Information Security Office Computer Security Basics What Every Computer User Should Know Kelley...

Information Security Office

Computer Security Basics

What Every Computer User Should Know

Kelley Bogart

Information Security Coordinator


SECURITY TIPS1. Use protection software "anti-virus software" and keep it

up to date.

2. Don't open unknown, unscanned or unexpected email attachements.

3. Use hard-to-guess passwords.

4. Protect your computer from Internet intruders -- use "firewalls".

5. Don't share access to your computers with strangers. Learn about file sharing risks.

Stay Safe Online www.staysafeonline.info/sectips.adpsponsored by the National Cyber Security

Alliance


SECURITY TIPS

6. Disconnect from the Internet when not in use.

7. Back up your computer data.

8. Regularly download security protection update "patches".

9. Check your security on a regular basis. Understand the risks and use measures to minimize your exposure.

10. Share security tips with family members , co-workers and friends.

Stay Safe Online www.staysafeonline.info/sectips.adpsponsored by the National Cyber Security

Alliance


1. Use protection software "anti-virus software" and keep it up to date.

Make sure you have anti-virus software on your computer! Anti-virus software is designed to protect you and your computer against known viruses so you don't have to worry. But with new viruses emerging daily, anti-virus programs need regular updates, like annual flu shots, to recognize these new viruses. Be sure to update your anti-virus software regularly! The more often you keep it updated the better. With the current virus activity that would be at least once a day if not more. Check with the web site of your anti-virus software company to get regular updates for your software. Stop viruses in their tracks!


Anti-virus Software

Relies on early warnings of new viruses, so that antidotes can be developed and distributed quickly

1,000’s of new viruses being generated every month

– Essential virus database be kept up to date


Sophos Anti-Virus - Available at no cost to UA faculty, staff, and students, for use on campus systems and personal workstations located at home

https://sitelicense.arizona.edu/sophos/

Important install information

https://sitelicense.arizona.edu/sophos/install_info.shtml

Download virus identities (IDE files)

http://www.us.sophos.com/downloads/ide/


2. Don't open unknown, unscanned or unexpected email attachments.

A simple rule of thumb is that if you don't know the person who is sending you an email, be very careful about opening the email and any file attached to it. Should you receive a suspicious email, the best thing to do is to delete the entire message, including any attachment. Even if you do know the person sending you the email, you should exercise caution if the message is strange and unexpected, particularly if it contains unusual hyperlinks. Current email viruses are “spoofed” to appear to come from a trusted, known or authoritative source. Contact the person sending the to verify that they really did send it. Or when in doubt, delete!


Don't Open E-Mail Attachments -- Latest Virus May Hide Within

March 03, 2004 – March 8, 2004 Spotlight

Viruses are being sent in e-mail attachments to the campus community, with a message appearing to come from a known, trusted, or authoritative source.

The latest message with virus attachment threatens to disable your UA e-mail account unless you open the attachment for "further details." Below is the text of the message, though be aware you may receive slightly different versions:


Sample E-Mail To: [email protected]: Notify about your e-mail account utilization. From: [email protected]

Dear user of Arizona.edu gateway e-mail server,

Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

For further details see the attach. For security reasons attached file is password protected. The password is "03406".

Best wishes, The Arizona.edu team http://www.arizona.edu


You'll see there are spelling and grammar errors, not uncommon in e-mail messages attempting to spread viruses.

What to do with an e-mail message and its attachment

Do not open any attachment before verifying it's safe. Contact the sender, via e-mail or phone, and ask them if they sent you the attachment. Be especially watchful for attachments with these file extensions: .ZIP, .EXE, .COM, .BAT, .PIF and. SCR.

Delete any message and attachment if they’re at all suspicious

Deleting a message in most e-mail programs is easy, but some e-mail programs may not automatically delete the attachment as well. Not sure if your program deletes the attachment? Find out.


Get anti-virus software and keep it up to date

Install anti-virus software on both your UA office computer and home computer Sophos anti-virus software is available free to the campus community through a UA site license; download it from UA Software Licensing, at https://sitelicense.arizona.edu/sophos/

Important install informationhttps://sitelicense.arizona.edu/sophos/install_info.shtml

Keeping your anti-virus software up-to-date means: getting updates as often as possible, preferably every hour. On campus, your network manager can arrange to have Sophos updated automatically on your

computer.

