Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.

Remote Access

What is the Remote Access Domain?

• remote access: the ability for an organization’s users to access its non-public computing resources from external locations other than the organization’s facilities

Dangers of Remote Access

EPIDEMIC! Peeping Toms!

www.top10always.com

www.redbubble.com

Rule #1

• NEVER share logon credentials with anyone.

www.simplenomics.com

Rule #2

• Use strong and memorable passwords.– www.passwordmeter.com

Rule #3

• Do not use public devices.– Library workstations– Kiosks– Web cafes• STARBUCKS

www.patsyearnshaw.co.uk

Rule #4

• Do not use personal devices.– If use of personal device is necessary, no copying.

www.puntacantv.com

Rule #5

• Use only company email for remote business.

www.thinkprogress.org

Rule #6

• Implement anti-virus and anti-spyware.– Run them continuously.– Update them.

www.dailyadvisor.net

Rule #7

• Ensure you are only connected to one network at a time.

• No split-tunneling or dual homing.

BAD

Rule #8

• Only use “administrator” profile to update profile or make system changes.

www.iconfinder.com

Cloud computing

• What is it?• What are and aren’t safe practices?

• Wireless technology standard for exchanging data over short distances using short-wavelength radio transmissions.– Disable when not being used– Use a PIN that is at least 8

characters long combining numbers and letters if possible

Infrared connection (IrDA)• Infrared technology allows computing devices to

communicate via short-range wireless signals. – Turn off when not using– Requires line of site, don’t use in crowded area around a

lot of people– To keep secure, do in a private area in close range (4 to 20 “ apart)

Near Field Communication (NFC)

Near Field Communication (NFC)

• NFC uses Radio Frequency Identification Technology to transmit information over very short distances (centimeters or less)

• Turn off when not using feature• Don’t use tags that aren’t secured• Don’t exchange info with individuals you don’t

trust• Look at phone to see what actions the tag

prompts. Is there anything suspicious?

Quick Response (QR) Codes• Use a QR scanner that shows the URL and asks if you

want to go there. • Don’t give out personal information or login

credentials to any sites you’re directed to.• Look out for suspicious QR Codes like ones on stickers

stuck over original QR codes.

Cell Phone Basics Phones, tablets, etc.

1. Only download applications from sites you trust and only after checking each apps’ rating and reading the user reviews to make sure it is widely used and respected.

2. Set a password on your phone3. Watch for suspicious links4. Be careful what you do at unsecured WiFi

hotspots or don’t use at all.

5. Keep spyware from watching you

Cell Phone Spyware• No good way to be 100% sure

phone is not compromised• Factory reset done by provider

should in theory remove any spyware (also lose all files, photos, etc. stored on the phone).

• Anti Spyware apps do exist not certain how effective they are.

• Generally requires physical contact with target phone to install. Could also get in through SMS messages and Bluetooth connections.

• May notice strange sounds, background noise, decrease in battery life, phone being warm when it hasn’t been used, phone “lighting up for no reason.

Social Networking

Examples of Social Networking Platforms

• Blogs, micro blogs• Wikis• Photo and video sharing, podcasts• Virtual worlds, exp. WOW• Social news, web conferencing, and

webcasting• Facebook, Twitter, Foursquare, Youtube, Yahoo groups, etc.

What is Social Networking?• Means of interaction among people in which

they create, share, and exchange information and ideas in virtual communities and networks

• Depend on mobile and web-based applications to create a platform in which user content can be shared

• Communication between organizations, communities and individuals

Social Networking Guidelines

• Do not post discriminatory, harassing, or threating messages or images

• Do not post anything that would embarrass you or the company and thereby affect the company’s reputation

• Do not share confidential material, trade secrets, or proprietary information

• Respect copyright, fair use, and disclosure laws

Social Networking Guidelines

• Make sure when posting information that you use a disclaimer that the ideas are your own and are in no way affiliated with the company

• Restrict social networking to personal time and not during company time

• Do not share personal information about employees, vendors, or clients

Risks of Social Networking

• Malicious applications can compromise network security

• The company reputation could be in jeopardy• Once information is public the more

vulnerable you become• Exploitation• Data leaks• Impersonation

Sources• http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf• http://www.rd.com/advice/saving-money/5-simple-steps-to-keep-your-cell-phone-

secure/• http://simson.net/ref/security_cellphones.htm• http://www.personalprotectionsystems.ca/the-digital-sheepdog/my-son-brandon-

rocking-it.html• http://www.rd.com/advice/saving-money/5-simple-steps-to-keep-your-cell-phone-

secure/• http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf• http://electronics.howstuffworks.com/how-secure-is-nfc-tech.htm• http://www.onlineqrlab.com/qr-code-nfc-security.php• http://www.tripwire.com/state-of-security/it-security-data-protection/malicious-q

r-codes• http://www.forbes.com/sites/andygreenberg/2012/07/27/how-to-bust-your-boss-

or-loved-one-for-installing-spyware-on-your-phone/• http://technet.microsoft.com/en-us/library/cc737210(v=ws.10).aspx• http://www.csoonline.com/article/217829/infrared-networking-seeing-infrared

Sources Continued• http://www.forbes.com/sites/andygreenberg/2012/07/27/how-to-bust-your-boss-

or-loved-one-for-installing-spyware-on-your-phone/• http://pugetsoundblogs.com/side-street-news/2011/03/05/is-there-spyware-on-y

our-cell-phone/#axzz2NARjbfRN• http://www.ehow.com/how_4811719_prevent-cell-phone-spyware.html• http://www.wired.com/politics/security/news/2005/07/68370• http://www.youtube.com/watch?feature=player_embedded&v=yK97DrkFJF0• http://www.mobile-spy.com/• http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf• http://www.rd.com/advice/saving-money/5-simple-steps-to-keep-your-cell-phone-

secure/• http://simson.net/ref/security_cellphones.htm• http://www.personalprotectionsystems.ca/the-digital-sheepdog/my-son-brandon-

rocking-it.html

Sources Continued

•NIST Special Publication 800-46•http://aws.amazon.com/vpc/faqs/•Columbia University Remote Access Acceptable Usage Policy•http://www.babson.edu/offices-services/itsc/about/policies/Pages/remote-access.aspx