Computer Security Awareness

1. Computer Security Awareness Presented by: Patrick Shinkle University of North Texas Center for Public Management

2. Agenda Don�t get overwhelmed. Learn and share. Ask questions. Make this presentation a discussion. Don�t get spooked. Sit down as a family and discuss the topics. Work with the school in protecting our kids. Mabank ISD will make this presentation available. 2

3. 3 CIA � The Security Triad Confidentiality - Assurance that information is shared only with authorized persons or organizations. Breaches occur when data is not handled in a manner adequate to safeguard the confidentiality of the information. Disclosure can take place by word of mouth, by printing, copying, e-mailing or creating documents and other data. The classification of the information should determine its confidentiality and the appropriate level of safeguards. Integrity - Assurance that the information is authentic and complete. Ensuring the information can be relied upon to be accurate for its purpose. The integrity of data is not only whether the data is 'correct', but whether it can be trusted and relied upon. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Why? Because, by making one or more copies, the data is then at risk of change or modification. Availability - Assurance that the systems responsible for delivering, storing and processing information are accessible when needed and by those who need the information.

4. 4 What is Illegal (LSF) Local, state, and/or federal laws govern the following Internet offenses: Child pornography Distribution of pornography to minors Obscenity Copyright infringement Software piracy Recording piracy Bomb threats Hoaxes, scams, pyramid schemes Federal computer-security violations.

5. 5 Federal Violations The primary federal statute regarding computer fraud 18 U.S.C section 1030 was amended in October 1996 to protect computer and data integrity, confidentiality and availability. Examples of violations are: theft of information from computers belonging to financial institutions, federal agencies, or computers used in interstate commerce; unauthorized access to government computers; damage to systems or data (intentionally or recklessly); trafficking in stolen passwords; extortionate threats to damage computers.

6. Texas Computer Law TEXAS PENAL CODE � CHAPTER 33. COMPUTER CRIMES Sec. 33.021.�� ONLINE SOLICITATION OF A MINOR Sec. 33.07.�� ONLINE HARASSMENT READ THE LAW� 6

7. Sec. 33.021. - ONLINE SOLICITATION OF A MINOR (a) In this section: (1) "Minor" means: (A) an individual who represents himself or herself to be younger than 17 years of age; or (B) an individual whom the actor believes to be younger than 17 years of age. (2) "Sexual contact," "sexual intercourse," and "deviate sexual intercourse" have the meanings assigned by Section 21.01. (3) "Sexually explicit" means any communication, language, or material, including a photographic or video image, that relates to or describes sexual conduct, as defined by Section 43.25. (b) A person who is 17 years of age or older commits an offense if, with the intent to arouse or gratify the sexual desire of any person, the person, over the Internet or by electronic mail or a commercial online service, intentionally: (1) communicates in a sexually explicit manner with a minor; or (2) distributes sexually explicit material to a minor. (c) A person commits an offense if the person, over the Internet or by electronic mail or a commercial online service, knowingly solicits a minor to meet another person, including the actor, with the intent that the minor will engage in sexual contact, sexual intercourse, or deviate sexual intercourse with the actor or another person. (d) It is not a defense to prosecution under Subsection (c) that: (1) the meeting did not occur; (2) the actor did not intend for the meeting to occur; or (3) the actor was engaged in a fantasy at the time of commission of the offense. (e) It is a defense to prosecution under this section that at the time conduct described by Subsection (b) or (c) was committed: (1) the actor was married to the minor; or (2) the actor was not more than three years older than the minor and the minor consented to the conduct. (f) An offense under Subsection (b) is a state jail felony, and an offense under Subsection (c) is a felony of the third degree, except that an offense under Subsection (b) or (c) is a felony of the second degree if the minor is younger than 14 years of age or is an individual whom the actor believes to be younger than 14 years of age. (g) If conduct that constitutes an offense under this section also constitutes an offense under any other law, the actor may be prosecuted under this section, the other law, or both. 7