Download virus identities (IDE files)http://www.us.sophos.com/downloads/ide/


3. Use hard-to-guess passwords

Passwords will only keep outsiders out if they are difficult to guess! Don't share your password, and if possible don't use the same password in more than one place. If someone should happen to guess one of your passwords, you don't want them to be able to use it in other places. The golden rules of passwords are: (1) A password should have a minimum of 8 characters, be as meaningless as possible, and use uppercase letters, lowercase letters and numbers, e.g., xk28LP97. (2) Change passwords regularly, at least every 120 days. (3) Do not give out your password to anyone!


Passwords

• Simplest and most common way to ensure that only those that have permission can enter your computer or certain parts of your computer network

• Virtually ineffective if people do not protect their passwords.

• The golden rules, or policies for passwords are: • Make passwords as meaningless as possible • Change passwords regularly • Never divulge passwords to anyone

UA Password Standard

http://security.arizona.edu/drafts.html


Password Construction

On systems that support them, passwords should contain at least eight characters

One of each of the following characters:

- Uppercase letters ( A-Z )- Lowercase letters ( a-z )- Numbers ( 0-9 )- Punctuation marks ( !@#$%^&*()_+=- )


How, you may ask, am I ever going to remember such a complicated password?

Pick a sentence that reminds you of the password. For example:

if my car makes it through 2 semesters, I'll be lucky (imcmit2s,Ibl)

only Bill Gates could afford this $70.00 textbook (oBGcat$7t)

What time is my accounting class in Showker 240? (WtimaciS2?)


The Vanity Plate

I feel great = If33lg8! Wildcats are #1 = W1ldcatzR#1 Dolphins Fan = d0lf1n’sfan


Friendship = Fr13nd+sh1pLifelong = L!f3l0ngTeddybear = T3ddy^BaRe

Compound Words

Used every day are easy to remember. Spice them up with numbers and special characters. Also,

misspell one or both of the words and you'll get a great password.


Password Management

We share offices, equipment and ideas.

You should never share your password with anyone, anytime!

If you ever receive a telephone call from someone claiming to need your password, report it immediately.

When you receive technical assistance, enter your password yourself. Do not reveal it.


It's probably safer to store a strong password in a place where someone would have to physically break in than to expose a weak password to 300,000,000 people on the internet.

If you absolutely have to, record it in a

secure location.


Safeguard Your Strong Password

Be careful about typing your password into a strange computer.

– Is the owner trustworthy or are they perhaps running a keyboard logger recording your keystrokes? (It has happened).

– Who was the last person to use it and what did they run on it?


Be careful about typing your password into a strange program, web site, or server.

– Why do they need it?

– Are they authorized to ask for it?

– A web site on the other side of the country should definitely not be asking for your U of A password over the network whenever possible.

Do not use the same password on an unofficial, entertainment, off-campus, OR uncritical service that you use for more critical services.


4. Protect your computer from Internet intruders -- use a “personal firewall".

Equip your computer with a firewall! Firewalls create a protective wall between your computer and the outside world. They come in two forms, software firewalls that run on your personal computer and hardware firewalls that protect a number of computers at the same time. They work by filtering out unauthorized or potentially dangerous types of data from the Internet, while still allowing other (good) data to reach your computer. Firewalls also ensure that unauthorized persons can't gain access to your computer while you're connected to the Internet. Don't let intruders in!


Do Firewalls Prevent Viruses and

Trojans? NO!! A firewall can only prevent a virus or Trojan from

accessing the internet while on your machine

95% of all viruses and trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program

Firewalls can't prevent this -- only a good anti-virus software program can


Once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it

This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes

A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system


5. Don't share access to your computers with strangers. Learn about file sharing risks.

Your computer operating system may allow other computers on a network, including the Internet, to access the hard-drive of your computer in order to "share files". This ability to share files can be used to infect your computer with a virus or look at the files on your computer if you don't pay close attention. So, unless you really need this ability, make sure you turn off file-sharing. Check your operating system and your other program help files to learn how to disable file sharing. Don't share access to your computer with strangers!


6. Disconnect from the Internet when not in use.

Remember that the Digital Highway is a two-way road. You send and receive information on it. Disconnecting your computer from the Internet when you're not online lessens the chance that someone will be able to access your computer. And if you haven't kept your anti-virus software up-to-date, or don't have a firewall in place, someone could infect your computer or use it to harm someone else on the Internet. Be safe and disconnect!


