Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Foothill-De Anza College Security Awareness Catherine Blackadar Nelson Security Advisor.

Published byJonathan Elmer Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Foothill-De Anza College Security Awareness Catherine Blackadar Nelson Security Advisor."— Presentation transcript:

1 1 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Foothill-De Anza College Security Awareness Catherine Blackadar Nelson Security Advisor Cisco Systems, Inc. gandalf@cisco.com

2 222 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Agenda Introduction Security In 2005 Vulnerabilities and Exploits Social Engineering and Identity Theft Physical Security Desktop/Laptop Security Data Classification and Protection File System Security Account and Password Security Protecting Your Network Wireless Best Practices FHDA Policy Contacting ETS Appendices Introduction Security In 2005 Vulnerabilities and Exploits Social Engineering and Identity Theft Physical Security Desktop/Laptop Security Data Classification and Protection File System Security Account and Password Security Protecting Your Network Wireless Best Practices FHDA Policy Contacting ETS Appendices

3 333 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Introduction

4 444 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson How Secure is Secure enough? “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” Gene Spafford

5 555 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Security in 2005

6 666 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Global Internet Usage What dot-com bust? Internet growth is still phenomenal! World Regions PopulationPopulation % of world Internet Usage Internet population penetration Usage % of world Usage Growth 2000-2005 Africa 896,721,87414.0 %23,917,5002.7 %2.5 %429.8 % Asia 3,622,994,13056.4 %332,590,7139.2 %34.2 %191.0 % Europe 804,574,69612.5 %285,408,11835.5 %29.3 %171.6 % Middle East 187,258,0062.9 %16,163,5008.6 %1.7 %392.1 % North America 328,387,0595.1 %224,103,81168.2 %23.0 %107.3 % Latin America 546,723,5098.5 %72,953,59713.3 %7.5 %303.8 % Oceania/ Australia 33,443,4480.5 %17,690,76252.9 %1.8 %132.2 % Totals 6,420,102,722100.0 %972,828,00115.2 %100.0 %169.5 %

7 777 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson The Macroscopic BGP Autonomous System

8 888 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson New People, New Systems = New Targets 2004: 817 Million online 2005: 972 Million online 155 Million new people online 155 Million new targets 155 Million people who need to know about phishing, spyware, viruses, and patching

9 999 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Online Crime and Costs According to the FBI, Online crime in the US alone caused $67.2bn in damages last year Cyber crime is more profitable than drug sales, $105 Billion – US Treasury Dept. December 29, 2005 Of 2,066 polled organizations, nearly 90 per cent experienced a computer security incident over the past 12 months Over 64 per cent of the respondents incurred a financial loss as a result of the incident, at an average $24,000 per case Viruses (83.7 per cent) and spyware (79.5 per cent) posed the most common problems. Other incidents included port scans and data sabotage Companies and individuals spent $18 billion on computer- security hardware and software in 2005, up 19.2% from 2004 According to the FBI, Online crime in the US alone caused $67.2bn in damages last year Cyber crime is more profitable than drug sales, $105 Billion – US Treasury Dept. December 29, 2005 Of 2,066 polled organizations, nearly 90 per cent experienced a computer security incident over the past 12 months Over 64 per cent of the respondents incurred a financial loss as a result of the incident, at an average $24,000 per case Viruses (83.7 per cent) and spyware (79.5 per cent) posed the most common problems. Other incidents included port scans and data sabotage Companies and individuals spent $18 billion on computer- security hardware and software in 2005, up 19.2% from 2004

10 10 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Vulnerabilities and Exploits

11 11 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson The Vulnerability Flood Continues CERT/CC: 3,780 vulnerabilities in 2004 http://www.cert.org/stats/cert_stats.html http://www.cert.org/stats/cert_stats.html 5,990 vulnerabilities in 2005, a 12% increase The National Vulnerability Database (CVE) published avg 20 vulnerabilities per day SANS Top 20 now includes network devices, Macintosh, Mozilla, application-level, security software and other non-Windows, non-UNIX issues http://www.sans.org/top20/ http://www.sans.org/top20/

12 12 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Vulnerabilities are being exploited faster Nimda Patch: MS00-078 Oct.17, 2000 Sept. 18, 2001 336 Days MSBlaster.A Aug. 11, 2003 Patch: MS03-026 Jul. 16, 2003 26 Days Sasser.A Apr. 30, 2004 Patch: MS04-011 Apr. 13th, 2004 17 Days Oct 11, 2005 Patch: MS05-051 Oct 11, 2005 0 Days MSTDC /COM+

13 13 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson 2005 in Viruses and Malware Virus infections down 50%, even though number of viruses grew 40%. Anti-virus efforts seem to be working There were only six major outbreaks in 2005, vs 33 in 2004 But the threat is becoming more aggressive, 97% of the hosts got infected with slammer the first 15 minutes But is “The death of the global computer virus” good news? Motivations of virus writers have changed. “Noisy” viruses and worms do not create useful botnets or spam relays

