Transcript Computer Security - SLAC Public Website Server

Computer Security
Integrate It Into Your
Daily Computer Activities
Teresa Downey – SCCS
Safety and Security Briefing – September 20th, 2005
Topics For Today
•
•
•
•
Safer Electronic Communications
Appropriate Use of Computers
Warnings on Use of Web and VPN
Advice to Update Your Computer
Plain Text E-mail
• Just opening an HTML e-mail can infect
Windows PC
• Plain text works for all e-mail recipients
• Pine is good… already in plain text
• Outlook is bad, but can be fixed…
Search for “plain text” on SLAC web for
instructions to change Outlook default.
View as Plain Text
Rightclick to
convert
to
original
format
HTML Pictures
Grey bar is
giving you
info from
Outlook that
it changed
something
Right-click to download pictures only when needed.
Pictures can be used to track who’s opening e-mails.
Don’t Click “Remove Me”
The “remove me” links in spam e-mail are
often useless, but can be used to verify
your identity, infect your computer, etc…
Example in HTML:
Example in Plain Text:
This link doesn’t include anything to identify me and
goes to suspicious location
E-Cards = Bad News
Don’t run ActiveX and don’t install plug-in software
to read e-cards. Not usually needed for valid cards.
Phish of the Month
• Phishing scams (forged e-mails and/or
web sites) designed to trick you
• More than 400 domains were registered
with “katrina” in their name in the days
after the hurricane hit. Many were fake.
• Similar things happened after recent
tsunami in Indonesia.
Peer-to-Peer Software
•
•
•
•
Not to be run at SLAC
BitTorrent, Grokster, eDonkey, Kazaa…
Copyright infringement
Virus or Trojan Horses in files
SLAC is
monitoring
port traffic
Key Loggers
•
•
•
•
Key loggers capture all your key strokes
Be careful in web (all browsers)
Be careful clicking in e-mails
Remind your family
Screen Scrapers
• Trojan Horse sitting on your computer
• Waits for pop-up from your bank
• Software takes screen shots to capture
your PIN
Screen Shots of Mouse Clicks
VPN Bypasses Firewalls
• Your home firewall may be useless while
you are using VPN
• If your computer isn’t fully patched it could
get infected
• If you just want Exchange e-mail then use
www-mail or Outlook RPC over HTTPS
• Citrix is another option
Search for “outlook rpc” or “citrix”
on SLAC Web
Keep PC Current
• SLAC fully-managed systems are ok
• Self-managed systems are a weak point
• Falling behind on updates could mean you
are no longer getting security patches –
applicable to all operating systems
• Use anti-virus & anti-spyware
– Update them frequently
Questions for our Security Experts?
• Bob Cowles
• Gary Buhrmaster
• John Halperin
Reporting Computer Security Problems
[email protected]
After hours, please call x4357 (Helpdesk)
Notes from this talk can be found at Computer Security table outside or
online at: http://www2.slac.stanford.edu/computing/security/meetings/