Professional Documents
Culture Documents
Introduce Myself
• Because of the many incidents throughout the country and at universities in
particular of identity theft and security breaches CUNY has made a security
course available on line.
• Because that course was commercially developed it was designed on a
corporate and factory model.
• I was tasked to create a revised presentation which would be relevant to the
college and university environment in general, and QCC in specific.
• he University wants everyone to become aware of the dangers of the
problem and how to protect yourself and your computers at home and at
work
• CUNY wants to make sure that QCC and all colleges are taking this
seriously
• By taking the course together we can answer questions that may arise for
you
• Booklet
• A little more than an hour – if anyone has to leave to make a class just do
so
• About the film you just saw about City College: YOU MAY HAVE THOUGHT
THAT A PASSWORD PROTECTED COMPUTER WAS SAFE. BUT THE HARD DRIVE CAN BE
REMOVED AND INSTALLED IN ANOTHER COMPUTER AND THE DATA RETRIEVED.
• 2. Go to the site:
– http://security.cuny.edu
3
Identity Theft
• Fastest Growing Crime in America
• Avoid being a victim by adopting
safeguards while handling sensitive
personal information
Information Security
Safeguarding information from:
1. Misuse
2. Theft
3. Loss
4. Damage
ONE OF TWO PAGES RELATING TO SLIDE
5
Information Security
• Safeguard Information – Insure:
• Confidentiality
(Transport data securely with
encryption)
• Integrity
• Availability to Authorized Users
(CUNY First passwords)
If your computer is compromised it can
compromise all linked computers
Why do we have Passwords?
6
GO TO IDENTIFY THE NEED FOR CYBER SECURITY
THERE ARE TWO CYBER SECURITY SLIDES AND A
PAGE OF COMMENTARY FOR EACH
Cyber Security
• Is the protection of data and systems
connected to the internet
• Deter – Detect – Defend Against
Information Theft Attacks
• Desktops, laptops, cell phones, wireless
gadgets, PDA’s’s
• Proliferation due to the increased use of
the internet
7
Cyber Security
How many of you are on Facebook? It makes its money by selling
your information
8
Computer Security is Everyone’s Job
Your QCC desktop attached to the
campus network has:
• McAfee VirusScan Enterprise software that guards
against threats
• Internal Firewall security
• Fireeye anti-spyware, a gateway appliance, to protect
computer from being taken over by external sources
• Barracuda, another gateway appliance, to remove
malware and virus coming from external websites
• McAfee software to remove external spam
• External Firewall wraparound security for campus wired
and wireless network
• Central Office has its own security in place
9
HOLD FOR 4 SLIDES TO FINISH
13
• After “Identify Social Engineering Exploits”
go to “Strengthen Desktop Security”.
• Present Guidelines for a Strong Password
• Present Password Protect Your Screen
Saver and Demonstrate at the Desktop
14
Guidelines for a Strong Password
• Use at least seven (7) characters
• Use combination of upper case and lower case
letters, numbers, and symbols
• Try to place a symbol after the first character
• A new password should be significantly different
from your current password
• Do not use common words, your name, or other
words that people associate with you
• Hackers know that users typically start a
password with a capital letter and end with the
number 1. Do not follow this pattern.
Paula = Daedelus = 1)@eXw3
. 15
Password Protect Your Screen
Saver
• If you step away from your desk while your computer is
on, your information will not be accessible to anyone
• To password protect your computer right click an empty
space on the desktop, select properties, select screen
saver, check “on resume, password protect”
• You may select and adjust the number of minutes before
screen locks
• When locked you will see message “This Computer is in
Use and has been locked”
• Control + ALT + Delete
• Enter your desktop password
GO TO DESKTOP and RIGHT CLICK PERSONALIZE
16
Password Protect Your Smart
Phone
• You can and should password protect your smart
phone in which you can send and receive email
and surf the internet.
• In which you have contact information
• The Iphone, Android, and Blackberry phones
have this feature.
• If the phone is lost a third party cannot readily
access your data.
