STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech...

Click here to load reader

download STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech Briefing August 6, 2010 Turing Auditorium

of 31

  • date post

    16-Dec-2015
  • Category

    Documents

  • view

    213
  • download

    0

Embed Size (px)

Transcript of STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech...

  • Slide 1
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech Briefing August 6, 2010 Turing Auditorium
  • Slide 2
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Agenda Risks of data loss What kinds of data need to be treated with special care An overview of free tools to protect your data: Stanford Whole Disk Encryption (SWDE) Secure AFS Stanford IM Secure Email Data Security for Mobile Devices Avoiding the perils of phishing attacks Upcoming changes to WebLogin password update procedures 5/7/2015 Protect Your Data, Protect Yourself page 1
  • Slide 3
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 5/7/2015 Protect Your Data, Protect Yourself page 2 Youre Doing it All Right, Right? A lot of us have Prohibited, Restricted, or Confidential Data we work with every day. Its part of the job. Your computer is locked up. You dont give out your password or have it taped to your keyboard. You dont download and install weird programs from unreliable sources.
  • Slide 4
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES You Are Liable If your computer is lost or stolen, you are liable for the unprotected data on it. Depending on the type of data, various legal entities must be notified. You will likely be discharged by the university. For example, a laptop was stolen 5/7/2015 Protect Your Data, Protect Yourself page 3
  • Slide 5
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Prohibited Data Prohibited Data includes: Social Security Numbers Credit Card Numbers Financial Account Numbers, such as checking or investment account numbers Drivers License Numbers Health Insurance Policy ID Numbers These CANNOT be on your computer without explicit permission from the Data Governance Board If DGB approved, NIST-approved encryption is required on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 4
  • Slide 6
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Restricted Data Restricted Data includes: Student Records Protected Health Information (PHI) Passport and visa numbers Research and other information covered by non-disclosure agreements Access limited to those permitted under law, regulation and Stanfords policies, and with a need to know. NIST-approved encryption is required if information is stored on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 5
  • Slide 7
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Confidential Data Confidential Data includes: Faculty/staff employment applications, personnel files, benefits information, salary, birth date, and personal contact information. Admission applications Donor contact information and non-public gift amounts Privileged attorney-client communications Non-public Stanford policies and policy manuals Stanford internal memos and email, and non-public reports, budgets, plans, and financial information Non-public contracts University and employee ID numbers Information subject to Export Control License NIST-approved encryption is recommended if information is stored on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 6
  • Slide 8
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What Does it Mean? No Problem Access via Oracle, Peoplesoft, etc. is over a protected transmission channel and data remains on the server. Needs Protection Excel, Word, etc. files stored on your computer Grant proposal data HR files Student data Email attachments Email sending and receiving Instant Message conversations 5/7/2015 Protect Your Data, Protect Yourself page 7
  • Slide 9
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Stanford Whole Disk Encryption To protect everything on the drive, use Stanford Whole Disk Encryption Its free Initial set up takes some time. You must use Big Fix and Sophos Anti-Virus SWDE works on Macintosh and Window SWDE protects your data at rest. 5/7/2015 Protect Your Data, Protect Yourself page 8
  • Slide 10
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 5/7/2015 Protect Your Data, Protect Yourself page 9
  • Slide 11
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES How Does SWDE Work? After installation, after encryption, when you reboot your computer, you will see this new screen: Type your passphrase and press Enter/Return Type your ID & password to login to your computer operating system. 5/7/2015 Protect Your Data, Protect Yourself page 10
  • Slide 12
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES I Dont Want the Data on My Computer?! Delete old, unnecessary files Secure Delete for Mac: https://encryption.stanford.edu/desktop/mac/securedelete.html https://encryption.stanford.edu/desktop/mac/securedelete.html Eraser for Windows: http://encryption.stanford.edu/desktop/windows/securedelete.ht ml http://encryption.stanford.edu/desktop/windows/securedelete.ht ml Move it to a server Use a departmental server Use for-fee services like Sharepoint, Secure Virtualized Server, or SafeFiles (contact IT Services for more information) Use the free, centrally provided WebAFS service with SecureAFS 5/7/2015 Protect Your Data, Protect Yourself page 11
  • Slide 13
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES SecureAFS Free space granted to a workgroup by request for storing Prohibited, Restricted and Confidential data Access Secure AFS via WebAFS or an AFS client paired with Stanford VPN To ensure file safety, data is backed up nightly and kept for 30 days If an important file is deleted, submit a HelpSU request and the file can be restored Secure AFS space must be renewed annually At the end of the grace period, the account is deleted and files purged 5/7/2015 Protect Your Data, Protect Yourself page 12
  • Slide 14
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Request Form 5/7/2015 Protect Your Data, Protect Yourself page 13
  • Slide 15
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Request Form 5/7/2015 Protect Your Data, Protect Yourself page 14
  • Slide 16
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Confirmation Email 5/7/2015 Protect Your Data, Protect Yourself page 15
  • Slide 17
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Confirmation Email 5/7/2015 Protect Your Data, Protect Yourself page 16
  • Slide 18
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES WebAFS 5/7/2015 Protect Your Data, Protect Yourself page 17
  • Slide 19
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS 5/7/2015 Protect Your Data, Protect Yourself page 18
  • Slide 20
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure Email After July 20, 2010, all email sent via an @stanford.edu address is encrypted over-the-wire from your computer to the SMTP gateway. Secure Email must be used when sending Prohibited, Restricted, or Confidential data in email. Starting August 22, 2010, you can send secure email from webmail or your desktop client by adding Secure: to the Subject of the message. Stanford recipients receive the message normally. Non-Stanford recipients must prove their identity before being allowed to unencrypt the message. 5/7/2015 Protect Your Data, Protect Yourself page 19
  • Slide 21
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 20
  • Slide 22
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 21
  • Slide 23
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 22 Look! Important confidential data! Ammy
  • Slide 24
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Instant Message Using AIM, Yahoo!IM, Microsoft Messenger, Google Chat, or other IM tools sends your conversation to servers at that company. For Stanford business, use Stanford IM instead. Servers belong to Stanford. It is required for Confidential data over IM. Prohibited and Restricted data should NEVER be sent via IM. Go to im.stanford.edu 5/7/2015 Protect Your Data, Protect Yourself page 23
  • Slide 25
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Securing Your Mobile Device Always use a lock code to protect data If you are synchronizing Stanford data to your phone, be prepared to remotely wipe of your phone if it is lost or stolen. This wipes EVERYTHING from the phone. 5/7/2015 Protect Your Data, Protect Yourself page 24
  • Slide 26
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Phishing Attacks A phishing attack attempts to get you to reveal your username and password Credentials are sent to an anonymous attacker who then takes over the account and uses it to launch other attacks. Emails can be extremely deceptive. Stanford will NEVER ask you to send your password via email. Watch for senders who are not @stanford.edu, not at https:, as well as for spelling and date errors. 5/7/2015 Protect Your Data, Protect Yourself page 25
  • Slide 27
  • STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Phishing Sample 5/7/2015 Protect Your Data, Protect Yourself page 26