Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Boot Camp: Survival Techniques for Teaching Teachers and Students Information Security Basics Melissa Dark K-12 Outreach Coordinator.

Published byBernice Blair Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Boot Camp: Survival Techniques for Teaching Teachers and Students Information Security Basics Melissa Dark K-12 Outreach Coordinator."— Presentation transcript:

1 Information Security Boot Camp: Survival Techniques for Teaching Teachers and Students Information Security Basics Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University http://www.cerias.purdue.edu/education/K-12 dark@cerias.purdue.edu

2 Introductions  Name  Home  School Position  First or Favorite Technology Use  What do you hope to get out of this workshop?

3 If you don’t know where you’re going…. You’ll probably end up somewhere else. ---Yogi Berra

4 North Star Activity  Are we preparing kids for yesterday, today, or tomorrow?  Do our schools currently focus upon the skills of the past---or the skills of the future?

5 What is Information Security?  Refers to the protection of Data, Programs, and Information stored on disks, networks, hard drives, etc.  Includes the issues of: –Privacy –Ethics –Loss Prevention

6 How do You Protect Your Home ? Brainstorming Activity…..

7 ANALOGY: Information Security is very similar to the physical security of your home.

8 How do You Protect Your Computer ? Brainstorming Activity…..

9 IASEP Video  Joint Project Purdue’s School of Education and CERIAS  Video is shown nationwide  Provides a quick overview of the security concerns that teachers face.

10 Information Security: The Basics  Physical Issues  Software Practices  Password Protection  Encryption  E-mail Protocol  Integrating the Internet Safely  Privacy Primer for Educators

11 Software Security

12 The Case of the Snappy Screen Saver Download and install a screensaver. Computer stops working afterwards. The Case of Surfing the Net Download “free” software from the Web. Later named in a law suit for distributing student data.

13 Software Security : (Viruses, Trojans, Unwanted Access)  Only install necessary and trusted software.  Beware of *free* games, screen savers, and graphics.  Run and UPDATE anti-virus software!!  Keep a hard copy of the copyright release for all “free” products!

14  1988: Less than 10 known viruses  1990: New virus found every day  1993: 10-30 new viruses per week  1999: 45,000 viruses and variants Source: McAfee

15 Pikachu Virus: A K-12 Nightmare

16 This dialog box appears after the PIKACHUPOKEMON.EXE file has been activated. Worm: Accesses Outlook Address Book Embeds code to delete Windows and Windows Subfolders upon Restart. +: Does ask for permission to delete files with a “Y” command.

17 Viruses, Malicious Code, & Other Nasty Stuff

18 Examples of Nasty Stuff:  Viruses  Trojan Horses  Worms  Logic Bomb  Trapdoors

19  Restrict Incoming and Outgoing Information  Provides you with control over your system.  Physical Firewalls v. Software-based Firewalls  Zone Alarm: http://www.zonealarm.com –FREE –VERY Effective –Easy to Use –Blocks Incoming/Outgoing Firewalls:

20 Valuable Resources: http://www.zonealarm.com http://www.urbanlegends.com http://www.vil.mcaffee.com http://www.cerias.purdue.edu/K-12

21 Physical Security

22 The Case of No Backups Hard Drive Replaced...erased all of your data. No Back-ups are available. The Case of the Stolen Laptop Laptop is stolen. No Backups are available. Unprotected confidential information.

23 Physical Security Practices (File Management, Lost Information, Lost Equipment)  Try not to advertise secure spots.  Minimize external access: –Maintain appropriate locks –Additional security features if necessary  Keep a “safe” climate –Fix the temp. between 50-80F

24 Physical cont’d…  Protect cables, wires, etc. from feet!  Lock laptops when not in use.  Use a log in for general Windows use.  Keep drinks and food away from equipment!

25 Physical Security cont’d….  MAKE BACK-Ups!!!!!!! –Store on a separate disk! –Keep the disk in a separate location! –Keep a hard copy of critical information. –Pay attention to where you are saving documents. –Clearly label disks and files. –Keep all magnets away from equipment.

26 Encryption

27 The Case of the Sniffer Email grades/files between school-home. Parent notifies that they have been denied insurance. The Case of Prying Eyes Support staff gains access to student data by using your POSTED password.

28 Encryption (Protecting sensitive information)  Encoding information –Secret Code Ring –Cryptoquip –Pig Latin  *Most* common applications offer password protection.  Confidential (not critical)---USE ENCRYPTION!!!!  NEVER send HIGHLY SENSITIVE information through email. (email should *never* be considered secure!)

29 Encryption Practice

30 PGP: Pretty Good Privacy (approx. $20 per unit) Requires use of Public Keys Sample PGP encrypted email:

31 Without the proper keys... the message is unreadable.

32 Sample Encrypted Document:

33 Key Component to Encryption:

34

35 Password Protection 1. Do not post or store your password near your computer. 2. Require passwords to be at least 8 characters long. 3. Use non-alpha characters and capital letters. Boiler*makeR Iam@1016 KaTis15 Ge+>Smar+ 4. Do not use easy to guess selections. password 123456 computer hello love

36 Passwords Continued… 5. Use non-personal selections. Avoid: name, spouse’s name, kids, ss# 6. Maintain zero tolerance for password sharing. 7. Warn users not to type their passwords when someone is watching. 8. Urge users to change passwords. (2-3 weeks!) 9. Always remember to log out! 10. Constantly reinforce the importance of password security.

