DOCSLIB.ORG

Happy New Year! Happy New Year! 1 the UTRGV Information Security Office (ISO) Would Like to Wish You and Your Families a Security Highlights 2 Happy New Year

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Happy New Year! Happy New Year! 1 the UTRGV Information Security Office (ISO) Would Like to Wish You and Your Families a Security Highlights 2 Happy New Year ISO NEWSLETTER www.utrgv.edu/is VOLUME 1, ISSUE 1II JANUARY 19, 2017 INSIDE THIS ISSUE: Happy New Year! Happy New Year! 1 The UTRGV Information Security Office (ISO) would like to wish you and your families a Security Highlights 2 happy New Year. Hopefully one of your new years resolution will involve information security at home and work, in the instance that you have not added this to your list don’t worry there is still What to expect this plenty of time. semester Data privacy The ISO would also like to share a few security tips and hopefully you will share them with day 3 friends and family. National Stalk- ing Awareness Month Some basic security reminders to help 4. Change your passwords regular- you start the year: ly: UTRGV passwords must be ISO Spotlight 1. Beware of Tax Scams! The IRS saw changed at least yearly, but you can change it more often if need- UTRGV Senior an approximate 400 percent surge in 4 ed. Follow this tip for your banking Information phishing and malware incidents in the Security Analyst 2016 tax season. (www.irs.gov/uac/ and social media accounts! tax-scams-consumer-alerts) 5. Start organizing your passwords Featured Article 5 2. System & Data Backups: Ensure you with a password manager (e.g., backup important documents, irre- www.lastpass.com) where you can ISO Guest 6 placeable pictures and videos. Do not easily remember your password and let hardware failure, malware or everything is kept secure. ISO Campaigns 8 cryptoware get your data. Cloud 6. Secure your mobile devices (like sync services like OneDrive and laptops and tablets) by not leaving Security in the News 9 Dropbox are not suitable backup them visible in your car, password solutions. protecting access to them, and by 3. Computer Health: Check monthly physically securing them when unat- for Operating System (OS) and pro- tended. gram updates. Remove any unsup- ported or unneeded programs and services. EDITOR Francisco Tamez ISO Security Analyst P A G E 2 Security highlights Black Friday and Cyber Yahoo second data Pros and cons of your Med- Monday 2016 report breach ical ID in the Health app on U.S. ecommerce revenue Based on further analysis of your iPhone reported that Black Friday data by the forensic experts, If you have the latest version of 2016 was the first day to Yahoo believes an unauthor- iOS for your iPhone then you “generate more than a bil- ized third party, in August can set up a Medical ID in the lion dollars in online sales 2013, stole data associated from mobile devices, ac- with more than one billion Health app in order to access cording to Adobe.” Similarly user accounts. important health information. Cyber Monday saw an in- Medical ID helps first respond- crease of 12.1 percent Yahoo is notifying potentially ers access you critical medical achieving a new record with affected users by email and information (e.g., medications, “$3.45 billion spent posting additional infor- medical conditions, and aller- online” (bit.ly/2iLmW4p). mation to Yahoo’s website. gies) from the Lock screen, Additionally, Yahoo is asking It is clear that this trend will potentially affected users to without needing your passcode most likely continue for the promptly change their pass- (apple.co/2jbf7I7). new year and as the sales words and adopt alternate The questions here would be event takes place it still re- means of account verifica- who really has access to your mains the possibility of tion. The UTRGV Infor- fraudulent sales and fake mation Security Office (ISO) critical medical information? advertisement. highly recommends that any And what other information is Yahoo user to promptly stored in this application? The Despite the threats online change their passwords, se- answers would be: first re- by educating ourselves, curity questions, and an- sponders, nosy coworkers, sharing tips with family, and swers. prying family members, or any- friends we can combine our one who gets physical access efforts to be safe online. In For potentially affected ac- addition the ISO will always counts, the stolen user ac- to your iPhone for 15 seconds, stand guard and share with count information may have and “in addition, the phone the public any vulnerabilities included names, email ad- numbers and names of your online and any other topics dresses, telephone numbers, emergency contacts, and their of interest to you. dates of birth, hashed pass- relationship to you, will also be words (using MD5) and, in viewable, which introduces some cases, encrypted or unencrypted security ques- identity theft or phishing con- tions and answers. cerns. You’ll therefore need to (bit.ly/utrgvisonews2YDB) weigh the risks and benefits of having this information easily accessible via your iPh- one.” (bit.ly/2j4xmNy) P A G E 3 What to expect this semester? ISA Trainings Current ISO Projects Data privacy day With the help of the academic Our office is currently work- Respecting Privacy, and departments in UTRGV the ing on several projects that Safeguarding Data and ISO has founded the Infor- will enhance asset and vul- Enabling Trust is the theme for Data Privacy mation Security Administrators nerability management for Day (DPD), an interna- (ISA) group. The ISA’s will act computers in our University. tional effort held annually as a conduit between the ISO The ISO is currently improv- on January 28 to create and to these departments and ing methods of asset discov- awareness about the im- colleges. This partnership will ery, inventory, classification portance of privacy and help build pathways of commu- of data, and data loss preven- protecting personal infor- nication to ensure both em- tion. mation. ployees and the ISO are kept DPD is the signature event informed of topics and issues Mac Encryption solution in a greater privacy aware- affecting security. ness and education effort. The currently installed ver- The National Cyber Secu- sion of SecureDoc, UTRGV’s rity Alliance (NCSA) edu- January is the National encryption management so- cates consumers on how Stalking Awareness Month lution for Mac OSX, does they can own their online (NSAM) presence. NCSA’s privacy not support the latest OSX In January 2004, the National awareness campaign is an Center for Victims of Crime version Sierra. IT is re- integral component of launched NSAM to increase searching a better solution STOP.THINK.CONNECT the public’s understanding of to manage OSX encryption .-the global online safety, the crime of stalking. NSAM and Mac endpoint manage- security and privacy cam- emerged from the work of the ment, to include both OSX paign. Stalking Resource Center, a and iOS. (www.staysafeonline.org/ National Center program fund- data-privacy-day/about) ed by the Office on Violence Against Women, U.S. Depart- Retirement of UTB and ment of Justice, to raise aware- ness about stalking and help UTPA domains develop and implement multi- The UTB and UTPA legacy disciplinary responses to the domains will be retired this crime. summer. Users with ac- counts or computers still on In 2011, the White House is- sued the first Presidential Proc- these legacy domains run the lamation on National Stalking risk of losing computer and Awareness Month. President file access. It is critical that Obama’s proclamation stressed computers be migrated to the millions affected by the the UTRGV domain as soon crime, its often-devastating as possible. Avoid a last mi- consequences, the difficulty of nute rush and submit a ser- identifying and investigating the crime, and the federal govern- vice request with the IT Ser- ment’s strong commitment to vice Desk to get migrated combating stalking. before the summer. (stalkingawarenessmonth.org) VOLUME 1, ISSUE 1II P A G E 4 ISO Spotlight The ISO Spotlight interviews an individual that plays a role in UTRGV or information security. In this issue, you will meet Senior Information Security Analyst Daniel Ramirez . Daniel Ramirez Senior Information Security Analyst The University of Texas Rio Grande Valley 1. Tell us how information security has changed since you started in your role. Security is everywhere now because the internet is in everything. As more people and more things become connected to the internet, security becomes increasingly important. A hacker, thousands of miles away, could potentially connect to an internet accessible security camera inside a building and use it to breach security and access restricted areas. This could be someone’s home or the nations electrical grid. We live in a new era know than we did just 10 years ago. 2. Who are your customers, and what is one of the most challenging areas for you? My customers are the students, faculty and staff of UTRGV. One of my most challenging areas is ensuring that each of my customers has the knowledge needed to keep both UTRGV information resources and personal information resources safe and secure. 3. How did you come into the security field? I grew up with a fascination for computers and programming, before the internet. As computers began to be connected to the internet, I was intrigued by the technologies that were required to secure computers from threats. Threats in- creased exponentially over the years as the world learned how to hack and this shifted my fascination into ethical hacking and cybersecurity. 4. Top 3 life highlights: Finding my wife Births of my kids Getting a career in Cybersecurity 5. People would be surprised to know: I like to tinker with woodworking. 6. Which CD do you have in your car? Or what radio station do you listen to? A self-made mix of over 100 rap and hip-hop songs from the 80s through the new century.
