Northwestern IT Tech Talk

Securing Devices for the New Year

Mary CarpData Security AnalystInformation and Systems Security/ComplianceNorthwestern Information Technology

February 4, 2016

Computer Security

Computer Security

• Use antivirus software

– University-owned machines: Symantec (NU license)

– Personally owned machines: Symantec (NU license), Windows Defender, Avast, Malwarebytes, AVG, etc.

– Take care when downloading free antivirus software

Northwestern antivirus options

2

Computer Security

• Run updates…promptly!

– Both OS and application updates

– Automatic when possible

3

Computer Security

• Perform backups…often!

• Avoid illegal file-sharing

– It’s stealing

– It’s dangerous

– There are better alternatives

Northwestern Home Use Program

4

Computer Security

• Limit use of privileged accounts

– User-level account where possible

– Elevated or admin permissions only where

required

5

Network Security

Network Security

• Create a strong WiFi password

– WPA2 encryption

– Longer passwords/passphrases with

unpredictable punctuation or spellings

– Hidden SSIDs are not enough

7

Network Security

• Create a guest network

– Separate password for visitors

Enabling guest access on routers

8

Network Security

• Secure the router interface

– Many do not require reset of default credentials

– Many display your WiFi password

9

Network Security

• Disable unnecessary features

– WPS, WLAN, UPnP, etc.

10

Mobile Security

Mobile Security

• Mobile devices

– Small handheld computers designed for

portability

– Usually have a distinct operating system from

their full-size counterparts (e.g., OS X vs. iOS,

Linux vs. Android)

– Phones, tablets, e-readers, etc.

12

Mobile Security

• Set a locking mechanism

– PIN, password, pattern, biometrics, etc.

– It’s less annoying than a stolen and unlocked

phone

– Northwestern email access requires it

• Activate remote wipe

– Manufacturer account (e.g. Samsung, Apple)

– Other apps (Lookout, AndroidWipe, etc.)

13

Mobile Security

• Run updates

– OS updates are often carrier-pushed

– Apps can be updated through the store

automatically or manually

• Take care when selecting apps

– Only use the provided app store

– Sometimes paid is better than ad-funded

• Do not root or jailbreak the device

14

Mobile Security

• Do not travel with the device

– It could be stolen

– It could be compromised on unfamiliar

networks

– There are cheap alternatives

Recommendations for travel

15

Internet of Things

Internet of Things

• A trendy way of saying “network-

connected devices”

• Examples:

– Cars (and not just “smart” ones)

– Smart TVs

– Large appliances like refrigerators, washers,

and dryers

– Small appliances like toasters and teapots

17

Internet of Things

• Change default passwords

• Turn off unused services, if any

• Run updates

– This can be more involved than computer and

device updates

18

Internet of Things

• Research the company/product

– Have they experienced bad press?

– Do they acknowledge security concerns?

• Understand methods of access

– From what location(s) can one access it?

– What information is required to access it?

19

Internet of Things

• Consider what data the device contains

– How personal is this data?

– What could someone do with it?

• Consider the risk of failure

– What does this device control?

– Can I tolerate faults?

20

Seasonal Scams

Seasonal Scams

• Today’s Hits

– Click here to track your package

– Your <family relation> is stuck in <country>

with no money

– Please see attached invoice

– Collect your airline miles/tickets!

22

Seasonal Scams

• IRS-related

– Attention: updates to your W2

– Tax policies have changed, click here for

more information

– Please confirm your tax information, we owe

you money (or vice versa)

23

Seasonal Scams

• If you aren’t expecting something, examine it carefully:

– Hover over links

– Check for logos, grammar, sender address, etc.

– Send to security@u.northwestern.edu with message headers

Spotting phishing attempts

24

Wrap-Up

Common Themes

• Run updates and patches

• Disable extra services

• Change default passwords

• Principle of least privilege

• Appropriate use

• Understand your data

• Be skeptical

• Make informed decisions

26

Secure IT @ NU

• Computer and Network Security

– www.it.northwestern.edu/security/

• Information Security News Podcasts

– www.it.northwestern.edu/security/podcast.html

27

Contact Information

• Mary Carp– (847) 467-5996

– m-carp@northwestern.edu

– security@northwestern.edu

• Northwestern IT Support Center– (847) 491-HELP (4357)

– consultant@northwestern.edu

28

Questions?