14 14 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson There are New Targets and Attackers Viruses now in the wild for mobile phones Some are past the ‘proof-of concept’ stage Cabir was found on mobile phones in 23 countries, tens of thousands infected Trojans have been found for the Nintendo DS and the PSP Sony compromised machines on ~568,200 networks Skulls.l, a Symbian phone virus

15 15 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Viruses, Worms, Trojans, Bots & Spyware What is the difference and how do they work? Virus – executable bad code, that needs you to do some action to activate and propagate it Worm – can activate and propagate by itself Trojan – backdoor program installed on the system Bot – automated program, often dormant, installed on system to be activated at a later time action Spyware – sends info back to mothership about you and your uses What type of damage can they cause? Loss of data, stolen passwords & personal info Damage to the system Installation of programs for nefarious purposes Use of system for CPU power and propagation

16 16 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Viruses, Worms, Trojans, Bots & Spyware cont. How do they get on my computer? Downloading from the internet Visiting bad Websites Opening Email attachments Using Filesharing programs Through software and OS vulnerabilities How do I stop them? Stay on top of system updates/patches Stay on top of virus updates Cleaning programs (Ad aware, Spybot)

17 17 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Virus Specific snap shots Mac/Windows Norton Updater See Appendices A&B for Virus update details

18 18 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Social Engineering & Identity Theft

19 19 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Beware the Social Engineer! Social engineering is still the #1 way to bypass security Be suspicious if anybody asks you for: Your password Credit card numbers Your co-workers names/extensions Your salary Information about your projects Be suspicious if anybody calls claiming to represent management or to know a colleague

20 20 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Privacy Takes Center Stage Privacy and identity theft is a hot issue 130 major breaches exposed the information for 55 million people Disclosure laws having an effect and becoming more prominent Phishing and pharming attacks grew, and have started to target non-US, non-English speakers Education and vigilance are still the best ways to maintain privacy AFP published this untouched photograph of a Hurricane Katrina evacuee and her debit card. What happened next was no surprise

21 21 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Identity Theft What is Identity Theft, Phishing, Pharming? What makes a site secure? –Data transmission –Data Storage How do I protect myself and my confidential data while using the Internet? –Entering credit cards and personal data –Protect confidential email’s with encryption –Protect personal databases with encryption Keep secure personal practices off the Internet (mailboxes, document disposal, providing information over phone, paper etc)

22 22 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Your Role In Security…

23 23 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Physical Security Physical access to equipment means “game over” The main computer center, and other secured areas, Admissions and Records, information systems, any secure voice data closet, need a card/key If someone needs access like a vendor, call ETS for access. Don’t prop open doors or let people in behind you Challenge strangers - if you are uncomfortable with this, call campus police FH x7313, DA x5555 Escort all visitors all the time

24 24 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Desktop/Laptop Security Protecting data on your systems is as important as physical protection To minimize risk to your data: Maintain your system properly 1.Run a standardized operating system image on your computer 2.Use provided security tools for additional protection 3.Make sure your system stays updated with current patches 4.Never turn off virus checking and keep it updated

25 25 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Desktop/Laptop Security cont. Screen Lock your system when you walk away from your desk Physically lock all computers (including laptops) to your desk with a lock cable. ETS will help with this Shut down your computer when you leave If you use sleep mode – make sure you use a password Keep track of portable devices such as PDAs and smart phones, MP3 players, PSPs, USB Keys Be very careful with systems used both at home and work Control the media you back up to. ETS is looking at a centralized way to do this for future

26 26 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Data Classification and Protection Public: Open to the public Confidential: Information that is okay for FHDA staff and general college. This might be college processes, policy etc. Private: Information limited to a need to know only basis - student grades/records, performance reviews, any personnel information What happens if the data becomes lost or stolen What happens if the data becomes unavailable What happens if the data becomes modified Contact the call center to help protect any private data

27 27 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson File Security File sharing is dangerous Do not leave open file shares on your computer If you must share a file only do it when needed, then turn it off Don’t use file-sharing tools (Morpheus, Kazaa, Limewire etc.) on the network Do not down load music and movies or have file sharing servers

28 28 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Account and Password Security Why is protecting your account and password so important? How can a weak or missing password be exploited? Everyone has their own account – it’s your personal identity – don’t share it! Nobody is allowed to know your password except you

29 29 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Good Password Practices Password cracker can do 65,000 words per second 25% of the passwords are “crackable” – don’t be one of them Choose good passwords Change them often Keep them a secret! - Don’t write them down Use different passwords for work and home Put a good password on all Guest and Admin accounts

30 30 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Choosing Good Passwords Don’t have a password that contains a word that might be found in any dictionary (any language) or personal information Minimum of eight characters, uses letters (both cases), numbers, punctuation, and isn’t a recognizable pattern. Use a song lyric or phrase as a mnemonic to remember… Use number/character substitution for. (“5” for “s”, “@” for “a”, “7” for “t” etc.) “Just Sit Right Back And You’ll Hear a Tale” becomes “J5>b&Yh@7” – and you can’t forget this so long as you remember the Gilligan’s Island theme.

