Don’t Click That Linkand other security tips…

Laura PerryChris HuysMike Trice

Don’t Click That Link!

About Us

• Laura Perry – Information Security• Chris Huys – Windows System Administrator• Mike Trice – Network Engineer

Mail vs. Email vs. URL

Mail address:Laura PerryAlabama Supercomputer Center686 Discovery Drive Huntsville, AL 35806

Email address:lperry@asc.edu

URL (Uniform Resource Locator):

http://www.asc.edu/

What does it mean?

lperry – who?

@ - atasc – which organization?

.edu – which domain?

• Common Domains– .com, .edu, .org, .gov, .mil

International Domains– .ca, .uk, .au (Canada, United Kingdom, Australia)

– .ru – Russia– .br – Brazil– .kg – Kyrgyzstan– .cn – China– .ua – Ukraine– .fi – Finland– .lv – Latvia– .nl - Netherlands

Unless you are specifically expecting email from someone you know who lives in one of these countries, be very suspicious of anything from any of these domains.

Where .ru?

• Why does this matter???

• Do you check return addresses on regular mail?

• Do you check return addresses on email?

• What’s the real URL?

Go Phish

• Bad guys camouflage their phishing as the sort of messages we expect to receive

• Look for slight irregularities in wording, spelling or the appearance of images

• Don’t click on the links!• If you think the warning is genuine, either call

the service provider or type the provider URL yourself

Stinky Phish

• A warning that your email account will be disabled if you don’t respond.

• An email or text from a loved one saying they need money urgently.

• Someone you never met wants you to deposit their money in your account.

• You just won a prize for something you didn’t enter.• Here is a receipt for something you didn’t buy.

– The “receipt” may not be a document but a program that will install a virus on your computer.

Note the “From” address: timk@vazda.com is probably NOT your system administrator

When you hover over the hyperlink, the actual URL doesn’t match the text that you see.Don’t Click That Link!

When you hover over the Accept button, the actual URL is volunteeryouthministry.comand NOT LinkedIn!

Who is Chasity Jeffers and why is she sending an invitation for Gregory Rice?Don’t Click That Link!

Celine.Karich@duluth.k12.mn.us is NOT your system administrator!

http://lojadopolicial.com.bris not your email administration system! Remember what I said about the .br domain? Beware!

Don’t Click That Link!

Uh oh! This one actually came from a valid email address in your school system. Now what?

This could be bad… Most spam blockers will trust Google docs. If you click on this and enter the requested info, your account will immediately start sending spam emails.

Don’t Click That Link!

Your Friend Got HackedIt has your friend’s name, but that’s not the right email address. See the .nl?Beware!

Don’t Click That Link!

What’s the Big Deal?

• Identity theft• Bank account compromise• APT – Advanced Persistent Threat software

installed on your computer without your knowledge

• Key logging – see everything you type• Web site redirection – send you to malicious

site even if you type a “good” URL

Value of Hacked Email Account

Image from: http://krebsonsecurity.com/

Beware of Imposters

• Avoid tech support phone scams:– Microsoft will NEVER call you!– NEVER give your user name or password to anyone who calls you.– If you suspect something is wrong with your computer, call your

System Administrator or Help Desk.

• Avoid credit card warning scams– Your credit card provider MAY call you to report suspicious activity.– NEVER give your credit card number, expiration, CVV or pin number

to anyone who calls you!– To be safe, hang up and call your bank or call the customer support

number printed on your card.

What is Network Security

Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access, and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together. - Wikipedia

Your Information Technology (IT) Policy

• Do you know if you have an IT policy?– Acceptable use policy?

• Do you know what your IT policy is?• Do you know where to find your IT policy?• Do you know all of your local technical

contacts?

Know the Policy• Check with your Tech Coordinator to find out your

school system’s policy on cleaning compromised systems. 

• Depending on the policy or level of infection you may or may not be able to recover items from an infected system. 

• Based on this and your system’s backup strategies you may need to implement a personal backup strategy to safeguard your files.

Know Your System

• Do you know what Antivirus (AV) product is loaded on your system?

• We have all seen the pop-ups saying our system is infected and to click here to load/protect our system. 

• By knowing the AV product loaded on your system you will be able to tell if this is a false pop-up attempting to get you to install it. 

• Most of these products are loaded with spyware, adware, viruses, or trojans.

Is My PC Infected?

