Security Awareness

Our security depends on you

 What IT Security Protects
ECU Campus network and everything
attached to it
Information
personal data
patient/student records and billing
payroll
research
e-mail
 IT Security Affects You
We all share the same network and
networked resources
We all share responsibility for security
If the network goes down, nobody can
access e-mail, Internet, Purchase Order
system, patient records and billing,
secured areas, VOIP devices
(telephones), etc.
 Security Fallacies
We have antivirus software, so were
secure.
We have a firewall, so were secure.
Most security threats come from
outside.
I dont care about security because I
backup my data daily.
Responsibility for security rests with IT
Security staff.
 Security Assessment
Open ports and mail relays
Software patches
Weak passwords
We do not scan your personal data
If we detect weaknesses, we do not
exploit them
We report weaknesses to you for your
benefit
 Security Policies
Continuous cooperative effort between
IT Security staff and all users
Develop, implement, and enforce
effective security policies and
procedures
Provide maximal security with minimal
inconvenience to users
 IT Security Components
Firewalls
Intrusion Detection Systems
Antivirus software
Updated OS and apps
Continual education for staff and users
User cooperation and compliance
most critical component
most difficult to achieve
 Security Threats
Malwareviruses, worms, trojans, etc.
Security patches not applied
Hacking and network scanning
Social engineering
Chat and Instant Messaging software
Weak passwords
Ignorance, carelessness, and
 File Sharing Software
Kazaa, eDonkey, Morpheus, etc.
Contains trojans and spyware
Advertises your computer on Internet
Hogs shared network capacity
Sharing copyrighted materialmusic,
video, or dataviolates federal law
Violators referred to appropriate
authorities
 Hacking Steps
Reconnaissance
high tech: network port scans
mid tech: impersonation, phone calls,
phishing
low tech: dumpster diving
Identification
Coordination
Exploitation
 What You Can Do
Use/update antivirus software
Patch OS and apps
Use strong passwords
Use email prudently
Dont use chat or IM software
Dont use P2P file sharing software
Dont use personal firewalls
 Campus Antivirus Policy
All networked Windows and Macintosh
computers must run AV software
Site license for Symantec Antivirus
free copy for every Windows or Macintosh
computer on campus
free copy to load on your home computer
Infected computers removed from the
network until cleaned
 Free Antivirus Software
Sources for antivirus software:
ITCS installs on campus computers
CD-ROMs available in Austin 208
Download from ITCS website
Instructions on ITCS web page:
www.ecu.edu/itcs
go to Software, Software Documentation
get, install, configure, use, update
 Use Antivirus Software
Always use the latest version
Update definitions daily, before
retrieving email
Scan all files weekly
Beware of virus hoaxes
Campus computer infected?
notify IT Support Services at 328-6866
notify your coworkers
 Patch Your Software
Windows Update website
critical updates for OS
Start menu, Windows Update
Microsoft Office Update website
link on Windows Update web page
Microsoft Baseline Security Analyzer
checks for security flaws
analyzes OS, IE, Office, IIS, SQL
 Windows Update
Go to Start, Windows Update (Win2k
and XP)
Three update types
Critical: Apply all of these.
Windows: Apply those marked
recommended and avoid the others.
Drivers: Dont apply these. Get them from
your hardware vendor.
 Office Update
Linked from the Windows Update web
page
Find link at top of WU page
Apply all updates for English versions of
Office
Avoid updates for foreign language
versions
 Baseline Security Analyzer
Free download from Microsoft
Checks OS, Office, IE, IIS, SQL
Direct links to missing hotfixes
Updates every time you run it
Additional security advice
 Passwords
At least 8 characters long, including:
at least one letter
at least one number
at least one special character (e.g., !, @, #,
?, >)
no repeated characters
Make it obscure. Keep it secret.
When in doubt, change it NOW
90-day expiration
 Exchange E-Mail
Never open attachments
save the attachment to your hard drive
scan the attachment with SAV
Dont spam other users
spam is electronic junk mail
if you wouldnt want to receive it, dont
send it
Dont use other e-mail programs on
campus: AOL, Yahoo, Hotmail, etc.
 Personal Firewalls
Designed to work on stand-alone home
computers, not complex networks
No centralized management
Interfere with antivirus software
Interfere with network management
Not supported by ITCS
 Use Common Sense
Be suspiciousdont believe unknown
visitors or phone calls
Use your locksdoor and computer
Going home? Turn off your computer!
Dont reveal your password to anybody
Dont reveal confidential information
Dont install unauthorized software
If youve been hacked, change all your
passwords
 Problems and Questions?
Dont call individual ITCS employees
Call IT Support Services at 328-6866
single point of contact
all calls forwarded to appropriate
consultant
Open a Service Request
www.ecu.edu/itcs
go to Client Services section
Questions?