tech blast: security
Post on 17-Oct-2014
3.368 views
DESCRIPTION
Presented at the NLC Tech Rodeo on the campus of Doane College in Crete, NE 26-28 June 2012. http://nlcblogs.nebraska.gov/techrodeoTRANSCRIPT
Tech Blast:Security
Michael SauersTech Rodeo
Doane College26-28 July 2012
Intro
Intro
Who do Ineed to
worryabout?
http://www.flickr.com/photos/12273378@N00/2547546709/
Where?
Intro
http://www.flickr.com/photos/39585662@N00/5331407245/
How?
Intro
Address Bar Spoofing
Advanced Persistent Threats
Adware
Arbitrary Command Execution
Arbitrary File Downloads
Array Integer OverflowsBackdoors
Blended Threats
Buffer Overflows
Code Injections
Cookie Disclosures
Cross Site Request Forgery
Cross Site Scripting
Data Aggregation Attacks
Data Exfiltration
Denial Of Service
Directory Traversals
DNS Changes
DNS Poisoning
File Overwrite
Forced Tweet
Format Strings
Frankenmalware
Heap Overflows
Information Disclosures
Keyloggers
Local File Inclusions
Local Stack Buffer Overflow
Malware
Man In The Browser Attacks
Man In The Middle Attacks
Null Byte Injection
Open Redirection
Privilege Escalations
Remote Code Injection
Remote Code Execution
Remote Command Executions
Remote Stack Buffer Overflow
Rootkits
Scareware
Shell UploadsSpyware
SQL Injections
Stack Pointer Underflow
Tojan-Downloaders
Trojans
Viruses
Worms
Malvertising
Crimevertising
HTTP Parameter Pollution
What?
Intro
Incognito
Blacole
SefnitPhoenix
Eleonore
Bleeding Life
SEO Sploit
CrimePack
Intoxicated
Siberia
IRCBot
Onescan
Hotbar
Zwangi
OpenCandy
GameVance
SideTab
FineTop
ClickPotato CoinMiner
AlureonCycbot
Alureon
Ramnit
SpyEye
Taterf
FakeRean
TaterfConficker
Rimecud
Sality Pdfjsc
Camec
Conedex
Poison
Sirefef
FakeCheck
MSIL
PlayBryte
Dofoil
Citadel
ZeuS
SpyZeus
cutwail
grum
lethic
bobax
fivetoone
darkmailer
maazbenghegsendsafe
s_torpig
RedKit
What Are They After?Intro
Intro
Personal information is the currency of the underground
economy.
Intro
Intro
Steal everything
Sort it out laterhttp://www.flickr.com/photos/36448457@N00/4521285655/
Intro
There’s no such thing as a secure computer!
Passwordshttp://www.flickr.com/photos/61577908@N00/4750110576/
Passwords http://www.flickr.com/photos/7447470@N06/3839085638/
What makes a good password?
Passwordshttp://www.flickr.com/photos/58442690@N00/2297872691/
Size matters!
Keep up-to-date!
http://www.flickr.com/photos/12036191@N00/357072613/
Operating Systems
Browsers
Everything else
Mobile Devices
Anti-virus
How Do You KnowIf You’re Infected?
You don’t!
Your antivirus software is a seat belt, not a force field.-Alfred Huger
Only 1% of all cyberattacks are from
previously unknownthreats.
-Microsoft Report
Wi-Fi
Simple:If it’s yours, secure it!
If it’s not, don’t trust it!
Social Media
Understand and adjust your privacy
settings
Use HTTPS
Be skeptical of everything
• especially ANYONE asking you for money
Staying Safe Online
If I took your laptop/iPadright now....
What would I have access to?
Staying Safe Online
Security In Libraries
But We’re Just A Library…
83% of victims were
targets of opportunity
92% of attacks were
easy
85% of hacks were
found by a 3rd partyVerizon Data Breach Investigations Report – Fall 2011
IT Security For Libraries
Being bad is easy…
…Security is hard
http://www.flickr.com/photos/vrogy/511644410/
The attacker only needs to succeed once...
-Securosis blog
IT Security For Libraries
Common mistakes
http://www.flickr.com/photos/34120957@N04/4199675334/
IT Security For Libraries
Do something…Do anything!
What Does A LibraryNeed To Protect?
http://www.flickr.com/photos/41084935@N00/362929745/
Public Access Computers
Inform your patrons:
• Make Sure You Log Out
• Don’t Access Sensitive Sites
• Beware of the "remember me" option
• Don't send personal or financial information via email
• Don't send personal or financial information over unsecure websites
Training
http://www.flickr.com/photos/21671782@N03/5020082786/
http://www.flickr.com/photos/95877218@N00/516920477/
What do you see?
Server Security
http://www.flickr.com/photos/60723528@N00/476586010/
Staying Current Schneier on Security : http://www.schneier.com/blog/
Naked Security – Sophos : http://nakedsecurity.sophos.com/
Security FAQs : http://www.security-faqs.com/
SANS Reading Room : http://www.sans.org/reading_room/
Security Now Podcast : http://grc.com/securitynow.htm
FinalThoughts
Thank you!
Michael SauersTechnology Innovation LibrarianNebraska Library [email protected]
Special thanks to Blake Carver of LISHost for allowing me to adapt his slides.http://lisnews.org/security/