Security Awareness: Asking the Right Questions to Protect Information - PowerPoint PPT Presentation

Audrey
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security Awareness: Asking the Right Questions to Protect Information PowerPoint Presentation
Download Presentation
Security Awareness: Asking the Right Questions to Protect Information

play fullscreen
1 / 29
Download Presentation
Security Awareness: Asking the Right Questions to Protect Information
395 Views
Download Presentation

Security Awareness: Asking the Right Questions to Protect Information

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    1. Security Awareness: Asking the Right Questions to Protect Information Keith A. Watson, CISSP Research Engineer Center for Education and Research and Information Assurance and Security

    3. A Brief Intro to Information Security Information Security is the Process of Protecting Information and Information Resources

    4. Information Security Intro Information assets are the most critical and most valuable Applies to information in electronic and physical forms Three primary goals Confidentiality Integrity Availability

    5. Information Security Examples (Confidentiality) What would happen if sample information were accidentally published to web site? (Integrity) How reliable would sample information be if it could be modified by anyone on the network? (Availability) How would you get any work done if all the mice disappeared?

    6. Responsibility Who? Why?

    7. Who is Responsible? Are you responsible for the security of your system? Is the system administrator responsible? Do you have the administrator password for your system?

    8. Answers You Might Not Like You are at least partly responsible for the security of the information on the system. The system administrator might be responsible for the security of the system. If you have the administrator password, then you are probably responsible for everything.

    9. But wait, Im not an admin Find someone else to be in charge of the security of the system Someone who will take an active part in managing the system Give up your admin password and live the life of a lowly user

    10. Why am I in charge? You have no system admin No budget for one Cant find one (industry pays better) You have one, but he cant be trusted Policy puts you in charge You create it, you manage it (functional data owner policy) Decentralized control You manage the system. The admin answers your questions.

    11. Knowledge What? How?

    12. The Bare Minimum Update that System! Back it Up! Worms, Viruses, Spyware, Oh My! *#@^%$&! Shields Up!

    13. Update that System! Is your system up to date? Windows (and Mac) Run software update tools at least on the second Tuesday of the month (Windows patch release day) Turn on auto updates (catch off-cycle patches) Linux Check for updates at least weekly (yum, RHN, etc) If you dont manage updates, make sure your admin follows these guidelines

    14. Back it Up! Back up strategy: Critical/Important data daily Systems at least weekly Methods: External drives (USB/Firewire) Tapes Servers

    15. Worms, Viruses, Spyware, Oh My! You should have anti-virus/spyware software installed and updating daily Scan every Attachment File downloaded If you didnt install and configure the anti-virus/spyware software, find out who did Make sure it is enabled and auto updating

    16. *#@^%$&! Strong Passwords We have too many passwords to remember The Music Method: Chose the words from a song: Mary had a little lamb whose fleece was Select the first letters of the words: M h a l l w f w Change some of the letters to numbers: M4a1lwfw Change some letters to upper case: M4A1lWfw

    17. *#@^%$&! Stronger Passwords We have too many systems to use The Variations on a Theme Method: Using your MM password, modify the trailing characters for different systems: M4A1lWnP ==> network password M4A1lWw5 ==> web site password M4A1lWSv ==> server password

    18. Shields Up! Screen Locks On Enable screensavers with passwords Lock the screen when you step away Use an idle timeout to auto lock it 10 minutes is probably good enough

    19. Shields Up! Firewalls Software On Desktop firewall software prevents some network-based inbound attacks Some limit outbound connections as well Modern operating systems have a firewall Turn it on Enable/Allow the net services that you use

    20. Shields Up! Unnecessary Stuff Off Remove unneeded software Fewer vulnerabilities to worry about Save some disk space too Turn off unnecessary services Fewer ways an attacker can get to you Improve performance too

    21. Some Extra Stuff Above the Bare Minimum Encrypt that Data! Lock that Door, Desk, and Cabinet! Glue that Computer Down!

    22. Encrypt that Data! Disk encryption Stolen hardware has interesting info on it Windows XP EFS Mac OS X FileVault PGP Disk Email encryption Email is like a postcard, anyone can read it PGP or GPG S/MIME (most modern mail tools support it)

    23. Lock that Door, Desk, and Cabinet! Better Physical Security needed Have rules about locking labs and offices Move your sensitive paperwork into file cabinets before you go home Lock up your expensive gizmos in a desk

    24. Glue that Computer Down! Computers are getting smaller and sprouting legs Laptops Get a cable lock Use it at the office and when you travel Desktops Get a steel cage lock box or cable kit Two-sided carpet tape works too!

    25. Contacts Who? Why?

    26. Who do I contact? If a law has been broken, call the police Ask for an officer responsible for computer crimes They may refer you to other agencies (FBI, Secret Service, state police, etc.) Be aware that they may take your system away for analysis

    27. Who do I contact? If there is a problem with your system, unplug it from the network Do NOT turn it off! Call the admin and/or your local security person

    28. Contact Pitfalls No one knows what to do No one wants to do anything Next steps (before you plug it into the network): Reinstall system from original media (update) Configure security options (FW, AV/S, etc) Restore user/project data from backup

    29. Summary Information is critical to the mission of the NPDN Determine responsibility for security. Improve the security of your systems. Find out what to do when things go wrong.