1. Presented by INSERT NAME RIT Information Security 585.475.4122 infosec@rit.edu digital self defense

2. 2 Copyright and Reuse The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-Non-Commercial-No Derivative Works 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA.To request permission for other purposes, contact infosec@rit.edu. The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-Non-Commercial-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. To request permission for other purposes, contact infosec@rit.edu.

3. 3 How Well Do You Know RIT? Throughout this presentation, look for pictures of RIT buildings and landmarks The first person to name the location correctly wins a prize!

4. 4 Name the Building! This building was named after the founder of Kodak.

5. 5 You’re not at home anymore. With freedom comes responsibility. RIT has requirements: –Student Rights and Responsibilities Handbook 2007-08 –Code of Conduct for Computer and Network Use (C8.2) –Desktop & Portable Computer Standard –Password Standard Welcome to RIT! Padlock with modem cords. Retrieved 18 July, 2007, from www.jbpub.com/covers/newlarge/0763735361.jpg Welcome to RIT

6. 6 RIT Information Security We’re here to protect you and RIT We can’t do it alone; We need your help: –Keep your computer protected –Watch out for each other –Practice ethical computing Hand on Mouse. Retrieved 18 July 2007. www.pcsecurity.atspace.com/image32

7. 7 Computer Support –All RIT users must comply with the RIT Code of Conduct for Computer and Network Use and relevant information security standards. –Resnet provides computer support for students residing at RIT. (http://resnet.rit.edu/) Resnet users must also comply with the Residential Network Appropriate Use Policy. –The ITS HelpDesk provides support for YOU. Help Key. Retrieved 18 July 2007. www.ocean.edu/images/help_key_large.jpg

8. 8 Life on a University Network The Good –Power you’ll find nowhere else Internet2 Very High Speed Internet Connection Wireless access One of the most wired universities RIT Stock Photo

9. 9 Network Threats The Bad College campuses make big targets RIT faces the same challenges as other large technology universities. Threats on our campus: –Password Crackers –Key Loggers –Harassment –Sniffing/Network Monitoring –Network Worms –Hacking Attempts & Rootkits –Physical Theft Laptop with ‘Danger’ tape. Retrieved 18 July 2007. http://www.internetsecurity101.net/internetsecurityandprivacy.jpg

10. 10 External Threats The Ugly Hacking Attempts Botnets/Zombie PCs Identity Theft Phishing 2004 was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs…over $105 billion. -Valerie McNiven, US Treasury - Cybercrime Advisor Gloved hands and keyboard. Retrieved 18 July 2007. http://cybercrime.planetindia.net/images/cybercrime.jpg

11. 11 External Hacking Attempts Hackers are always looking for ways to access your account Protect yourself –Protect your password –Follow the desktop standard Copyright 2003 D. Seah Bigger than Cheese

12. 12 Botnets & Zombie PCs What is a botnet? –A large number of computers that have been compromised with remote control software –The botnet is then used to create and send out adware, spyware, spam, etc. Protect your computer –Patch regularly Botnet illustration. Retrieved 18 July 2007. www.symantec.com

13. 13 Phishing and Spam What is phishing? –E-mails that look like they come from banks, PayPal, or other official sources appealing to greed, fear, etc. How much spam at RIT? –RIT’s Brightmail anti-spam filters out >95% of the email received.

14. 14 Identity Theft 15% of RIT students are victims of identity theft. RIT Computer Use and Ethics Survey, 2003

15. 15 Name the Structure! Since being built in 2003, this prominent structure caught the attention of “alert” visitors

16. 16 Your Role Practice Digital Self Defense –Understand the Dangers –Follow RIT Security Standards –Practice Ethical Computing –Use Common Sense

17. 17Passwords The RIT Password Standard requires you use a complex password and change it often. MINIMUM of 8 characters UPPER and lower case Anatomy of a Secure Password Mixed numbers and letters…* *or other characters allowed by your systems administrator MINIMUM of 8 characters UPPER and lower case Anatomy of a Secure Password Mixed numbers and letters…* *or other characters allowed by your systems administrator

18. 18 Protect your Computer There are many types of malware circulating on the Internet. The Desktop Security Standard requires you to protect your computer: –Updating –Firewalls –Anti-Virus –Anti-Spyware Lock on keyboard graphic. Retrieved 18 July 2007. http://images.jupiterimages.com/common/detail/43/73/22847343.jpg

19. 19 Updating / Patching Patching: –Fixes “holes” in existing software –Provides a temporary fix until next major release –Protects you against security vulnerabilities You need to: –Turn on auto-updating

20. 20Firewalls Firewalls –Monitor and protect your network connections to prevent unauthorized connections from being made. You must use a firewall –Windows XP Firewall –Basic Zone Alarm (www.zonelabs.com) Graphic of fire. Retrieved 18 July 2007. http://www.adrenalin.bc.ca/lazer/pix/firewall_2.jpg

21. 21 Name the Structure! Built by José de Rivera in 1968, this structure stands in the middle of one of RIT’s busiest quads.