31 31 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Protecting Your Network You are allowed unlimited access to the Internet - be responsible! Do not put the college at risk by bad behavior on the Internet Do not post information that may be confidential, illegal, or violate privacy laws Do not download software that is dangerous, or violates copyright laws Do not unplug lab machines and connect personal machines. Report it if you see it to ETS or police Don’t bring in hubs for extra ports – this can bring down networks, and be hard to track down Do not use the system for large uploads or downloads Don’t use it for personal or any type of business You are allowed unlimited access to the Internet - be responsible! Do not put the college at risk by bad behavior on the Internet Do not post information that may be confidential, illegal, or violate privacy laws Do not download software that is dangerous, or violates copyright laws Do not unplug lab machines and connect personal machines. Report it if you see it to ETS or police Don’t bring in hubs for extra ports – this can bring down networks, and be hard to track down Do not use the system for large uploads or downloads Don’t use it for personal or any type of business

32 32 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Wireless Access point vs. wireless on your laptop There are a small number of hotspots for specific classrooms on both campuses and also some guest access at the KCI at Foothill It is important not to hook up rogue wireless devices Be aware of wireless at home. Make sure it is properly secured Cities, airports, hotels and internet café’s are actively installing hotspots and these can be dangerous Access point vs. wireless on your laptop There are a small number of hotspots for specific classrooms on both campuses and also some guest access at the KCI at Foothill It is important not to hook up rogue wireless devices Be aware of wireless at home. Make sure it is properly secured Cities, airports, hotels and internet café’s are actively installing hotspots and these can be dangerous

33 33 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Best Practices Patch your systems Use antivirus software Use a firewall at home, ETS manages firewalls for FHDA Use good passwords and change often Beware the social engineer, via email, snailmail, your PSP/phone or a party Shred your documents Protect your wireless Be careful traveling … And don’t panic

34 34 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Good Internet Practices Internet Cafés, airports, public terminals, public WiFi networks, Internet telephony can be dangerous Be wary of any service that provides something automatically to your computer –data storage backups –auto updating services Search engines, like Google, Yahoo, store everything, and once posted on the net, can find anything Think before you click! –E-mail attachments can contain viruses –Think before you visit any site or download any software –Make sure it’s what you think it is and from a trusted source

35 35 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Learning About FHDA Policy It’s your responsibility to become familiar with the FHDA Network and Computer Use policy http://ets.fhda.edu/etac/stories/storyReader$151 The policy covers proper use of : Proper network and Internet use Computer and communication systems usage Voicemail, email and telephones usage Harassment Commercial use

36 36 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Contact ETS when ETS contact info: techhelp@FHDA.edu, x8324(tech), ETS.FHDA.EDU …you suspect FHDA confidential information has been compromised …you suspect that your computer or network has been hacked (or is being attacked!) …you are adding a new machines, labs, or networking equipment …you need help updating your operating system …you need help with getting patches, updates …making sure your virus checker is up to date …you want to clean off spyware

37 37 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Questions…

38 38 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Appendix A: Mac Virus Checker Details

39 39 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

40 40 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

41 41 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

42 42 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

43 43 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

44 44 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

45 45 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Appendix B: Windows Virus Checker Details

46 46 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Bottom Bar - Norton Icon Norton Icon (double click to open updater)

47 47 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Live Update Pg 1 Check date

48 48 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Live Update Pg 2 Select next

49 49 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Live Update Pg 3 Select finish

50 50 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Live Update Pg 4 Select exit (you are done)

51 51 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Schedule Updates Pg 1

52 52 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Schedule Updates Pg 2

53 53 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Schedule Updates Pg 3

54 54 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Microsoft Updates Pg 1 Machine needs Microsoft updates

55 55 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Microsoft Updates Pg 2

56 56 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson

Download ppt "1 © 2006 Cisco Systems, Inc. All rights reserved. Catherine B. Nelson Foothill-De Anza College Security Awareness Catherine Blackadar Nelson Security Advisor."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.

IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Tips and Techniques: How to Protect Yourself and Others Better Jeanne Smythe February 20, 2004.

Tips and Techniques: How to Protect Yourself and Others Better Jeanne Smythe February 20, 2004.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Safe Surfing Tips Internet Safety Tips for Teens By: LaQuacious Garrett.

Safe Surfing Tips Internet Safety Tips for Teens By: LaQuacious Garrett.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google