security
TRANSCRIPT
Network SecurityNetwork Security
Keeping your Online Identity Keeping your Online Identity Safe and SecureSafe and Secure
Your Online IdentityYour Online IdentityReal-World PerspectiveReal-World Perspective
Today your identity online is as important Today your identity online is as important as your physical identityas your physical identity How the world sees and responds to you.How the world sees and responds to you. Losing of control of your email, User Id Losing of control of your email, User Id
and/or passwords can be more destructive and/or passwords can be more destructive and damaging today than losing your wallet and damaging today than losing your wallet or purse.or purse.
Protecting this identity must become a Protecting this identity must become a prioritypriority
Threats to everyone's online identity Threats to everyone's online identity continues to increase every year.continues to increase every year.Source: SANS Source: SANS
InstituteInstitute
Security “Incidents” Are on Security “Incidents” Are on the Risethe Rise
0
20000
40000
60000
80000
100000
120000
Incidents
1988 - 6 Reports1988 - 6 Reports 1991 – 4061991 – 406 1994 – 23401994 – 2340 1997 – 2,1341997 – 2,134 2000 – 21,7562000 – 21,756 2001 – 52,6582001 – 52,658 2002 – 97,8122002 – 97,812 Projected 2003 – Projected 2003 –
149,652149,652
Source: CERTSource: CERT
Security IncidentsSecurity Incidents
What are the Threats?What are the Threats?
Threats to Personal DataThreats to Personal Data Unauthorized Use or Disclosure of Unauthorized Use or Disclosure of
Personal Financial InformationPersonal Financial Information Alteration of passwords, records, Alteration of passwords, records,
addresses addresses Threats to OrganizationsThreats to Organizations
Misappropriation of ResourcesMisappropriation of Resources Denial of ServiceDenial of Service Destruction of Systems or InfrastructureDestruction of Systems or Infrastructure
Creating more Secure Creating more Secure PasswordsPasswords
Observing the following rules when you create a Observing the following rules when you create a password will help produce a more secure password will help produce a more secure password:password:
Create as long a password as you can remember--passwords Create as long a password as you can remember--passwords that are longer are almost always much harder to crack than that are longer are almost always much harder to crack than those that are short, four to six characters in length. those that are short, four to six characters in length.
Passwords must never contain the user ID.Passwords must never contain the user ID. Passwords should not contain any simple pattern of letters or Passwords should not contain any simple pattern of letters or
numbers such as "qwertyxx" or "xyz123xx.“numbers such as "qwertyxx" or "xyz123xx.“ Passwords should not include the user's own or a close friend's Passwords should not include the user's own or a close friend's
or relative's name, employee number, Social Security Number, or relative's name, employee number, Social Security Number, birthdate, telephone number, or any information about him or birthdate, telephone number, or any information about him or her that the user believes could be readily learned or guessed.her that the user believes could be readily learned or guessed.
Avoid common words in the news Avoid common words in the news (including names of people, car makes, sports teams, cities, and (including names of people, car makes, sports teams, cities, and so on); so on);
Include numbers and special symbols in your password.Include numbers and special symbols in your password.(Passwords containing a nonnumeric letter or symbol in the (Passwords containing a nonnumeric letter or symbol in the first and last positions are very secure)first and last positions are very secure)
BCC Password StandardsBCC Password Standards
Novell/GroupwiseNovell/Groupwise Password must be 5-8 alpha/numeric
characters Passwords can be changed anytime you sign Passwords can be changed anytime you sign
on.on. Password should be changed in both Novell & Password should be changed in both Novell &
Groupwise. (Each program can have separate Groupwise. (Each program can have separate password however, this is not recommended)password however, this is not recommended)
Currently Novell/Groupwise passwords do not Currently Novell/Groupwise passwords do not expire and there is no limit on sign-on expire and there is no limit on sign-on attempts.attempts.
BCC Password StandardsBCC Password Standards
Unisearch/NetSearch Unisearch/NetSearch (Imaging (Imaging System)System)
Password must be 6-8 alpha/numeric characters
Passwords can be changed anytime Passwords can be changed anytime by using the original Netsearch sign-by using the original Netsearch sign-on screen.on screen.
Unisearch/NetSearch will force a Unisearch/NetSearch will force a Password change every 60 days.Password change every 60 days.
Risks to your Online Risks to your Online IdentityIdentity
Phishing (Personal Identity Theft)Phishing (Personal Identity Theft)
Spoofing (Website Identity Theft)Spoofing (Website Identity Theft)
Phishing Phishing Consumers are the target of an increasingly popular Consumers are the target of an increasingly popular
scam called "phishing," in which victims receive scam called "phishing," in which victims receive unsolicited, phony mass unsolicited, phony mass e-mails that try to lure them into revealing personal e-mails that try to lure them into revealing personal financial information. Often, the scammers pretend to financial information. Often, the scammers pretend to be real companies, such as banks, credit card be real companies, such as banks, credit card companies or Internet providers, and claim there has companies or Internet providers, and claim there has been a problem with billing or that the customer may been a problem with billing or that the customer may have been a fraud victim.have been a fraud victim.
