From the ISO’s Desk ISSUE: 10-9 YEAR: 2014 1
Password Security 1 University Information Security Office Newsletter Browser Security . 2
All this modern technology just makes people try to do Social Network Se- everything at once. curity ...... 2 -Bill Watterson
Password Security From the ISO’s Desk Created by Jacob Schuldt We use passwords every day to access nearly words can be difficult. For obvious reasons, every account on we have on the computer. these password storage techniques are unsafe, October is National Cyber Se- For some people, this can mean memorizing (or since they are easily accessible by others. In curity Awareness Month storing) dozens of passwords. For others, this efforts to combat password stealing, applica- (NCSAM), conducted every can mean having just a few similar passwords. tions like OnePassword, KeePass, and LastPass October since 2004, this nation- In order to prevent your account from being were created to manage passwords, making it al public awareness campaign compromised through password attacks and where users do not have to actually remember is intended to encourage every- revealing all of your information to the attack- their passwords. With these applications, an one to protect their computers er, it is suggested that you change your pass- initial account is created with a password. Af- and our nation’s critical cyber words frequently – every 30-180 days – and ter the initial created, you can change your set- infrastructure. Cyber security follow these helpful tips to have a strong and tings to require multi-factor authentication to requires vigilance 365 days per safely stored password. sign in, so you have to enter the password, and year. However, the Department then choose another authenticator, such as a of Homeland Security (DHS), Password Strength code that is texted to you and needed to sign in. the National Cyber Security Password security through complexity and pro- Once the account is created, you can enter in Alliance (NCSA), and the Mul- tection is one of the easiest and fastest ways to your passwords to multiple websites and appli- ti-State Information Sharing ensure that your accounts are secure. Password cations. Many users create a randomly generat- and Analysis Center (MS- complexity refers to creating a password that ed password, enter it into the password manag- ISAC), the primary drivers of will not be easy to guess and having different er application, then simply copy and paste it NCSAM, coordinate to shed a passwords for multiple accounts. In order to into the website they are trying to sign in to. brighter light on what home have a “strong” password, many suggestions The application stores the passwords and en- users, schools, businesses and have been given to protect your accounts from crypts them, so that in the case your computer governments need to do in or- hackers and malicious software. Depending on is compromised, the passwords will be ex- der to protect their computers, the account, passwords can, and should, contain tremely difficult, if not impossible, to obtain. children, and data. As part of lowercase letters, uppercase letters, numbers, From there, many of the password manager our program, The LUC Infor- and symbols. Some websites and applications applications come with a browser add-on so mation Security Staff will be will not allow the use of symbols or numbers, your password will automatically fill-in when sending daily tweets and hold- but it is best practice to use them when possi- you go to a preconfigured site. ing events on ways to encour- ble. In addition to having variation in charac- age safer computing. If you ters, passwords should be at least 8 characters, Memorizing lengthy and complex passwords would like to know more, but the longer the password, the better. Pass- can be a hassle, but for security reasons, these please go to our web page words shouldn’t contain a complete word, your longer passwords can make every user less https://www.luc.edu/uiso name, username, or the company or applica- vulnerable to password and account hacks. tion’s name in which you are creating the ac- Luckily, password management applications Jim Pardonek count. take the stress of remembering a password Information Security Officer away, and allow users to have longer, varying If you are having trouble creating a password, passwords. Remember to always use these there are numerous applications and websites that can help create a very complex password strong passwords for accounts, especially those for you. An example is passwordsgenera- with sensitive information, including billing tor.net, which creates a password according to information and social security numbers. University Information your requirements, and provides many other Security Office helpful tips to keep your passwords safe.
Email: [email protected] Password Storage Telephone: (773) 508-7373 Location: GC Room 230 Some users like to store their password either Hours: M-F 8AM-5PM in a plain text file, or on a piece of paper on their desk because memorizing many pass- Browser Security Created by Christopher Campbell
The web browser has become one of the In most major browsers, this can easily be blocking feature, NoScript most frequently used tools in today’s com- accomplished by looking for a small lock will still guard against many other com- puting environment. However, this makes icon in or around the address bar. Clicking mon types of web-based attacks without them popular targets for web-based at- this icon will inform you of whether or not any user action required. Here are some tacks, especially since they must interact the site’s certificate can be trusted. If not, additional browser extensions to improve so closely with active content in order to your connection is vulnerable and you may your security: properly display complex web pages. For- even be the victim of an attack in progress! tunately, there are a few simple precau- Avoid the site until access is properly se- HTTPS Everywhere – works with tions that can be taken as a user to improve cured. Additionally, be wary of unknown common sites in an attempt to deliver the security of your browser(s) and make applets attempting to run from a website all content over a secure connection: yourself a much harder target. (when in doubt, click no!) https://www.eff.org/Https-everywhere Web of Trust – displays a small, col- Firstly, it is important to look through the There are many add-ons and services that ored icon to indicate the reputation of settings of each browser you use and make can be used to further secure your brows- links, including whether the site may sure automatic updates are activated, and ing experience. Some useful security plug be unsafe to visit: https:// ensure you are comfortable with the level -ins available for most browsers include www.mywot.com/ of information sites may store about you. NoScript, HTTPS Everywhere, and Web LongURL.org – discover where short- It is also vital to verify that your connec- of Trust. NoScript is an excellent addition ened links (bit.ly, goo.gl, etc.) may tion to a website is properly secured that protects you by blocking active con- actually redirect you: http:// (especially when conducting sensitive tent such as JavaScript when you first visit longurl.org/ business such as online banking, shopping, a page. You may then choose to selective- or any other application where privacy is a ly enable any blocked functionality for this concern). Websites implement HTTPS to and all subsequent accomplish this, but in order to protect visits. Even if you your information it is important to make choose to globally sure this is functioning in a secure fashion. disable the entire script
Social Network Security Created by Cai Wang
People use social networks to share their life with families and unusual way, you should double check with them to make sure friends on a daily basis. Much personal information can be easily they are not an imposter. Do not simply give them your personal obtained through these websites, including your email address, information, because the person on the other side may not be birth date, and even your cellphone number. your friend. Recently, some social media applications have added a function called “share your location”. This “feature” not only shows To protect you account against hacking you should always use where you are, but basically passes a message to anyone saying strong and unique passwords and use different passwords for “I’m not at home”. each account. Never click any suspicious links, these probably contain malware that will infect your computer or give someone You should avoid sharing information including travel plans, full access to your account. address, birthdate, daily schedule and etc. It’s great to share your experiences in “real time” but to protect your home and posses- sions, post your pictures when you get home. Another way to secure your personal information is to change the privacy settings on your social media page to a proper level to control who can access your information. This is usually under Help Us Celebrate settings. Cyber Security Awareness Month by Attending One of Our Awareness Events Before you sign up at a website, you should read the privacy pol- icies to make sure they do not share your information such as Security and Donuts Sessions email address or user preferences with third-party businesses. These businesses will use that information to send you spam October 09, Thursday 10:00AM-11:30AM LSC Damen 214 emails.
You should also be careful who you friend or add as a follower. October 14, Thursday 10:00AM-11:30AM WTC Corboy302 They may not be who they say they are. Fake profiles can be easily created by anyone in the world. If you use chat, such as October 23, Thursday 2:00PM-3:30PM LSC Damen214 Facebook Messenger and any of your friends chat with you in an