• Will you know if your system is infected?• Many times users do not realize their system has been

compromised with bots or malware.• Malware used to slow down your computer, or

display annoying popups, but now malware is becoming increasingly discreet.

• A ‘bot’ is a malicious form of software that uses your computer without your knowledge to send spam, host a phishing site, or steal your identity by monitoring your keystrokes.

What to Look ForWhat are common signs of a ‘bot’ infection:• Undelivered email notifications in your inbox to

unknown email addresses. Bots will frequently use email accounts to send out spam. Spam to unknown email addresses will result in a “failure to deliver” notification in your inbox.

• Suspicious email account activity. Bots create multiple email addresses in your email account. If you notice additional email addresses in your account that you didn’t create, you may have an infected computer.

What to Look For (Cont.)

• Multiple toolbars on your Internet web browser. Bots will frequently install various toolbars to help collect search information from your web browser.

• Unusual error messages. Error messages that suggest applications cannot run or drives cannot be accessed can be indications of a bot infection.

• Your computer is “busy” even when not in use.• Pop-ups driving you crazy.

Is Your Password Safe

• Do you use a strong P@$$w0rd?• Many places recommend a password that is 8

characters long containing 2 uppers, 2 lowers, 2 numbers, and 2 special characters. 

• Think of your password like the lock on your front door. You want to make it difficult for the bad guys to get through that door.

Worst Passwords of 2013

Information from: http://splashdata.com/press/worstpasswords2013.htm

123456password12345678qwertyabc1231234567891111111234567iloveyouadobe123123123admin1234567890

letmeinphotoshop1234monkeyshadowsunshine12345password1princessazertytrustno1000000

Password TipsDepending on your school system’s password policy you can use one of these examples to easily come up with a complex password you can remember:• Bruce Schneir’s advice is useful: “take a sentence and

turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary.”

• Use a password you can change regularly (but still remember easily) such as #Jun$Cmh2013 

• Use a random password generator

Password Manager

More Password Tips

• Don’t store your password in your wallet or purse.  If you do write it down, place it in a secure locked location as a last resort. You might also consider using an online password management tool.

• Use different passwords for different sites.  If one password is compromised your other accounts won’t be affected.

• A longer password is a stronger password. Each additional character may add an exponential amount of time for cracking especially if you avoid common words or patterns.

When to Use Encryption

• Where are you? – At the local coffee shop on their wireless network– On travel on the hotel wireless– At home on your wireless network– On the school public wireless network

• Are you sure the network you are connecting to is trusted?– Ask what the name of the provided Wi-Fi is

• What sites are you going to, and what data is available if your account gets hacked?

When to Use Encryption (Cont.)

• Should you use your personal laptop on the school network, and should you use your work laptop at home? What are the implications?

• Virtual Private Networks (VPNs)– Upside: Secure access to remote resources– Downside: You are now on the remote network– Sometimes not all traffic is encrypted when using a

VPN.• Ask your technology contact

Is Your Connection Secure?

• When surfing the web, look for the in the address bar.

Is Your Connection Secure? (Cont.)

• When using a VPN client look for the VPN icon and hover over it to get a status.

Why Can’t I Get to xyz.com?!?• Did you get a block page?

• This is a content filter message, not a firewall issue.– Talk to your technology contacts and tell them that you got a block

page

• Getting the block page is not the same as not getting a response from the server.

How Did Little Johnny Get to that Site?

• Web Proxy – acts as an intermediary for requests from clients seeking resources from other servers - Wikipedia

Image from: http://upload.wikimedia.org/wikipedia/commons/b/bb/Proxy_concept_en.svg

Web Proxies (Cont.)

• Very difficult to block web proxies because they are constantly changing– Alert your technology contact

• Very easy for kids to setup at home or find on the internet

Why Can’t I Access My Home Computer From School?

• This is most likely a firewall issue.– Check your IT policy– Ask your local technology contact

• Firewalls either block or deny traffic. • Connections that only work sometimes are not

likely a firewall issue, but more likely a server issue.

Home Wi-Fi

• Change your administrator password and login name if possible

• Enable encryption– WEP is old and easily hacked– WPA2 is newer and better

• Change/disable broadcast of your SSID (Wi-Fi network name)

• Use MAC address filtering to allow devices to connect to your network

What have we learned?

• Know your system• Know your school’s policies• Know your school’s IT staff• Use good passwords• Never use default passwords• Don’t send “secret” information over WiFi

networks without using VPN• … and the most important lesson …

Don’t Click That Link!