduct: Random scans looking for Windows open file and printer shares Searches for known vulnerabilities and unsecured services Allows individuals to: Exploit vulnerabilities Crack passwords Most attacks for home users are opportunistic Easy steps to avoid opportunistic attacks Coordinated attacks are difficult to stop 11/24/2018 Information Security

7 Typical Day at DePaul Timestamp -- 2006-10-x
Possible External Hosts: unauthorized scans Count Src Addr Port 11/24/2018 Information Security

8 What can we do? Protecting your Computer Using Public Computers
Windows Update Virus and Spyware Protection Use a Host Based Firewall Account and Password Security Microsoft Baseline Security Analyzer Using Public Computers Social Engineering Downloads Peer to Peer Sharing 11/24/2018 Information Security

9 Windows Update Microsoft provides security patches and updates
Check for updates at least once per month Security fixes released on the second Tuesday of each month Manual Update Open Internet Explorer  Windows Automatic Updates makes this easy Start  Control Panel  Automatic Updates DePaul makes it even easier Software Update Services (SUS) server 11/24/2018 Information Security

10 Virus and Spyware Protection
Malware (MALicious softWARE) – designed to make life unhappy (virus, trojan horse) Install Anti-virus software Regularly update anti-virus signatures Available products Commercial McAfee Antivirus - Norton Antivirus - Commercial/Freeware Avast! - AVG – DePaul makes it even easier McAfee Anti-virus and McAfee ePolicy Orchestrator (ePO) Student download - Spyware Gathers information without your knowledge Ad-aware - Spybot Search and Destroy - Spycop - 11/24/2018 Information Security

11 Host Based Firewall Best PC firewalls Windows XP Commercial Products
Track incoming and outgoing traffic Allow you to set up rules Windows XP Internet Connection Firewall (ICF) Inspects incoming traffic only Start  Control Panel  Network Connections  Change Windows Firewall settings Commercial Products Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Norton Personal Firewall BlackIce PC Protection 11/24/2018 Information Security

12 Account and Password Security
All accounts must have strong passwords Weak or no password accounts are an open invitation to hackers If possible do not run your computer as administrator Disable any used accounts Strong passwords Special characters (*!$+) mixed with letters and numbers Mixed upper- and lower-case letters and Punctuation characters Nonsense words that are easy to pronounce but aren't in any dictionary Eight or more characters Use a password sentence or passphrase I need to visit the Kmart at 4:00  My #1 Password! Do not use either of these passwords  11/24/2018 Information Security

13 Microsoft Security Analyzer
Microsoft Baseline Security Analyzer Free, vulnerability assessment tool for the Microsoft platform Download Software Installation Wizard Scan your computer 11/24/2018 Information Security

14 Using Public computers Security
Use caution when using public computers - cannot trust Do not save your logon information Do not leave the computer unattended Erase your tracks Watch for over-the-shoulder snoops Do not enter sensitive information * Wireless Networks Wireless traffic can be captured Man in the middle attacks Should not transmit sensitive data * 11/24/2018 Information Security

15 Social Engineering What is Social Engineering
Collection of techniques used to manipulate people into performing actions or divulging confidential information Social Engineering Attacks By phone, office visits, , web sites, instant messaging, irc … Do not be a victim Be suspicious of unsolicited phone calls, visits or messages Do not provide personal information or organizational information Do not reveal personal or financial information in an and do not respond to solicitations Don’t send sensitive information over the Internet before checking a web sites security Pay attention to web sites – malicious sites look legit If you have any doubts contact the company directly Web Sites 11/24/2018 Information Security

16 References Home Computer Security and Privacy by Patrick Crispen
11/24/2018 Information Security

17 The End! Thank you Any questions weaheart@depaul.edu 11/24/2018
Information Security


Download ppt "Information Security Session October 23, 2006"

Similar presentations


Ads by Google