Presentation on theme: "Introduction to IT Security and Desktop PC Protection Speaker: Stone Miu."— Presentation transcript:
Introduction to IT Security and Desktop PC Protection Speaker: Stone Miu
Agenda WHY WE ARE HERE? SECURE YOUR DESKTOP PC INTERNET SECURITY PROTECTION HOW TO IDENTIFY AND HANDLE FAKE AND WEBSITE INTERNET SECURITY PROTECTION INTELLECTUAL PROPERTY RIGHTS FOR SOFTWARE AND INFORMATION PHYSICAL SECURITY
WHY WE ARE HERE? What is Information Security? CIA Model ▫ConfidentialityConfidentiality ▫IntegrityIntegrity ▫AvailabilityAvailability Importance of Information Security How to Achieve a Satisfied Level of Information Security?How to Achieve a Satisfied Level of Information Security? Roles and Responsibilities Policy and Guidelines in HKUST
Confidentiality Protecting information from being disclosed to unauthorised parties. Examples: ▫Personal: When submitted to a website, your personal data should only be used or accessed exclusively by designated staff in that company for the purposes agreed. No one else should be allowed to use your data for illegal purposes, or view the data out of curiosity. ▫Business: Sensitive information, such as sales figures or client data, should only be accessed by authorised persons such as senior management and the sales team, and not other operations or departments.
Integrity Protecting information from being changed by unauthorised parties. Examples: ▫Personal: When submitted to a website, your personal data should not be altered in any way during data transmission, or by the website company. ▫Business: Important documents or figures should not be changed or altered by unauthorised persons without prior notice.
Availability To the availability of information to authorised parties only when requested. Examples: ▫Personal: You should be able to access and check your personal data kept on a website at any time. ▫Business: Authorised senior management personnel should be able to access sales figures when needed; or clients should be able to access any of their data kept by the company when they request it.
Importance of Information Security Protect organizations and companies data and assets from insider or outsider attacks. Prevent unauthorized people to access our valued information’s, to manipulate with it or steal it, by using( black/gray) hat hacking, viruses, Trojan, malware,or even to bring the system down (DOS). Protect your sensitive data from natural disaster and accidental risks by using business continuity and disaster recovery management.
How to Achieve a Satisfied Level of Information Security? Keep The System Up-to-date Make Sure Firewall Is Enabled Install Only Application Software You Need and Remove Software No Longer In Use Stay Aware Of Security
SECURE YOUR DESKTOP PC Password Protection ▫How to create secure Passwords? ▫Importance of Changing Passwords frequently Data Security -> LOGOFF when you are away from your PCs Basic Security Settings of a PC e.g. firewall DEMO ▫Software firewall ▫Hardware firewall How to Avoid from Virus Attacks? E.g. Anti-Virus Program DEMOHow to Avoid from Virus Attacks? E.g. Anti-Virus Program DEMO ▫How can Antivirus Software Protect your Computer? How to Install Antivirus Software and Virus Signature Update in HKUST? Backup and Restore ▫The Importance of Backup and RecoveryThe Importance of Backup and Recovery ▫Steps for Backup & RecoverySteps for Backup & Recovery Protections of Data/ Files e.g. file encryption Windows Update
The Importance of Backup and Recovery Protecting you in the event of hardware failure, accidental deletions or disaster; Protecting you against unauthorised changes made by an intruder; Providing you with a history of an intruder's activities by looking through archived, older backups.