8. Sec. 33.07. - ONLINE HARRASSMENT (a)��A person commits an offense if the person uses the name or persona of another person to create a web page on or to post one or more messages on a commercial social networking site: (1)��without obtaining the other person's consent; and (2)��with the intent to harm, defraud, intimidate, or threaten any person. (b)��A person commits an offense if the person sends an electronic mail, instant message, text message, or similar communication that references a name, domain address, phone number, or other item of identifying information belonging to any person: (1)��without obtaining the other person's consent; (2)��with the intent to cause a recipient of the communication to reasonably believe that the other person authorized or transmitted the communication; and (3)��with the intent to harm or defraud any person. (c)��An offense under Subsection (a) is a felony of the third degree.��An offense under Subsection (b) is a Class A misdemeanor, except that the offense is a felony of the third degree if the actor commits the offense with the intent to solicit a response by emergency personnel. (d)��If conduct that constitutes an offense under this section also constitutes an offense under any other law, the actor may be prosecuted under this section, the other law, or both. (e)��It is a defense to prosecution under this section that the actor is any of the following entities or that the actor's conduct consisted solely of action taken as an employee of any of the following entities: (1)��a commercial social networking site; (2)��an Internet service provider; (3)��an interactive computer service, as defined by 47 U.S.C. Section 230; (4)��a telecommunications provider, as defined by Section 51.002, Utilities Code; or (5)��a video service provider or cable service provider, as defined by Section 66.002, Utilities Code. (f)��In this section: (1)��"Commercial social networking site" means any business, organization, or other similar entity operating a website that permits persons to become registered users for the purpose of establishing personal relationships with other users through direct or real-time communication with other users or the creation of web pages or profiles available to the public or to other users.��The term does not include an electronic mail program or a message board program. (2)��"Identifying information" has the meaning assigned by Section 32.51. 8

9. 9 Important Items Monitor your kids and get in their business if they use a computer. While children need a certain amount of privacy and trust, they also need parental involvement, interaction and protection. MySpace.com found more than 90,000 registered sex offenders with profiles on the popular social networking website. (USA Today) According to the U. S. Department of Justice Bureau of Justice Statistics, on any given day there are approximately 234,000 sex offenders who were convicted of rape or sexual assault in the custody or control of correction agencies. (Yello Dyno)

10. Crime & Abuse Statistics 71% of teen girls and 67% of boys who sent or posted sexually suggestive content say they sent it to a boyfriend or girlfriend. 22% of teenage girls say they posted nude or semi-nude photos or videos of themselves online. 70% of children 7 � 18 years old have accidentally encountered online pornography, often through a web search while doing homework. 20% of teenage Internet users have been the target of an unwanted sexual solicitation (requests for sexual activities, chat, or information). 41% of unwanted sexual solicitations, 29% of unwanted exposure to sexual materials, and 31% of harassment occurred when children were online with their friends. 10

11. Crime & Abuse Statistics 90% of children (8-16) have seen online pornography. Law enforcement officials estimate that more than 50,000 sexual predators are online at any given moment. 65% of 8-14 year olds have been involved in a cyber-bullying incident. 96% of teens use social networking applications such as Facebook, MySpace, Chat rooms, and blogs. 69% of teens regularly receive online communications from strangers and don't tell a parent or caretaker. Approximately 89% of sexual solicitations of youth were made in chat rooms or through Instant Messaging. 11

12. On Line Chatting Position the computer in your main living space and make sure the monitor faces OUTWARD into the room so there is no secrecy. Work as a team to set your boundaries. Discuss with your child exactly what is OK and what is not OK regarding what kind of Web sites are appropriate for them to visit, which chat rooms to visit and what kinds of things to talk about there. Set logical consequences for when your child disregards your rules. Stress to your child that they need to tell you if they get any weird or upsetting messages while chatting, and that you will not be angry with them. Make it clear to the child that you understand that the child cannot control what other people say to him or her and that they are not to blame if this happens. Set strict time limits for Internet chat use and enforce them. Internet addiction is a real thing! 12

13. On Line Chatting Make it clear to your child that people in chat rooms are ALWAYS strangers and no matter how well they think they know them, they are still strangers. Make sure your child understands that they are never to tell a person online their real name, their school, their phone number or where they live. Make sure that their chat time occurs when YOU are around in the house so that you can check in on them regularly. Be sure to stress to your child that they are to behave politely and respectfully at all times while online with friends. Take an active interest in your child's activity online. Learn to surf the Web and chat online yourself so you understand what it is that your child is doing. If you don't know how to chat online, ask your child to teach you. 13

14. Sexting � Talk about it Parents� Have some candid conversations. Have you ever received a sexual message or naked picture on your cell phone? Has anyone ever asked or pressured you to send a nude or sexual picture? Do you think it�s OK to send �sexy� messages or images? What could happen to you if you send or forward a sexual text message or naked picture with your cell phone? How likely is it that images and messages intended for one person will be seen by others? 14

15. Sexting � Don�t Do it THINK ABOUT THE CONSEQUENCES� of taking, sending, or forwarding a sexual picture of someone underage, even if it�s of you. You could get kicked off of sports teams, face humiliation, lose educational opportunities, and even get in trouble with the law. Parents could also be served with legal action. NEVER TAKE IMAGES OF YOURSELF that you wouldn�t want everyone�your classmates, your teachers, your family, GRANDMA or GRANDPA to see. GEO TAGS BEFORE HITTING SEND remember that you can�t control where this image may travel. We like to say the �Internet Is Forever�. What you send to a boyfriend or girlfriend could easily end up with their friends, and their friends, and their friends� 15

