safe computing practices. why would anyone want to hack me? 1 krebs, brian - “the scrap value of a...

Safe Computing Practices

Why would anyone want to hack me?

2Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012, http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

Why would anyone want to hack me? - Online Card Shops

“... the site is offering a pack of 1,245 cards stolen two months ago from stores in Massachusetts and Connecticut for the bargain price of USD $10,500.”

3

Krebs, Brian, “Peek Inside a Professional Carding Shop”, 14 Jun 2014, http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/

Phishing Example 1

4

Phishing Example 1 - Red Flags

5

Phishing Example 2

6

Emails sent from a compromised @middlebury.edu email account!

Phishing Example 3

7

Phishing Example 4 - Malicious Attachment

8

Drive-By Downloads

9-- http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx

Please don’t share passwords

10

There’s no such thing as a free lunch USB storage key

11

Data Classification – What to Collect and How

12

● http://go.middlebury.edu/sensitivedata● http://go.miis.edu/sensitivedata

Resources on Information Security

Policies:• Privacy Policy =Confidentiality of

Datahttp://go.middlebury.edu/privacy

• Network Monitoring Policy = Protection of College Technology Resourceshttp://go.middlebury.edu/netmon

• Technical Incident Response Policy = Response to Information Security Eventshttp://go.middlebury.edu/tirp

• Data Classification Policy = Defines Data Types

http://go.Middlebury.edu/dcp

• Red Flags Policy = Identity Theft ProtectionNot presently in hand book

• PCI Policy = Payment Card Data Handling

http://go.middlebury.edu/pcipolicy

Web Sites:• Middlebury’s Information

Securityhttp://go.middlebury.edu/infosec

• Phishing Information http://go.middlebury.edu/phish http://www.phishing.org/

• Protect Yourself On-linehttp://www.onguardonline.gov/

• Parents Resource for Kids On-line

http://getnetwise.org/

• Best Practices for Home and Workhttp://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf

Discussion and Links

Please share your thoughts!Information Security Resources:

http://go.middlebury.edu/infosechttp://go.miis.edu/infosec

http://go.middlebury,.edu/infosecneo

Report Information Security Events To: infosec@middlebury.edu