2. Topics Why anyone should care about information security? Introduction & Goals The 10 security misconceptions New and emerging threats Protecting privacy and information with Windows 7 and other Microsoft solutions Demos Certifications – Your competitive advantage
3. Why anyone should care about information security? Just about every professional discipline uses computers Keeping your data, yours The Internet Social engineering Knowledge is power Threat of espionage If you don’t then who will? It is your responsibility, legally speaking! It’s a lifelong benefit
6. Top ten security myths I’ve got antivirus, I’m good to go I have a strong password on my laptop, no one can access my data I don’t use Windows, I’m already secure No one can see what I do in a public/private WiFi/network The campus IT guys got me covered
7. Top ten security myths –Cont’d I never visit “bad” internet sites, I will be safe I hide all my stuff in hidden folders and such, my data is safe I never add anyone Idon’t know on socialnetworking sites, blogs, etc.. I install lots of security software, I think I am fine I store all my data externally and I carry that everywhere safely
8. Why Antivirus alone isn’t enough? Antivirus rely on patterns, i.e. it’s as good as the pattern you use Worms can potentially disarm protection and access to security websites Thus, most exploits become successful because of one primary thing: Lack of patching, both application and OS
9. P@sswords? What constitute a good password? Definitely not a passWORD, should a passPHRASE instead FACT! - Longer passwords are better than short complex ones 5 characters (all lowercase) takes about a minute to crack @ 500,000 passwords/sec 10 characters (all lowercase) would take approximately 10 years @ 500,000 passwords/sec Of course, don’t use known (dictionary) words la..
10. Security problems are everywhere, anywhere.. Which is more secure? Unix/Linux or Windows? Or Mac? Security is as strong as it’s weakest link Sometimes (actually most of the time) it’s the human factor E.g. lack of patching E.g. lack of security updates in applications E.g. use of weak passwords
12. Organizational security Protects a lot but not enough The perimeter should be your own machine Moving out of the org Using 3G modems, wireless peer, 3rd party connectivity
13. Threats come uninvited (too) Almost 50% of threats finds its own way to you The rest are probably invited ones Plug an unpatched, unprotected computer out on an unprotected internet connection Takes approximately 20 minutes to get it ridiculed with worms and viruses
14. Obscurity Security through obscurity is not security It’s merely hiding E.g. hiding a folder in your computer Using “hide tools” Hiding is fine, just as long you know, it’s not securing
15. Online Friends The issue is not whether who you add or allow to see your private data Social networking, blogs, picture sites etc.. It’s human to trust friends, disallowing people you don’t know Thin line between friends and foes
16. Beefing up security The fact is, the more you have isn’t always the best when the sum of it matters That doesn’t also mean, the less is better The important thing to remember, the easier the better That you understand, you best use That you don’t you may misuse
17. Mobile storage Easiest way to access your data Does not carry any security by default Password protection on those drives can be easily defeated
18. New and emerging threats Social networking Mobile devices Web 2.0
19. Social Networking Facebook/Tweeter – The open book of one’s life Be careful what you post and update in there There’s always search engines to profile you
20. Read the prints Always check what an application, website etc is asking you for..
21. Read the prints Google’s ad sensing technology Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.
25. How much information you can deduce from this..? A facebook status message I saw 2 days ago.. “We are packed and ready for Singapore. Peace and quiet! Then, some friends replied, including this.. “Don’t worry bro, Goggles is in good hands..”
26. How much information you can deduce from this..? The person is not contactable The person will most likely be away on a holiday/not working He’s not travelling alone They have not left *yet*, safe bet, 1 day top Most likely Fluff is dog/cat/fish, and his house will be empty!!!!! His pet’s name is Googles His friend (probably a neighbor) will either frequent the house to feed the animal..
Notas del editor
Its hard to find professional jobs that do not use themWhat you don’t share is probably private, lets keep it that wayTakes just about 20 minutes for a computer to get infected or compromised onlineSimple examples – Bank scenario …e.g. helpdesk asking for passwordPeople will do just about anything to pin you down, why make it easy for them?It’s knowledge that you can benefit from, just like driving a car, for a lifetime
You ..begins with someoneYour data - When you start having data, over the internet, email, phones, PDA, laptops, thumbdrives, shared drives etcYour network – Both physically, metaphysical, virtual and human interactions transformed into digital dataExposures – Information gets leakedExploit – Malicious intent with your data and information
Show you how Windows 7 helpsYou – empower you with knowledgeAzra will show you how you can secure your dataHelp you make intelligent decisions on what to share and what not to shareShrink unwanted exposure to virtually zeroDestroy possibilities of data exploits
- Antivirus -
Patterns - until you don’t have the newest pattern, you won’t know you are infected or vulnerable
Wifi doAlways ask if that is the SSID (the broadcast) name actually belong to that providerRequest if you can use itWifi don’tIf it’s public, avoid private sites, banking sites if possibleWhen accessing anything that require passwords, make sure its HTTPS/FTP etc, otherwise, do it later
- Information disclose
Not much security emphasis is given on these devicesWhile “browsing in starbucks over a unauthenticated bluetooth connection”