�ݺ�ߣ

w w w. s a a fd n . o rg
I.T. Nonprofit Technology Seminar
Full-day Seminar on Technology for Nonprofits
Cyber Security 101
June 17, 2014
p: 210-225-2243 | f: 210-225-1980
Email: me@saafdn.org
San Antonio Area Foundation
303 Pearl Parkway, Suite 114 | San Antonio, TX 78215

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Cyber Security 101

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Welcome and Introductions
Mitch Sowards
Founder and CEO of
ENTRUST
Dwayne Williams
Security Expert
UTSA CIAS

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
The Agenda
Introductions and Preliminaries (Mitch)
Email Security (Dwayne)
Web Browsing Security (Dwayne)
Data Encryption Security (Mitch)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
The “101” Part
We apologize if you have heard some of this
before. But our audience is diverse and many
fundamentals bear repeating.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
The “101” Part
 Start with a good “business class” firewall device as
opposed to a simply home “router”.
Such a device will have at least some features to better
control and monitor traffic coming and going
 Practice Safe Computing by exercising good email
handling practices
Practice Safe Computing by exercising good web
browsing habits
Acquire and implement good tools to help you protect
yourself and your important data

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Security

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Is Insecure
Email can be captured and read by anyone
over the Internet
You have no control over the message after
you send it
“From” addresses are easily faked

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Organization Policies
Policies are important for all organizations
Acceptable use
Attachments
Links
Education

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Organization Policies
No need to reinvent the wheel
http://www.sans.org/security-
resources/policies/Email_Policy.pdf
http://humanresources.about.com/od/emailp
olicysample/
http://www.securingthehuman.org/resources
/posters

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Don’ts
Do not open email from unknown senders
Do not open attachments
Do not click links
Do not send sensitive information

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Who Is This Really?
If you don’t know the sender, and you didn’t
expect it, delete it
No Nigerian prince wants to give you money
Real businesses review email messages for errors
Don’t even reply
Any reply or attempt to unsubscribe confirms your email
address for the spammer

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
And Why Did You Send Me This?
Do not open attachments
Delete messages and attachments:
From people you don’t know
That are unexpected
If you do know the sender, contact them (not in a
reply to the suspect message) and ask if they sent
the attachment and where they got it.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
I Know You Want To, But…
Do not click on links in email messages
From companies you don’t do business with
In unexpected messages from anyone
Hover over the link to see where it really goes
Type the address in your browser yourself

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
I Know You Want To, But…
http://vtechmart.com/media/system/mod_updates/httpwww.bankofamerica.co
mfinancialtoolsindex.cfmtemplate=planning_tools&calcid=auto01/ection=g
eneric&update=&cookiecheck=yes&destination=/

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Let Me Tell You A Little About Us
Never send sensitive information over email,
including;
Passwords and PINs
Social Security and credit card numbers
Account information
Proprietary data
Sensitive organization information

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Where Can I Find More Info?
UC Davis
http://email.ucdavis.edu/Email_Best_Practices_0
4_16_08_v4.php
US-CERT http://www.us-cert.gov/cas/tips/
Microsoft
http://www.microsoft.com/security/default.aspx
TEEX:
http://teex.com/teex.cfm?pageid=training&area=
teex&Division=KE&Course=AWR175&templateid=
14&navdiv=KE&online=true

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
What is Phishing?
The act of sending an email to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into
surrendering private information that will be used for identity theft.
The e-mail directs the user to visit a website where they are asked to
update personal information, such as passwords and credit card, social
security, and bank account numbers, that the legitimate organization
already has. The website is bogus and set up only to steal the user’s
information.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Identify Information
Attackers are looking for your information
User IDs and Passwords
Account numbers
Security codes (ATM PINs)
Contact names
Email addresses
Phone numbers (personal and business)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Phishing Methods
Phone (Vishing)
Email (Phishing)
Replies
Clicking on links
Social media (Smishing)
TIP: If it sounds too good to be true – then it probably
isn’t true.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Phishing
US-CERT
http://www.us-cert.gov/nav/report_phishing.html
APWG (Anti-Phishing WorkGroup)
http://www.antiphishing.org/
 DISA
http://iase.disa.mil/eta/phishing_v2/phishing_v2/launchPage.htm
 Wombat Security
http://wombatsecurity.com/antiphishingphil
 MediaPro
http://www.mediapro.com/free-anti-phishing-video/

