Secure Email and Web Browsing. Sébastien Dellabella Computer Security Team



Similar documents
Countermeasures against Bots

F-Secure Anti-Virus for Mac 2015

F-Secure Anti-Virus for Mac. User's Guide

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Get Started Guide - PC Tools Internet Security

Seven for 7: Best practices for implementing Windows 7

Know the Risks. Protect Yourself. Protect Your Business.

High Speed Internet - User Guide. Welcome to. your world.

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Accessing your Staff (N and O drive) files from off campus

How To Understand The History Of The Web (Web)

Threat Events: Software Attacks (cont.)

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Computer Security: Best Practices for Home Computing. Presented by Student Help Desk Merced Community College

Outlook Web Access 2003 Remote User Guide

White Paper - Crypto Virus. A guide to protecting your IT

the barricademx end user interface documentation for barricademx users

isheriff CLOUD SECURITY

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network.

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360.

Malware & Botnets. Botnets

Secure Your Mobile Workplace

F-Secure Internet Security 2012

Presented by:!!dave Kennedy (RELIK)"!!!!!Ryan Macfarlane "

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

Why The Security You Bought Yesterday, Won t Save You Today

Kaspersky Small Office Security User Guide

TIME TO LIVE ON THE NETWORK

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

How To Secure An Rsa Authentication Agent

What you need to know to keep your computer safe on the Internet

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Social Engineering Toolkit

Streamlining Web and Security

Cyber Security Update Denise Heagerty CERN Computer Security Officer

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Stopping zombies, botnets and other - and web-borne threats

escan Corporate Edition User Guide

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

How To Use Windows Live Family Safety On Windows 7 (32 Bit) And Windows Live Safety (64 Bit) On A Pc Or Mac Or Ipad (32)

What are the common online dangers?

Using TS-ACCESS for Remote Desktop Access

Top five strategies for combating modern threats Is anti-virus dead?

Think Before You Click. UH Information Security Team

CITRIX TROUBLESHOOTING TIPS

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Networks and Security Lab. Network Forensics

Student Home

Computer Security. Uses Zip disks that hold up to 750 MB of data. Must buy and hook up the drive.

What Do You Mean My Cloud Data Isn t Secure?

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Cyber Security: Beginners Guide to Firewalls

Operation Liberpy : Keyloggers and information theft in Latin America

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

Fighting Advanced Threats

Information Security Threat Trends

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

User's voice NET NANNY. Quite simple to install and configure. Improve messages and possible reactions when a page is blocked. Comprehensibility:

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Chapter 4 Application, Data and Host Security

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center

Windows XP Pro Service Pack 3 Approved Window Update Description Update. XP Service Pack 3 (KB936929) Windows Internet Explorer 7 for Windows XP

INSTANT MESSAGING SECURITY

Kaspersky Total Security User Guide

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Spyware. Summary. Overview of Spyware. Who Is Spying?

CC File Transfer. User Manual

User Manual. HitmanPro.Kickstart User Manual Page 1

Cyber Security. Maintaining Your Identity on the Net

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

NTT R&D s anti-malware technologies

Transcription:

Secure Email and Web Browsing Sébastien Dellabella Computer Security Team

Overview Main attack types Consequences of a successful attack Survival guide on the wild Internet Understanding the details Examples Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN IT/CO) Security DESY Day 20. Februar slide 2007 2

Main attacks types

Main attacks types Social Engineering Someone calls you and asks you for personal information Someone lost an USB Stick and you found it. Understanding the attack makes it ineffective Password Phishing Forged mail Tabnabbing. NEW! Malicious Program wish to run as admin The program asks you for permission to run don t allow it! Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN IT/CO) Security DESY Day 20. Februar slide 2007 4 User interaction needed Vulnerability Exploits Visiting a website, opening an attachment, connecting a USB stick, it s enough to be exploited. Using a compromised computer You don t know it, but everything you type is recorded. User Interaction NOT needed

