northwestern it tech talk · •use antivirus software –university-owned machines: symantec (nu...
TRANSCRIPT
Northwestern IT Tech Talk
Securing Devices for the New Year
Mary CarpData Security AnalystInformation and Systems Security/ComplianceNorthwestern Information Technology
February 4, 2016
Computer Security
Computer Security
• Use antivirus software
– University-owned machines: Symantec (NU license)
– Personally owned machines: Symantec (NU license), Windows Defender, Avast, Malwarebytes, AVG, etc.
– Take care when downloading free antivirus software
Northwestern antivirus options
2
Computer Security
• Run updates…promptly!
– Both OS and application updates
– Automatic when possible
3
Computer Security
• Perform backups…often!
• Avoid illegal file-sharing
– It’s stealing
– It’s dangerous
– There are better alternatives
Northwestern Home Use Program
4
Computer Security
• Limit use of privileged accounts
– User-level account where possible
– Elevated or admin permissions only where
required
5
Network Security
Network Security
• Create a strong WiFi password
– WPA2 encryption
– Longer passwords/passphrases with
unpredictable punctuation or spellings
– Hidden SSIDs are not enough
7
Network Security
• Create a guest network
– Separate password for visitors
Enabling guest access on routers
8
Network Security
• Secure the router interface
– Many do not require reset of default credentials
– Many display your WiFi password
9
Network Security
• Disable unnecessary features
– WPS, WLAN, UPnP, etc.
10
Mobile Security
Mobile Security
• Mobile devices
– Small handheld computers designed for
portability
– Usually have a distinct operating system from
their full-size counterparts (e.g., OS X vs. iOS,
Linux vs. Android)
– Phones, tablets, e-readers, etc.
12
Mobile Security
• Set a locking mechanism
– PIN, password, pattern, biometrics, etc.
– It’s less annoying than a stolen and unlocked
phone
– Northwestern email access requires it
• Activate remote wipe
– Manufacturer account (e.g. Samsung, Apple)
– Other apps (Lookout, AndroidWipe, etc.)
13
Mobile Security
• Run updates
– OS updates are often carrier-pushed
– Apps can be updated through the store
automatically or manually
• Take care when selecting apps
– Only use the provided app store
– Sometimes paid is better than ad-funded
• Do not root or jailbreak the device
14
Mobile Security
• Do not travel with the device
– It could be stolen
– It could be compromised on unfamiliar
networks
– There are cheap alternatives
Recommendations for travel
15
Internet of Things
Internet of Things
• A trendy way of saying “network-
connected devices”
• Examples:
– Cars (and not just “smart” ones)
– Smart TVs
– Large appliances like refrigerators, washers,
and dryers
– Small appliances like toasters and teapots
17
Internet of Things
• Change default passwords
• Turn off unused services, if any
• Run updates
– This can be more involved than computer and
device updates
18
Internet of Things
• Research the company/product
– Have they experienced bad press?
– Do they acknowledge security concerns?
• Understand methods of access
– From what location(s) can one access it?
– What information is required to access it?
19
Internet of Things
• Consider what data the device contains
– How personal is this data?
– What could someone do with it?
• Consider the risk of failure
– What does this device control?
– Can I tolerate faults?
20
Seasonal Scams
Seasonal Scams
• Today’s Hits
– Click here to track your package
– Your <family relation> is stuck in <country>
with no money
– Please see attached invoice
– Collect your airline miles/tickets!
22
Seasonal Scams
• IRS-related
– Attention: updates to your W2
– Tax policies have changed, click here for
more information
– Please confirm your tax information, we owe
you money (or vice versa)
23
Seasonal Scams
• If you aren’t expecting something, examine it carefully:
– Hover over links
– Check for logos, grammar, sender address, etc.
– Send to [email protected] with message headers
Spotting phishing attempts
24
Wrap-Up
Common Themes
• Run updates and patches
• Disable extra services
• Change default passwords
• Principle of least privilege
• Appropriate use
• Understand your data
• Be skeptical
• Make informed decisions
26
Secure IT @ NU
• Computer and Network Security
– www.it.northwestern.edu/security/
• Information Security News Podcasts
– www.it.northwestern.edu/security/podcast.html
27
Contact Information
• Mary Carp– (847) 467-5996
• Northwestern IT Support Center– (847) 491-HELP (4357)
28
Questions?