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
What is Malware?
Malicious Software = Malware
Software designed and written to
Annoy computer users
Steal information from a computer
or spy on a computer user
Gain control of a computer
Destroy or corrupt information or computer software
Categorized by type (how the malware spreads) and
by the malicious activity performed

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Spyware/Adware
Spyware is computer software that gathers
information about a computer user (such as browsing
patterns or credit card numbers) and then transmits this
information to an external entity without the knowledge
or informed consent of the user.
Adware or advertising-supported
software is any software application
in which advertisements are displayed
while the program is running. Display ads appear in pop-
up windows or through a bar that appears on a
computer screen.
http://www.jellico.com/spyware.html

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
How To Protect Yourself
Keep your system up to date
Use anti-virus and anti-spyware/adware
Use email and external devices safely
Be careful where you
browse!

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Keep Up To Date
Set automatic updates for computers
Microsoft
Adobe
Apple

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Use a antivirus, anti-spyware, and anti-adware
Free Anti-virus Options
AVG
Avast!
Microsoft Security Essentials
Comodo Antivirus
Avira AntiVir Personal
Panda Cloud Antivirus
Immunet Protect Free
Digital-defender Antivirus
PC Tools AntiVirus Free
http://freebies.about.com/od/computerfreebi

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Download.com

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Some anti-virus and security companies
Kaspersky http://www.kaspersky.com/
McAfee http://www.mcafee.com/us/threat_center/
Panda Security http://www.pandasecurity.com/usa/
Sophos Labs http://www.sophos.com/
Symantec http://www.symantec.com/index.jsp
Trend http://us.trendmicro.com/us/home/
About.com
 http://antivirus.about.com/od/virusdescriptions/Latest_Malware_and_Vulnerabilities.htm
HowStuffWorks.com
 http://computer.howstuffworks.com/worst-computer-viruses.htm

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Objectives
Keep your browser updated
Practice safe web browsing
Look for the lock

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Browser Security Features
Automatic updates
Safety features
Pop-up blockers
Anti-spyware
Anti-virus
Anti-phishing
Manage cookies
Manage passwords

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
 Avoid downloading freeware or shareware
 “There’s no such thing as a free lunch”.
 Free downloads come with a price, maybe:
 Your name and email address
 Other contact information
 Ads on the screen
 A keystroke logger
 A trojan horse
 Other malware
Practice Safe Web Browsing

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
 Avoid Peer-to-Peer (P2P) Networks
 Using P2P network is very risky
 You may unknowingly download infected files
 You may unknowingly install adware and malware
http://www.buzzle.com/articles/some-web-browsing-habits-to-stay-immune-from-starware-and-spyware.html

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Avoid other “danger zones”
Pornography, or anything like unto it
Gambling sites
Warez
Offer free or very low cost versions of popular software,
movies, music, etc.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
 Check the address
 Hackers create sites with common misspellings of
popular sites.
 The misspelled site may present you with ads, surveys,
or even try to download malware onto your computer.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Use a secure website - Look for an "s" after http in the Web address
of the page you enter your credit card or other personal information
(https://www.amazon.com)
Look for a ‘padlock’ in the bottom right of browser
Extended Validation SSL certificate – address bar on your browser
will turn green
Look for a ‘trusted’ 3rd party logo on the page (verisign, TRUSTe)
Use an add-on filter to help identify and block previously reported
suspicious websites
Keep browser versioning up to date to avoid vulnerabilities
Research the company (forums, customer feedback, privacy and
return policies)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Browser add-ons
McAfee Site Advisor http://mcafee-
siteadvisor.software.informer.com/
 Trusteer’s Rapport
https://www.trusteer.com/download-trusteer-
rapport
K9
http://www1.k9webprotection.com/

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Sandbox tools/techniques
http://www.sandboxie.com/
Virtual Machine (www.vmware.com)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Purchase or subscribe to web filtering
devices or services
Examines traffic in real time to block known
threats
Provides blacklist and whitelists

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Cyber Security Websites
– US-CERT http://www.us-cert.gov/cas/tips/
– Microsoft http://www.microsoft.com/security/default.aspx
Safe browsing
– US-CERT – Evaluating Your Web Browser’s Security
Settings http://www.us-cert.gov/cas/tips/ST05-001.html
– Miscroft Online Safety
http://www.microsoft.com/protect/fraud/finances/shopping_us.aspx
– Get Safe Online http://www.getsafeonline.org/

