1 post no bills rit information security rit information security office
TRANSCRIPT
1
POST NO
BILLS
RIT Information SecurityRIT Information Security
RIT Information Security Office
2
Copyright and Reuse
• The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact [email protected].
• The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact [email protected].
3
Welcome to RITWelcome to RIT
You’re not at home anymore. With freedom comes responsibility. RIT has requirements:
– Code of Conduct for Computer and Network Use (C8.2)
– Desktop & Portable Computer Standard– Password Standard
4
RIT Information SecurityRIT Information Security
• We’re here to protect you and RIT
• We can’t do it alone; We need your help:– Practice ethical computing– Watch out for each other– Keep your computer protected
5
Computer SupportComputer Support
Computer Support– All RIT users must comply with the RIT Code
of Conduct for Computer and Network Use. – Resnet provides computer support for
students residing at RIT. (http://resnet.rit.edu/)• Resnet users must also comply with the
Residential Network Appropriate Use Policy.
– The ITS HelpDesk provides support for YOU.
6
Not your Father’s NetworkNot your Father’s Network
Life on a university network– The Good, the Bad, and the Ugly
• The Good– Power you’ll find nowhere else
• Internet2• Very High Speed Internet Connection• Wireless access• One of the most wired universities
7
Threats on the NetworkThreats on the Network
The Bad– College campuses make big targets– RIT faces the same challenges as
other large technology universities.– Threats on our campus:
• Password Crackers• Key Loggers• Harassment• Sniffing/Network Monitoring• Network Worms• Hacking Attempts & Rootkits• Physical Theft
8
Threats Beyond the NetworkThreats Beyond the Network
The UglyExternal threats
• Phishing & Identity Theft• Spyware & Adware• External Hacking Attempts• Botnets/Zombie PCs
2004 was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs…over $105 billion.
-Valerie McNiven, US Treasury - Cybercrime Advisor
9
PhishingPhishing
• Common Phishing Methods– E-mails that look like they come from
banks, PayPal, or other official sources appealing to greed, fear, etc.
• RIT’s Brightmail anti-spam filters out more than 90% of the email received at RIT.
– Spoofed sites that look real– Even inside RIT
• E-mail isn’t the only technique!– Phones, IM, in person…
10
What if it happens to me?What if it happens to me?
• If you believe you’ve been the victim of some form of computer security incident…– Call the ITS HelpDesk at 475-HELP– Call Resnet at 475-2600– Contact [email protected] before
you delete anything
• If you believe you’ve been the victim of identity theft…– Call Campus Safety at 475-2853
11
Your RoleYour Role
Digital Self Defense is all about protecting yourself and others.– RIT Desktop & Portable Computer Security
Standard– RIT Password Standard– Paranoia & Common Sense– Ethical Computing
12
Protect Your ComputerProtect Your Computer
There are many types of malware circulating on the Internet. The Desktop Standard requires you to protect your computer:– Patching– Firewalls– Anti-Virus– Anti-Spyware
13
Patching
• Patching– Fixes “holes” in existing software– Provides a temporary fix until next
major release– May add features– Protects you against security
vulnerabilities– Prevents you from infecting others
• You need to – Turn on auto-updating
14
Firewalls
• Firewalls– Monitor and protect your network
connections to prevent unauthorized connections from being made.
• You must– Enable the Windows XP Firewall for
minimum protection; for better protection download and install Zone Alarm (www.zonelabs.com)
15
Antivirus
• Antivirus programs– Are an absolute “must have” before going
on the Internet• One in 10 e-mails may contain viruses (as high
as 7 in 10 last year)
– RIT provides free McAfee AntiVirus for Windows and Virex for Macs (start.rit.edu)
• You must– Install an antivirus product– Update daily, scan weekly!
16
Spyware and Adware
• Spyware is a huge problem. – Spyware is “tracking software deployed without
adequate notice, consent or control for the user.”
– Adware is “software that delivers advertising content in a manner… unexpected and unwanted by users.”
• You must– Install anti-spyware
• Spybot Search & Destroy (www.safer-networking.org) and Lavasoft Ad-Aware (www.lavasoftusa.com)
• You should – Use more than one program
17
How do you get Spyware?
You can get spyware from• Browser Vulnerabilities
– Instant messenger links to exploit sites– Enticing web pages/common terms– Links in spam mail
• File Sharing Networks– Bundled with client software
• Trojans– Disguised as anti-spyware programs or other
popular software
18
PasswordsPasswords
The RIT Password Standard requires you use a complex password and change it often.
MINIMUM of 8 characters
UPPER and lower case
Anatomy of a Secure PasswordMixed numbers and letters…*
*or other characters allowed by your systems administrator
19
Paranoia or Common Sense?Paranoia or Common Sense?
• Guard your personal information!– Even less sensitive information can
be used by an attacker! – Don’t post it in public places.– Make sure you know who you’re
giving it to.• Be suspicious of e-mail
– Never click on a link in an e-mail.– Instead, open your web browser and navigate
manually.– Contact the senders and make sure they sent
the e-mail.
20
Paranoia or Common Sense? Paranoia or Common Sense?
• Physically protect your computer– Keep your computer and mobile devices
secure at all times– Lock or log out of your computers
when you leave the room– Don’t allow other people to use your
computer unattended
• Know your computer!– YOU are the first line of defense—if something
goes wrong, you’ll probably be the first to know
– Know what devices are registered to you—YOU are held responsible
21
Ethical ComputingEthical Computing
According to a recent study on computer use & ethics at RIT:– 32% of computer crime victims on
campus knew their attackers– Of that 32%, over half said their attacker
was either a friend or acquaintance.
RIT Computer Use and Ethics Survey, 2003
22
But everyone does it!But everyone does it!
Unauthorized File Sharing– “More RIT students face piracy lawsuits…”
- Rochester Democrat & Chronicle
May 28, 2005• RIT is a high profile target. • 35 RIT students were subpoenaed in a six-month
period last year. Hundreds received “take-down” notices.
• Students have gone to jail for illegal downloading of music, movies, images, etc.
• The MPAA will sue you for hundreds of thousands of dollars. – The average out-of-court settlement is $4000.
• Check out the free RIT Ctrax music download service instead.
23
CyberbullyingCyberbullying
• Harassment– 13-15% of RIT students report being harassed online
from within and outside of RIT.– RIT prohibits online harassment. – YOU are LEGAL ADULTS. This isn’t high school.
Consequences are severe. They include fines and jail time. Law enforcement will get involved when needed.
– You don’t have to take it. Report it to Campus Safety and [email protected]
24
Online Blogs
Use them carefully– Guard your private information– Carelessness can lead to cyberstalking – Student Judicial and Campus Safety monitor
blogs– Potential employers will check you out– The information NEVER goes away
• Even when you delete the blog, it is cached elsewhere on the Internet.
"The biggest concern I have is that students are naive about ways in which that data can be harvested and used against them in the short, medium and long term, for a variety of malicious ways.“
- Sam McQuade, RIT Professor MSNBC, June 25, 2006
25
Will I be a Victim?Will I be a Victim?
• 2 out of 3 students at RIT will be a victim of at least one form of computer abuse or crime.
• 1 out of 3 students at RIT will be a victim of multiple forms of computer abuse or crime.
RIT Computer Use and Ethics Survey, 2003
26
ConsequencesConsequences
• Network Quarantine– You will be denied access to
the network and may not be able to complete your assignments.
• Student Judicial• Federal, State and Local law
enforcement• Yes, we ARE trying to scare you.
27
Questions & CommentsQuestions & Comments
Send questions to [email protected] View this presentation at
security.rit.edu