An Introduction To IT Security And Privacy for Librarians and Libraries
-
Upload
blake-carver -
Category
Technology
-
view
268 -
download
0
Transcript of An Introduction To IT Security And Privacy for Librarians and Libraries
![Page 1: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/1.jpg)
IT Security For Librarians
Blake Carver LYRASIS Systems Administrator
![Page 2: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/2.jpg)
Week One: IntroWho and How and WhatPrivacy & Security in generalWhy this is all important5 Basic Things
Week Two: Outrunning The BearPrivacyPasswordsSecuring Devices Web BrowsersEmailStaying Safe On-line (General Tips)
Week Three: Outrunning The Bear @ Your LibraryTraining: Thinking & BehaviorThreat modelingHardware and networks
Week Four: Websites & Everything Else!Web Servers and NetworksBackupsDrupal and Wordpress and JoomlaServers in general
![Page 3: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/3.jpg)
Everything You Need To Know• Use Good Passwords• Stay Paranoid & Vigilant• Use Routine Backups• Keep Everything Patched / Updated• Think Before You Share Or Connect
Intro
![Page 4: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/4.jpg)
Other Thingsl Install Updates NOWl Passwords are Keyl ALL Software Has Flawsl Security Is Complicatedl Everyone Plays A Part
![Page 5: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/5.jpg)
Common Security Myths• You have nothing worth stealing • Patches and updates make things worse and
break them • You can look at a web site and know it's safe • No one will guess this password• Social Media Sites Are Safe• I’m safe! I use Anti-virus / firewall• There’s only malware on Desktops not phones• If I'm compromised I will know it • I'm too smart to get infected
Intro
![Page 6: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/6.jpg)
Common Security Excuses
• But nobody would do that [Exploit Method/Thing]• I can't remember all these passwords.• Firewalls / AV / Security just gets in the way• They won't be able to see that; it's hidden.• It's safe because you have to log in first.
Intro
![Page 7: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/7.jpg)
So What Are We Talking About● ● ● ● ● ● ● ●
Intro
![Page 8: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/8.jpg)
The Way Things Are Vs.The Way Things Oughtta Be
![Page 9: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/9.jpg)
But the state argued that because cell phones constantly reveal their locations to carriers by pinging nearby cell towers, Andrews “voluntarily shared this information with third
parties,” including the police, merely by keeping his phone on.
In other words, if you don't shut off your phone, you're asking to be tracked.
“While cell phones are ubiquitous, they all come with 'off' switches,” the state responded in the brief. “Because Andrews chose to keep his cell phone on, he was voluntarily sharing
the location of his cell phone with third parties.”
“The government has indeed repeatedly argued that there is no [reasonable expectation of privacy] in cell phone location information, in court and
out,” Nathan Wessler, a staff attorney with the ACLU's speech, privacy and technology project, told Motherboard in an email. “In cases involving historical cell site location
information, the government has danced around this argument, arguing that phone users give up their expectation of privacy in their location information merely by making and
receiving calls.”
State of MD Vs Kerron Andrews
![Page 10: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/10.jpg)
![Page 11: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/11.jpg)
If Vs.
When
Somethings are IFs, somethings are WHENs
Perhaps things are Likely and Possible
![Page 12: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/12.jpg)
● ● ● ● ● ● ● ●
Bad Guys? Hackers?Crackers?Criminals?
Intro
![Page 13: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/13.jpg)
![Page 14: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/14.jpg)
![Page 15: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/15.jpg)
![Page 16: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/16.jpg)
● ● ● ● ● ● ● ●
Security
Cyber Security?IT Security?Safety?Information Security?
Information Literacy?The Digital Divide?
Intro
![Page 17: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/17.jpg)
“Security is two different things: It's a feeling &It's a reality ”
Bruce Schneier – TedxPSU
Intro
![Page 18: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/18.jpg)
Security isn’t either/or
Intro
![Page 19: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/19.jpg)
● ● ● ● ● ● ● ●
Privacy
Cyber Privacy?IT Privacy?Online Privacy?
Information Literacy?The Digital Divide?
Intro
![Page 20: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/20.jpg)
What will be the consequences of participation in this data set?
https://github.com/frankmcsherry/blog/blob/master/posts/2016-02-06.md
![Page 21: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/21.jpg)
Are we helping people avoid being added to more and more datasets?
Are we increasing their digital foot prints?
![Page 22: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/22.jpg)
Security & Privacy are, Getting Better, But they're Getting
Worse Faster
Intro
![Page 23: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/23.jpg)
Why does this keep happening?
The Internet was built for openness and speed
More Things Online – More Targets
Old, out-of-date systems and budget shortfalls
New poorly designed systems
Surveillance is the business of the Internet
![Page 24: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/24.jpg)
Why?
Professionals
Intro
![Page 25: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/25.jpg)
And Everyone Else
![Page 26: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/26.jpg)
Good Guys
![Page 27: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/27.jpg)
Bad Guys
SkillFocusToolsTime
Training
![Page 28: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/28.jpg)
Not much of this crime is new
AutomationDistance "Technique Propagation"
(“Only the first attacker has to be skilled; everyone else can use his software.”)
Intro
![Page 29: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/29.jpg)
The technology of the internet makes the bad guys vastly more efficient.
Intro
![Page 30: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/30.jpg)
It's Safe Behind The Keyboard
Hacking is a really safe crime. Comparatively. To other real life crime
![Page 31: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/31.jpg)
Intro
![Page 32: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/32.jpg)
Where Are They Working?