Consequences of Attacks

Consequences of Attacks Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN IT/CO) Security DESY Day 20. Februar slide 2007 6 Computer remotely controlled to: Send SPAM Infect other machines on the local network Host illegal or copyrighted data (software, movies, porn, banking data, private data) Relay illegal connections Computer used for criminal purpose: Loss of confidential work Money extortion (private data encryption) Join BotNet to attack other systems on the Internet (DoS)

Survival Guide

Survival Guide (1/2) User awareness Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN IT/CO) Security DESY Day 20. Februar slide 2007 8 No credentials (login/password) over email No same password for different place/software/service (CERN email, MSN, private email account, banking, Facebook, etc.) No clicking on links sent by your online contacts before confirmation (mail, phone call, etc.) No use of untrusted media (USB stick you found in the street, CD, DVD or hard-drive your friend gave to you) No use of Internet randomly downloaded software (how can you trust them?) No forwarding of unverified information to your contacts. Check [http://www.hoaxbuster.com] or [http://www.scambusters.org] Read before you click and If you have any doubt, don t click

Survival Guide (2/2) Work without Administrator rights Standard on Windows VISTA, Windows 7, MAC, Linux Use NICE Admin on Windows XP Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN IT/CO) Security DESY Day 20. Februar slide 2007 9 Up-to-date OS and software Average survival time of a machine on the Internet is: 4min [http://www.dshield.org/survivaltime.html] CMF updates at CERN Windows Update at home Antivirus with latest pattern files Install CERN Antivirus at home, it s FREE for CERN users! [https://cern.ch/win/help/?kbid=051092]

Understanding the details Why you can t trust messages you receive By E-mail By Instant Messenger (MSN, Skype, ICQ, etc.) By contacts on social networking website (Facebook, etc.) Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 10 What is the URL? URL (Uniform Resource Locator) is an internet address What you see is NOT always what you get!

Understanding the details Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 11 What links to www.ebay.com? http://secure-ebay.com http://www.ebay.com\cgi-bin\login?ds=1%204324@%31%33%37 %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d http://www.ebaỵ.com/ws/ebayisapi.dll?signin http://scgi.ebay.com/ws/ebayisapi.dll?registerenterinfo&siteid=0& co_partnerid=2&usage=0&ru=http%3a%2f%2fwww.ebay.com&rafid=0 &encrafid=default

Understanding the details Internet Browser improvements New heuristics & enhanced telemetry Anti-Malware support Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 12

Understanding the details In Private Browsing Available on Internet Explorer 8 and Firefox: Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 13 lets you control whether or not the browser saves your browsing history, cookies, and other data Internet Explorer: Safety -> In Private Browsing Firefox: Tools -> Start Private Browsing

Examples

Examples Phishing (1/3) Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 15

Examples Phishing (2/3) Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 16

Examples Phishing (3/3) Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 17

Examples Tabnabbing Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 18

Examples Untrusted software: Scareware Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 19

Summary User awareness No credentials (login/password) over email No same password for different place/software/service No clicking on links sent by your contacts before confirmation. No use of untrusted media (USB stick, CD, DVD, Hard-drive) No use of Internet randomly downloaded software No forwarding of unverified information to your contacts Read before you click and If you have any doubt, don t click Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 Up-to-date OS, Antivirus and software Work without Administrator rights Standard on Windows VISTA, Windows 7, Mac OS, Linux Use NICE Admin on XP SEC_RITY is not complete without U! The Security Team is ready to help you: computer.security@cern.ch

Q&A Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 21

Resources CERN Computer Security web site http://cern.ch/security Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 22 CERN Antivirus Help Section https://cern.ch/win/help/?fdid=13 NICE Services How to install Antivirus at home? https://cern.ch/win/help/?kbid=051050 CERN Security Advice on SPAM http://cern.ch/security/recommendations/en/bad_mails.shtml NICE Services Spam fighting configuration https://cern.ch/mmm/help/?kbid=101030

Computer.Security@cern.ch Dr. Stefan Computer Lüders (CERN Security IT/CO) DESY Day 20. Februar slide 2007 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information