Steps for Backup and Recovery
INTERNET SECURITY PROTECTION Security Settings of a Web Browser Demo Attentions Needed when Surfing Web Pages Software Update Management e.g. Adobe pdf, Java, Thunderbird, Firefox, etc Cookies Closing Saved Password Pop-up Blocker How to determine the website is safe to browse? ▫http://google.com/safebrowsing/diagnostic?site=http://google.com/safebrowsing/diagnostic?site ▫hpHosts ▫Norton Safe Web ▫Unmasked Parasites ▫AVG LinkScanner ▫AVG's free Mobilation Android app ▫Lookout Mobile Security
HOW TO IDENTIFY AND HANDLE FAKE AND WEBSITE What is Scam ? How to Handle Scam ? What is Spoofing / Phishing? How to Handle Spoofing / Phishing? ▫Preventive MeasuresPreventive Measures ▫Detective MeasuresDetective Measures ▫Responsive MeasuresResponsive Measures What is Digital Signature & how it is used in HKUST?What is Digital Signature & how it is used in HKUST?
Preventive Measures Do not follow URL links from un-trusted sources or s such as spam s to avoid being re- directed to malicious websites by malicious links looking seemingly legitimate. Do not visit suspicious websites or follow the links provided in those websites. Do not follow links to log on banking or financial organisations from search engines result. Open attachment with extreme care. Always check the attachment's extension. Never open attachment with "pif", "exe", "bat", ".vbs" extension. Type the URL manually or follow the bookmarks you have made previously when visit websites. Avoid conducting online banking or financial enquiries/transactions from a public terminal or unsecured terminals such as those terminals in cafe shops or in libraries. Hacking or Trojan programs may be installed to these public terminals. Do not open other Internet browser sessions and access other websites while you are performing online financial transactions/enquiry through the Internet. Remember to print or keep the copy of transaction record or confirmation notice for checking. Always be wary when giving off sensitive personal or account information. Banks and financial institutions seldom ask for your personal or account information through . Consult the relevant organisation if in doubt. Always ensure that your computer is applied with the latest security patches and virus signature to reduce the chance of being affected by fraudulent s or websites riding on software vulnerabilities. This also helps to protect your computer from other security or virus attacks. Consider using desktop spam-filtering products to help detecting and blocking fraudulent s but beware of false alarms. Recommend to learn the technical abilities that are essential for deploying these products in an effective manner.
Detective Measures Review your credit card or bank account statements as soon as you receive them to check for any unauthorised transactions or payments. Log into your accounts regularly to check for the account status and last login time to determine whether there is any suspicious activity. Verify the legitimacy of the website of an organisation such as banks by contacting the organisation through its address or telephone number.
Responsive Measures Change the password immediately if you suspect that your have already been defrauded (e.g. responded to phishing s or supplied your personal/financial information to the fraudulent websites). Check your account status and contact the relevant organisation and/or report to the police immediately. Send the phishing s to the relevant organisation and/or the police for their investigation.
INTELLECTUAL PROPERTY RIGHTS FOR SOFTWARE AND INFORMATION Freeware Shareware Liteware
INCIDENT HANDLING PROCEDURES Basic Concept of Incident Handling E.g. Task Manager Common Incident Handling Handling Procedure of Security Incidents Loophole Warning
PHYSICAL SECURITY Clear Screen Protection Protection of External Device Disposal of Computer Equipment ▫Delete and Format Commands ▫Overwriting ▫Degaussing ▫Physical Destruction
Protection of External Device When configuring your mobile device ▫Enable a power-on password or other device password management tool if available. ▫Configure the mobile device in such a way that it locks automatically after some inactive time. ▫Install mobile security software, such as anti-virus software and firewall on mobile device if available. ▫Apply the latest patches and fixes for your mobile operating system and related backup/synchronisation software. Upgrade the software to its latest version where applicable. ▫Scrutinise thoroughly all permission requests, for example those involving privileged access, when installing applications/services. ▫Use encryption to lock sensitive data stored on the mobile device and removable media, if available. ▫Set up a remote data wiping feature if available. ▫Turn off wireless connections such as Wi-Fi, Bluetooth and/or infrared connectivity when not in use. ▫Turn off location services setting in your mobile device if it is not necessary to run location-based application.
