1. LimKokWing University Security and Windows 7 SanjayW – MVP (Security) Azra Rizal – MVP (Security)

2. Topics Why anyone should care about information security? Introduction & Goals The 10 security misconceptions New and emerging threats Protecting privacy and information with Windows 7 and other Microsoft solutions Demos Certifications – Your competitive advantage

3. Why anyone should care about information security? Just about every professional discipline uses computers Keeping your data, yours The Internet Social engineering Knowledge is power Threat of espionage If you don’t then who will? It is your responsibility, legally speaking! It’s a lifelong benefit

4. Introduction

5. Our Goal

6. Top ten security myths I’ve got antivirus, I’m good to go I have a strong password on my laptop, no one can access my data I don’t use Windows, I’m already secure No one can see what I do in a public/private WiFi/network The campus IT guys got me covered

7. Top ten security myths –Cont’d I never visit “bad” internet sites, I will be safe I hide all my stuff in hidden folders and such, my data is safe I never add anyone Idon’t know on socialnetworking sites, blogs, etc.. I install lots of security software, I think I am fine I store all my data externally and I carry that everywhere safely

8. Why Antivirus alone isn’t enough? Antivirus rely on patterns, i.e. it’s as good as the pattern you use Worms can potentially disarm protection and access to security websites Thus, most exploits become successful because of one primary thing: Lack of patching, both application and OS

9. P@sswords? What constitute a good password? Definitely not a passWORD, should a passPHRASE instead FACT! - Longer passwords are better than short complex ones 5 characters (all lowercase) takes about a minute to crack @ 500,000 passwords/sec 10 characters (all lowercase) would take approximately 10 years @ 500,000 passwords/sec Of course, don’t use known (dictionary) words la..

10. Security problems are everywhere, anywhere.. Which is more secure? Unix/Linux or Windows? Or Mac? Security is as strong as it’s weakest link Sometimes (actually most of the time) it’s the human factor E.g. lack of patching E.g. lack of security updates in applications E.g. use of weak passwords

11. Wired/Wireless Network Which is “better”? Use of public networks (e.g. hotspots) Do’s Don’ts

12. Organizational security Protects a lot but not enough The perimeter should be your own machine Moving out of the org Using 3G modems, wireless peer, 3rd party connectivity

13. Threats come uninvited (too) Almost 50% of threats finds its own way to you The rest are probably invited ones  Plug an unpatched, unprotected computer out on an unprotected internet connection Takes approximately 20 minutes to get it ridiculed with worms and viruses

14. Obscurity Security through obscurity is not security It’s merely hiding E.g. hiding a folder in your computer Using “hide tools” Hiding is fine, just as long you know, it’s not securing

15. Online Friends The issue is not whether who you add or allow to see your private data Social networking, blogs, picture sites etc.. It’s human to trust friends, disallowing people you don’t know Thin line between friends and foes

16. Beefing up security The fact is, the more you have isn’t always the best when the sum of it matters That doesn’t also mean, the less is better The important thing to remember, the easier the better That you understand, you best use That you don’t you may misuse

17. Mobile storage Easiest way to access your data Does not carry any security by default Password protection on those drives can be easily defeated

18. New and emerging threats Social networking Mobile devices Web 2.0

19. Social Networking Facebook/Tweeter – The open book of one’s life Be careful what you post and update in there There’s always search engines to profile you

20. Read the prints Always check what an application, website etc is asking you for..

21. Read the prints Google’s ad sensing technology Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.

22. Mobile devices PDA/Smartphones iPods etc… Any device that has data, and its mobile and it can connect to the internet

23. Web 2.0 Blogs, youtube, photos, online spaces, virtual worlds Try searching yourself from here www.123people.com

24. Other stuff that make it to the headlines

25. How much information you can deduce from this..? A facebook status message I saw 2 days ago.. “We are packed and ready for Singapore. Peace and quiet! Then, some friends replied, including this.. “Don’t worry bro, Goggles is in good hands..”

26. How much information you can deduce from this..? The person is not contactable The person will most likely be away on a holiday/not working He’s not travelling alone They have not left *yet*, safe bet, 1 day top Most likely Fluff is dog/cat/fish, and his house will be empty!!!!! His pet’s name is Googles His friend (probably a neighbor) will either frequent the house to feed the animal..