Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security H Riggert Modified Topics: Basic Security & security tips

Published byمحمدجواد وثاق Modified over 6 years ago

Similar presentations

Presentation on theme: "Security H Riggert Modified Topics: Basic Security & security tips"— Presentation transcript:

1 Security H Riggert Modified Topics: Basic Security & security tips
Firewalls Anti-virus Passwords Malware: Phishing & Ransomware And specific malware Prevention H Riggert Modified 2018 TCS SMT Training - KC

2 Security in Tax-Aide Unintentional disclosure of private information continues to rise The security of taxpayer accounts and personal information is a top priority for the AARP Foundation Tax-Aide program. It is the Program’s responsibility as an Authorized IRS e-file Provider to have security systems in place to prevent unauthorized access to taxpayer accounts and personal information by third parties -Major data breaches over the last few years (IRS fafsa/ Gmail/Docusign/bluecross-blue shield(80)/Equifax(143), the SEC, FedEx, Aetna) {tech crunch} -Identity theft: According to Javelin Strategy, the number of identity theft victims in the US rose to 16.7 million in The cost of all of that lost data amounts to over nearly $17 billion. ... The security firm found that over 1 million children were ID theft victims in 2017. 2018 TCS SMT Training - KC

3 Security in Tax-Aide For victims of identity theft, consequences can last for years; causing financial problems, credit issues, benefit losses, and legal problems. Cost to the AARP Foundation Tax-Aide program reputation and the good work that you all do. Protecting the organization and the volunteer are top priorities Data collected at sites is perfect for identity thieves 2018 TCS SMT Training - KC

4 A firewall is a system designed to prevent unauthorized access to or from a private computer network
A firewall will not protect you from viruses and other malware. ... If you want to truly protect your computer from potential threats, have a firewall and antivirus program installed on your computer Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems. Antivirus software usually performs these basic functions: Scanning directories or specific files for known malicious patterns indicating the presence of malicious software; Allowing users to schedule scans so they run automatically; Allowing users to initiate new scans at any time; and Removing any malicious software it detects. Some antivirus software programs do this automatically in the background, while others notify users of infections and ask them if they want to clean the files. 2018 TCS SMT Training - KC

5 Other Security Topics There is more on the importance of security, Windows updates, passwords on computers and TaxSlayer, document storage, phishing, malware, ransomware, and recent security attacks, but I am not covering those now. These discussions are in the SMT version of the Security Presentation: “2018 SMT TCS Training Security.pptx” But remember that “compliance is not security” 2018 TCS SMT Training - KC

6 Requirements for routers
Routers should have following capabilities: Provide a consistent, reliable and predictable solution that is affordable 802.11n standard WPA2 Security Mode with AES encryption WISP (Wireless Internet Service Provider) capability to use public WiFi Ability to set LAN IP address Ability to set range of dynamic addresses for computers Firmware updated during the calendar year of the tax year 2018 SMT/TCS Training - Kansas City

7 NTC-supported routers (1)
For Wired connection to the site, 2.4 GHz WiFi Netgear WNR2020 For Wired connection to the site, 2.4 GHz & 5GHz WiFi Netgear WNDR3400 For 2.4GHz WISP and 2.4GHz WiFi TPLink TP-WR802n, TP-WR810n, Netgear WNR  GWU627 For 2.4GHz WISP and 2.4GHz & 5GHz WiFi Netgear WNDR GWU627 2018 SMT/TCS Training - Kansas City

8 NTC-supported routers (2)
For wired or 2.4GHz or 5GHz WISP and 2.4GHz & 5GHz WiFi + Captive Portal Edimax BR-6208AC V2 For wired or 2.4GHz or 5GHz WISP and 2.4GHz & 5GHz WiFi + Captive Portal Edimax BR-6478AC V2 NOTE! Some of the above do not meet router requirements with firmware versions of 2017 or earlier. 2018 SMT/TCS Training - Kansas City

9 Routers are to be checked for the VPNFilter malware
Run the Symantec tool to verify if the router is infected with the VPNFilter malware. Submit a ticket through OneSupport with the model/make information if the router is infected. Any router that can not be updated with firmware should not be used. A list of Not Recommended routers is on the Portal/Libraries/Technology New routers may be purchased with the permission of the RC/SC. 2018 SMT/TCS Training - Kansas City

