Get documents about "General Desktop Security
Document Sample
Computer Security Awareness Symposium
General Desktop Security
Kasey Dennler, ITS
General Desktop Security
• Definition of Desktop Security:
– Desktop: Computers. the primary display
screen of a graphical user interface, on which
various icons represent files, groups of files,
programs, or the like, which can be moved,
accessed, added to, put away, or thrown away
in ways analogous to the handling of file
folders, documents, notes, etc., on a real desk.
– Security: Freedom from danger, risk, etc.;
safety.
General Desktop Security
• Definition of Desktop Security cont.
– Putting the two together you have…
– Desktop Security: Freedom from danger or
risk when using your desktop computer in
your office. Safely transferring, accessing,
and manipulating information necessary
for your day to day operations.
General Desktop Security
• Updating and patching your systems
• The Anti-Section section
• Securing your systems
• Smart surfing
• Backing up
• Dealing with old systems
I got Firefox 3, how about you?
UPDATING AND PATCHING
Updating and Patching
• Why is it important to keep your
systems up to date?
• How do you keep your system up to
date and still functional?
• How often should I update, or will auto
update save me?
Updating and Patching
• Why is it important to update my
machine?
– The consequences of your actions…..
Updating and Patching
• I did not update • I did update
– Remote code execution – My machine has the
– Worms, viruses, Trojans latest code fixes
– Confidential Material – I am free from Viruses,
compromised Worms, & Trojans
– HTTP/FTP server setup – My confidential info is
for illegal/illicit still confidential
materials – No servers running here
– Key loggers – I can still be productive
– Total destruction and get my work done
– I now have to wipe and today
re-install everything
Updating and Patching
• I think I want to keep my machine
updated, how?
– Microsoft Updates
• Auto updates
– Only installs critical updates!
• Manual updates
– You must go out and get them, but you do get them all
– Machine specific updates
• Lenovo system update
– Updates specific to your machine for both hardware
and software
– Tune in later today for Software Updating
tools with Ben Kirchmeier.
I got a whole bag of Anti- here with your name on it
THE ANTI-SECTION SECTION
The Anti-Section section
• Anti-Virus software
• Anti-Adware / Anti-Spyware software
• Anti-Malware software
• Anti-Venom
Anti-Virus
• What does Anti-Virus software really
do?
• Which one should I use?
– AVG, its free you know…
– McAfee, I bought it cause it looked cool…
– Trend Micro, is it really trendy…
– Norton, because you know it is different
than Symantec, right…
– Symantec from the UI, I like the UI…
Anti-Virus
• Definition of Antivirus :
– A software program designed to identify
and remove a known or potential
computer virus.
• What does antivirus mean to me…
Anti-Virus
• Antivirus:
– A program that runs on my computer and
actively scans all programs and then
compares them to a database of definitions
managed by the program to determine if
they are a virus or not
Anti-Virus
• AVG…
– Not really a good idea, as the EULA states it is for
private use only, and not in an Academic
environment
• McAfee…
– You can use it on campus, but it is not ITS
supported software.
• Trend Micro…
– Same as MacAfee, you can use it, but it is not
supported.
• Norton…
– Same company as Symantec, with many
differences. Not supported by ITS
Anti-Virus
• Anti-Virus protection
– Get it
• From the UI
– Use it
• Make sure it is turned on and scanning actively
– Update it
• Make sure auto updates are turned on and are done
regularly
– Check it
• Make sure you are using the latest version of
Symantec. You can check your version by clicking
on the help and support button in 11.0 and newer.
In version 10.2 you can open Symantec and view
the version on the main page.
Anti-Virus
Anti-Virus
Anti-Adware / Anti-Spyware
• What is adware?
• What is spyware?
• Why do I need to worry about them?
Anti-Adware / Anti-Spyware
• Adware definition:
– a software application in which
advertisements are displayed while the
program is running, esp. in pop-up
windows or banners, and which often is
installed without the users knowledge or
consent; also called advertising-supported
software
Anti-Adware / Anti-Spyware
• Spyware definition:
– any software that covertly gathers
information about a user while he/she
navigates the Internet and transmits the
information to an individual or company
who then uses it for marketing or other
purposes.
Anti-Adware / Anti-Spyware
• Why worry you ask…
– Adware is the cause of a great deal of
frustrations to many users.
– Spyware is always watching you.
• When you go to your banks website
• When you bought those expensive pumps
online
• When you checked your paystub on
Vandalweb
• When you asked ask.com about the rash on…
Anti-Adware / Anti-Spyware
• Great holy bag of crazy monkeys, I have pop-
up craziness. Help me ITS superstars…
– Ad-aware
• Free version downloadable from www.download.com
– Spybot search and destroy
• Free version downloadable from www.download.com
– Windows Defender
• Is standard on Vista, and is downloadable from
Microsoft website for XP users
– Symantec AV 11 has built in Anti-Spyware
protection
• If you have AV from us it is already working for you
Anti-Malware
• Mal-what?
• Malware definition:
– software, such as viruses, intended to damage
or disable a computer system; short for
malicious software; also written mal-ware.
• Malware can be removed with most Anti-
Virus software, but may require specialty
software to effectively render your system
back to a safe condition.
What, you mean this has to be secure?
SECURING YOUR SYSTEM
Securing your system
• What do you mean by securing my
system?