17
Downloading Software Guidelines
• Downloading copyright protected files off the internet is an infringement of
the copyright owner’s exclusive rights of reproduction and/or distribution and
is very dangerous to your computer
• Files which can be downloaded over peer-to-peer networks, e.g., BitTorrent,
are primarily copyrighted works
• Authorized services that allow copyrighted works to be purchased online,
e.g., ITunes, eliminate the risk of infringement
• Authorized services can also limit the exposure to other potential risks like
viruses and spyware
• If the use is business related, a college or university software agreement
may exist
• We recommend that you do not download to your college computer
software that is not work related. The only software on your office
computer should be supplied by QCC
• Be very careful in deciding to download software to your home
computer
18
Encryption/Decryption
A type of file protection that
disguises the file contents
• File cannot be read by unauthorized users who have not been given the key used to
encrypt or disguise the contents
• Sensitive material or private information includes, but is not limited to, social security
numbers, driver’s license or non-driver identification card numbers, credit, debit, or
other financial account numbers.
• Sensitive material should never be emailed
• Sensitive material should never be stored in “the cloud” or with other third party
storage systems.
• If you have need to transmit or receive sensitive material to or from others on
campus, IT will install Webdrive encryption software on your computer.
• If you have need to transmit sensitive material outside of QCC to other CUNY units ,
or outside of CUNY to other colleges or entities, Tumbleweed software must be used.
You can open a Tumbleweed account at the CUNY portal/.
• Sensitive material may not be taken between campus and home without expressed
approval of the Vice President of Finance and Administration
• Sensitive material may only be transported between campus and home if encrypted.
• IT will supply encrypted flash drives for the approved use of faculty and administration
19
Disposing and Deleting Sensitive
Files
•
(Student Personal Data)
Safe Disposal: Erase floppy disks, hard drives, flash
drives, and tapes; Shred paper documents; Break CD’s
in half.
• Deleting a file does not erase the data from the
computer. It is still retrievable by others.
• Deleting a file deletes the pointer to the data and not the
data itself.
• To safeguard deleted data from others be sure to empty
your cache, and trash or recycle bin.
• When IT removes your old computer and it is readied for
disposal utilities are applied to the computer to totally
wipe out data.
21
Malware
Malicious Code
• Crashes program or computer
• Loss of data
• Computer can be controlled by attackers
• Unauthorized access to sensitive data
• Internet browser redirected to harmful or
dangerous websites
22
Virus
• A computer program that attaches itself
to your computer and replicates itself
• It may run or lurk in the background
• Will be on executable files, e.g.,:
.Bat
.Com
.Exe
.Scr
.Shs
23
Trojan (as in Horse)
• Malicious program masquerading as
harmless
• Does things user does not expect
• May locate passwords
• May destroy programs or data
• Sneak in with illegal downloads of games,
utilities, software, or music
24
SPAM
• Unsolicited and Unwanted email
• Can overload mailbox or mail servers
• May contain viruses, pharming, phishing,
or spoofing
• May direct you to another site
• Due to filters applied by IT to incoming
email to QCC, only a fraction of the spam
that you are sent reaches your inbox
25
Virus Hoaxes
• Never act on emails, even from friends,
urging you to delete files or forward emails
regarding hoaxes except from QCC IT
Security.
26
Hacking
Stieg Larsson and Lisbeth Salander 35 million copies
27
4 SLIDES – HOLD COMMENTARY UNTIL AFTER VIRUS SCANS
28
GO FROM VIRUS SCANS TO BLOCK SPYWARE
Spyware
• Intercepts or takes control of computer
• Tracks surfing and activities for commercial use
• Infected computer will be:
slow
crashes often
• See pop-ups when not on internet
• Changes internet sites without your control
• Often attached to free-to-download “cute”
utilities and applications.
29
Block Spyware
• Use Anti-Spyware Programs
• Use Pop-Up Blockers
• Adjust Security Settings for maximum
control
30
If your office computer is infected
• Call the Help Desk – x 6348
31