Staying Safe Online

From IT Security For Libraries Wiki
Jump to: navigation, search

General Tips To Keep Secure Online While Browsing

Staying Safe Online

In July Hotmail added "my friend's been hacked" and forced better passwords.
Firesheep
Browsers, Plugins, email, firewall, file sharing, VPN, SSL, HTTPS, Watch out for short links
Don't use P2P file sharing.
Don't install things you're not sure about
Keep things updated
If you're not using it, remove it
Never open email attachments
Use LastPass or something
Secure Your Browser - Plugins and Updates
Google Authenticateer for Gmail
Use a VPN
Have a recovery plan
Block flash, javascript
Use Prey Project for your phone/laptop/pad
The cloud = Dropbox, Google, Amazon, Apple
Convenience versus security, the problem with all SaaS applications,
How much do you trust the service provider? (you should still backup stuff in the cloud)
Five Best Browser Security Extensions
http://www.ghostery.com/
add-on for Firefox called Collusion
Mozilla BrowserID: Decentralized, Federated Login
ShareMeNot is a Firefox add-on for preventing tracking from third-party buttons (like the Facebook "Like" button or the Google "+1" button) until the user actually chooses to interact with them.
Microsoft System Sweeper?? (from podcast)
Safest browser

Monitor your ssl connections get an alert when something chages on SSL somehow? podcast

Spam, Phishing, Spear Phishing, Phone Calls
Keeping your webmail safe (there's a PDF on this?)
Is your stuff backed up?
Purchase a reputable virus protection software program, keep it up to date and run it often.
Avoid downloading programs from unknown sources.
Make sure that the Macro Virus Protection feature is enabled in all Microsoft applications.
Never double click an email attachment that contains an executable program, recognizable by .exe, .com or .vbs extensions.
Switch to a more secure operating system.
Common Security Myths
People are not out to steal money now. They're after ANYTHING
You have nothing important to steal
Only people with money or secrest are targeted
Having anti virus software doesn't make you safe
Using a Mac/Linux doesn't make you safe
Patches and updates make things worse and break them
You can look at a site and know it's safe and not serving bad stuff
Using a firewall makes you safe
Complex frequently changed passwords make you safe
padlock icon present during an SSL session means my data is safe.
Avoiding IE makes me safe
If an email looks safe or comes from a friend it's ok
If a link comes from a friend on Facebook/twitter it's safe
If I just click a link it's ok
I use a filter/firewall/something so I'm safe
Only porn, gambling, and other “dodgy” sites are dangerous
Only naive users get infected with malware and viruses
You can only get infected if you download files.
If I'm compromised I will know it.
Most infections come from email (infected websites share a big %)
Just looking at a page or clicking a link won't hurt me
P2P and torrents are safe
You won't get infected if you avoid bad (naked people) sites
My firewall is on, my antivirus is on, my whatever is on, I'm safe
If you don't open a file you're safe
Hardware can't spread or come preinfected
Rmemeber anti virus stuff and antimalware programs aren't updated daily
even if your filter is good enough to catch phishing, your user base can defeat your technology.

What about if you're traveling?

Don't do online banking or other financial transactions while away from home.
Do not set your smartphone to automatically join any unlocked hotspot.
Avoid using public computers in hotels and elsewhere -- they could be infected with data-mining software.
If you leave a laptop or other device in your hotel room, lock them up.
Don't post travel photos and writings on social network sites until you get home.


What do you do AFTER you learned you've been hacked? Take Everything Offline - If Possible Figure out what happened. Was it a password? Old program that had a hole in it? If you can't figure it out, you should probably format everything Change Your Passwords