The message directs victims to click on a link to a fake The message directs victims to click on a link to a fake Web site that looks just like the company's real one, Web site that looks just like the company's real one, where they are asked to type in personal information, where they are asked to type in personal information, such as Social Security numbers, mother's maiden such as Social Security numbers, mother's maiden name and bank and credit card numbers. The scam name and bank and credit card numbers. The scam uses that information to steal identities and run up uses that information to steal identities and run up credit cards or order new ones. credit cards or order new ones.
Phishing ExamplePhishing Example Posing as America Online, the con artist sent consumers e-mail Posing as America Online, the con artist sent consumers e-mail
messages claiming that there had been a problem with the billing messages claiming that there had been a problem with the billing of their AOL account. The e-mail warned consumers that if they of their AOL account. The e-mail warned consumers that if they didn’t update their billing information, they risked losing their didn’t update their billing information, they risked losing their AOL accounts and Internet access. The message directed AOL accounts and Internet access. The message directed consumers to click on a hyperlink in the body of the e-mail to consumers to click on a hyperlink in the body of the e-mail to connect to the “AOL Billing Center.” When consumers clicked on connect to the “AOL Billing Center.” When consumers clicked on the link they landed on a site that contained AOL’s logo, AOL’s the link they landed on a site that contained AOL’s logo, AOL’s type style, AOL’s colors, and links to real AOL Web pages. It type style, AOL’s colors, and links to real AOL Web pages. It appeared to be AOL’s Billing Center. But it wasn’t. The defendant appeared to be AOL’s Billing Center. But it wasn’t. The defendant had hijacked AOL’s identity and was going to use it to steal had hijacked AOL’s identity and was going to use it to steal consumers’ identities.consumers’ identities.
The defendant’s AOL look-alike Web page directed consumers to The defendant’s AOL look-alike Web page directed consumers to enter the numbers from the credit card they had used to charge enter the numbers from the credit card they had used to charge their AOL account. It then asked consumers to enter numbers their AOL account. It then asked consumers to enter numbers from a new card to correct the problem. It also asked for from a new card to correct the problem. It also asked for consumers’ names, mothers’ maiden names, billing addresses, consumers’ names, mothers’ maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and personal identification numbers, and AOL screen names and passwords - the kind of data that would help the defendant passwords - the kind of data that would help the defendant plunder consumers’ credit and debit card accounts and assume plunder consumers’ credit and debit card accounts and assume their identity online. their identity online.
Example of Phishing Example of Phishing EmailEmail
February 1, 2004February 1, 2004 Subject: your access to bid or buy on Ebay has been Subject: your access to bid or buy on Ebay has been
restricted!restricted! Dear Ebay member # 12674539! Dear Ebay member # 12674539! It has come to our attention that your account may be It has come to our attention that your account may be
used by third party in a fraudulent activity with Ebay. used by third party in a fraudulent activity with Ebay. as a result, your access to bid or buy on Ebay has as a result, your access to bid or buy on Ebay has been restricted. according to our site policy you will been restricted. according to our site policy you will have to confirm that you are the real owner of the have to confirm that you are the real owner of the Ebay account by entering your credit card Ebay account by entering your credit card information. information.
please click on the link below to get to the Ebay please click on the link below to get to the Ebay security update page and complete the form that will security update page and complete the form that will appears. after that your account information will be appears. after that your account information will be verified and you will be redirected to the Ebay home verified and you will be redirected to the Ebay home page. thank you. ...page. thank you. ...
What can you do?What can you do?
Be wary any email that directs you a Be wary any email that directs you a website.website.
Never enter your financial Never enter your financial information on a website were you information on a website were you have not entered the WWW address have not entered the WWW address yourself.yourself.
Always make sure the site is secure Always make sure the site is secure before entering your credit card before entering your credit card informationinformation
Secure WebsitesSecure WebsitesSecure Web Pages Normal Webpage (unsecured)
Online Bank Website Always check that Internet address references the actual site if you are coming from an email link or other area of unknown origin. This page does not have security. No lock icon on lower right. Clicking on Account Login allows you to sign onto your account.
Website address
Security Lock Icon is Not present
Secure WebsitesSecure Websites
Secured Webpage Online Bank Login page: Lock Icon indicates this webpage is secured and all information will be transmitted with data encryption. (Secure Socket Layer 128 bit) Ensuring data sent from webpage will be safe while in transit over the Internet. HTTPS also indicates a secure webpage.
Lock Icon
HTTPS indicates a secure website.
