Presentation is loading. Please wait.

Presentation is loading. Please wait.

SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey."— Presentation transcript:

1 SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey

2 National Cyber Security Awareness Month – October 2007 Month-long effort – new topic daily Linked from Computer Security page: http://www2.slac.stanford.edu/computing/security

3 Security Policies DOE says… –Computer Security is as important as Physical Safety More reviews/audits –Spring ‘08 Policies –Not always a bad thing… –Set consistent boundaries –Enforce good practices

4 Recent SLAC Incidents User installed operating system but default password not changed –lesson: use SCCS installation/mgmt tools Person reading offsite email and clicked on [infected] executable attachment –lesson: pay attention to the a/v warnings User passwords stolen offsite, several systems compromised here –lesson: protect passwords physically and electronically

5 Forged Email = Strange Bounces I didn’t send this email, why am I getting this? Easy for spammers, virus writers, and me…

6 Forgery Example – Part 1 YIKES! Is this real??? Let’s look at headers… Click on View; then click Options

7 Forgery Example – Part 2 This isn’t from a SLAC computer!

8 Phishing Email - HTML Which is it? 288.40 or 288.44? That’s a lot of “teresa’s” That’s not my bank URL looks real… matches the From: line

9 This link would take me to somewhere in Latvia…! Phishing Email – Plain Text What if the bank name was correct? and only addressed to me? and the typos were gone? My only clue is the URL now Outlook converted to plain text View as HTML by right-click gray bar $288.44 security@bankofamerica.com Downey, Teresa L.

10 Phishing Email - Headers Wow! This comes from somewhere in The Netherlands… Click on View; then Options

11 Safer Email Practices Convert to Plain Text automatically Can easily change to HTML if needed Set a good example: –Send Plain Text emails! –Only use HTML when REALLY needed…

12 Social Engineering USB drive left laying around Official looking CD arrives in mail Phone calls asking for information Desperate pleas for help Dumpster diving

13 Reporting Security Issues Report all suspicious activity –Send email to: security@slac.stanford.edu –If urgent: call HelpDesk at x4357 (24x7) Questions? –SLAC Computer Security in breezeway today

Download ppt "SLAC Computer Security Annual Safety and Security Briefing 10/11/2007 Teresa Downey."

Similar presentations

Instant Messages: I am bored. Social Networks: Facebook, Myspace.

Instant Messages: I am bored. Social Networks: Facebook, Myspace.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
SLAC Computer Security Annual Safety and Security Briefing 2006.

SLAC Computer Security Annual Safety and Security Briefing 2006.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Email Basics. 2 Class Outline Part 1 - Introduction –Explaining email –Parts of an email address –Types of email services –Acquiring an email account.

Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.

Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Security Awareness Cloud Phishing Attacks

Security Awareness Cloud Phishing Attacks
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Format Scandisk Defragmentation Antivirus Compression Software

Format Scandisk Defragmentation Antivirus Compression Software
This is the first page of the log in, this is were you enter your unique email details.

This is the first page of the log in, this is were you enter your unique details.
Quiz Review.

Quiz Review.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Company/Product Overview. You have lots of files all over the place.

Company/Product Overview. You have lots of files all over the place.
Windows XP 101: Using Windows XP Professional in the Classroom.

Windows XP 101: Using Windows XP Professional in the Classroom.

Similar presentations

Ads by Google