Are the computers on our site under attack? Viruses Worms Trojans SPAM (>90% of incoming mail) “Phishing” Attacks 3/33 Yes, they certainly are! Security monitoring detects about XXX intrusion attacks and YYY viruses per month. More than ZZZ computers per year need reinstallation after a break-in!
What happens if my computer is infected? 4/33 Not really a problem Re-install O/S Delete infection
For simple cases of infection by known viruses, if you are running up-to-date anti-virus software, the infection can be deleted. However, particularly if your machine is not centrally managed, it is often necessary to: Re format disk Re install operating system Re install applications Restore files from backup What happens if my computer is infected? Lost time! 5/33
Does our site forbid certain applications? 6/33 Yes No Don’t know
Does our site forbid certain applications ? Peer-to-Peer file-sharing software (e.g. BitTorrent) must NOT be run on computers on site. Yes! Some kinds of software are explicitly forbidden and their use will be detected and sanctioned Neither is use of “Chat Rooms” permitted (IRC - Internet Relay Chat) because they are used by attackers and “botnets”. (Instant Messaging applications like MSN Messenger are allowed) For details of rules, see “Restrictions” section in: http://www.abcd.xx/security/ 7/33
Can I install software on my office computer? 8/33 No, you can’t If it’s essential Yes, of course
Can I install software on my office computer? Don’t download programs or plug-ins from unfamiliar sources on the Internet. These may contain Trojan horses, spyware or other malicious software that will infect your PC! Yes, if it is essential, but use only software provided by the computer department or from a reliable source. 9/33
Does our site allow personal use of computing facilities? 10/33 No Limited use Yes, always
Does our site allow personal use of computing facilities? Computing facilities are intended to achieve our institutes mission. Nevertheless, personal use is tolerated, e.g. for Email or Web browsing, provided that: Yes, but… It is in compliance with the official rules governing computer use and not detrimental to official duties, including those of other users; The frequency and duration is limited and there is a negligible use of site resources; It does not constitute a political, commercial and/or profit- making activity; It is not inappropriate or offensive; It does not violate applicable laws. 11/33
Surely Web browsing is safe? 12/33 Yes No Not necessarily!
Surely Web browsing is safe? Clicking on links in Web pages may download malicious code! Not necessarily! By hovering your mouse over a web link WITHOUT CLICKING you reveal its real destination. If in doubt, don’t click the link: http://www.look-at-me/I’m-great http://18.104.22.168/this.is.a.sting 13/33
Well, what about Email attachments? 14/33 OK at our site May be infected Dangerous
Well, what about Email attachments? Email attachments may be infected Do you know the person who sent it? Does the message look genuine or a forgery? Be careful! 15/33 If you are suspicious, don’t open it and delete the mail immediately.
Should I be careful about Phishing? 16/33 Someone can’t spell No Yes
Should I be careful about Phishing? Yes, you should be!!! “Phishing” is associated with criminal activity. By masquerading as a trustworthy entity, phishing tries to trick computer users into giving away confidential information, such as usernames, passwords, or credit card details, or to download malicious code into their computer. Verify the source before you click! 17/33
Should I worry about Key Loggers? 18/33 Don’t know what they are No Yes
Should I worry about Key Loggers? A Key logger is a program that sends everything you type to someone who wants your password, credit card details, and much more… It can be installed when you click on an infected Email or Web page. Yes, you should! 19/33
Are Linux and Macintosh computers safe? 20/33 Yes No Usually Mac Linux
Can I share my files and calendar with my collaborators? Yes, by configuring access controls correctly. However, you must never divulge your password to anyone (and don’t need to). Helpdesk staff will NEVER ask for your password 23/33
Are six characters good enough for my password? 24/33 Neither No, but eight letters are OK Yes, of course
Are six characters good enough for my password? A strong password should be at least 8 characters long and a mixture of at least 3 of the following: upper case letters, lower case letters, numbers, punctuation symbols. And neither is a name, any word in the dictionary, nor something simple like ABCDEFGH 25/33 No they are not!
Can I manage my own computer? 26/33 Yes, of course No, you can’t Not recommended
Can I manage my own computer? You can, but IT recommends that you do not. Are you sure you have the tools and the expertise, as well as the time, to install the latest system versions and all the latest patches? If your machine is infected, it will be blocked from the network. Note that for production machines central management allows machine owners to specify when updates take place. 27/33 Not recommended Conclusion: Central management is MUCH safer and much less time consuming.
Can I get privileged access? 28/33 Yes, when needed No, you can’t Yes, of course
Can I get privileged access? Normal operations don’t require it. But when needed for professional reasons, you will be able to obtain elevated privileges such as administrator or root on a computer or access to sensitive data. HOWEVER when the privilege is no longer required, you should make sure it is removed to make your computer less vulnerable and protect yourself from accidents. 29/33
What should I do if it seems that someone else knows my password did something with my account used my machine 30/33 Inform Security Team Reboot Log out