Presentation is loading. Please wait.

Presentation is loading. Please wait.

SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey.

Similar presentations


Presentation on theme: "SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey."— Presentation transcript:

1 SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey

2 National Cyber Security Awareness Month – October 2007 Month-long effort – new topic daily Linked from Computer Security page: http://www2.slac.stanford.edu/computing/security

3 Security Policies DOE says… –Computer Security is as important as Physical Safety More reviews/audits –Spring ‘08 Policies –Not always a bad thing… –Set consistent boundaries –Enforce good practices

4 Recent SLAC Incidents User installed operating system but default password not changed –lesson: use SCCS installation/mgmt tools Person reading offsite email and clicked on [infected] executable attachment –lesson: pay attention to the a/v warnings User passwords stolen offsite, several systems compromised here –lesson: protect passwords physically and electronically

5 Forged Email = Strange Bounces I didn’t send this email, why am I getting this? Easy for spammers, virus writers, and me…

6 Forgery Example – Part 1 YIKES! Is this real??? Let’s look at headers… Click on View; then click Options

7 Forgery Example – Part 2 This isn’t from a SLAC computer!

8 Phishing Email - HTML Which is it? 288.40 or 288.44? That’s a lot of “teresa’s” That’s not my bank URL looks real… matches the From: line

9 This link would take me to somewhere in Latvia…! Phishing Email – Plain Text What if the bank name was correct? and only addressed to me? and the typos were gone? My only clue is the URL now Outlook converted to plain text View as HTML by right-click gray bar $288.44 security@bankofamerica.com Downey, Teresa L.

10 Phishing Email - Headers Wow! This comes from somewhere in The Netherlands… Click on View; then Options

11 Safer Email Practices Convert to Plain Text automatically Can easily change to HTML if needed Set a good example: –Send Plain Text emails! –Only use HTML when REALLY needed…

12 Social Engineering USB drive left laying around Official looking CD arrives in mail Phone calls asking for information Desperate pleas for help Dumpster diving

13 Reporting Security Issues Report all suspicious activity –Send email to: security@slac.stanford.edu –If urgent: call HelpDesk at x4357 (24x7) Questions? –SLAC Computer Security in breezeway today


Download ppt "SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey."

Similar presentations


Ads by Google