16. Sexting � Don�t Do It IF YOU FORWARD A SEXUAL PICTURE OF A MINOR you are as responsible for this image as the original sender. You could face child pornography charges, go to jail, and have to register as a sex offender. REPORT ANY NUDE PICTURE YOU RECEIVE on your cell phone to an adult you trust. Do not delete the message. Instead, get your parents or guardians, teachers, and school counselors involved immediately. 16

17. Cyber Bullying Tips For Students Tell a trusted adult about the bullying, and keep telling until someone takes action. Don't open or read messages from cyber bullies. Tell a teacher or administrator at your school if it is school related. Don't erase the messages because it might need to be used as evidence. 17

18. Cyber Bullying Tips For Students Protect yourself: Never agree to meet face to face with anyone bullying you. If bullied through chat or instant messaging, the "bully" can often be blocked. If you are threatened, inform your parents and have them assess the next level of response. If you are threatened with physical harm, notify your parents, school counselors and have your parents contact the local police. 18

19. Cyber Bullying Tips For Parents of all aged kids Establish a code of conduct. Tell them that if they wouldn�t say something to someone�s face, they shouldn�t text it, IM it, or post it. Ask questions about cyber bullying. Do they know someone who has been cyber bullied. Often, they will open up about others� pain before admitting their own. Establish consequences for bullying behavior. Monitor, monitor, monitor� 19

20. Cyber Bullying Tips (ES) For Parents of Elementary School kids Keep online socializing to a minimum. Use sites like Webkinz or Club Penguin where chat is pre-scripted or pre-screened. Explain the basics of correct cyber behavior. Tell your kids that things like lying, telling secrets, and being mean still hurt in cyberspace. Tell your kids not to share passwords with their friends. A common form of cyber bullying is to send fake messages or post embarrassing comments. 20

21. Cyber Bullying Tips (MS) For Parents of Middle school kids Monitor their use. See what they�re posting, check their mobile messages, and let them know you�re keeping an eye on their activities. Tell your kids what to do if they�re harassed. No response or retaliation Block immediately Tell you or a trusted adult Don�t delete the messages because in persistent cases, the content should be reported to a cell or Internet Service Provider 21

22. Cyber Bullying Tips (MS) For Parents of Middle School kids If your kid is doing the bullying, establish strict consequences. Cruel or sexual comments about teachers, friends, and relatives. Chat in online games and virtual worlds also counts. Unfortunately, hurtful retaliation happens all the time. Remind them that all private information can be made public. Posts on friends� walls, private IMs, intimate photos, little in-jokes can all be cut, pasted, and sent around. If they don�t want the world to see it, they�d better not post or send it. 22

23. Cyber Bullying Tips (HS) For Parents of High School kids Tell kids to think before they type. Remind your teens that anything they post can be misused by someone else. Things they post can potentially be viewed by employers, colleges recruitments, adults, law enforcement, many years from now. Remind them they aren�t too old to ask for your help. There are things some kids can handle on their own. Sometimes, they just need help and guidance.  23

24. Mabank ISD Resources Mabank ISD has in place an anonymous tip line where students and parents can report these incidents.� (It�s also for other things such as drugs and alcohol abuse) Choose to Care Tip Line:�� www.choosetocare.com Toll free: 877-277-3812 NOT available for texting but hopefully be next year. 24

25. Lots of Resources State Attorney General�s Office https://www.oag.state.tx.us/criminal/cybersafety.shtml NetSmartz http://www.netsmartz.org/Parents WiredKids.org http://wiredkids.org/ FBI http://www.fbi.gov/fun-games/kids/kids-safety Safeteens.com http://www.safeteens.com/ Google -> Kids Computer safety 25

26. Who�s computer is it? Yes, kids need privacy but parents� Know all the passwords Monitor the browser activity Maintain the computer so that it�s secure Monitor the chats (Facebook, etc.) Keep the communication open Stay involved Know your kid�s friends Set the guidelines and enforce the rules. 26

27. PC Security Basics Install and Use Anti-Virus Programs Keep Your System Patched with the Latest Program Updates Use Care When Reading Email with Attachments Install and Use a Firewall Program Make Backups of Important Files and Folders Use Strong Passwords Use Care When Downloading and Installing Programs Install and Use a Hardware Firewall Think about the online security of your PC 27

28. 28 AntiVirus (AV) AV software is installed and running. AV software is up to date. (laptops?) Definition files are less than 7 days old. Free AntiVirus & Malware Software ! AVAST Free http://www.avast.com/index AVG Free http://free.grisoft.com/ Microsoft Security Essentials http://www.microsoft.com/security_essentials/ Malwarebytes http://www.malwarebytes.org/mbam.php SuperAntiSpyware http://www.malwarebytes.org/mbam.php

