tech blast: security
Post on 17-Oct-2014
3.368 views
DESCRIPTION
Presented at the NLC Tech Rodeo on the campus of Doane College in Crete, NE 26-28 June 2012. http://nlcblogs.nebraska.gov/techrodeoTRANSCRIPT
![Page 1: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/1.jpg)
Tech Blast:Security
Michael SauersTech Rodeo
Doane College26-28 July 2012
Intro
![Page 2: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/2.jpg)
![Page 3: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/3.jpg)
Intro
Who do Ineed to
worryabout?
http://www.flickr.com/photos/12273378@N00/2547546709/
![Page 4: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/4.jpg)
Where?
Intro
http://www.flickr.com/photos/39585662@N00/5331407245/
![Page 5: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/5.jpg)
How?
Intro
Address Bar Spoofing
Advanced Persistent Threats
Adware
Arbitrary Command Execution
Arbitrary File Downloads
Array Integer OverflowsBackdoors
Blended Threats
Buffer Overflows
Code Injections
Cookie Disclosures
Cross Site Request Forgery
Cross Site Scripting
Data Aggregation Attacks
Data Exfiltration
Denial Of Service
Directory Traversals
DNS Changes
DNS Poisoning
File Overwrite
Forced Tweet
Format Strings
Frankenmalware
Heap Overflows
Information Disclosures
Keyloggers
Local File Inclusions
Local Stack Buffer Overflow
Malware
Man In The Browser Attacks
Man In The Middle Attacks
Null Byte Injection
Open Redirection
Privilege Escalations
Remote Code Injection
Remote Code Execution
Remote Command Executions
Remote Stack Buffer Overflow
Rootkits
Scareware
Shell UploadsSpyware
SQL Injections
Stack Pointer Underflow
Tojan-Downloaders
Trojans
Viruses
Worms
Malvertising
Crimevertising
HTTP Parameter Pollution
![Page 6: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/6.jpg)
What?
Intro
Incognito
Blacole
SefnitPhoenix
Eleonore
Bleeding Life
SEO Sploit
CrimePack
Intoxicated
Siberia
IRCBot
Onescan
Hotbar
Zwangi
OpenCandy
GameVance
SideTab
FineTop
ClickPotato CoinMiner
AlureonCycbot
Alureon
Ramnit
SpyEye
Taterf
FakeRean
TaterfConficker
Rimecud
Sality Pdfjsc
Camec
Conedex
Poison
Sirefef
FakeCheck
MSIL
PlayBryte
Dofoil
Citadel
ZeuS
SpyZeus
cutwail
grum
lethic
bobax
fivetoone
darkmailer
maazbenghegsendsafe
s_torpig
RedKit
![Page 7: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/7.jpg)
What Are They After?Intro
![Page 8: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/8.jpg)
Intro
![Page 9: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/9.jpg)
Personal information is the currency of the underground
economy.
Intro
![Page 10: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/10.jpg)
Intro
Steal everything
Sort it out laterhttp://www.flickr.com/photos/36448457@N00/4521285655/
![Page 11: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/11.jpg)
Intro
There’s no such thing as a secure computer!
![Page 12: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/12.jpg)
Passwordshttp://www.flickr.com/photos/61577908@N00/4750110576/
![Page 13: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/13.jpg)
Passwords http://www.flickr.com/photos/7447470@N06/3839085638/
![Page 14: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/14.jpg)
What makes a good password?
Passwordshttp://www.flickr.com/photos/58442690@N00/2297872691/
![Page 15: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/15.jpg)
Size matters!
![Page 16: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/16.jpg)
Keep up-to-date!
http://www.flickr.com/photos/12036191@N00/357072613/
![Page 17: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/17.jpg)
Operating Systems
![Page 18: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/18.jpg)
Browsers
![Page 19: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/19.jpg)
Everything else
![Page 20: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/20.jpg)
Mobile Devices
![Page 21: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/21.jpg)
Anti-virus
![Page 22: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/22.jpg)
How Do You KnowIf You’re Infected?
![Page 23: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/23.jpg)
You don’t!
![Page 24: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/24.jpg)
Your antivirus software is a seat belt, not a force field.-Alfred Huger
![Page 25: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/25.jpg)
Only 1% of all cyberattacks are from
previously unknownthreats.
-Microsoft Report
![Page 26: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/26.jpg)
Wi-Fi
Simple:If it’s yours, secure it!
If it’s not, don’t trust it!
![Page 27: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/27.jpg)
Social Media
Understand and adjust your privacy
settings
Use HTTPS
Be skeptical of everything
• especially ANYONE asking you for money
Staying Safe Online
![Page 28: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/28.jpg)
If I took your laptop/iPadright now....
What would I have access to?
Staying Safe Online
![Page 29: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/29.jpg)
Security In Libraries
![Page 30: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/30.jpg)
But We’re Just A Library…
![Page 31: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/31.jpg)
83% of victims were
targets of opportunity
92% of attacks were
easy
85% of hacks were
found by a 3rd partyVerizon Data Breach Investigations Report – Fall 2011
![Page 32: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/32.jpg)
IT Security For Libraries
Being bad is easy…
![Page 33: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/33.jpg)
…Security is hard
http://www.flickr.com/photos/vrogy/511644410/
![Page 34: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/34.jpg)
The attacker only needs to succeed once...
-Securosis blog
IT Security For Libraries
![Page 35: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/35.jpg)
Common mistakes
http://www.flickr.com/photos/34120957@N04/4199675334/
![Page 36: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/36.jpg)
IT Security For Libraries
Do something…Do anything!
![Page 37: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/37.jpg)
What Does A LibraryNeed To Protect?
http://www.flickr.com/photos/41084935@N00/362929745/
![Page 38: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/38.jpg)
Public Access Computers
Inform your patrons:
• Make Sure You Log Out
• Don’t Access Sensitive Sites
• Beware of the "remember me" option
• Don't send personal or financial information via email
• Don't send personal or financial information over unsecure websites
![Page 39: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/39.jpg)
Training
http://www.flickr.com/photos/21671782@N03/5020082786/
![Page 40: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/40.jpg)
http://www.flickr.com/photos/95877218@N00/516920477/
What do you see?
![Page 41: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/41.jpg)
Server Security
http://www.flickr.com/photos/60723528@N00/476586010/
![Page 42: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/42.jpg)
Staying Current Schneier on Security : http://www.schneier.com/blog/
Naked Security – Sophos : http://nakedsecurity.sophos.com/
Security FAQs : http://www.security-faqs.com/
SANS Reading Room : http://www.sans.org/reading_room/
Security Now Podcast : http://grc.com/securitynow.htm
![Page 43: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/43.jpg)
FinalThoughts
![Page 44: Tech Blast: Security](https://reader033.vdocuments.mx/reader033/viewer/2022061105/5441b757b1af9fff4b8b47c7/html5/thumbnails/44.jpg)
Thank you!
Michael SauersTechnology Innovation LibrarianNebraska Library [email protected]
Special thanks to Blake Carver of LISHost for allowing me to adapt his slides.http://lisnews.org/security/