1

POST NO

BILLS

RIT Information SecurityRIT Information Security

RIT Information Security Office

2

Copyright and Reuse

• The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact infosec@rit.edu.

• The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact infosec@rit.edu.

3

Welcome to RITWelcome to RIT

You’re not at home anymore. With freedom comes responsibility. RIT has requirements:

– Code of Conduct for Computer and Network Use (C8.2)

– Desktop & Portable Computer Standard– Password Standard

4

RIT Information SecurityRIT Information Security

• We’re here to protect you and RIT

• We can’t do it alone; We need your help:– Practice ethical computing– Watch out for each other– Keep your computer protected

5

Computer SupportComputer Support

Computer Support– All RIT users must comply with the RIT Code

of Conduct for Computer and Network Use. – Resnet provides computer support for

students residing at RIT. (http://resnet.rit.edu/)• Resnet users must also comply with the

Residential Network Appropriate Use Policy.

– The ITS HelpDesk provides support for YOU.

6

Not your Father’s NetworkNot your Father’s Network

Life on a university network– The Good, the Bad, and the Ugly

• The Good– Power you’ll find nowhere else

• Internet2• Very High Speed Internet Connection• Wireless access• One of the most wired universities

7

Threats on the NetworkThreats on the Network

The Bad– College campuses make big targets– RIT faces the same challenges as

other large technology universities.– Threats on our campus:

• Password Crackers• Key Loggers• Harassment• Sniffing/Network Monitoring• Network Worms• Hacking Attempts & Rootkits• Physical Theft

8

Threats Beyond the NetworkThreats Beyond the Network

The UglyExternal threats

• Phishing & Identity Theft• Spyware & Adware• External Hacking Attempts• Botnets/Zombie PCs

2004 was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs…over $105 billion.

-Valerie McNiven, US Treasury - Cybercrime Advisor

9

PhishingPhishing

• Common Phishing Methods– E-mails that look like they come from

banks, PayPal, or other official sources appealing to greed, fear, etc.

• RIT’s Brightmail anti-spam filters out more than 90% of the email received at RIT.

– Spoofed sites that look real– Even inside RIT

• E-mail isn’t the only technique!– Phones, IM, in person…

10

What if it happens to me?What if it happens to me?

• If you believe you’ve been the victim of some form of computer security incident…– Call the ITS HelpDesk at 475-HELP– Call Resnet at 475-2600– Contact abuse@rit.edu before

you delete anything

• If you believe you’ve been the victim of identity theft…– Call Campus Safety at 475-2853

11

Your RoleYour Role

Digital Self Defense is all about protecting yourself and others.– RIT Desktop & Portable Computer Security

Standard– RIT Password Standard– Paranoia & Common Sense– Ethical Computing

12

Protect Your ComputerProtect Your Computer

There are many types of malware circulating on the Internet. The Desktop Standard requires you to protect your computer:– Patching– Firewalls– Anti-Virus– Anti-Spyware

13

Patching

• Patching– Fixes “holes” in existing software– Provides a temporary fix until next

major release– May add features– Protects you against security

vulnerabilities– Prevents you from infecting others

• You need to – Turn on auto-updating

14

Firewalls

• Firewalls– Monitor and protect your network

connections to prevent unauthorized connections from being made.

• You must– Enable the Windows XP Firewall for

minimum protection; for better protection download and install Zone Alarm (www.zonelabs.com)

15

Antivirus

• Antivirus programs– Are an absolute “must have” before going

on the Internet• One in 10 e-mails may contain viruses (as high

as 7 in 10 last year)

– RIT provides free McAfee AntiVirus for Windows and Virex for Macs (start.rit.edu)

• You must– Install an antivirus product– Update daily, scan weekly!

16

Spyware and Adware

• Spyware is a huge problem. – Spyware is “tracking software deployed without

adequate notice, consent or control for the user.”

– Adware is “software that delivers advertising content in a manner… unexpected and unwanted by users.”

• You must– Install anti-spyware

• Spybot Search & Destroy (www.safer-networking.org) and Lavasoft Ad-Aware (www.lavasoftusa.com)

• You should – Use more than one program

17

How do you get Spyware?

You can get spyware from• Browser Vulnerabilities

– Instant messenger links to exploit sites– Enticing web pages/common terms– Links in spam mail

• File Sharing Networks– Bundled with client software

• Trojans– Disguised as anti-spyware programs or other

popular software

18

PasswordsPasswords

The RIT Password Standard requires you use a complex password and change it often.

MINIMUM of 8 characters

UPPER and lower case

Anatomy of a Secure PasswordMixed numbers and letters…*

*or other characters allowed by your systems administrator

19

Paranoia or Common Sense?Paranoia or Common Sense?

• Guard your personal information!– Even less sensitive information can

be used by an attacker! – Don’t post it in public places.– Make sure you know who you’re

giving it to.• Be suspicious of e-mail

– Never click on a link in an e-mail.– Instead, open your web browser and navigate

manually.– Contact the senders and make sure they sent

the e-mail.

20

Paranoia or Common Sense? Paranoia or Common Sense?

• Physically protect your computer– Keep your computer and mobile devices

secure at all times– Lock or log out of your computers

when you leave the room– Don’t allow other people to use your

computer unattended

• Know your computer!– YOU are the first line of defense—if something

goes wrong, you’ll probably be the first to know

– Know what devices are registered to you—YOU are held responsible

21

Ethical ComputingEthical Computing

According to a recent study on computer use & ethics at RIT:– 32% of computer crime victims on

campus knew their attackers– Of that 32%, over half said their attacker

was either a friend or acquaintance.

RIT Computer Use and Ethics Survey, 2003

22

But everyone does it!But everyone does it!

Unauthorized File Sharing– “More RIT students face piracy lawsuits…”

- Rochester Democrat & Chronicle

May 28, 2005• RIT is a high profile target. • 35 RIT students were subpoenaed in a six-month

period last year. Hundreds received “take-down” notices.

• Students have gone to jail for illegal downloading of music, movies, images, etc.

• The MPAA will sue you for hundreds of thousands of dollars. – The average out-of-court settlement is $4000.

• Check out the free RIT Ctrax music download service instead.

23

CyberbullyingCyberbullying

• Harassment– 13-15% of RIT students report being harassed online

from within and outside of RIT.– RIT prohibits online harassment. – YOU are LEGAL ADULTS. This isn’t high school.

Consequences are severe. They include fines and jail time. Law enforcement will get involved when needed.

– You don’t have to take it. Report it to Campus Safety and abuse@rit.edu

24

Online Blogs

Use them carefully– Guard your private information– Carelessness can lead to cyberstalking – Student Judicial and Campus Safety monitor

blogs– Potential employers will check you out– The information NEVER goes away

• Even when you delete the blog, it is cached elsewhere on the Internet.

"The biggest concern I have is that students are naive about ways in which that data can be harvested and used against them in the short, medium and long term, for a variety of malicious ways.“

- Sam McQuade, RIT Professor MSNBC, June 25, 2006

25

Will I be a Victim?Will I be a Victim?

• 2 out of 3 students at RIT will be a victim of at least one form of computer abuse or crime.

• 1 out of 3 students at RIT will be a victim of multiple forms of computer abuse or crime.

RIT Computer Use and Ethics Survey, 2003

26

ConsequencesConsequences

• Network Quarantine– You will be denied access to

the network and may not be able to complete your assignments.

• Student Judicial• Federal, State and Local law

enforcement• Yes, we ARE trying to scare you.

27

Questions & CommentsQuestions & Comments

Send questions to infosec@rit.edu View this presentation at

security.rit.edu