Cyber Security Awareness Month
Post on 25-Feb-2016
Embed Size (px)
DESCRIPTIONCyber Security Awareness Month. Off-Campus Safe Computing Part 2. Using Your Laptop Safely On the Road. Introductions. Allen Monette Security Coordinator Office of Campus Information Security. OCIS Brown Bag Series. Worst Practices, or 10 Easy Steps to Loosing Your Data - PowerPoint PPT Presentation
PKI Development Forum
Cyber Security Awareness MonthUsing Your Laptop Safely On the RoadOff-Campus Safe Computing Part 2IntroductionsAllen Monette
Office of Campus Information Security
OCIS Brown Bag SeriesWorst Practices, or 10 Easy Steps to Loosing Your DataProtecting Your Laptops DataUsing Your Laptop Safely on the RoadFinding and Protecting Sensitive Data on Your ComputerProtecting Data by Using Network and Server Scanning ToolsRicks Road Trip
Meet Rick typical user from Department of Ethical Environmental Programming (DEEP)Going to a conference and taking a few personal vacation days afterwardsfollowing some good practices, but not aware of special circumstances in using a laptop off campus
Ricks New LaptopReal Rick would buy a Mac6
For today, Rick bought a Dell7
Added antivirus software
Checked that Windows Firewall was turned on
Ran Windows Update to get latest patches
Downloads all the data hell need to do some work and give a presentationInstalled and configured other software, too11Rick visits his favorite coffee shop
Hey, Free Wi Fi!
Rick isnt actually using Blogger. Posted note about his upcoming travel. Supposed to be limited access.16
Bought and drank two cups of coffeehe also had a little help from one of the locals17
We all know what happens when you drink lots of coffee.18
Left his laptop sitting on the table when he went to get coffee and use the restroom19
Fortunately for Rick, his laptop didnt just walk off20Rick on the Road
While Rick is on the road, a number of things happen21
Credit card stops working and its not because the places hes using it have broken equipment22
Cant login to his email23
Ricks New LaptopReal Rick would buy a Mac24Ricks New LaptopGoes missing as he makes his way through airport security25Ricks return
Once Rick gets home, things dont get any better.26
House broken into; stuff stolen27Account Balance: $0Checking account is cleaned out28
2005 Wisconsin Act 138 requires entities to notify individuals of certain unauthorized acquisitions of personal information.
Personal information means an individuals last name and the individuals first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in any manner that renders the element unreadable: (a) the individuals Social Security number; (b) the individuals drivers license number or state identification number; (c) the number of the individuals financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individuals financial account; (d) the individuals DNA profile; and (e) the individuals unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical characteristic. When he tells his department IT staff about losing his laptop, they say that they may have to notify under state laws. Department isnt happy with Rick.30Lets go Back In Time
Ricks had a really bad tripwhat happened?What could be done to protect him?
31Rick isnt a bad userDid work to secure his computerWhat he did is good for a desktop on a protected networkNot so good for the wilds of Free WiFi
Credit CardWhat happened?
Since Rick wasnt doing this.shoulder surfer got part of the number.Got rest of the number, plus the expiration date and Card Security Code from a file on Ricks desktop
34SolutionsWhat to do?SolutionsFile on desktopdont store that data!If you must store it, encrypt it!Lock your workstation; use screensaver passwordsDont leave your laptop unattendedBe aware of those around you
Email + Break-inWhat happened?
Repsonded to a phishing attempt; spammers used his account and his ISP shut it down38
Rick isnt actually using Blogger; blog he is using does not use SSL to protect his login credentials. Rick is using free, open, wireless without a vpntraffic got sniffed.39SolutionsWhat to do?SolutionsKnow how to spot a phishing attemptUse different credentials for different accountsUse a VPN
Laptop Lost; Cash goneWhat happened?42
Had checking account information on laptop in MS Money; downloaded all the data he needed to his laptop43SolutionsWhat to do?SolutionsOS hardeningrequire username/password to loginEncrypt!Use removable storage; better yet use network storageLojack for laptopsSecurity screening line strategiesRules of the RoadStore no data locallySince we know 1 is hard: Encrypt!Practice Defensive Networking Use VPNKnow where your laptop is at all timesQuestions?