37 Password Practice Write a “smart” password for the following fictional teacher. Be sure to follow all of the recommendations! Samuel W. Miller Greentown High School Social Studies Teacher Harvard Graduate Likes to play golf Has four children 1 wife named Betty Enjoys woodworking

38 BREAK!!!!!

39 E-mail Basics  E-mail is similar to a postcard.  E-mail is *not* secure—nor is it private.  Encryption is the only way to help in preventing others from reading your e-mail.

40 Email Security Fundamentals Question Unsolicited Documents. Use attachments only when necessary. Question ALL executable programs received via email. Notify the sender of infected emails! Pay attention to file extensions...

41 Common File Extensions Great Resource: http://www.matisse.net/files/formats.html ExtensionType.html.htmWebpage.docWord Document.gif.jpgGraphic.exeProgram—self extracting (*caution!)

42 Make sure that this box is *not* checked. Finding File Extensions in Windows-based machines: 1.Click on START. 2.Select SETTINGS 3.Select CONTROL PANEL 4.Select FOLDER OPTIONS 5.Select VIEW

43 SPAM  Internet “Junk” Mail  Unsolicited email—usually sent to many people  According to the Gartner Group, a research firm, about 90% of email users receive spam.

44 The Pros and Cons of Spam A Brainstorming Activity….

45 Why Should I be Concerned about Spam?  Costs Money. –Recipient of the advertisement pays for the connection time, disk space, bandwidth, etc.  Lost Productivity. –Time, Time, Time  Clogged Email. –May be prevent receipt of important messages.  Discourages Internet Use. –May discourage others from seeing the benefits of the WWW.

46 Types of Spam  Chain Letters: –A message that urges readers to pass the letter on in order to receive a reward.  Hoaxes: –Chain letter that is based upon a fictitious scenario or circumstance.  Urban Legends: –Email messages providing “safety” messages or warnings.

47 Resources to Find the Truth About Spam:  http://www.urbanlegends.com http://www.urbanlegends.com  http://www.urbanmyths.com http://www.urbanmyths.com  http://www.earthlink.net/internet/security/spam http://www.earthlink.net/internet/security/spam  http://www.mcs.com/~jcr/junkmail.html http://www.mcs.com/~jcr/junkmail.html  http://www.junkbusters.com http://www.junkbusters.com

48 Ways to Reduce Your Daily Intake of Spam  Use a “dummy” account for online promotions, games, etc.  Request that your information be removed from Internet “white pages”.  Be sure to HIDE your information when joining a listserv or mailing list.  Cut and Paste funny stories, poems, etc. –Encourage others to do the same!

49 Acceptable Use Policies Link to the CERIAS AUP website.

50 Develop Classroom Technology Guidelines  Supplement to overall AUPs  Details expectations of the students  Opens dialogue on infosec issues  Protects the teacher---responsibility is placed upon the choices made by students

51 Reducing “RISK” of Internet Use  Guide students on the Internet---keep them on track and task orientated.  ALWAYS supervise students using the WWW!  Remember that a filter cannot be 100% secure  Beware of “FREEBIE” offers!  Never open attachments that you do not expect OR that are from someone you do not know!  Update your anti-virus software frequently!

52 Recommended Search Engines-- -for teachers or secondary students  Google  Yahoo  Lycos  AltaVista  Dogpile (meta search engine)

53 Kid-Friendly Search Engines  Yahooligans  KidsClick  Ask Jeeves for Kids  Awesome Library  Supersnooper  Searchopolis All available online @ CERIAS’ K-12 Site!

54 Practice: Regular Search Engine v. Kid-Friendly Search Engine  Keyword: MERMAIDS  Try it in: Lycos or Google –http://www.lycos.comhttp://www.lycos.com –http://www.google.com  And then, in Yahooligans: –http://www.yahooligans.com

55

56

57 General Searching Tips for Teachers:  Think about ALL of the different words to describe your topic. (ex. Technology Resource Center)  Use as many keywords as possible.  Watch for mispelled words!  If you are unsuccessful with one search engine, try using a metasearch engine.  Become familiar with one search engine--- and read its list of suggestions!

58

59

60 Why Should I Use Scavenger Hunts?  Excellent technique to guide students on the Internet.  Increases student time on task.  Lessons can be used repeatedly with a small amount of modification.  Provides students with an opportunity to increase their technical skills.  Increased student motivation!

61 How Can Scavenger Hunts be Used?  Individual Assignment  Small Group Activity  Whole Class Activity  Enrichment Activities

62 Important Elements to Include:  Introduction  Specific Task (written or verbal)  Clearly Defined Steps  Set of Information Source (WWW or other)  Evaluation  Conclusion (remind them what they’ve learned!)

