Information Security Office & Home IT Forum October 29, 2009 Presenters: Diane Jachimowicz – Senior Technology Services Analyst Anthony Maszeroski – Information Security Manager Danielle Morse – Associate Director, Desktop Services

House Keeping Sign In Sheet Prizes Speakers Top 10 Office Security Tips Agenda

Personally Identifiable Information (PII) Safer Web Browsing Office Security Student Use of Office PCs Passwords Royal Drive Encryption of Files USB Encryption McAfee AntiVirus Home Tools Q & A Announcements/Prizes Awarded

Office Security Keep your office locked even if you just step out for a minute Dont leave valuables in plain view Consider taking your laptop home with you Report suspicious activity immediately If the building is locked, dont let someone you dont know into the building Dont become so absorbed in what you are doing that you dont notice the activity around you Confidential documents should be put away and not left visible and unattended on work desks

Office Computer Security Computer screens should be angled so visitors cant see sensitive information Shutdown every night Unplug over holidays Use Laptop Locks Backup Storage

Logoff when you leave To Lock Down Windows XP Click Ctrl+Alt+Delete Select "Lock Workstation" This will bring up your login screen and lock your computer down Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down. To Lock Down Windows Vista at home Go to the Start menu At the bottom right you'll see an icon of a padlock Click it to lock the computer

Student Use of Office Computers Designated Student Computers Secure storage space Check Student PC Periodically Confidentially Agreements

Why You Need a Secure Password Authenticate or prove your identity Malicious sent in your name Your password can be used to commit fraud, post child pornography, send spam, make threats, break into other systems, and much more.

Protect Your Password Select a unique password Avoid any password with personal information: Birth date, name, home town, or mother's maiden name Childrens name, pet's name, or your best friend Driver's License, phone, address, license plate, social security number, or PIN numbers Dont write down your password Dont tell anyone your password

Common Password Mistakes changeme password start computer internet ihavenopass mypassword openup scranton Letmein

Creating a Secure Password Use 9 or more characters DO NOT use plain dictionary words Include at least 3 of the following criteria: – lowercase letters – UPPERCASE letters – Numbers – Punctuation 4S&7yaofb4th

Passwords are like Underwear… Change Yours Often! Don't Share Them with Friends! Be Mysterious! The Longer the Better! Dont Leave Yours Lying Around!

Consider these findings... More than 40% of all individually-chosen passwords are readily guessed by someone who knows you 3,000 out of 13,000 passwords cracked Gaining access to one password often provides access to other systems and accounts

How Passwords are Cracked Dictionary programs Changing the default password Guessable passwords Commonly-chosen passwords Short passwords

Tips for strong passwords... DON'T use your login name in any form DON'T use a password made up of all digits, or of all the same letter DON'T use words in the dictionary DON'T use consecutive or adjacent keys DON'T use "remember my password features"

Tips for strong passwords... DO include a mix of upper and lower case, numbers, and punctuation such as HY?j4iP or 3rt!dlP DO use a password that you can type quickly without having to look at the keyboard DO change your password regularly

Royal Drive What is it? Who should use it? How do you get to it? Why should you use it? Royal Drive is used in over 120 colleges and universities throughout the country including Georgetown, Boston College, Harvard, Princeton and Yale.

Royal Drive Benefits Secure Storage Document Sharing/Collaboration Intellitach

Encryption Encryption is the process of encoding data to ensure that unauthorized parties cannot view it. To accomplish encryption, a key or code provided by you is used to encrypt the data, making encryption difficult to crack. A few encryption options are readily available to you.

ENCRYPTION OF FILES

USB ENCRYPTION

TrueCrypt Software application used for real-time on- the-fly encryption Free, open-source software available for Windows 7/Vista/XP, Mac OS X, and Linux Encrypts an entire partition or storage device such as a USB Flash Device (UFD) or hard drive Creates a virtual encrypted disk within a file and mounts it as a real disk

TrueCrypt UFD Encryption Service The TSC does not provide UFDs. You will need to purchase and take a UFD with you. The encryption process will destroy any existing data on the UFD. During the encryption process, you will be prompted to enter a password for your device. TSC staff will encourage you to select a password that is 20 characters or more in length. Determining the password you intend to use before you visit the TSC is recommended. When complete your original UFD will contain an encrypted TrueCrypt volume and TrueCrypt Traveler Disk Software.

MCAFEE VIRUSSCAN ENTERPRISE 8.7I

McAfee VirusScan Enterprise

Q &A ???

Next IT Forum Topic: Windows 7 Date: November 24, 2009 Time: 11:30am – 1:00pm Location: BRN 509 RSVP: Lunch will be provided

And the Winners are…….