protecting yourself in our digital world jodi ito information security officer information...

Protecting Yourself in Our

Digital World

Jodi Ito • Information Security Officer

Information Technology Services

jodi@hawaii.edu • (808) 956-2400

From Our President

QuickTime™ and a decompressor

are needed to see this picture.

2

Today’s Thoughts

Our Digital World TodayThreats and VulnerabilitiesMitigation StrategiesSecurity Awareness

3

Today’s Environment

4

has become a verb!

Technologies and Trends

INFORMATION AGE!NOW GenerationPDAs, laptops, netbooks + (wireless networks/cellular broadband) = Mobile Computing

Cellphones --> Smartphones“Texting”, “Tweeting”, “Friending” --> Social Networking

WHOLE NEW WORLD!6

Sign of Things to Come…

http://www.informationweek.com/news/showArticle.jhtml?articleID=219100621

7

Fun, Convenience, OR….?

Toy car lets kids spy on othershttp://www.networkworld.com/video/?bcpid=60965047001&bclid=1363192037&bctid=68172212001

Using mobile devices to open hotel doorshttp://www.tnooz.com/2010/03/01/mobile/hotel-door-opening-technology-moving-to-mobile-devices/

8

QuickTime™ and aH.264 decompressor

are needed to see this picture.

9

FTC P2P data leak alarm…

The Federal Trade Commission this week sent letters to almost 100 organizations that personal information, including sensitive data about customers and employees, has been shared from their computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud.

Search for “FTC P2P data leak” using your favorite search engine

10

More P2P Filesharing Risks…

“P2P Snoopers Know What's In Your Wallet”

http://www.networkworld.com/news/2010/020710-shmoocon-p2p-snoopers-know-whats.html

“File Sharers, Beware!” http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml

11

Digital Threats

Viruses, Spyware, Trojans & Other Malicious Software

BotnetsPhishing & SpamIdentity TheftCyber Stalking, Cyber Bullying, Online Predators

Etc., etc., etc….

12

Form Phishing

North Carolina State University Phishing Attack

“Security” email directed recipients to web site to “protect” their accounts

Phishers used NCSU graphics to replicate phishing web page

http://www.ncsu.edu/it/security/webmail-phishing.html

13

Anti-Phishing Phil

http://wombatsecurity.com/antiphishingphil

14

Useful Information

Federal Trade Commission

http://www.onguardonline.gov/Department of Homeland Security

www.staysafeonline.org

15

Tapping Your Cell Phone

http://www.wthr.com/Global/story.asp?s=9346833

QuickTime™ and a decompressor

are needed to see this picture.

16

Booming Cyber Crime Industry!Botnets: Rent-a-botnet SPAM generators (steal email accounts and passwords)

$$$ - Stolen sensitive informationTop 3 categories:

Bank account - £5 ($8)Credit cards - 50 credit cards for £20 ($35)

Personal identities - EU identities are worth more

17

Underground Economy

Multi-Billion $$$ industryTJX Data Breach:

Estimated 94 million victimsEstimated losses: $65M - $83M

August 2008: Hacker ring charged with conspiracy, computer intrusion, fraud, & identity theft: http://www.consumeraffairs.com/news04/2008/08/hacker_ring.html 18

Background Resources

“Botnet probe turns up 70G bytes of personal, financial data” estimated worth $8.3Mhttp://www.networkworld.com/news/2009/050409-botnet-probe-turns-up-70g.html

UCSB Computer Science Study:http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html

19

Data Breaches

Privacy Rights Clearinghousehttp://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

Over 260 millions records containing sensitive information are involved in security breaches

Educational Security Incidents: http://www.adamdodge.com/esi/ 20

Example

21

This Cyber “stuff”…

Affects us all!Each unprotected/unpatched computer is a threat: Infected worm/virus/bot Could be used in a concerted attack against a critical infrastructure

Computers, servers, mobile storage devices with any sensitive information represent a vulnerability

22

What Do We Do?

Practice safe computing!

23

Keep Your Computers Safe

Update the software on your computer weekly (or more frequently)

Install anti-virus and anti-spyware software and keep it up-to-date

Use accounts and strong passwords Encrypt sensitive information

http://www.hawaii.edu/askus/729

Don’t install unknown software from unknown sites

Don’t share your accounts/passwords Use password protected screen savers 24

Use STRONG Passwords

Not easily guessableDo not use dictionary wordsUse a combination of upper and lowercase letters, numbers, and special characters

No less than 8 characters Check your password strength:

https://www.microsoft.com/protect/fraud/passwords/checker.aspx

25

Password Strategies

Replace letters with numbers or characters

Incorporate something memorable to youExample:

need password for CitiBank online account got your mortgage in April 2005: 04C7t7B@nk05

Use a phrase and turn it into a password

Example: My Favorite Food is Chocolate Ice Cream MfFiCiC2010m@r

26

More on Passwords

Don’t use the same password for all accounts

Change passwords frequentlyUse more difficult passwords on more sensitive accounts

Use a password safe (but don’t lose the master password!)

http://passwordsafe.sourceforge.net/http://www.hawaii.edu/askus/705

27

Protect Yourself and Information Don’t open unknown emails & attachments Visit only reputable web sites http://safeweb.norton.com/

Do not reply to SPAM or Phishing emails Only login to servers for the duration needed - disconnect when done

Don’t let others use your computer irresponsibly

Use a credit card for online shopping http://www.hawaii.edu/askus/729

28

DO NOT EVER…

…Give out your personal information in response to an UNSOLICTED email, phone call, voice mail

If in doubt, CHECK IT OUT! Call the company using another legitimate phone number (not the one provided in the email or phone call)

New scams use social networking sites to get background personal information

29

Protect Your Sensitive InformationBE SUSPICIOUS!You can’t take back information you’ve already given out

Ask “Why?” when someone asks for your SSN

Check your credit report:www.annualcreditreport.com

30

Social Networking

Do not post TOO MUCH INFORMATION!Internet is FOREVER!

Whatever you post may circulate even AFTER you delete it

New scams use social networking sites to get background personal information

Watch what your children do on the computer

31

TTMI…

Tweeting Too Much Information:

http://pleaserobme.com/

32

Laptops and Mobile DevicesImplement passwords on the deviceBackup your data frequently & test backupsStore backups away from the laptopEncrypt sensitive informationWatch your laptop at all times

Keep your laptop in your possession at all times Don’t leave it out in your hotel room Consider using a laptop lock Consider laptop recovery services Don’t leave your laptop in a car

33

Wireless & Public ComputersBe cautious when using open wireless networks Others using the network maybe be “sniffing” the network

If you must use a public computer, change the password on the account accessed using a secure computer ASAP

34

Wi-Fi Dangers…

Security Expert Claims Thieves Can Detect Wi-Fi In Sleeping Computers

http://www.wired.com/gadgetlab/2010/03/security-expert-claims-thieves-can-detect-wi-fi-in-sleeping-computers/#ixzz0hKGscGjt

Hidden dangers of free public WiFi

http://news.zdnet.com/2100-1035_22-149778.html

35

BE AWARE!

Know what’s out there

(Google yourself)

Questions?

Jodi Ito

jodi@hawaii.edu

(808) 956-2400