63 Level 1 Sample:  Using this site: http://www.contemplator.com/america/index.html  Answer the following question: Legend has it that Henry VIII wrote the song Greensleeves for whom?

64 Level 2 Sample: Find the answers to the following question by accessing the websites listed below: What is the motto of the National Wildlife Federation? http://www.volcano.und.edu http://www.nhm.ac.uk/interactive.html http://www.nwf.org

65 Level 3 Sample: Find the answer to the following question. Be sure to include the answer and the URL of the website where you found the answer: Where did Neil Armstrong earn his Bachelor's Degree?

66 Privacy Primer

67 What is Privacy?  Privacy refers to “the ability to control the degree to which people and institutions impinge upon one’s life” (Hildreth & Hoyt, 1981)  Also, privacy refers to “the right claimed by an individual to control the disclosure of personal information about themselves” (Adams, 2000)

68 Privacy Concerns...  Privacy issues out ranked world war, terrorism, global warning, economic depression, racial tensions, guns, and overpopulation as the main concern for Americans as they entered the 21 st century. (Adams, 2000)

69 Online Methods of Collecting Personal Information:  Direct Data Collection: online users voluntarily complete surveys or information requests in exchange for a benefit.  Indirect Data Collection: Web site owners obtain information by depositing “cookies” onto your hard drive. These cookies are small files that could include any of the following: name of your ISP, the “specs” of your machine, passwords, past online purchases, last site visited, areas viewed on current site, etc.

70 Online Privacy Rights:  Notice: consumers have the right to be notified that data are being collected, how the data will be used, and to whom it will be disclosed.  Choice: consumers should be able to limit the use of information beyond what is needed to complete the transaction  Access: consumers should have a timely and inexpensive way to view data gathered about them and contest its accuracy  Security: organizations that gather data from consumers must reasonably ensure that the information they keep is secure against loss of unauthorized use  Enforcement: effective enforcement against privacy violators is critical to the protection of personal information

71 Privacy Legislation for Educators  FERPA: –Family Educational Rights and Privacy Act (1974) requires that educators demeonstrate “due diligence” in protecting student data, information, records, and other sensitive information. –Teachers can be personally held liable for failing to maintain the integrity of such data.

72 Legislation continued...  COPPA: –Children’s Online Privacy Protection Act (1998) requires that commercial Web sites targeted at children under the age of 13 must follow a detailed series of procedures (including obtaining parental permission and review) prior to gathering data. –In a school setting, teacher may grant such permission for educational purposes.

73 Practical Privacy Techniques for Teachers: 1. Practice Proper Information Security Techniques 1. E-Mail Awareness 2. Download Precautions 3. Close the Cookie Jar 4. Read Privacy Statements 5. Set up a Second Online Account

74 Collection of Children’s Information  1999 Survey: 16 million children ---14% of US citizens under the age of 18 regularly use the Internet. (1999)  Study conducted by Cai and Gantz (2000) indicated that the majority of Web sites targeted at children collect personal information from their under-age users.  Children also readily provide personal data in return for a “great prize” (Carlson, 2000)

75 Dissemination of Privacy Practices to Students:  Fundamentals of protecting privacy is a “new” skill that schools should address (Willard, 2000)  Privacy issues need to be embedded within the curriculum as readily as technical skills (FTC, 2001)  Short lessons and natural teaching moments work well for identifying the topic.  Teachers must serve as a role model for privacy protection practices.

76 Need for Additional Research:  Few studies have been conducted to determine the current status quo of privacy protection within the K-12 environment.  Institutions of educational research should readily explore the issues surrounding technology integration as well as its effectiveness in the schools.

77 Privacy Conclusion:  As technology is introduced into schools, it is critical to combine the technical skills with the soft (ethical) skills surrounding the media.  Attention needs to given to both teachers and students upon this topic.  Teachers must practice privacy techniques daily---to protect the information and serve as a positive role model.

78 Applying this workshop to YOUR world... Working in groups... Identify at least 5 ideas, concepts, or activities that you will be able apply to your school environment.

79 Methods of Professional Development  Share creative methods of motivating teachers.  How do you fit professional development into an already busy school day?  What are some critical elements involved with professional development?

80 Questions???

Download ppt "Information Security Boot Camp: Survival Techniques for Teaching Teachers and Students Information Security Basics Melissa Dark K-12 Outreach Coordinator."

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
The Woodlands High School

The Woodlands High School
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Legal, Social, and Ethical Issues

Legal, Social, and Ethical Issues
Viruses, Malicious Code, & Other Nasty Stuff Presented by: Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University 765.496.6762.

Viruses, Malicious Code, & Other Nasty Stuff Presented by: Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University
Privacy Primer for Educators Melissa Dark Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University

Privacy Primer for Educators Melissa Dark Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University
How to Protect Your PC Grayware Adware, Malware, Spyware.

How to Protect Your PC Grayware Adware, Malware, Spyware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google