He has written blog posts on this topic and put other presentations online. Go to http://lisnews.org/security
Three types of people doing bad things on the Internet
- Activists (e.g., Anonymous)
- Government agents (from countries that see this as a strategy)
This is the era of steal everything. There is no such thing as a secure computer.
Never reuse your passwords
Never use weak passwords
Passwords are like bubblegum
Creating a good password
- Make them unique, complex, long....
- Some upper and lower case letters
- Add some numbers
- Use some unique characters
- Do make it as LONG as you can
- Do NOT REUSE it on multiple sites
- Common words
- Obvious personal details
The sysadmin should implement policies that help people have strong passwords and that try to block hackers.
http://www.pwnedlist.com - They list accounts that have been compromised.
Staying Safe at Home & Away
- Keep everything updated on your computer
- Have trust...be suspicious. Don't trust anything - Links, downloads, emails.
- Backup your stuff.
- Windows is less safe because it is so widely used. It is targeted far more than other OS.
Most malware is written so it is not "seen."
"Your antivirus software is a seat belt - not a force field." - Alfred Hugar
Laptops - Do:
- Use Prey/LoJack
- Have a password on your laptop
- Sign out & do NOT save form data
Email is easy to fake.
- Don't trust anything
- Don't leave yourself logged in
- 2Factor Authentication
Text from other countries
Credit card offers
Firefox, Chrome and IE are the top three browsers
Lesser used browsers likely not used for targeted attacks.
The plug-ins across browsers are common. Flash is frequently targeted by hackers.
Keep the browsers up-to-date and update
A few recommended plug-ins
- Something to force HTTPS
- Something to Block Ads
- Passworded and encrypted
- MAC & DHCP
- Firmware updates
- Turn it off when you are not using it
- Never trust public wifi
- Understand and adjust your privacy settings
- Use HTTPS
- Be skeptical of everything
600,000 times a day someone tries to log into a stolen account
- Most bad stuff written is for Android
- What are the apps really doing?
- What happens if you lose it?
- What happens on open wifi networks and public hotspots?
- Carry a safe not a suitcase
- 83% of victims were targets of opportunity
- 92% of attacks were easy
- 85% of hacks were discovered by a third party
Everything you have can be hacked!
SANS 20 critical security controls
"Security Library Technology: A how to do it manual" - book
Do training for your library staff and patrons.