29. Keep Security on the Brain Does the computer have shared use? Do you utilize online banking? Do the kids play online games? Can anyone in the family install software? Do you need to login to use the computer? Do you use administrative rights? Do you know more or less about computers than your children? 29

30. 30 Internet Use

31. 31 Internet Use

32. 32 Internet Use

33. 33 Internet Use

34. 34 Internet Use

35. 35 Internet Use

36. 36 Internet Use Don�t install Active X or Java components when prompted while browsing. What is Active X? -- Microsoft's technology for the delivery of multimedia over the web. If it�s moving on the screen, it�s Active X or Java. What industry is big in Active X? If you have to install Active X or Java, make sure the installation is from a trusted website.

37. 37 Internet Use Know how to tell if a website uses encryption with the lock icon. If you are told you really don�t need encryption for sensitive data, don�t believe them. Be careful� Bad folks also buy encryption.

38. 38 Internet Use Don�t respond to popup ads: �Your computer is compromised� �You�ve just won an iPod� Pop-ups download spyware Use a �Pop-up� blocker running to prevent propagating windows. Google Tool Bar (Free !!!) www.toolbar.google.com Yahoo Tool Bar (Free !!!) http://us.toolbar.yahoo.com How do you stop propagating windows? (CRTL-ALT-DEL, End Task)

39. 39 Google Searches Sample Queries In Response GOOGLE gives... �John Doe� all sources found of specific individual (512) 555-1234 phone number results and map option holiday travel the words holiday and travel Aruba OR Bermuda the word Aruba or Bermuda "I have a dream" the exact phrase I have a dream +I spy the words I & spy (force Google not to ignore I) salsa -dance the word salsa but NOT the word dance part-time the words part-time, part time, or parttime Google ~Guide the words Google & both guide & its synonyms DVD player $100..$150 DVD players between $100 and $150 hybrid cars site:npr.org hybrid cars from the website npr.org kite aerial photos site:edu kite aerial photos from the .edu domain define:gato definitions of gato in several languages books �Fail Safe" book-related info; click Book results to search movie:Capote, movie:76203 reviews, showtimes, & locations music:Simon Garfunkel music-related info & where you can buy music weather Dallas TX weather condition and forecast 15 % of (12+34*5/6) results of calculations 3 Euros in US$, 95 lbs in kg onversion of x units into y units goog hpq msft financials including stock price, given a ticker symbol

40. 40 Email Don�t respond to SPAM even to unsubscribe. Spammers don�t know if email addresses are good or not. If you respond, they know they have a good email address and will sell your name to other SPAM operations. A valid email address is GOLD to Spammers. Configure your email program for filtering spam.

41. 41 Email

42. 42 Email Be concise and to the point Answer all questions, and pre-empt further questions Use proper spelling, grammar & punctuation Use templates for frequently used responses Answer promptly Do not attach unnecessary files Use proper formatting Do not overuse the high priority option Do not write in CAPITALS Read the email before you send it Do not overuse Reply to All Mailings > use the bcc: field or do a mail merge Be careful with slang abbreviations and emoticons Be careful with formatting

43. 43 Email Don�t start or respond to: �Chain Letters�, �Prayer Letters�, �Good Luck Letters�, �Let�s see if this works�� emails. They are used to garner valid email addresses for Spammers. Watch out for Nigerian 419 Scams. Too good to be true? You bet� Approximately $500 Million scammed??? Validate the truth before falling victim to erroneous messages and hoaxes and spreading rumors: www.snopes.com www.urbanlegends.about.com/ www.symantec.com/avcenter/hoax.html

44. 44 Wireless Wireless still has security issues. Change all default Access Point (AP) passwords. D-Link (Admin); Linksys (admin); Netgear (Admin); Motorola (Admin) The SSID broadcast should not be descriptive or broadcast. Use the strongest encryption possible. Look at the setting on your wireless router and understand what they do to protect your system. Disabling uPNP, Enable WEP, Limiting MAC addresses?

45. 45 Wireless Treat all access points as untrusted and unsecured. Know what wireless hackers can do to your systems. war driving - A computer cracking technique that involves driving through a neighborhood with a wireless-enabled notebook computer and mapping houses and businesses that have wireless access points.

46. 46 Wireless Hackers, equipped with wireless access points, capture wireless signals from laptops. Users who connect to these "free" networks are at great risk of experiencing a "channeling" attack. Once you have a network connection to a channeled computer, all data is tracked. The key� Don�t assume the wireless access points are legitimate Wi-Fi hot spots. Airports, Coffee shops, free sites

47. MS Office Alternative 47

48. 48