Load more

Recommended publications
  • Comptia® Advanced Security Practitioner (CASP) CAS-003 Cert Guide
    CompTIA® Advanced Security Practitioner (CASP) CAS-003 Cert Guide Robin Abernathy Troy McMillan 800 East 96th Street Indianapolis, Indiana 46240 USA CompTIA® Advanced Security Practitioner (CASP) CAS-003 Editor-In-Chief Cert Guide Mark Taub Copyright © 2018 by Pearson Education, Inc. Product Line Manager All rights reserved. No part of this book shall be reproduced, stored in Brett Bartow a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from Acquisitions Editor the publisher. No patent liability is assumed with respect to the use of the Michelle Newcomb information contained herein. Although every precaution has been taken in Development Editor the preparation of this book, the publisher and author assume no respon- Ellie Bru sibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Managing Editor ISBN-13: 978-0-7897-5944-3 Sandra Schroeder ISBN-10: 0-7897-5944-6 Project Editor Library of Congress Control Number: 2018932405 Mandie Frank 01 18 Copy Editor Kitty Wilson Trademarks All terms mentioned in this book that are known to be trademarks or ser- Indexer vice marks have been appropriately capitalized. Pearson IT Certifi cation Ken Johnson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service Proofreader mark. Debbie Williams Windows is a registered trademark of Microsoft Corporation. Technical Editors Chris Crayton Warning and Disclaimer Every effort has been made to make this book as complete and as accurate Publishing Coordinator as possible, but no warranty or fi tness is implied.
    [Show full text]
  • USB Flash Drive - Wikipedia, the Free Encyclopedia
    USB flash drive - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/USB_flash_drive USB flash drive From Wikipedia, the free encyclopedia A USB flash drive consists of a flash memory data storage device integrated with a USB (Universal Serial Bus) USB Flash Drive interface. USB flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g (1 oz).[1] Storage capacities in 2010 can be as large as 256 GB[2] with steady improvements in size and price per capacity expected. Some allow 1 million write or erase cycles[citation needed] and offer a 10-year[citation needed]shelf storage time.[3][4] USB flash drives are often used for the same purposes for which floppy disks or CD-ROMs were used. They are smaller, faster, have thousands of times more capacity, and are more durable and reliable because of their lack of moving parts. Until approximately 2005, most desktop and laptop computers were supplied with floppy disk drives, but floppy disk drives have been abandoned in favor of USB ports. USB Flash drives use the USB mass storage standard, supported natively by modern operating systems such as SanDisk Cruzer Micro is a brand of USB flash drives Linux, Mac OS X, Windows, and other Unix-like systems. USB drives with USB 2.0 support can store more data and transfer faster than a much larger optical disc drives like CD-RW or DVD-RW drives and can be read by many other systems such as the Xbox 360, PlayStation 3, DVD players and in some upcoming mobile smartphones.
    [Show full text]
  • USB Flash Drive - Wikipedia, the Free Encyclopedia
    USB flash drive - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/USB_flash_drive USB flash drive From Wikipedia, the free encyclopedia A USB flash drive is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface. USB flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 grams (1.1 oz). [1] As of September 2011, drives of up to 256 gigabytes (GB) are available. [2] A one-terabyte (TB) drive was unveiled at the 2013 Consumer Electronics Show and will be available during 2013. [3] Storage capacities as large as 2 TB are planned, with steady SanDisk Cruzer Micro, a brand of [4] improvements in size and price per capacity expected. Some allow USB flash drives up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and a 10-year shelf storage time.[5][6][7] USB flash drives are often used for the same purposes for which floppy disks or CD-ROMs were used, i.e., for storage, back-up and transfer of computer files. They are smaller, faster, have thousands of times more capacity, and are more durable and reliable because they have no moving parts. Until about 2005, most desktop and laptop computers were supplied with floppy disk drives in addition to USB A Kingston card reader which accepts ports, but floppy disk drives have been abandoned due to their age Micro SD memory cards (Transcend and due to USB flash drives' growing popularity.
    [Show full text]
  • Contributors
    Volume 21 - (Q4/2009) “Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems.” Kevin Mitnick Contributors MyCERT 4th Quarter 2009 Summary Report Guide to Motion Compensation Application Of Cryptography CyberSecurity Malaysia (Phase Correlation and Vector Assignment) By Liyana Chew Bt Nizam Chew & By Mohamad Faizal Bin Kheli Kuzzaman Norhayati Binti Aziz & Nor Azeala Binti Mohd Yusof USB Port: A culprit to ICT Security? [email protected] [email protected] By Zarina Musa [email protected] [email protected] Elliptic Curve Cryptography [email protected] By Norul Hidayah & EnCase 101: How EnCase Looks at the Time Nik Azura Common Criteria and National Cyber Security of the Evidence File [Part 2] [email protected] By Norahana Salimin By Lee Hui Jing [email protected] [email protected] [email protected] Cyberdating: How to Have Fun but Stay Safe Improving Organizational Sustainability Flash Memory: SLC and MLC By Muralidharon Through Information Security By Hafizullah Fikrie (DF) [email protected] By Maslina Daud [email protected] [email protected] Know Your WZC and PNL Threats By Abdul Fuad Abdul Rahman Pengurusan Krisis Jamin Kesinambungan Urusan [email protected] By Nazhalina Nazri [email protected] Importance of Global IMD Report and CyberSecurity Malaysia Razman Azrai [email protected] e-Security | CyberSecurity Malaysia | Volume 1721 - (Q4/2008)(Q4/2009) KDN License number PP 15526/10/2010 (025827) 2. From the Editor’s Desk A Message from the Head [email protected] of CyberSecurity Malaysia Hello to all readers, It’s the fourth quarter of 2009 and we are back with lots of interesting articles.