10 Setup documents to be available on OneSupport (1)
Printers HP P1102w HP Pro M102w Client Devices IOGEAR GWU627 TP-Link WR802n in client mode Routers Netis WEF2411 TP-Link WR802n TP-Link WR810n Netgear WNR2020 Netgear WNDR3400 Edimax BR-6208AC V2 Edimax BR-6478AC V2 2018 SMT/TCS Training - Kansas City

11 Net Agent Reports WiFi Data
Net Agent Data is available for 80 Sites. Sites which use IRS computers do not have the Net Agent software on their computers Data includes: #Connections to network, # Connections through secure WiFi, # Connections through insecure WiFi, and # Connections wired to the network. 2018 TCS SMT Training - KC

12 Net Agent Reports WiFi Data
4632 Total Connections, 3941 secure WiFi, 418 insecure WiFi = 9% insecure. Sites with insecure Connections: 1368 Total, 838 Secure, 418 Insecure = 31% insecure. Sites with > 30% Insecure: 574 Total, 180 Secure, 377 Insecure = 66% insecure. Sites with > 90% Insecure: 216 Total, 6 Secure, 210 Insecure = 97% insecure. There are 8 Sites in this category. 2018 TCS SMT Training - KC

13 Security Policy Info Read the following Sections of the Policy Manual
Section 8: Confidentiality and Security of Taxpayer Data It is divided into four sections Data Security Physical Security Reporting a loss Section 9: E-Filing of Tax Returns Section 14: Equipment and Records Management Section 15: Obtaining Equipment and Consumables 2018 TCS SMT Training - KC

14 Preventing Phishing Attacks
Consistent software updates Continuous User Education & Exercise Filter Suspicious Attachments Filter on Malicious URLs Continually Promote good credential behavior (2FA:two factor authentication & diverse passwords) Report personal attacks to U.S. Federal Trade Commission (FTC) Compliant Assistant form. How to Prevent Phishing Attacks The following suggestions are designed to prevent and disarm phishing attacks from succeeding: Continuous User Education and Exercise Transform all users (from the CEO on down) into one of your best assets in the fight against phishing attacks. Involve users in periodic security awareness training and education (as well as re-education) on how to identify and avoid phishing scams, complemented with regular, unannounced phishing “exercises” to reinforce and apply what they’ve learned. This will ensure users have up-to-date awareness on the latest phishing attacks and actually do what they should when they come across one. Filter Suspicious Attachments Remove and quarantine incoming attachments known to be utilized in malicious ways before they reach your users. Filter on Malicious URLs Quarantine messages that contain malicious URLs. Similarly, make sure to safely resolve any URLs from link shorteners (e.g. bit.ly, goo.gl, etc.) to ensure they don’t resolve to malicious URLs. In an attempt to bypass filters, some attackers will send a phishing message that contains no text in the body and one large picture (in which the picture itself contains text, which will be ignored by some filter technology). Newer “character recognition”-based filter technology can detect these messages and filter on them. Promote Good Credential Behavior Use multifactor authentication – One of the most valuable pieces of information attackers seek are user credentials Disallow weak passwords. Enforce recurring password changes for users. If your users are currently only using a single level of authentication, consider moving them to a two-step verification (2SV) or two-factor authentication (2FA; even better than 2SV) solution. Hover over links to see the web address Report personal attacks to U.S. Federal Trade Commission (FTC) Compliant Assistant form. 2018 TCS SMT Training - KC

15 2018 TCS SMT Training - KC

Download ppt "Security H Riggert Modified Topics: Basic Security & security tips"

Similar presentations

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
PRIORITIES. AARP Tax-Aide Priorities BudgetsTraining E-Filing Reimbursements Security Accuracy Developing Leaders CertificationDonations Recruitment.

PRIORITIES. AARP Tax-Aide Priorities BudgetsTraining E-Filing Reimbursements Security Accuracy Developing Leaders CertificationDonations Recruitment.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.

Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.

Topic 5: Basic Security.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Similar presentations

Ads by Google