An Introduction To IT Security And Privacy for Librarians and Libraries
•Transferir como PPTX, PDF•
1 gostou•454 visualizações
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a An Introduction To IT Security And Privacy for Librarians and Libraries
Semelhante a An Introduction To IT Security And Privacy for Librarians and Libraries (20)
Último
Último (20)
An Introduction To IT Security And Privacy for Librarians and Libraries
- 1. IT Security For Librarians Blake Carver LYRASIS Systems Administrator
- 2. Week One: Intro Who and How and What Privacy & Security in general Why this is all important 5 Basic Things Week Two: Outrunning The Bear Privacy Passwords Securing Devices Web Browsers Email Staying Safe On-line (General Tips) Week Three: Outrunning The Bear @ Your Library Training: Thinking & Behavior Threat modeling Hardware and networks Week Four: Websites & Everything Else! Web Servers and Networks Backups Drupal and Wordpress and Joomla Servers in general
- 3. Everything You Need To Know • Use Good Passwords • Stay Paranoid & Vigilant • Use Routine Backups • Keep Everything Patched / Updated • Think Before You Share Or Connect Intro
- 4. Other Things l Install Updates NOW l Passwords are Key l ALL Software Has Flaws l Security Is Complicated l Everyone Plays A Part
- 5. Common Security Myths • You have nothing worth stealing • Patches and updates make things worse and break them • You can look at a web site and know it's safe • No one will guess this password • Social Media Sites Are Safe • I’m safe! I use Anti-virus / firewall • There’s only malware on Desktops not phones • If I'm compromised I will know it • I'm too smart to get infected Intro
- 6. Common Security Excuses • But nobody would do that [Exploit Method/Thing] • I can't remember all these passwords. • Firewalls / AV / Security just gets in the way • They won't be able to see that; it's hidden. • It's safe because you have to log in first. Intro
- 7. So What Are We Talking About ● ● ● ● ● ● ● ● Intro
- 8. The Way Things Are Vs. The Way Things Oughtta Be
- 9. But the state argued that because cell phones constantly reveal their locations to carriers by pinging nearby cell towers, Andrews “voluntarily shared this information with third parties,” including the police, merely by keeping his phone on. In other words, if you don't shut off your phone, you're asking to be tracked. “While cell phones are ubiquitous, they all come with 'off' switches,” the state responded in the brief. “Because Andrews chose to keep his cell phone on, he was voluntarily sharing the location of his cell phone with third parties.” “The government has indeed repeatedly argued that there is no [reasonable expectation of privacy] in cell phone location information, in court and out,” Nathan Wessler, a staff attorney with the ACLU's speech, privacy and technology project, told Motherboard in an email. “In cases involving historical cell site location information, the government has danced around this argument, arguing that phone users give up their expectation of privacy in their location information merely by making and receiving calls.” State of MD Vs Kerron Andrews
- 11. If Vs. When Somethings are IFs, somethings are WHENs Perhaps things are Likely and Possible
- 12. ● ● ● ● ● ● ● ● Bad Guys? Hackers? Crackers? Criminals? Intro
- 16. ● ● ● ● ● ● ● ● Security Cyber Security? IT Security? Safety? Information Security? Information Literacy? The Digital Divide? Intro
- 17. “Security is two different things: It's a feeling & It's a reality ” Bruce Schneier – TedxPSU Intro
- 19. ● ● ● ● ● ● ● ● Privacy Cyber Privacy? IT Privacy? Online Privacy? Information Literacy? The Digital Divide? Intro
- 20. What will be the consequences of participation in this data set? https://github.com/frankmcsherry/blog/blob/master/posts/2016-02-06.md
- 21. Are we helping people avoid being added to more and more datasets? Are we increasing their digital foot prints?
