Download - Keeping you and your library safe and secure
Intro
Keeping You And Your Library Safe and Secure
Blake Carver – [email protected]://lisnews.org/security/
http://security4lib.org/http://lyrasis.org
"None of this is about being "unhackable"; it’s about making
the difficulty of doing so not worth the effort."
Secure, here, doesn't mean impenetrable
Competent and determined bad guys armed with the right tools can always find a way in
Less talented folks, and many automated tools, however, experience great effort as a deterrent
Intro
Where Are They Working?
• Social Networks• Search Engines• Advertising• Email
• Web Sites• Web Servers• Home Computers• Mobile Devices
What Are They After?
• PINs• Passwords• Credit Cards• Bank Accounts• Social Media
• Computers• Usernames• Contact Lists• Emails• Phone Numbers
These all have value to someone
We don’t know how our information is used,
stored or shared and for how long.
We don’t know who has access
We don’t know if it’s safe
On the InterWebs, the companies entrusted to keep our personal
data safe are invariably the ones who have the most to gain from
not doing so.
Robert X. Cringely
How Do You Know If You Are Infected?
• Fans Spinning Wildly• Programs start
unexpectedly• Your firewall yells at you• Odd emails FROM you• Freezes• Your browser behaves
funny• Sudden slowness
• Change in behavior• Odd sounds or beeps • Random Popups• Unwelcome images • Disappearing files • Random error messages
• Keep everything patched / updated
• Don’t Trust anything–Links / Downloads / Emails
• Backups are critical
Laptops
• Prey / LoJack• Passwords• Sign Out & Do NOT Save Form Data
Which of your accounts is most valuable?
• Email• Bank• Social Network• Shopping• Gaming• Blogs• Library Account
• Don’t trust anything• Don’t leave yourself logged in• 2 Factor Authentication• Passwords
– Unique, Obscure and Looooonnnnnggggg
Staying Safe Online
Browsers
• Use Two & Keep Updated• Know Your Settings
– Phishing & Malware Detection - Turned ON– Software Security & Auto / Silent Patching -
Turned ON• A Few Security Plugins:
– Something to Limit JavaScript – Something to Force HTTPS– Something to Block Ads
But The Internet Is Free Because Of Ads...
• Online ads were 182 times more likely to deliver malware than “adult” sites
• Google blocked 524 million 'bad ads' 250,000
• Up 50 percent in 1 year
83% targets of opportunity
92% of attacks were easy
85% were found by a 3rd party
Verizon Data Breach Investigations Report – Fall 2011
Complexity is the Enemy of Security(Bruce Schneier)
• Libraries have no shortage of access points
• We deal with any number of vendors
• Threats come from outside the libraries
• Threats come from inside the libraries
• Our libraries are full of people
Library Security Requires Layers
• Firewall• VPN• Intrusion Monitoring• Antimalware & Antispam & Antivirus• Planning & Training
Preparation- Practical Policies
• Patching and updates of the OS and applications on a regular basis
• Regular automated checks of public PCs & network
• Check the internets for usernames/passwords for your library (e.g. pastebin)
• Dedicated staff? Someone needs to stay current• Lost USB Drives?• Is your domain name going to expire?
Training
• Phishing• Privacy• Passwords• Email Attachments• Virus Alerts• How to practice safe social networking• Keeping things updated
Change your mindset – YOU are the attacker
• What are you library’s most valuable assets?– Where are these assets? – How can they be accessed?
• If you were the attacker how would you spread malware?
• Who are the most ‘vulnerable’ targets in the organization?
Library Security Mantra
• Security• Privacy• Confidentiality• Integrity• Availability• Access
(based on Net Sec 101 Ayre and Lawthers 2001)
Any Good Web Site Can Go BadAt Any Time
Less that half of website traffic is human
About 30% of all traffic is actively tying to cause trouble
• Keep everything patched & updated always
• Carry A Safe• Don’t Trust anything or anyone
–Links / Downloads / Emails Patrons / Vendors
• Backup your stuff• Prepare And Train
Done!!
Stay Safe
Blake Carver – [email protected]://lisnews.org/security/
http://security4lib.org/http://lyrasis.org