Computer Security Beyond the Serpentine Walls - PowerPoint PPT Presentation

Computer security beyond the serpentine walls l.jpg
Download
1 / 20

Computer Security Beyond the Serpentine Walls . New Horizons Conference May 23 rd , 2007 Shirley Payne & Marty Peterman UVa IT Security and Policy Office. Agenda. Vulnerabilities and Risks Tips and tools before you go Device Requirements on the road Checklist Q&A throughout.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Computer Security Beyond the Serpentine Walls

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Computer security beyond the serpentine walls l.jpg

Computer Security Beyond the Serpentine Walls

New Horizons Conference

May 23rd, 2007

Shirley Payne & Marty Peterman

UVa IT Security and Policy Office


Agenda l.jpg

Agenda

  • Vulnerabilities and Risks

  • Tips and tools before you go

  • Device Requirements on the road

  • Checklist

  • Q&A throughout


Serious security vulnerabilities l.jpg

Serious Security Vulnerabilities

  • Out of date software

  • Lack of effective anti-virus and anti-spyware software

  • Weak security settings on browsers

  • Weak passwords

  • Software firewalls not activated


Serious security vulnerabilities continued l.jpg

Serious Security Vulnerabilities - continued

  • Unencrypted sensitive data

  • Use of unsecured wireless

  • Use of improperly maintained public computers

  • Unattended mobile devices and electronic media


Risk of exploited vulnerabilities can vary with location l.jpg

Risk of Exploited Vulnerabilities Can Vary With Location

  • University provides:

    • “More Secure Network” that prevents certain attacks

    • Automatically updated software

    • Encrypted wireless network (“cavalier” & “jefferson”)

    • Encrypted wired connection to email, home directory, and other services


Contrast to l.jpg

Contrast to….


Slide7 l.jpg

Or...


Vulnerabilities increase the risk of l.jpg

Vulnerabilities Increase the Risk of:

  • Mobile devices being stolen

  • Computer being rendered unusable by virus or worm

  • Private data being captured by stealth, keylogging software

  • Sensitive data being copied, modified or deleted by or exposed to unauthorized individual


Risk to sensitive data is huge l.jpg

Risk To Sensitive Data Is Huge!

  • A total of 1.9 billion reported compromised records from 1980-2006¹

  • Trend is toward:

    • More sophisticated criminal attacks

    • Increasing # of incidents where motive is exploit of personal data for profit

  • However, there are many steps individuals can take to prevent such attacks

¹Source: Phil Howard & Kris Erickson, University of Washington study, March 12, 2007


Before you go secure your system l.jpg

Before You Go, Secure Your System

  • Configure operating system, browser, word processing and other software to automatically update.

  • Obtain free anti-virus and anti-spyware software for office and home computers. Configure for automatic update and regular device scans.

  • Set security settings in browser to “medium-high” or “high”


Before you go secure your system continued l.jpg

Before You Go, Secure Your System - continued

  • Properly configure the firewall

  • Use strong passwords

  • Tips for securing systems - http://www.itc.virginia.edu/security/device-requirements.html


Before you go secure your data l.jpg

Before You Go, Secure Your Data

  • Delete or de-identify non-essential sensitive data

    • Common sense tips - http://www.itc.virginia.edu/security/

    • Examples of legally protected data -http://www.itc.virginia.edu/security/

    • Tool - Spider will search for hard drive data appearing to be SSNs or credit card #s - https://www.itc.virginia.edu/security/identityfinder


Before you go secure your data continued l.jpg

Before You Go, Secure Your Data - continued

  • Encrypt sensitive data that cannot be removed

    • Encryption Guidance - http://www.itc.virginia.edu/security/mobile/encryption.html

  • Create data backup and store in safe place


Before you go prep for secure remote access l.jpg

Before You Go, Prep for Secure Remote Access

  • Install UVA-Anywhere to enable:

    • Remote use of the Home Directory Service

    • Access to UVa-licensed online databases, news resources, and software

    • Encrypted data transmission

    • Access to UVa Email server without reconfiguration

  • Tips and tool - http://www.itc.virginia.edu/network/vpn/


Off you go l.jpg

Off You Go!


When on the road l.jpg

When On The Road,

  • Be wireless wary. Prevent unintentional connections to untrustworthy wireless networks

  • Disable file and print sharing

  • Device Requirements - http://www.itc.virginia.edu/security/


When on the road17 l.jpg

When On The Road,

  • Never key passwords or other sensitive information into public computers that may not be properly secured. Hidden software that captures every keystroke may be installed.

  • Keep mobile devices and electronic media with you at all times or under lock and key

  • Call UVa if you suspect or know your password or sensitive data have been stolen or otherwise compromised


Checklist l.jpg

Checklist

  • Software up to date

  • Anti-virus and anti-spyware software installed

  • Strong security settings on browser

  • Strong passwords

  • Software firewall activated


Checklist continued l.jpg

Checklist - continued

  • Sensitive data purged or encrypted

  • Data backup stored in safe

  • Got UVa-Anywhere

  • Choosing wireless networks carefully

  • Steering clear of improperly maintained public computers

  • Watching mobile devices and electronic media like a hawk


Slide20 l.jpg

IT Security and Policy Office

it-spo@virginia.edu


  • Login