However, there is one kind of crime which may exist in the future - computer crime. Instead of mugging people in the streets or robbing houses, tomorrow's criminal may try to steal money from banks and other organizations by using a computer. … it is very difficult to carry out a successful robbery by computer. Many computers have secret codes to prevent anyone but their owners from operating them. As computers are used more and more, it is likely that computer crime will become increasingly difficult to carry out. From The 1981 book, School, Work and Play (World of Tomorrow)
Most any library can be a target, so join Blake Carver, the Owner of LISHost.org, and get some ideas on how to make your library and your home more secure. Carver covers privacy, as it is closely related to security, and should be taken seriously. He shares many ways to stay safe online, how to secure your browser, PC, and other devices you and your patrons use every day. He also tackles some common security myths, talks about secure passwords and network security, as well as hardware and PC security. Carver discusses security issues that you’ll find in your library as well as tricks sysadmins can do with servers to make things safer for you, and that you’ll never see as an end user. NCompass Live - June 6, 2012.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
However, there is one kind of crime which may exist in the future - computer crime. Instead of mugging people in the streets or robbing houses, tomorrow's criminal may try to steal money from banks and other organizations by using a computer.
… it is very difficult to carry out a successful robbery by computer. Many computers have secret codes to prevent anyone but their owners from operating them. As computers are used more and more, it is likely that computer crime will become increasingly difficult to carry out.
From The 1981 book, School, Work and Play (World of Tomorrow)
• Not be similar to or contain any portion of your name or login name• Not contain English words that are longer than 4 letters• Not begin or end with a number• Not be the same as any of the previous 78 passwords in the password history• Be changed at least once every 12 days• NOT Use a sequence of keys on the keyboard, such as QWERTY or 12345• NOT Use information about yourself, family members, friends or pets. This includes (in whole
or in part) names, birthdates, nicknames, addresses, phone numbers• NOT Use words associated with your occupation or hobbies• NOT Use words associated with popular culture, such as song titles, names of sports teams,
etc.• NOT Be reused for multiple accounts
Passwords
O9q[#*FjJ9kds7HJ&^4&!@&$#s(6@G
Passwords
Simple Things Make a Strong Password
• Some Letters – UPPER and lower case• Maybe some numbers• Maybe a something else (*%$@!-+=)
1. DO Make it as l o n g as you can
2. Do not reuse it on multiple sites
Passwords
Assume Your Password Will Be Stolen
Passwords
What Makes a Bad Password• Default Passwords
• Dictionary and Common Words
• Predictable Patterns
• Passwords From Password Lists
• Obvious Personal Details
Passwords
Should You Change Your Passwords Every X # of Months?
• Email?• Bank Account?• Network?• Server?• Router?• Facebook & Twitter?• Library Web Site?• LISNews?
Passwords
What Can Sysadmins Do?
• Don’t allow bruteforcing
• Encrypt and Salt Passwords
• Allow Large Passwords
• Allow Large Character Sets
Passwords
Nobody – nobody – is immune from getting hacked
Passwords
Have your accounts been compromised?
https://www.pwnedlist.com/
Passwords – Next – Staying Safe Online
Staying Safe Online
Patches
Trust
PasswordsStaying Safe Online
Staying Safe Online
How Do You Know If You Are Infected?
• Fans Spinning Wildly
• Programs start unexpectedly
• Your firewall yells at you
• Odd emails FROM you
• Freezes
• Your browser behaves funny
• Sudden slowness
• Change in behavior
• Odd sounds or beeps
• Random Popups
• Unwelcome images
• Disappearing files
• Random error messages
You Don’t
Staying Safe Online
Your antivirus software is a seat belt – not a force
How Good Sites Go Bad• Remote File Inclusion• SQL Injection• Local & Remote File Inclusion• Cross Site Scripting (XSS)• Directory Traversal
Sever Side Security
Sever Side Security
Sever Side Security
SecRule REQUEST_BODY|ARGS"mortgage|autoloan|prequalify|refinance|tramadol|ultram“"deny,log,auditlog,status:403,msg: 'General Link Spammers Must Die',id:‘6010'"
SecRule REQUEST_BODY|ARGS "free-codec|rolex|tolltech|anime|batteries“"deny,log,auditlog,status:403,msg: ‘Misc Spammers Must Die',id:'61206
Sever Side Security
ConfigServer Security & Firewall
http://www.configserver.com/cp/csf.html• A Stateful Packet Inspection (SPI) firewall, Login/Intrusion
Detection and Security application for Linux servers.• This suite of scripts provides:• Straight-forward SPI iptables firewall script• Daemon process that checks for login authentication failures
10 Tips1. Use a Password Manager2. Turn on GMail two-step verification3. Switch to Google Chrome and install KB SSL Enforcer4. Use a VPN everywhere5. Full Disk Encryption6. Routine Backups7. Kill Java8. Upgrade to Adobe Reader X9. Common sense on social networks10. Don’t forget the basics
Common Security Myths1. You have nothing important to steal 2. Using Mac/Linux makes you safe 3. Patches and updates make things worse and break them 4. You can look at a site and know it's safe and not serving bad
stuff 5. Avoiding IE makes me safe 6. If an email comes from a familiar face it's ok7. If I'm compromised I will know it 8. P2P and torrents are safe 9. I have a firewall10. I'm too smart to get infected... Yes, you and me both!
Staying Safe Online
top security excuses1. It's okay, it's behind the firewall.2. Won't antivirus catch that?3. No, we don't have confidential data on our system, just these Social
Security numbers of our employees.4. But nobody would do that [exploit of a vulnerability].5. I can't remember all these passwords.6. My application won't work with a firewall in the way.7. They won't be able to see that; it's hidden.8. It's safe because you have to log in first.9. No, we don't have credit cards on our system, just on this one PC here.10. We didn't HAVE any security issues until YOU came to work here.
by Wendy Nather
Six ways to be a model cyber citizen
1. Be cyber security aware, use security best practices and report cyber crime
2. Use an antivirus product as it helps not only to protect you but prevents your
computer from hosting malware that affect others
3. Be a good cyber parent, educate your child on the dangers, ethics and safety
measures to be used online
4. Stay away from using pirated products
5. Encourage your government to invest in raising the national standard of cyber
security in curriculum, law and customer protection
6. Be responsible for your online habits, tweets, as what you do online affects your
reputation, family, colleagues, religion, nation and company
5 big security mistakes
1. Assuming that patching is good enough2. Failing to understand what apps are running3. Overlooking the anomalies4. Neglecting to ride herd on password policy5. Failing to educate users about the latest