 -
Protect Your PC
PowerPoint
Security Awareness ~ Protect Your PC
PC Updates
Update your OS
- Operating Systems are not perfect. As they get older,
vulnerabilities and errors are found and exploited.
Updates are intended to fix these.
- Windows has a built in feature called Automatic Updates.
Enabling it will ensure your system stays up to date.
http://windowsupdate.microsoft.com
Update all other Software
- Microsoft Office can be updated online.
- Most other third party applications contain a way to
update them. Many are automated.
- System Properties Screen:
Passwords
-
Passwords are a primary way of accessing your or your
institutions data. They need to be strong. Make sure all accounts have
one.
-
Do not use personal information. Names, addresses,
nicknames, hobbies, etc are easy to guess.
-
Do not use the same password for everything
-
When asked to change, do not use the same password with
a minor change.
Strong passwords are comprised of:
- Minimum of 8 characters
- Combination of at least three of the following
- Lower case letters: a b c
- Upper case letters: A B C
- Numbers: 1 2 3
- Symbols: ! @ #
Passphrases can used
- Take a phrase and use the first letter of each word.
- Punctuation marks can be used
- Capitalize some of the letters
- Switch symbols for letters
- Passphrase example:
- Mary had a little lamb, its fleece was white as snow.
- M h
a l l , i
f w
w a s
.
- Mhall,ifwwas.
- Mh411,!fWW45>
Login
Disable Automatic Login
- For newer versions of Windows, setting a password will
prevent the system from booting into an account
Disable the Welcome Screen
- This is will cause Windows to use the classic login screen
instead of advertising accounts that are available.
Accounts
Windows has two administrator accounts for users when installed.
- Set strong passwords for both
- Only use admin accounts for admin tasks like installing
software or making operating system changes
Create user accounts for all users
- This adds privacy and security to individual’s data
- Prevents unauthorized users from installing software or
changing the operating system
- When online, some sites will attempt to install software,
some of it is malicious in nature
Disable the Guest account
- This is the default state for newer operating system, so
verify
Firewall
Windows has a built in Firewall.
- Firewalls prevent unauthorized traffic from entering the
computer
- Example: PCs can be remotely controlled. A firewall can
prevent remote users from doing this
- Verify the Windows Firewall is enabled
- Enabled by default in service pack 2 and above
There are third party firewalls available
- ZoneAlarm
- Hardware based firewalls can be incorporated into routers
- Used predominantly with home networks
Only use one at a time
Anti-Virus
Virus is a term that is used to refer to malicious software. In reality,
it is one of many types of software that has malicious intent (malware).
- Viruses
- Worms
- Trojan Horses
- Key-loggers
- etc...
|
Can
- Destroy data
- Cause hardware failure
- send sensitive information to others
- etc…
|
Malware is spread through
- Email
- Web Browsing
- Intentionally included in what looks like legitimate
software. The user is usually prompted for installation.
Example: Gator is part of some screensaver installs
- Intentionally included in web site
- Web site is hacked and when visited, malware is
downloaded
- External data devices
- CDs
- External Hard Drives
- Floppy
- Flash (USB) drives
- Remote attacks
Protect Your PC: Anti-Virus
- Protect your PC by installing an Anti-Virus program
- Update it daily, automatically if possible.
- Scan your PC on a regular basis. If possible, setup
automatic scanning.
- Although it is possible, it is not recommended to use
multiple AV programs on the same PC at the same time.
- Some Manufacturers will include AV software in a suite
that provides other protection
- Example: Norton’s Internet Security includes:
- Firewall
- Spam filter
- Parental Controls
Available Anti-Virus
Anti-Spyware
- Spyware is another type of Malware. The main purpose behind Spyware is to monitor your activities and transmit them to a third party,
usually, without your consent.
- Spyware is generally installed via malicious or hacked web sites, but, it is possible to get spyware the same way as a virus.
- Example: Cool Web Search Toolbar
- Install an Anti-Spyware Program.
- In most cases, more than one can be used.
Keep it up to date. Automatic updating is available in some.
Scan your PC on a regular basis. If possible, setup automatic scanning.
Micorsoft provides an Anti-Spyware program called Windows Defender. It is currently in Beta, which means it is still being tested, but available to
general public without warranty.
Lock-it or Logout
Lock your PC when you leave it unattended.
Many times, users will be working on sensitive information and leave for a
break, meeting or other need, leaving this and other potentially sensitive data
accessible from their desk.
Lock the screen by:
-
Press and release, at the same time, the CTRL+ALT+DEL
keys (not the “+” key) to bring up the Window Security window and
click “Lock Computer"
-
Set up a screensaver, set it for a short period of time (5 minutes) and set it
to prompt for a password on resume.
