Transcript Slide 1

Agenda
•
•
•
•
•
Examining Use Behaviors
Phishing Quiz
Threats to Information Security
Practicing Avoidance Behavior
Resources
Examining Use Behaviors
Scenario 1
•Spends an hour instant
messaging every night
•Clicks “remind me again later”
when anti-virus update alerts
appear on the screen
•Often downloads games that
are available as freeware
Scenario 2
•Leaves browser open to
monitor sales on Ebay
•Downloads *.pdf files while
conducting research online
•Has latest versions of security
software installed
Scenario 3
•Uses a neighbor’s wireless
network for Internet access at
home
•Always deletes old e-mail
messages to maintain privacy
•Sometimes provides sensitive
information to register with
sites
What’s New Out There?
Worms and Instant Messaging
A worm is a self-replicating program that takes advantage of
e-mail or IM contact lists to spread from computer to
computer.
Intended Effects:
• Clog network traffic
• May damage files on your computer
• May cause e-mail servers to crash
What is a Bot?
A ‘bot’ is a compromised computer that is controlled remotely
and is used to attack other sites or to conduct other
malicious/illegal activities.
How it works:
• Computer is usually compromised by a ‘Trojan’ first
• Hacker sends commands to your computer through an
open port, turning it into a ‘bot’
• Uses the ‘bot’ to send large amounts of useless information
to target and crash another site
What’s on Your Computer
•
•
•
•
•
•
•
Weather bug
Stock updates
Free instant messaging (“IM”) software
Downloaded files from untrusted sources
Music
Games
News ticker
Good Habits
• Leave fields blank when possible
• Give fake information
• Don’t give sensitive information or information you want
to keep private
– date of birth
– cell phone number
• Open a free e-mail account
• Use a guest log-in if available
• Avoid freeware from untrustworthy sources
What are they after?
Any information they can get!
What is Freeware?
Software that is ‘free’ to download and install.
•
•
•
•
•
•
Ring tones
Screensavers
Imoticons
Wallpapers
Games
Informational programs: weather bug, stock ticker
Freeware Reality
• Not really free
• May contain adware resulting in annoying and potentially
dangerous pop-ups
• Often contains spyware, trojans, cookies, or other
malicious software
• May not work if spyware or trojans are removed
• Vendor may sell your product registration information
Good Habits
•
•
•
•
Say ‘no’ to attractive packaging
Say ‘no, thanks’ to freeware from friends or family
Start reading ‘Terms and Conditions’ before agreeing
Stop downloading freeware from unknown or untrustworthy
sites
• Stop giving sensitive information in product registrations
What is Malware?
Malicious, self-replicating programs
• Trojans – Gather information or perform commands
• Worms – Spread through e-mail and IM links or
attachments
• Viruses – Infect executable files (*.exe) and have the
ability to modify other programs
• Sniffers – Intercepts routed data, searching for information
(passwords, bank account numbers) transmitted in clear
text
Good Habits
•
•
•
•
Avoiding unsecure wireless networks
Avoiding links sent via e-mail or IM
Avoiding ads in the margin of legitimate sites
Avoiding sharing your computer with unsupervised
children/teens
• Keeping anti-virus software up-to-date and running
• Always scanning attachments before opening
Who’s Reading Your E-mail?
Who’s Reading Your E-mail?
• E-mail and IM transmissions are not secure
• Key-logging software may record what you type
• Your address is available for spamming, phishing,
spoofing, and other scams
Good Habits
• Keep in mind that it could be read
• Break-up sensitive communications
• Delete old e-mails and scrub your computer if you’re
discarding it
• ‘Log-out’ when using a shared computer to check mail
• Lock your computer when you’re away
• Share your computer wisely
Phishing Quiz
Is it Phish?
YES
•The domains don’t
match
•The ‘@’ in the link
indicates a fake site
•Check the
message header
Is it Phish?
NO
Practice
Safe Browsing
1. Open a new browser.
2. Use a search engine
to find the legitimate
site address.
3. Don’t use third party
links.
Is it Phish?
NO
•Account number
information is shown
•Do you have an
account with this
company? If not, it’s
phish.
Is it Phish?
YES
•Most charities don’t
solicit donations
through
e-mail.
•If you want to help,
contact the charity
directly.
Phishing Gets Smart
•Less bad grammar or misspellings
•Include legitimate logos
•Include authentic looking privacy or copyright
information
•Mirror the appearance of legitimate sites to gain
your confidence
To report phishing or other fraud:
http://www.ag.state.il.us/consumers/
NUIT Bulk E-mail Archive
www.it.northwestern.edu/news/bulkemail/index.html
•If you have doubts
about an e-mail, go to
the source.
•Don’t be afraid to ask
questions!
•491-HELP
Threats to Information Security
Threats to Information Security
•According to Microsoft, an unprotected Windows PC will
attract an unwelcome advance by a security threat within 23
minutes of connecting to the Internet.
•A 2000% increase in the number of threats detected for IM
and peer-to-peer networks was reported between 2004 and
2005.
•Threats increasingly target mobile devices and are
increasingly sophisticated.
Practicing Avoidance Behavior
Keep Your Guard Up
•
•
•
•
•
•
•
•
Scan incoming attachments no matter who sends them
Visit web sites directly—don’t use third party links
Look for “https” in web addresses to know a page is secure
Surf trusted sites
Use different passwords for different classes of information
Don’t log on to unsecure wireless networks
Don’t disable your firewall for convenience
Close your browser
Take charge of your computer
and your security!
• Keep anti-virus
software current and
install definitions as
they become
available.
• Scan your computer
frequently.
• Automate it and forget
it!
Be a Skeptic
Question:
• New sites
• New services
• Unusual ads and pop-ups
• Things that seem to good to be true
• E-mail with unusual or foreign characters in the heading
• Unexpected e-mail or IM
Call 1-HELP if you have a question!
Warning Signs
• Unusual requests to transfer information through
firewall
• Computer slowness
• Changes to your browser homepage
• Changes to your computer desktop
• Excessive pop-up ads
• Any behavior that makes you suspicious or
uncomfortable
Fix It!
Symantec/Norton Anti-Virus
www.it.northwestern.edu/software/staff/free/antivirus/in
dex.html
Spybot
www.it.northwestern.edu/security/spyware/winspybot-install.html
NUIT Resources
Security Awareness Tip of the Month
www.it.northwestern.edu/security/tip-of-themonth/index.html
“Get Control” web site
www.it.northwestern.edu/5steps
E-mail Defense System
www.it.northwestern.edu/security/eds/index.html
Computer and Network Security
www.it.northwestern.edu/security/
Next Tech Talk
Laying Down the Law
Illegal file sharing, copyright laws, and the Internet
Understanding copyrights, software licenses, and more!
Friday, November 11, 2005
Same locations, Noon – 1 p.m.
Please register online: www.it.northwestern.edu