7. Back up your computer data.

Experienced computer users know that there are two types of people: those who have already lost data and those who are going to experience the pain of losing data in the future. Back up small amounts of data on floppy disks and larger amounts on CDs. If you have access to a network, save copies of your data on another computer in the network as most shared drives are backed up. Most people make weekly backups of all their important data. And make sure you have your original software start-up disks handy and available in the event your computer system files get damaged. Be prepared!


It’s not of matter of if, it’s a matter of when.


8. Regularly download security protection update "patches“.

Most major software companies today have to release updates and patches to their software every so often. Sometimes bugs are discovered in a program that may allow a malicious person to attack your computer. When these bugs are discovered, the software companies, or vendors, create patches that they post on their web sites. You need to be sure you download and install the patches! Check your software vendors' web sites on a regular basis for new security patches or use the new automated patching features that some companies offer. Stay informed!


Microsoft Operating System Auto Update

Routinely run the Microsoft System Update Service or selecting the option to have the update service run automatically.

To enable Microsoft Auto Update (Windows NT, 2000, XP):1.On the taskbar at the bottom of your screen, click Start, Settings, and then click Control Panel. 2.Open Automatic Updates. 3.Select the auto update solution that works best for you. **You computer must be on and connected to the internet to use Microsoft’s automatic update feature

To enable Microsoft Auto Update (Windows NT, 2000, XP):1.On the taskbar at the bottom of your screen, click Start, Settings, and then click Control Panel. 2.Open Automatic Updates. 3.Select the auto update solution that works best for you. **You computer must be on and connected to the internet to use Microsoft’s automatic update feature


9. Check your security on a regular basis. Understand the risks and use measures to minimize your exposure.The programs and operating system on your computer have many valuable features that make your life easier, but can also leave you vulnerable to hackers and viruses. You should evaluate your computer security at least twice a year -- do it when you change the clocks for daylight-savings! Look at the settings on applications that you have on your computer. Your browser software, for example, typically has a security setting in its preferences area. Check what settings you have and make sure you have the security level appropriate for you. Set a high bar for yourself!


10. Share security tips and knowledge with family members , co-workers and friends.

It's important that everyone who uses a computer be aware of proper security practices. People should know how to update virus protection software, how to download security patches from software vendors and how to create a proper password. Make sure they know these tips too!


Security Necessities

First, understand the threats Second, put proper safeguards in place Extensive choice of technologies

– OS and Application Patches– Anti-virus software packages– Firewalls for providing protection– Implement proper computer security without

compromising the need for quick and easy access to information


Protect Yourself

• Never give out your password, billing information or other personal information to strangers online

• Be mindful of who you're talking with before you give out personal information

• Don't click on hyperlinks or download attachments from people/web sites you don't know

• Be skeptical of any company that doesn't clearly state its name, physical address and telephone number

• Great Home Computer Security Webpagewww.cert.org/homeusers/HomeComputerSecurity/


Spam

• Unsolicited e-mail or the action of broadcasting unsolicited advertising messages via e-mail

• Takes up time and storage space on their computer • Report it to ISP. Check your ISP help areas to find

out how to report spam


Scams

• Stakes are higher as they've got easy access to millions of people on the internet

• Email

– May contain a hyperlink to a web site that asks you for personal information, including your password

– May contain a solicitation for your credit card information in the guise of a billing request


Other helpful tools:

Spybot Search and Destroy

http://spybot.eon.net.au/index.php?lang=en&page=start

Ad-Aware (from Lavasoft)

http://www.lavasoftusa.com/software/adaware/


Summary

• Common sense, some simple rules and a few pieces of technology can help protect your computer systems from unauthorized use

• Important to remember that by protecting your own computer system, you're also doing your part to protect computers throughout the university


University Information Security Office

Bob LancasterUniversity Information Security OfficerCo-Director – CCIT, [email protected]

Security Incident Response Team (SIRT)[email protected]

Kelley BogartInformation Security Office [email protected]

Information Security Office Computer Security Basics What Every Computer User Should Know Kelley...

Documents

Transcript of Information Security Office Computer Security Basics What Every Computer User Should Know Kelley...