50. Databases
Applications
Content
Infrastructure
Information
• Маскирование и преобразование
• Управление привилегированными
пользователями
• Многофакторная авторизация
• Аудит и мониторинг активности
• Безопасное конфигурирование
Identity Management
Information Rights
Management
Мэдээллээ хамгаалах
• Назначение/отзыв IT-привилегий
• Управление ролями
• Универсальная авторизация
• Контроль доступа с учетом рисков
• Виртуальные каталоги
• Аудит использования документов
• Предоставление и блокирование доступа
к документам
• Безопасность документов внутри и вне
межсетевых экранов
Database Security
52. Safeguarding Your Computer
Practical Steps
• 1.Secure your computer (log out, lock the office)
• 2.Account management (user roles, permissions)
• 3.Use strong passwords
• 4.Get the latest updates
• 5.Install anti-virus and anti-spyware software
• 6.Use a firewall
• 7.Browse the Internet safely
• 8.Make regular backups
• 9.Secure wireless networks
• 10.Learn what to do if something goes wrong.
52
53. What Needs to be Protected?
• Your Identity, Your Privacy
• Your Personal Information, Your Money
–Others’ Identity, Information,
PrivacyThings Cal Poly has entrusted you with
– Your login - What you have access to
53
55. How do I Protect my Information?
• Keep your computer safe, protected:
• Use trusted software, keep your software
updated
• Run anti-virus, anti-spyware
• Be wary of suspicious emails, prompts for
updates, pop-ups, URLs or links
• Use strong passwords, keep portal password
unique
55
56. Keep Software Updated
• Run trusted software
• Regularly update your computer, software,
Operating system
• Browser
• Instant messenger
• Email
• Consult with your network administrator
56
59. Run Anti-Virus, Anti-Spyware
• Download it for free
at үйлдвэрлэгчийн
сайтнаас
• Keep definitions
updated Set to
automatic updates
59
60. Be Wary of Suspicious Emails, Links,
Updates
• It’s never appropriate or OK for someone to ask you for your
login and password in email
• Never provide your login and password in email
• Look at the address in the URL to figure out if it’s legitimate
• URLs with a lot of numbers and letters are usually a scam
• Google the address if you’re not sure
• Scam URL examples:
• http://online.ao.uk.citibank.kz/cgi
• http://swissbank.online.org/getyourwinnings.html
• http://165.256.115.60/wellsfargo.html
• http://www.kalamazoo.cz/www.bankofamerica.com/index.html
60
61. Scam Flash Player, Scam Anti- Virus
• Be CAUTIOUS when PROMPTED to update
anti-virus or flash player
• You never get software for nothing…
61
62. Scam Email
Dear Internet User
• We are happy to inform you that you have emerged winner of
$500,000.00 (Five Hundred Thousand US Dollars) in the European
Union Micro Project Award Draws.
• . . .
• To begin your claim, you are required to email the under listed
• information to our claims agent
• 1. Name and Address
– Nationality
– Age
– Occupation
– Phone/Fax
62
64. Caution: Fake Antivirus Update
Don’t click on the link,
button
Your Clues:
1. Know what your updates
look like
2. Be suspicious if you are
prompted for updates
What you can do:
1. Run the software yourself
(not from the link) and
“check for updates”
OR
2. Go to software vendor
Website and check for
updates
64
65. Use Strong Passwords
• Use different passwords for different services
• Keep your Cal Poly portal password unique, don’t use it anywhere
else
– Use 1-2 alphabetic characters in a row, don’t use 3 in a rowa. Example:
Use rt, not rtU
– Use 1-2 numeric characters in a row, not 3a. Example: Use 39, not 391
or 4421
• Use special characters in your password
– Choose a password with at least 3 character types a. Lowercase
letters, numbers, special characters, uppercase letters
• Think of a phrase such as ‘Learn by Doing; for Cal Poly.’ Substitute
characters, numbers and special characters for the first letter of
each word in the phrase. For example: L-bd;4Cp.
• Change your password any time you suspect it has been
compromised
65
66. Identity Safety and Theft Prevention
• Invest in a shredder. Shred all documents that have
your personal information on it. Shred those pre-
approved credit applications you don’t want.
• Monitor your credit reports.
• Mail your bills at the Post Office close to pickup times.
• Don’t give out your Social Security number unless you
verify why it is needed, such as for bank accounts or
loans.
• Protect your purse or wallet and keep only necessary
information in it.
• Don’t respond to unsolicited e-mails or phone calls.
66
67. What we need is…
• …easy access to Cal Poly information and
resources for those who shouldhave it
• …extremely difficult for those who
shouldn’thave it
• The Cal Poly Password helps meet these
needs for campus services.
• Individually, needs are simple.
• Together, they pose a challenge.
