LimKokWing University

Security and Windows 7

SanjayW – MVP (Security)Azra Rizal – MVP (Security)

TopicsWhy anyone should care about information security?Introduction & GoalsThe 10 security misconceptionsNew and emerging threatsProtecting privacy and information with Windows 7 and other Microsoft solutions

Demos

Certifications – Your competitive advantage

Why anyone should care about information security?

Just about every professional discipline uses computersKeeping your data, yoursThe InternetSocial engineering

Knowledge is power

Threat of espionage If you don’t then who will?It is your responsibility, legally speaking!It’s a lifelong benefit

Introduction

You

Your data

YourNetworkExposures

Exploit

You

Your data

YourNetworkExposures

Exploit

Our Goal

Top ten security myths1. I’ve got antivirus, I’m good to go2. I have a strong password on my

laptop, no one can access my data

3. I don’t use Windows, I’m already secure

4. No one can see what I do in a public/private WiFi/network

5. The campus IT guys got me covered

Top ten security myths –Cont’d

6. I never visit “bad” internet sites, I will be safe7. I hide all my stuff in

hidden folders and such, my data is safe

8. I never add anyone Idon’t know on socialnetworking sites, blogs, etc..

9. I install lots of security software, I think I am fine

10. I store all my data externally and I carry that everywhere safely

Why Antivirus alone isn’t enough?

Antivirus rely on patterns, i.e. it’s as good as the pattern you useWorms can potentially disarm protection and access to security websitesThus, most exploits become successful because of one primary thing:

Lack of patching, both application and OS

P@sswords?What constitute a good password?Definitely not a passWORD, should a passPHRASE insteadFACT! - Longer passwords are better than short complex ones

5 characters (all lowercase) takes about a minute to crack @ 500,000 passwords/sec10 characters (all lowercase) would take approximately 10 years @ 500,000 passwords/secOf course, don’t use known (dictionary) words la..

Security problems are everywhere, anywhere..

Which is more secure? Unix/Linux or Windows? Or Mac?Security is as strong as it’s weakest linkSometimes (actually most of the time) it’s the human factor

E.g. lack of patchingE.g. lack of security updates in applicationsE.g. use of weak passwords

Wired/Wireless Network

Which is “better”?Use of public networks (e.g. hotspots)

Do’s Don’ts

Organizational security

Protects a lot but not enoughThe perimeter should be your own machine

Moving out of the orgUsing 3G modems, wireless peer, 3rd party connectivity

Threats come uninvited (too)

Almost 50% of threats finds its own way to youThe rest are probably invited ones Plug an unpatched, unprotected computer out on an unprotected internet connection

Takes approximately 20 minutes to get it ridiculed with worms and viruses

Obscurity

Security through obscurity is not securityIt’s merely hidingE.g. hiding a folder in your computerUsing “hide tools”

Hiding is fine, just as long you know, it’s not securing

Online Friends

The issue is not whether who you add or allow to see your private data

Social networking, blogs, picture sites etc..

It’s human to trust friends, disallowing people you don’t knowThin line between friends and foes

Beefing up security

The fact is, the more you have isn’t always the best when the sum of it mattersThat doesn’t also mean, the less is betterThe important thing to remember, the easier the better

That you understand, you best useThat you don’t you may misuse

Mobile storage

Easiest way to access your dataDoes not carry any security by defaultPassword protection on those drives can be easily defeated

New and emerging threats

Social networkingMobile devicesWeb 2.0

Social NetworkingFacebook/Tweeter – The open book of one’s life

Be careful what you post and update in thereThere’s always search engines to profile you

Read the prints

Always check what an application, website etc is asking you for..

Read the prints

Google’s ad sensing technology

Google scans the text of Gmail messages in order to filter spam and detect viruses, just as all major webmail services do. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans.

Mobile devices

PDA/SmartphonesiPods etc…Any device that has data, and its mobile and it can connect to the internet

Web 2.0

Blogs, youtube, photos, online spaces, virtual worlds

Try searching yourself from here

www.123people.com

Other stuff that make it to the headlines

How much information you can deduce from this..?

A facebook status message I saw 2 days ago..“We are packed and ready for Singapore. Peace and quiet!Then, some friends replied, including this..

“Don’t worry bro, Goggles is in good hands..”

How much information you can deduce from this..?1) The person is not contactable2) The person will most likely be away on a holiday/not

working3) He’s not travelling alone4) They have not left *yet*, safe bet, 1 day top5) Most likely Fluff is dog/cat/fish, and his house will be

empty!!!!! 6) His pet’s name is Googles 7) His friend (probably a neighbor) will either frequent the

house to feed the animal..