    [Show full text]
  • LR8400-20 LR8401-20 LR8402-20 MEMORY Hilogger
    Instruction Manual LR8400-20 LR8401-20 LR8402-20 MEMORY HiLOGGER July 2014 Revised edition 7 LR8400B980-07 14-07H Shop for Power Metering products online at: www.PowerMeterStore.com 1.888.610.7664 HiLogger Firmware Version Information and Upgrades LAN communication is available with HiLogger firmware version 1.20 and later. (The release date for version 1.20 is June, 2010.) The HiLogger firmware version is displayed at the upper right on the System screen. The latest version can be downloaded from Hioki’s website. Please visit our company’s website or contact your dealer or Hioki representative for the version upgrade procedure. Shop for Power Metering products online at: www.PowerMeterStore.com 1.888.610.7664 i Contents Contents 1 Introduction ..............................................................................1 Confirming Package Contents ................................................2 2 Safety Information....................................................................3 Operating Precautions.............................................................6 Chapter 1 Overview ____________________________________13 1.1 Product Overview and Features .............................13 1.2 Measurement Flow ..................................................14 1.3 Names and Functions of Parts, Screen Configurations .........................................................16 1.4 Basic Operation .......................................................22 Screen Operations (changing settings, scrolling waveforms, and displaying values)
    [Show full text]
  • Zabezpieczenie Danych Na Pendrive
    Zabezpieczenie danych na Pendrive Jedną z korzyści wprowadzenia nowej ustawy o ochronie danych osobowych (RODO) jest rosnąca świadomość użytkowników, jak ważne mogą być dane przechowywane na komputerach i jak ważne jest ich odpowiednie zabezpieczenie. Oprócz zabezpieczenia komputerów stacjonarnych oraz laptopów ważne jest, aby mieć świadomość, że kolejnym słabym ogniwem w bezpieczeństwie danych mogą być dyski przenośne i pendrivy. Pendrivy często są wykorzystywane do przechowywania kopii plików, które wykorzystujemy w bieżącej pracy, często też się zdaża, że zawierają one dane osobowe, które powinny być chronione. Poniżej przedstawiam trzy sposoby na ochronnę danych, zwracając uwagę na wady i zalety każdego z rozwiązań. 1 sposób – ochrona sprzętowa Najprostszym sposobem jest zakup urządzeń, które mają wbudowane odpowiednie zabezpieczenia. Przykładem takiego pendrive może być urządzenie Kingston DataTraveler Vault Privacy 8GB USB 3.0 256bit AES Encrypted. Jest to pendrive, który posiada wbudowane mechanizmy szyfrujące blokujące dostęp do zawartości hasłem. zalety sprzętowe rozwiązanie wbudowane w urządzenie możliwość pracy w trybie do odczytu możliwość dokupienia ochrony antywirusowej brak konieczności stosowania dodatkowego oprogramowania automatyczne blokowanie i formatowanie po wpisaniu 10 razy błędnego hasła wady wysoka cena w stosunku do pojemności 2 sposób – Bitlocker Ten sposób jest równie prosty co pierwszy, niestety jego zastosowanie jest ograniczone. Funkcja Bitlocker została wbudowana przez firmę Microsoft w system operacyjny Windows od wersji 7 do 10, również w rozwiązaniach serwerowych. Funkcja ta pozwala na zaszyforwanie dysków komputera, dysków przenośnych oraz pendrive. Niestety, największą wadą tego rozwiązania jest ograniczenie funkcjonalności do wersji Windows Pro oraz Enterprise, oznacza to, że użytkownicy posiadający system w wersji Windows Home nie mogą szyfrować ai odczytywać dysków zabezpieczonych funkcją Bitlocker.
