physical itsecurity scope. 1.what is password security?. 2.why can't i tell anyone my password?...
TRANSCRIPT
PHYSICAL ITSECURITY
scope.1.What is password security?.2.Why can't I tell anyone my password?3.What about writing my password down4.Social engineering5. Responsible Use: Ethics in Computer Usage6.Guidelines for Strong Passwords7.Laptop security & Firewalls
What is password security?.
• A password is a string of characters you give to verify that you're you when you log onto a computer system location. Identify and authenticate user,authorised,confidentiality,Intergrity and Non-deniability
Why can't I tell anyone my password
• Because you don't know where the information will go after it leaves your lips. Even if you only tell one other person, they could tell one other person, and so on, until your password is in the hands of a Cracker. Besides, why do you want to tell someone your password, anyway? You are not allowed to share your username with someone else, so there is no legitimate reason for anybody else to know your password.
What about writing my password down
• Writing your password on a post-it note and then sticking the note to your terminal is asking for trouble! In general, it is better to remember your password and not write it down anywhere.
• If you write your password down, make sure that you keep it safe
Social engineering
• Social engineering is the term used to describe crackers' attempts to get users to tell them about their passwords and other information about the system.
• Please be aware of the following points
Cont.
• No member of the system administration staff or other Computing Services staff will ever ask you to reveal your password or any other information about the system.
• Don't reveal such information to someone you don't know if they call asking for help with the system (ie pretending to be a new user).
• Report any suspicious questions that anyone asks to Security Services
Responsible Use: Ethics in Computer Usage
• The integrity of the systems must be respected. This means that users of systems will not divulge passwords, pins, private keys or similar elements to anyone else, and they will not exploit sessions left open or otherwise misappropriate or steal the "identity" of another user.
• Privacy of other users must not be intruded upon at any time.
Cont.
• Users must recognize that certain data are confidential and must limit their access to such data to uses in direct performance of their duties.
• The rules and regulations governing the use of facilities and equipment must be respected. Persons responsible for computing devices connected to the network will ensure that those devices are maintained in a secure state in accord with related policy.
Cont.
• No one shall obtain unauthorized access to other users' accounts and files.
• The intended use of all accounts, typically for organization, instruction and administrative purposes, must be respected.
• Commercial use is prohibited. • Users shall become familiar with and abide by
the guidelines for appropriate usage for the systems and networks that they access.
Guidelines for Strong Passwords
• mixed-case alphabetic (both lower- and upper-case letters);
• no alphabetic characters, e.g., digits and/or punctuation (the strongest passwords have both);
• 8 characters or more; • a password that is easy to remember, so you
don’t have to write it down; and
Cont
• a password that you can type quickly, without having to look at the keyboard (this makes it harder for someone to steal your password by watching over your shoulder).
A Simple Technique for Making a Strong But Easy-to-Remember Password
• Make up a unique sentence and use the first letter of each word in the sentence. Mix up the capitalization.
• Then throw in a digit and/or punctuation mark somewhere in the middle. For example: – A sentence unique to you might be: “My Volvo’s
front muffler leaks too much” – This gives you the password MVfml,t3m
Cont
• Check your password against the other above guidelines, in case any are violated by accident. For example: – If the sentence had been “How older US educators
sit” – This gives you the password HoUSes
Cont
• However: That password would not be strong enough, because that word happens to appear in dictionaries, and so would be much easier for an intruder to guess. You would definitely need to throw in some digits and/or punctuation to make such a password stronger, or try a new sentence altogether.
Laptop security
• When not in use keeps your laptop out of sight –store in a filing cabinet /other secure location.
• Use a docking station that will keep the laptop locked/use a cable lock (almost all laptops come equipped with a universal security slot that allows you to attach it to a heavy/unbreakable object.)
• Do not leave the laptop on the car seat of a parked car.
Cont…..
• When travelling use something other than a laptop bag to avoid an obvious target.
• Always take the laptop as hand luggage when travelling
• Do not let the laptop out of your sight through air port security check point.
• Always back up your file
Cont…
• Never leave a laptop computer with the sensitive information on it in the room unattended in the hotels, rather don’t take it on trip, but if you must take laptop use an encryption to protect your laptop (GITO may be contacted in this regard)/download all the information on the memory stick and keep it in your possession at all times.
Cont
• Official are encourage to limit taking home laptops, if need arise ensure that you take all necessary protection measures to secure it e.g. Locking the laptop in lockable safe/steel cabinet with reinforce rod.
• Tempering with tag fitted on laptops and other electronic equipments is forbidden