• Social Networks• Search Engines• Advertising• Email• Web Sites• Web Servers• Home Computers• Mobile Devices
Intro
![Page 33: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/33.jpg)
This is the work of a rogue industry, not a roguish teenager
Intro
![Page 34: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/34.jpg)
*Thanks to Brian Krebs for sharing screenshots: krebsonsecurity.com
And to Dr. Mark Vriesenga, BAE systems
Examples
Intro
![Page 35: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/35.jpg)
What Are They After?
• PINs• Passwords• Credit Cards• Bank Accounts• Usernames• Contact Lists• Emails• Phone Numbers• Your Hardware...
Intro
![Page 36: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/36.jpg)
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/?utm_source=feedburn
![Page 37: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/37.jpg)
Personal information is the currency of the underground
economy
Intro
![Page 38: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/38.jpg)
Personal information is the currency of the entire Internet
economy
Intro
![Page 39: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/39.jpg)
![Page 40: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/40.jpg)
What's It Worth?Credit Cards: $5-$30 Basic or “Random” $5-$8 With Bank ID# $15 With Date of Birth $15 With Fullzinfo $30
Payment service accounts: $20-$300 containing from US$400 to $1,000 between $20 and $50 containing from $5,000 to $8,000 range from $200 to $300
Bank login credentials: $190-$500 A $2,200 balance account selling for $190. $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance
Online premium content services: $.55-$15 Online video streaming($0.25 to $1) premium cable channel streaming services ($7.50) premium comic book services ($0.55) professional sports streaming ($15)
Loyalty, community accounts: $20-$1400 A major hotel brand loyalty account with 100,000 points for sale for $20 An online auction community account with high reputation marks priced at $1,400
"The Hidden Data Economy" study by MacAfee October 2015
![Page 41: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/41.jpg)
http
://w
ww
.sym
ante
c.co
m/c
onne
ct/b
logs
/net
flix-
mal
war
e-an
d-ph
ishi
ng-c
ampa
igns
-hel
p-bu
ild-e
mer
ging
-bla
ck-m
arke
t
![Page 42: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/42.jpg)
The Era Of Steal EverythingEverything has some value
Intro
![Page 43: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/43.jpg)
Against a sufficiently motivated and equipped adversary, no
device is impenetrable.
Intro
![Page 44: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/44.jpg)
There is no such thing as a secure computer
Intro
![Page 45: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/45.jpg)
We are making things safER
Intro
![Page 46: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/46.jpg)
"None of this is about being "unhackable"; it’s about making
the difficulty of doing so not worth the effort."
Intro
![Page 47: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/47.jpg)
Intro
![Page 48: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/48.jpg)
https://www.teachprivacy.com/the-health-data-breach-and-id-theft-epidemic/
![Page 49: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/49.jpg)
Think Different…
Have A Hacker Mindset
Have A Security Mindset
Intro
![Page 50: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/50.jpg)
http://www.pewinternet.org/files/2015/09/2015-09-15_libraries_FINAL.pdf
Offer Training At Your Library
![Page 51: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/51.jpg)
Everything You Need To Know
Use Great PasswordsStrong (Long, Complex)Unique
Stay Paranoid & Vigilant
Never Trust Anything or AnyoneAlways Double Check
Intro
![Page 52: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/52.jpg)
http://r20.rs6.net/tn.jsp?f=001jvkK1lqM8L-mnPV6fw1piqSVbRdreWE37hHyBgaBTEokTgb93wOt2pbbtbQeU8ZfnvfAHeCyovnJECU5iJW3x398D3y1CUWJo46vMRcq7SmXgKmSTao6BDOeyWbDL098sbwrd31tthC8vO7UtQTs-Dpvy-FzQNF8eg9jznIRCSheKjBy-NLYkve-ICGa8tQ94XTqTWvGIpCDN4R19rUWnlnGVgKhMnf6ra5h0mxYKyiVl8mVbH5rVzEHGnmC_tqm&c=2qp8OI_b_ky3yXFryCYkU3XkJehYbiMxoRoM7KwW5ZK0JPs92OvKVQ==&ch=o2igILcTd7vZdRH-EcEq6-ka5CvKEHvNx7yRl6qNWfAO-PA3NbzvPA==
![Page 53: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/53.jpg)
Everything You Need To Know
Use Great PasswordsStrong (Long, Complex)Unique
Stay Paranoid & Vigilant
Never Trust Anything or AnyoneAlways Double Check
Think Before You Click
Use Routine Backups
Keep Everything Patched / Updated
Think Before You Share
Intro
![Page 54: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/54.jpg)
Avoid The Worstest Things
• Moving Slow on updates• Thoughtlessness
Surfing/Clicking/Following/Sharing• Over Sharing• Reusing Weak Passwords• Not Backing Up• Thinking It Can’t Happen To You
![Page 55: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/55.jpg)
Week One: IntroWho and How and WhatPrivacy & Security in generalWhy this is all important5 Basic Things
Week Two: Outrunning The BearPasswordsSecuring Devices Browsers & TorEmailStaying Safe On-line (General Tips)
Week Three: Outrunning The Bear @ Your LibraryTraining: Thinking & BehaviorThreat modelingHardware and networks
Week Four: Websites & Everything ElseWeb Servers and NetworksBackupsDrupal and Wordpress and JoomlaServers in general
![Page 56: An Introduction To IT Security And Privacy for Librarians and Libraries](https://reader035.fdocuments.net/reader035/viewer/2022062900/58eb6dea1a28ab7e2f8b46e1/html5/thumbnails/56.jpg)
IT Security For Librarians
Blake CarverLYRASIS Systems Administrator