    [Show full text]
  • Winsetupfromusb - Install Windows XP from USB Flash Drive Published November 15, 2008 Guides Tags: Windows XP, Winsetupfromusb
    WinSetupFromUSB - Install Windows XP from USB Flash Drive Published November 15, 2008 Guides Tags: Windows XP, WinSetupFromUSB Ads by Google Hard drive recovery tool For corrupted, reformatted drives Windows Vista/XP/2003/2000/NT/Me/98 www.quetek.com This guide will show you, how to use WinSetupFromUSB to create a bootable USB Flash Drive including all Windows source files, plus the following installation of Windows XP. Compare to the different USB_Multiboot versions, WinSetupFromUSB comes with a Graphical User Interface (GUI) and is in my opinion easier to use. Here you can get the latest version of the program and you will also find many detailed informations about WinSetupFromUSB. I’ve tested this guide with a 32-bit version of Windows XP and a 64-bit version of Windows Vista and it worked flawlessly. Prerequisites: All you need is: z a USB Flash Drive with at least 1GB of storage z the original Windows XP Setup CD z WinSetupFromUSB If you use nLite to slim down your version of Windows XP, please keep the following in mind: DO NOT remove “Manual Install and Upgrade” under Operating System Options! I also recommend to integrate Service Pack 3 into your Windows XP source files. 1. Preparations Download and install WinSetupFromUSB. Default installation path is C:\WinSetupFromUSB. Create a new folder with the name WINXPCD in the root directory of drive C:\ and copy all files from your Windows XP Setup CD into this folder. Depending on your version of Windows XP, the content of C:\WINXPCD should look approximately like this: The following files will show you, which Service Pack is already integrated into your CD: z WIN51IC.SP1, Sevice Pack 1 z WIN51IC.SP2, Sevice Pack 2 z WIN51IC.SP3, Sevice Pack 3 2.
    [Show full text]
  • USB Flash Drive Security: Best Practices
    NCSC CERTIFIED USB Flash Drive Security: ADISA CERTIFIED FOR SSD EAL2+ COMMON CRITERIA Best Practices USB Flash Drive Security 101 Steps to Tighter USB Security 1. Educate employees about the risks of USB drives and require them to never plug in a USB USB Flash Drive Security: device that they are unsure about. We recommend the following steps to increase the security protocols when using USB drives: 2. Allow only software encrypted USB drives to be used to store and transfer company data. 1. Perform an audit on current USB devices in the organization. This can be done internally or outsourced to a specialized security firm if there’s a large inventory. Best Practices 3. Implement company software that only works with approved flash drives. 2. Scan network for removable media devices to determine where USB devices are used in the When thinking about a device that hackers are Discussing the Risks of Using Unknown Flash Drives organization. likely to compromise, a laptop or mobile phone 3. Create an encryption process for all removable devices and implement it. may come to mind. But one of the most Even if the intention was to look for evidence to return it to its rightful owner, plugging in an unknown 4. Require regular reporting to ensure safeguard policies are in place. common targets in the cyber hacking space is USB device and clicking on files poses several cyber security threats. Not only could a flash drive be When a USB device reaches its end of life cycle, clear all sensitive data before scrapping/re- often overlooked due to its tiny, manufactured to perform a scripted malware attack on the computer, it could even fry the computer 5.
    [Show full text]
  • Corporate Users
    East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS ALL NETWORK USERS All Council employees including Teachers, Elected Members and Community Representatives All Network Users v1.1.7 Page 1 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS Title Page Number 1 - Contents Page 2 2 - Document Control 3 2.1 - Version History 3 3 - Introduction 3 3.1 - Overview 3 4 - Acceptable Use Policy 4 4.1 - General Policy 4 4.2 - Internet Usage 5 4.3 - Email Usage 6 4.4 - Telephone Usage 7 4.5 - Word Processing And Other Software 8 5 - Privacy & Monitoring 9 5.1 - Overview 9 5.2 - Internet Monitoring 10 5.3 - Email Monitoring 11 5.4 - Telephone Monitoring 12 6 – Responses To Breaches Of Policy 13 6.1 - Overview 13 7 - Housekeeping 14 7.1 - Recommendations 14 7.2 - Password Selection 15 7.3 - Trojans, Virii & Spyware 15 7.4 - Security & Asset Security 16 7.5 - HP iPaq Security 17 7.6 - USB Flash Drives 17 Appendix I : Internet Content Filter Categories 19 Appendix II : Email Content Filter Categories 20 Appendix III : Telephony Charges 21 Appendix IV : Acceptance & Declaration 22 All Network Users v1.1.7 Page 2 of 22 East Ayrshire Council Information Technology Services ACCEPTABLE USE POLICY GOVERNING THE USE OF COMMUNICATION SYSTEMS 2 Document Control 2.1 Version History Author Date Version Approved By Date Approved Ian Aston 27/06/07 1.1.7 Malcolm Roulston 30/06/07 3 Introduction 3.1 Overview The internet, email and telephony are essential tools, however, their use can expose the Council to technical, commercial and legal risks if they are not used sensibly.
    [Show full text]