-
Press and release, at the same time, the Windows+L keys.
If you don’t want to lock-it, then logout or shutdown.
If the PC is off, people can’t attack it or access its data.
Wireless home
Wireless:
- Use encryption:
- Changes the format of the data between the access point and your PC
- WEP: Wired Equivalent Privacy (insecure)
- WPA: Wi-Fi Protected Access
- Uses a passphrase/pre-shared key
- WPA2
- Use preferred networks
- Those that you setup or know who owns them (NSUWIFI)
- Use access points, not PC to PC communication (ad hoc)
- Public access points allow anyone to connect, which means anyone can see
what you are sending
- Disable your wireless network adapter when not in use
- Using another persons access point without their consent is illegal
NSUWIFI provides wireless access for faculty, staff and
students
-
Information available at
http://www.nsu.edu/wifi/
- WPA2 is used for encryption
-
TKIP (Temporal Key Integrity Protocol)
-
NSU userid and password required to gain access to the
wireless network
-
NSU monitors for unauthorized access points
-
Future plans for guest access
Bluetooth
- Designed for short wireless communications over short distances
Bluesnarfing:
- Acquiring phonebooks, pictures, calendar
- Paris Hilton’s phone was cracked
Bluetracking:
- Tracking your movement based on the unique address of the device
- Bluebugging:
- Send commands to a bluetooth device
- Make it call you which means an attacker could be listening
Bluetooth sniper rifle
Parental Controls
Parental Controls allow parents to control what their children do online.
- Block web sites, chat, pop-ups
- Allows you to monitor activity
- Web sites visited
- Keyloggers
- A few that get decent ratings and are a nominal fee:
Add-Ons
Many Web sites or files require additional software to be installed in order
to view.
- These viewers are usually free and easily accessible.
- Adobe Acrobat Reader is needed to view PDF documents.
- Windows Media Player or QuickTime may be required to watch certain videos or
listen to music
Other sites may have programs that will improve your computing experience
- Firefox is another popular web browser
- Google Toolbar will prevent pop-ups in Internet Explorer while providing a quick
way to search the internet.
To get these, go directly to the manufacturer’s site.
- Acrobat Reader is available from Adobe
- The latest version of Windows Media Player is available through Microsoft
- QuickTime is available through Apple
If not sure, research the program. If still not sure, don’t install.
Browsing
- Be careful when browsing
- Misspelling or mistyping a word, even one character off, can
take you to a web site that may be objectionable or malicious in nature.
- Use an alternate browser.
- Helps avoid site redirects or phishing.
- Prevents certain sites from taking advantage of flaws in
Internet Explorer
- Firefox has additional add-ons that can be used for
additional security
- Watch for redirection. Redirection is when you click a link on
a site and end up at another web site. Phishing scams can take advantage of
this.
- Watch the contents of the location or address bar. This is
where you will detect the redirection.
- When going to a site that may need personal information,
go directly to the web site.
- Disable pop-ups.
Email
- Be wary of email from addresses you do not know.
- Typically SPAM or phishing attempts
- Use caution with attachments.
- Programs should not be sent through email.
- Avoid sending personal information through email.
- Email is in clear text.
- Do not send social security numbers or credit card info.
- Do not send usernames or passwords.
- Do not click links for banking institutions.
- Financial Institutions do not ask for personal information through email. It
is only used to distribute information.
- Contact your financial institution in person or telephone.
- There are alternative email clients available, but they may require
additional computing skills.
Backup
- Backup your data regularly
- Windows has a built in backup utility.
- Backup programs with automation are available.
- Simple methods include:
- Burning specific files to CD.
- Copying them to flash (USB) drives or memory cards.
- Copy the data to another computer
- Fee based subscriptions are available online.
- Floppy Disks are too small for most data.
NSU Policies
NSU policies -- :
http://www.nsu.edu/policies
- Policy 60.201: Acceptable Use of Technology Resources
- Policy 62.002: Computer Systems Passwords
NSU Forms --
http://www.nsu.edu/forms
- Resource Authorization Request / OIT Request Form & Information
Security Access Agreement
OIT Policies --
http://www.nsu.edu/oit/policies
- Policy 61.002: Electronic Data Privacy and Ownership
Further Information
Advanced
These options are available, but, generally recommended for advanced users:
- Disable/Remove Windows Components
- Disable unnecessary Windows services
- Use alternate email client
- Enable Auditing
- Microsoft Baseline Analyzer
- Port Reporter and Parser
- Root Kit Detection tools
- HiJackThis.exe
- Use encryption for files and email
- Use GeSWall
- Use LINUX
|