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Data Encryption

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Encryption
Two Options
1. Encrypt at source and destination
(while “at rest”)
2. Encrypt only in transit

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Encryption
Encryption at Source
1. Acquire (purchase or free) personal email certificate and install it.
This allows emails to be encrypted.
2. Exchange a “signed” email with your correspondents in advance
so that they will be able to decrypt your future encrypted emails.
3. At time of email composition, “click the button” as shown on the
next slide.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Encryption

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Encryption
Encryption at Source
1. Pros
a) Sensitive data is fully encrypted as the outbound message is created. No matter how it gets
sent, only persons with your decryption key will be able to read the message.
b) The message remains encrypted as stored “at rest” on your recipient’s computers. If they ever
lose the decrypt key you provided, even they will not be able to read it.
2. Cons
a) You must remember to choose to encrypt.
b) Personal certificates expire and must be renewed and then new decrypt keys must be sent out
to all correspondents
c) If recipients lose the decrypt key, they will not be able to read even old messages. (This
happens when a recipient gets a new computer and old messages were encrypted with old,
expired keys.)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Email Encryption
Encryption in Transit
1. Pros
a) Data remains unencrypted at both source and destination. You can keep such messages in your
mailbox forever and always be able to read them. Same for your recipients.
b) Often messages can be encrypted by policy (if credit card or SSN are detected within the body
of the message or if keywords are in the subject line). You don’t have to “remember” to
encrypt.
c) No need to share encrypt/decrypt keys with anyone in advance
2. Cons
a) Policies can miss some critical messages.
b) Sometimes recipients’ systems are unable to receive messages encrypted in transit. In those
cases alternate “clunky” mechanisms kick in or the message is “bounced”.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Whole Disk Encryption
Many Options
1. Purchased Products (benefits can include key escrow)
a) Symantec PGP
2. Free “Open Source” Products
a) Truecrypt (bad news! Now unsupported, never was really validated)
3. Free “Built In” with Windows 8 Pro or Windows 8 Enterprise (also
built-in with Windows 7 Ultimate or Windows 7 Enterprise)

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Windows Bitlocker
1. Computer must have “Trusted Platform Module” (TPM) support
pre-installed
2. TPM must be enabled
1. Can be done manually in the BIOS of a computer
2. Dell provides a “Custom Configuration Toolkit” that allows you
to make a little executable program that a user could run to
enable TPM.
3. Computer must have a “System Partition” of at least
300MB.
1. If System Partition is too small, Bitlocker will shrink your C:
drive and expand the System Partition.
2. If no System Partition is present, Bitlocker will create one

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Windows Bitlocker

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Windows Bitlocker
1. Before encryption begins, you will be asked to store a text file
with a “Recovery Key”. You must have this key to access the
system if anything goes wrong or if you need to boot the system
into Safe Mode. DON’T LOSE THE RECOVERY KEY!
2. On a new PC with no real contents, encryption will take 2-3 hours.
3. On an older PC with lots of contents, encryption will take 4-5
hours.
4. You can work while encryption is occurring, but the encryption
will take longer and your system will be slow during the process.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Windows Bitlocker
1. About 1 in 20 attempts will “fail” (before encryption begins)
a) Messed up boot record. (FIXMBR often repairs it)
b) Out of Date BIOS
2. We have encrypted over 200 machines and none have
ever failed after the encryption process started.

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
Windows Bitlocker
1. In a networked business environment, the IT people can deploy a
“Group Policy” that will capture the Recovery Key and store it in
the network directory for safekeeping (in addition to the text file
you can store before encryption starts)
2. In a business environment, the IT people can deploy the
Microsoft Bitlocker Administration and Monitoring (MBAM)
toolkit.
a) Allows remote encryption/decryption
b) Allows remote suspension of Bitlocker protection (to allow safe
mode reboots)
c) Allows self-service access to recovery keys
d) Has reporting

p: 210.225.2243 | f: 210.225.1980 | saafdn.org
QUESTIONS
57

p: 210.225.2243 | f: 210.225.1980 | saafdn.org

�ݺ�ߣ

I.T. Security I.T. | S.A. 06-17-14

More Related Content

I.T. Security I.T. | S.A. 06-17-14

Editor's Notes