• How can I secure my system?
• How can I make sure no one has accessed
my stuff?
• What do I do if someone has accessed my
machine?
Securing your system
• What do you mean securing your
system.
– Not only do you need to think about
password security, but physical security,
biometrics, firewalls, computer privileges,
and data encryption.
Securing your system
• Ok, so how do I secure my system?
– Physical Security
• Where is my computer located
– Biometrics
• Fingerprint reader / Retinal scanner
– Data encryption
• Are my files accessible if they are taken from my
machine?
– Administrator Privileges
• Do I really, really need to be an administrator?
– Firewalls
• You shall not pass!
– Strong passwords
• shs1Yp?
Securing your system
• How do I make sure no one got into my
system?
– Tamper protecting software
– Tamper protection hardware
Securing your system
• What if someone accessed my machine,
what do I do?
– Verify something happened
– Unplug the network cable
– Report the incident to your supervisor
– Report the incident to security@uidaho.edu
– Call the police if necessary
– Change all of your passwords
– Change your encryption pass phrase
– Mitigate the damage, check your bank records
and other personal accounts for suspicious
activity
How to catch an internet wave and not crash and burn
SMART SURFING
Smart Surfing
• Are things really that bad out there?
– Basic ideas to keep you safe and still enjoy
the internet
– P2P file sharing
– Phishing scams
Smart Surfing
• Are things really that bad out there?
– Yes, they are.
– According to the Privacy Rights
Clearinghouse, there have been more than
240 million records containing sensitive
personal information involved in security
breaches to-date nationally.
from MS-ISAC
Safe Surfing
• How do I surf the web safely?
– Common sense is your best friend
– Update your web browser
– Keep your operating system updated
– Enable the pop-up blocker functionality
– Keep an eye on JavaScript, Java, and
ActiveX controls
– Try noscript.net
Smart Surfing
• P2P file sharing.
– P2P:
• Connections between two or more computers
directly
– File sharing:
• refers to the providing and receiving of digital files
over a network, usually following the peer-to-peer
(P2P) model, where the files are stored on and
served by personal computers of the users.
– Common P2P programs:
• BitTorrent / eDonkey / Ares / Napster / Freenet
Smart Surfing
• Ok, so what does P2P mean to me…
– With P2P clients you have no control over
the content you are receiving
– Most clients also set up services for you to
serve content from your machine as well as
download
– Most things you get could be laced with
viruses
– Downloaded content is most likely illegal
– Your machine is now open to the outside
while serving content
Smart Surfing
• Phishing Scams
– Phishing:
• the practice of luring unsuspecting Internet
users to a fake Web site by using authentic-
looking email with the real organizations logo,
in an attempt to steal passwords, financial or
personal information, or introduce a virus
attack; the creation of a Web site replica for
fooling unsuspecting Internet users into
submitting personal or financial information or
passwords.
Smart Surfing
• Tips for not getting caught:
– Do not click on links listed in e-mail
messages, and watch out for attachments
– Do not enter information in pop-ups
– If it looks fishy, it probably is. Just delete it.
– Enable phishing filters in your web
browsers
– Do not respond with personal information
to e-mail requests. Legit places will never
ask for information via e-mail.
How I avoided total melt down when my hard drive melted down
BACKING UP YOUR DATA
Backing up your data
• Why should I back up my data?
• What do I need to know in order to
back up my data?
• How do I back up my data?
Backing up your data
• Why should you back up your data?
– What if the building burns down?
– Is all my information still around?
– So, my computer just got stolen. Can I go
back to work now?
– I left my laptop in the airport, and they
found it. Phew, but it will take 6 weeks to
get it mailed back to me. What do I do?
– My hard drive is playing disco music when
it spins up. Is everything ok?
Backing up your data
• What do I need to know
• Step 1:
– Plan a backup strategy
• What do I need to backup?
– Only back up important info you will need in the future
• How quickly will I need it in the future?
– Time may be critical, choose an application which can restore
quickly
• Do I need multiple backups or will one do?
– It is always good to have multiple backups, as long as they are all
up to date
• When during the day should I do the backup?
– When you are not using your machine for a few hours. Backups
take time and could hold your computer up for several hours.
• It is convenient to use this backup software?
– It should be, otherwise you probably won’t use is on a regular
basis
Backing up your data
• Step 2:
– Execute your plan
• Make sure you are keeping up to date on your
backups.
• Backups are only as good as they are usable. If
your backup is really, really outdated, then it is
useless.
• Keep track of your backups.
• Don’t keep your backups in the same place as
your machine, separate and save.
Backing up your data
• Step 3:
– Diligence is the key to success
• Make sure you continue sticking to your plan
What the heck do I do with all of this old stuff in my office?
SURPLUS
Surplus
• What do I do with my old stuff?
• Where can I find out more?
Surplus
• Surplus is your friend, and you can even
make some money back from the sale of
your old stuff.
• UI APM Chapter 10.41 covers how to go
about sending your old systems to
surplus.
• http://www.uihome.uidaho.edu/default.
aspx?pid=84377
Surplus
• So now I know where to send my stuff,
what do I do?
– Stay tuned for Sean Sullivan’s presentation
on PC lifecycle and Maintenance
No really, you guys got any questions?
QUESTIONS?
General Desktop Security
May the force be with you.