Protection of External Device When using your mobile device ▫Do not leave a mobile device unattended, even for a moment. ▫Do not process sensitive data in the mobile device unless with encryption feature on or secure end-to-end connection. ▫Do not open or follow links in SMS/MMS or from misleading URL, suspicious or un-trusted sources. ▫Do not download or accept programs and content from unknown or un-trusted sources. ▫Be cautious when connecting to publicly available Wi-Fi hotspots, and avoid access sensitive data unless with adequate security protection.
Protection of External Device When backup data in your mobile device ▫Turn on the encryption option in the backup/synchronisation software for storing the data in encrypted mode if available. ▫Make sure the backup copies are encrypted no matter stored in desktop PC or in removable media.
Protection of External Device When disposing your mobile device ▫Completely clear all data and settings on your mobile device before disposal.
Protection of External Device At ALL time ▫Keep your mobile devices in a secure place, especially when not in use. ▫Stay alert on security vulnerability on mobile devices, and apply the latest patches and fixes when available. ▫Do not install illegal or unauthorized software on the mobile device. ▫Do not allow wireless connections from unknown or un-trusted sources on your device.
Useful Links Change User Account Password ▫http://itsc.ust.hk/services/general-it-services/user- account-management/change-user-account-password/ Security Tips for ▫http://itsc.ust.hk/services/general-it- services/communication-collaboration/ /security- tips-for- s/ Get Ready for Signed in HKUST ▫http://itsc.ust.hk/services/it-infrastructure/hkust-ca- certificates/get-ready-for-signed- / HKUST PKI ▫http://itsc.ust.hk/services/it-infrastructure/hkust-ca- certificates/ HKUST ▫http://www.ust.hk/http://www.ust.hk/ Information Technology Services Center (ITSC) ▫http://itsc.ust.hk/http://itsc.ust.hk/ ITSC Policies and Guidelines ▫http://itsc.ust.hk/it-policies-guidelines/http://itsc.ust.hk/it-policies-guidelines/ ITSC A-Z Guide ▫http://itsc.ust.hk/a-z/http://itsc.ust.hk/a-z/ IT Security Web Site ▫http://itsc.ust.hk/services/it-security/campus/http://itsc.ust.hk/services/it-security/campus/ IT Security Guidelines ▫http://itsc.ust.hk/it-policies-guidelines/information- technology-security-guidelines/http://itsc.ust.hk/it-policies-guidelines/information- technology-security-guidelines/ Anti-Virus In Campus ▫http://itsc.ust.hk/services/it-security/anti-virus-in- campus/ ▫http://itsc.ust.hk/services/it-security/anti-virus-in- campus/virus-definition-update/http://itsc.ust.hk/services/it-security/anti-virus-in- campus/virus-definition-update/ How to Protect Your Computer? ▫http://itsc.ust.hk/services/it-security/security- awareness/protecting-your-computer/http://itsc.ust.hk/services/it-security/security- awareness/protecting-your-computer/ Guidelines and Tips on Using USB Drive ▫http://itsc.ust.hk/services/it-security/campus/usb- drive/http://itsc.ust.hk/services/it-security/campus/usb- drive/ How to Dispose your hard disk securely? ▫http://itsc.ust.hk/services/it-security/campus/dispose- harddisk/http://itsc.ust.hk/services/it-security/campus/dispose- harddisk/ Be Aware of Fake mail ▫http://itsc.ust.hk/beware-of-fak /http://itsc.ust.hk/beware-of-fak / Phishing Sample s ▫http://itsc.ust.hk/services/general-it- services/communication-collaboration/ /phishing- samples/http://itsc.ust.hk/services/general-it- services/communication-collaboration/ /phishing- samples/ Java Security Alert ▫http://itsc.ust.hk/java-security-alert/http://itsc.ust.hk/java-security-alert/ Windows 7 ▫http://itsc.ust.hk/services/general-it- services/procurement-licensing/windows7/http://itsc.ust.hk/services/general-it- services/procurement-licensing/windows7/ Windows XP ▫http://www.ust.hk/itsc/windowsxp/http://www.ust.hk/itsc/windowsxp/