22. 22Antivirus Antivirus programs: –Are an absolute “must have” before going on the Internet –RIT provides free McAfee AntiVirus for Windows and Macs (start.rit.edu) You must: –Install an antivirus product –Update daily, scan weekly! Antivirus graphic. Retrieved 18 July 2007. http://www.trustmarquesolutions.com/email- images/security_news_2005/images/antivirus_l.jpg

23. 23Anti-Spyware Spyware is a huge problem. –Spyware is “tracking software deployed without adequate notice, consent or control for the user.” You must –Install anti-spyware –Good Choices: Spybot Search & Destroy (www.safer-networking.org) Lavasoft Ad-Aware (www.lavasoftusa.com) Microsoft Defender (www.microsoft.com)www.microsoft.com –Mac computers don’t need anti-spyware You should –Use more than one program Computer ‘Spy’. Retrieved 18 July 2007. http://www.afcea.org/signal/articles/articlefiles/248- HSK_Spyware_computer-spy.jpg

24. 24 How do You Get Spyware? You can get spyware from: Browser Vulnerabilities –Email or Instant messenger links to exploit sites –Enticing web pages/common search terms File Sharing Networks –Bundled with client software Trojans –Disguised as anti-spyware programs or other popular software Stressed woman photo. Retrieved 18 July 2007. http://www.computermediconcall.com/images/computer-frustration.jpg

25. 25 Paranoia or Common Sense? Guard your personal information! Even less sensitive information can be used by an attacker! Don’t post it in public places. Make sure you know to whom you’re giving it. Macbook. Retrieved 18 July 2007. http://s7v1.scene7.com/is/image/JohnLewis/230407880?$product$

26. 26 Physical Protection Protect Your Computer Keep your computer and mobile devices secure at all times Lock or log out of your computers when you leave the room Don’t allow others to use your computer unattended Computer protection image. Retrieved 18 July 2007. http://www.allsquareinc.com/downloads/Love%20My%20Computer.jpg

27. 27 Name the Building! This multi-million dollar facility is one of the newest additions to the RIT landscape.

28. 28 Know Your Computer! YOU are the first line of defense—if something goes wrong, you’ll probably be the first to know Know what devices are registered to you—YOU are held responsible Hand on mouse. Retrieved 18 July 2007. http://www.hopeharbour.org/images/wst_351.jpg

29. 29 Illegal File Sharing is only one type of copyright violation Text, photos, graphics, music, movies, etc., are all copyrighted There are educational fair uses of copyrighted materials –The bottom line—are you taking sales away from the original owner? –Must cite the source Student Guide to Copyright and Plagiarism (http://wally.rit.edu/instruction/dl/stud.html) Copyright and File Sharing

30. 30 Weird Al: Don’t Download This SongDon’t Download This Song (http://www.dontdownloadthissong.com/DDTSecard.swf)http://www.dontdownloadthissong.com/DDTSecard.swf Illegal File Sharing

31. 31 Illegal File Sharing: Some Quick Facts The Recording Industry Association of America (RIAA) is cracking down on illegal downloading on campuses nationwide Your IP Address is easily recorded, even on a wireless network The RIAA has started issuing ‘pre-litigation’ letters –Students are given the option to ‘settle’ without ever going to court –The cost of hiring a lawyer often exceeds the settlement cost –The average settlement is around $3000

32. 32 What’s Illegal? Can’t distribute copyrighted music, movies or software without authorization from the copyright owner Distribution can mean: –“Sharing" files on the Internet –Burning multiple copies of copyrighted files onto blank CD-Rs –Selling or giving copies of files to others while you keep the originals. Taken from www.campusdownloading.com, an RIAA-endorsed websitewww.campusdownloading.com

33. 33 What’s Legal? Sharing music you own the copyright to Downloading music from an authorized site Making a copy of music you own for your own personal use

34. 34 The RIAA and RIT RIT is a high profile target. –23 RIT students received pre-litigation letters from the RIAA in Spring 2007 Experts expect this number to increase as the RIAA continues to crack down on high-tech universities. –In the past year, over 750 students received “take-down” notices. –If the case goes to court, criminal charges may be pressed This could mean jail time.

35. 35 Name the Building! If you’re an IT, Computer Engineering or Software Engineering major, you can expect to spend a lot of time here.

36. 36 What You Should Do Delete any illegally downloaded movies or music If you don’t need file sharing/P2P software, delete it –File shares such as the I2 Hub are NOT endorsed by RIT! Image courtesy of http://www.gemworld.com/Images9/PrisonBars.jpg

37. 37 What You Should Do… Continued Download music and videos legally –Ruckus.com available for Windows users –See Wikipedia for a comprehensive list of legal services Often, academic software is free or deeply discounted for students –Check with your department and the RIT bookstore

38. 38 Too Late… If you’ve received a preservation order or a settlement letter: DO NOT delete the files or software. Consider obtaining legal advice Man behind bars. Retrieved 18 July 2007. http://www.gemworld.com/Images9/PrisonBars.jpg You don’t want this to be you!...