67
68. Balancing The Needs
• Unrealistic Extremes:
• •easiest access = no password(like no locks on
your door)
• •strongest protection = long/random
password + token + retina scan + etc. (like
living in a bank vault)
68
69. Balancing The Needs
• The world is our neighborhood.
• Real solutions require tradeoffs based on
perceived risk: password guessing
69
70. The Balance Today
• One password, many services
• Strict password rules
• No retina scan or fingerprint required!
• Passwords usable indefinitely
• Next: Dan and changes to staybalanced.
70
71. A hard to guess password
can still be weak…
(Just because it’s
propaganda
doesn’t mean it’s
not true!)
71
72. Changes to Maintain Balance
• Password Expiration
– new password must be set yearly
– plenty of advance notice
• Acknowledge Policies
– those forms you don’t remember signing
• Later: changes to password rules, process
– we hope to make your life a little easier
72
73. If talk of changing passwords gives you
a sinking feeling….
73
(to further muddy the metaphor)
74. What is identity theft?
• •Legal definition:
• “Fraud related to activity in connection with
identification documents, authentication
features, and information”
• “Identity theft is the fastest growing crime in
America, with 9.9 million victims reported last
year”
74
76. Who perpetrates this fraud?
• •Anyone who has or can get access to your
information:
• –Insiders (local, or not)
• –Dumpster divers, burglars, pick pockets, etc.
(local, or not)
• –Criminal underground on the Internet
• •Out to get someone…
76
77. How they do it…
• •Phishing
• •Viruses/Worms/Trojans -Botnets
• •95% of email is SPAM
• Overview of criminal underground
Байнга санаж явах
• •Identity = information = money
• •You’ll do (so take precautions)
• •Be vigilant
• •Report suspicious activity
77
81. Why SPAM and Phishing?
• Low Risk + High Reward + Opportunity =
Criminal’s Dream
Someone is falling for it!
Who Perpetrates This Fraud?
• •Anyone who can send an email
• •People who send lotsof emails
• •90%+ email on Internet is SPAM/Phishing
• •Mostly sent via Botnets
81
83. A Blessing and Curse…
83
•Компьютер авчихаад ашиглахгүй байх уу? Үгүй
• Don’t be a bot!
–Your ISP may have already contacted you…(but be sure!)
•Gain knowledge, be skeptical, use the tools
–…stay tuned
84. Social Networking How To Be Safe
On-Line
84
•Relationships between people
•Web site that knows who you know,
encourages interaction
85. Responsible Use: What’s Covered?
• •Authorized Use / Access•Data Security,
Confidentiality & Privacy•Electronic
Information Retention & Disclosure•Network
/ System Integrity•Commercial Use•Political
Advocacy•Harassment•Copyright & Fair
Use•Trademarks & Patents•Electronic
Communications•Web Sites & Accessibility to
Digital Content
85
86. Trusting Your Computer
• Practical Steps
• 1. Secure your computer (log out, lock the office)
• 2. Account Management (user roles, permissions)
• 3. Use strong passwords
• 4. Get the latest updates
• 5. Install anti-virus and anti-spywaresoftware and
• keep their definitions updated
• 6. Use a firewall
• 7. Browse the Internet safely
• 8. Make regular backups
• 9. Secure wireless networks
• 10. Learn what to do if something goes wrong
86
88. 10 Privacy Settings Every Social Networking
User Should Know
• 1: Use friends list
88
89. 10 Privacy Settings Every Social Networking
User Should Know
89
2: Remove yourself
from Facebook
search results
Default is set to
“network”
90. 10 Privacy Settings Every Social Networking
User Should Know
90
3: Remove yourself
from the Google
search engine
Turn off “create a
public search
listing…”
91. 10 Privacy Settings Every Social Networking
User Should Know
91
4: Avoid
embarrassment
from photo/video
tags
Set as: Custom
Only Me
None of My
Networks
92. 10 Privacy Settings Every Social Networking
User Should Know
92
5: Protect your photo
albums
–
Manually configure the
visibility of each album
–
Be sure to check visibility
settings each time you
upload a new photo
album
93. 10 Privacy Settings Every Social Networking
User Should Know
93
6: Prevent stories from showing up in friends’ news feeds
94. 10 Privacy Settings Every Social Networking
User Should Know
94
7: Protect against
published
application stories
If you add an
application, scan
your profile
95. 10 Privacy Settings Every Social Networking
User Should Know
95
8: Make your
contact information
private
Only make email &
phone numbers
available to close
contacts
96. 10 Privacy Settings Every Social Networking
User Should Know
96
9: Avoid
embarrassing wall
posts
Prevent your wall
posts from being
announced in
friends’ news feeds
Turn off relationship
status
97. 10 Privacy Settings Every Social Networking
User Should Know
97
10: Keep your
friendships private
Not everyone
wants to live public
lives!