- 22. Security & Privacy are, Getting Better, But they're Getting Worse FasterIntro
- 23. Why does this keep happening? The Internet was built for openness and speed More Things Online – More Targets Old, out-of-date systems and budget shortfalls New poorly designed systems Surveillance is the business of the Internet
- 26. Good Guys
- 28. Not much of this crime is new Automation Distance "Technique Propagation" (“Only the first attacker has to be skilled; everyone else can use his software.”) Intro
- 29. The technology of the internet makes the bad guys vastly more efficient. Intro
- 30. It's Safe Behind The Keyboard Hacking is a really safe crime. Comparatively. To other real life crime
- 31. Intro
- 32. Where Are They Working? • Social Networks • Search Engines • Advertising • Email • Web Sites • Web Servers • Home Computers • Mobile Devices Intro
- 33. This is the work of a rogue industry, not a roguish teenager Intro
- 34. *Thanks to Brian Krebs for sharing screenshots: krebsonsecurity.com And to Dr. Mark Vriesenga, BAE systems Examples Intro
- 35. What Are They After? • PINs • Passwords • Credit Cards • Bank Accounts • Usernames • Contact Lists • Emails • Phone Numbers • Your Hardware... Intro
- 36. http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/?utm_source=feedburn
- 37. Personal information is the currency of the underground economy Intro
- 38. Personal information is the currency of the entire Internet economy Intro
- 40. What's It Worth?Credit Cards: $5-$30 Basic or “Random” $5-$8 With Bank ID# $15 With Date of Birth $15 With Fullzinfo $30 Payment service accounts: $20-$300 containing from US$400 to $1,000 between $20 and $50 containing from $5,000 to $8,000 range from $200 to $300 Bank login credentials: $190-$500 A $2,200 balance account selling for $190. $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance Online premium content services: $.55-$15 Online video streaming($0.25 to $1) premium cable channel streaming services ($7.50) premium comic book services ($0.55) professional sports streaming ($15) Loyalty, community accounts: $20-$1400 A major hotel brand loyalty account with 100,000 points for sale for $20 An online auction community account with high reputation marks priced at $1,400 "The Hidden Data Economy" study by MacAfee October 2015
- 42. The Era Of Steal Everything Everything has some value Intro
- 43. Against a sufficiently motivated and equipped adversary, no device is impenetrable. Intro
- 44. There is no such thing as a secure computer Intro
- 45. We are making things safER Intro
- 46. "None of this is about being "unhackable"; it’s about making the difficulty of doing so not worth the effort." Intro
- 47. Intro
- 49. Think Different… Have A Hacker Mindset Have A Security Mindset Intro
- 50. http://www.pewinternet.org/files/2015/09/2015-09-15_libraries_FINAL.pdf Offer Training At Your Library
- 51. Everything You Need To Know Use Great Passwords Strong (Long, Complex) Unique Stay Paranoid & Vigilant Never Trust Anything or Anyone Always Double Check Intro
- 53. Everything You Need To Know Use Great Passwords Strong (Long, Complex) Unique Stay Paranoid & Vigilant Never Trust Anything or Anyone Always Double Check Think Before You Click Use Routine Backups Keep Everything Patched / Updated Think Before You Share Intro
- 54. Avoid The Worstest Things • Moving Slow on updates • Thoughtlessness Surfing/Clicking/Following/Sharing • Over Sharing • Reusing Weak Passwords • Not Backing Up • Thinking It Can’t Happen To You
- 55. Week One: Intro Who and How and What Privacy & Security in general Why this is all important 5 Basic Things Week Two: Outrunning The Bear Passwords Securing Devices Browsers & Tor Email Staying Safe On-line (General Tips) Week Three: Outrunning The Bear @ Your Library Training: Thinking & Behavior Threat modeling Hardware and networks Week Four: Websites & Everything Else Web Servers and Networks Backups Drupal and Wordpress and Joomla Servers in general
- 56. IT Security For Librarians Blake Carver LYRASIS Systems Administrator
Notas do Editor
- The following slides outline what I mean here. Things *should* be better.
- This news article on Privacy tried to load a REDICULOUS number of trackers.
- IF the NSA comes after you, they’ll get you. Ain’t nobody got time for that kind of defense. WHEN a bot finds your open ports / not updated WordPRess site then you’re dead. The NSA isn’t very likely. The bot WILL happen.
- I like to use bad guys.
- Bad guys or good guys?
- Bad guys! The bears we want to out run. Bots and other things that are crawling IP address 24/7
- Evidence of bots looking for insecure PHPMyAdmin installs
- I like IT Security Let’s make it a part of Information Literacy!
- Things aren’t SECURE or NOT It’s not all black and white.
- The link is there, a really interesting read as it applies to privacy.
- Read that prvious link
- Professionals, who are good at what they do, and smart and talented. But then everyone else follows what they do.
- Good guys? All these “good guys” are doing their best to track our every move.
- Would you rather risk going out and robbing people in real life, or sit behind a keyboard?
- Got this from http://www.verizonenterprise.com/DBIR/resources/2013/
- http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
- https://www.teachprivacy.com/the-health-data-breach-and-id-theft-epidemic/
- An example of being careful. That “Click Here” link had a really scary link in it. Turns out it’s just a constantcontact link, nothing bad, but holy cow it looks scary.