39. 39 Name that Place! This on-campus coffee house might become your home away from home, especially if you have class at 8 a.m.

40. 40 Safer Social Networking

41. 41 And Now, a Few Questions… Do you use Facebook or MySpace?

42. 42 Facebook & MySpace: the Stats MySpace –Launched in 2004 –67+ million members –250,000 new members daily Facebook –Also launched in 2004 –Now has 27+ million members –100,000 new members every day Social networking graphic. Retrieved 18 July 2007. http://images.businessweek.com/ss/06/02/social_networking/image/intro.jpg

43. 43 Not yourSpace Many students think that only their friends and peers look at their profiles –Despite the name, this is not your space! –Even if your profile is private, your information may be revealed through search results Facebook stalker graphic. Retrieved 18 July 2007. http://www.star.niu.edu/images_daily/090606.1/facebookGraphic.jpg

44. 44 You never know who might be watching! YouTube: Facebook Stalker (http://www.youtube.com/watch?v=wCh9bmg0zGg)http://www.youtube.com/watch?v=wCh9bmg0zGgPrivacy?

45. 45 Name that Building! This ice arena is home to RIT Hockey, which recently became a Division I team.

46. 46 Facebook and MySpace at RIT Here at RIT: Information Security has a Facebook account Many professors and staff have Facebook accounts Facebook claims more than 17,000 accounts with RIT connections

47. 47 Social Networking DOs DO use these sites to: Make new friends Use privacy settings Be conscious of the image you project

48. 48 Social Networking DON’Ts DON’T use these sites to: Post personal information Post inappropriate photos –Be aware of what photos you are being ‘tagged’ in Tell people where you’ll be

49. 49 Who Uses Social Networking Sites? Don’t let what you post today affect your future –“Google” yourself regularly to see the kind of image you are projecting! Employers (on and off campus) often “facebook” or “google” job candidates –A study in 2006 indicated that 27% of organizations have “googled” or “facebooked” potential employees.

50. 50 Other Social Networking Dangers! Cyber stalking Identity theft Information harvesting

51. 51 Name that Structure! This strange looking structure on the dorm side actually has a purpose. What is it?

52. 52 "The biggest concern I have is that students are naive about ways in which that data can be harvested and used against them in the short, medium and long term, for a variety of malicious ways.“ - Sam McQuade, RIT Professor MSNBC, June 25, 2006 What Happens to Your Info?

53. 53 What is Ethical Computing? Scales graphic. Retrieved 18 July 2007. http://www.co.jackson.il.us/departments/imag es/scales.gif

54. 54 Ethical Computing According to a recent study on computer use & ethics at RIT: 32% of computer crime victims on campus knew their attackers Of that 32%, over half said their attacker was either a friend or acquaintance. RIT Computer Use and Ethics Survey, 2003

55. 55Cyberbullying Harassment –Almost 15% of RIT students report being harassed online. –RIT prohibits harassment. –YOU are LEGAL ADULTS. This isn’t high school. Consequences include: Fines Jail time A permanent record –If you are being cyber bullied: Report it to Public Safety, abuse@rit.eduabuse@rit.edu Talk to your RA or FYE Mentor

56. 56 Will I Be a Victim? 2 out of 3 students at RIT will be a victim of at least one form of computer abuse or crime. 1 out of 3 students at RIT will be a victim of multiple forms of computer abuse or crime. - RIT Computer Use and Ethics Survey, 2003 Crime tape graphic. Retrieved 18 July 2007. http://www.crimescene.com/store/images/medium/tape3_MED.jpg

57. 57 What if it Happens to Me? Computer incident? Contact abuse@rit.edu before you delete anything ITS HelpDesk at 475-HELP Resnet at 475-2600 Identity theft? Call Public Safety at 475-2853

58. 58Consequences Network Quarantine –You will be denied access to the network and may not be able to complete your assignments. Student Conduct Process Federal, State and Local law enforcement Gavel image. Retrieved 18 July 2007. www.csgv.org/images/gavel_court.jpg

59. 59 For More Information Student Rights and Responsibilities Handbook 2007-08 –All the information you need to know about what you can and should be doing at RIT! –Has Alcohol Policy, Drug Policy, Computer Code of Conduct and other policies –www.rit.edu/studentconduct

60. 60 + Drawing for free iPod shuffle on September 17, 2007 Add RIT Information Security as your Facebook friend by September 16th and be entered to win a FREE iPod shuffle! = A Simple Equation

61. 61Questions? infosec@rit.edu http://security.rit.edu