Clemson Computing & Information Technology
Clemson Calendars Campus Map Clemson Tour MyCLE Clemson Phonebook Clemson Search Webmail Clemson University Navigation
top of border
middle of border
Security Education - Tips and Tools

This page is dedicated to educating the end user about good security practices and procedures and arming them with the information needed to deal with security and privacy issues.

OISP
CCIT

Keeping Children Safe Online

Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats.

What unique risks are associated with children?

When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.

You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell you what happened because she's afraid of getting punished.

Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users (see Avoiding Social Engineering and Phishing Attacks for some examples). Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. The threat is even greater if a child has access to email or instant messaging programs, visits chat rooms, and/or uses social networking sites (see Using Instant Messaging and Chat Rooms Safely and Staying Safe on Social Network Sites for more information).

What can you do?

  • Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.
  • Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
  • Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. The goal isn't to scare them, it's to make them more aware.
  • Monitor computer activity - Be aware of what your child is doing on the computer, including which web sites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
  • Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
  • Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges she has.

    If you don't have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser (see Evaluating Your Web Browser's Security Settings for more information), avoid letting your browser remember passwords and other personal information (see Browsing Safely: Understanding Active Content and Cookies). Also, it is always important to keep your virus definitions up to date (see Understanding Anti-Virus Software).

  • Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options..., choose the Content tab, and click the Enable... button under Content Advisor.

    There are other resources you can use to control and/or monitor your child's online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs. The following web sites offer lists of software, as well as other useful information about protecting children online:

    • GetNetWise - http://kids.getnetwise.org/ - Click Tools for Families to reach a page that allows you to search for software based on characteristics like what the tool does and what operating system you have on your computer.
    • Yahooligans! Parents' Guide - http://yahooligans.yahoo.com/parents/ - Click Blocking and Filtering under Related Websites on the left sidebar to reach a list of software.
Authors: Mindi McDowell, Allen Householder Copyright 2005 Carnegie Mellon University. Terms of use

 

Why is Cyber Security a Problem?

(US-Cert - Cyber Security Tip ST04-001)

You've heard the news stories about credit card numbers being stolen and email viruses spreading. Maybe you've even been a victim yourself. One of the best defenses is understanding the risks, what some of the basic terms mean, and what you can do to protect yourself against them.

What is cyber security?

It seems that everything relies on computers and the Internet now — communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?

Cyber security involves protecting that information by preventing, detecting, and responding to attacks.

What are the risks?

There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What can you do?

The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
    Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).

    Malicious code - This category includes code such as viruses, worms, and Trojan horses. Although some people use these terms interchangeably, they have unique characteristics.

    • Viruses - This type of malicious code requires you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
    • Worms - Worms propagate without user intervention. They typically start by exploiting a software vulnerability (a flaw that allows the software's intended security policy to be violated), then once the victim computer has been infected the worm will attempt to find and infect other computers. Similar to viruses, worms can propagate via email, web sites, or network-based software. The automated self-propagation of worms distinguishes them from viruses.
    • Trojan horses - A Trojan horse program is software that claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

Authors: Mindi McDowell, Allen Householder

Produced By US-Cert

Choosing and Protecting Passwords

(US - Cert - Cyber Security Tip ST04-002)

Passwords are a common form of authentication and are often the only barrier between a user and your personal information. There are several programs attackers can use to help guess or "crack" passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.

Why do you need a password?

Think about the number of PIN numbers, passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart...the list seems to just keep getting longer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe you've wondered if all of the fuss is worth it. After all, what attacker cares about your personal email account, right? Or why would someone bother with your practically empty bank account when there are others with much more money? Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if you don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords.

How do you choose a good password?

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or "crack" them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Or the last four digits of your social security number? Or your address or phone number? Think about how easily it is to find this information out about somebody. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to "dictionary" attacks, which attempt to guess passwords based on words in the dictionary.

Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters. Change the same example we used above to "Il!2pBb." and see how much more complicated it has become just by adding numbers and special characters.

Don't assume that now that you've developed a strong password you should use it for every system or program you log into. If an attacker does guess it, he would have access to all of your accounts. You should use these techniques to develop unique passwords for each of your accounts.

Here is a review of tactics to use when choosing a password:

  • Don't use passwords that are based on personal information that can be easily accessed or guessed
  • Don't use words that can be found in any dictionary of any language
  • Develop a mnemonic for remembering complex passwords
  • Use both lowercase and capital letters
  • Use a combination of letters, numbers, and special characters
  • Use different passwords on different systems

How can you protect your password?

Now that you've chosen a password that's difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your office. Don't tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.

If your Internet service provider (ISP) offers choices of authentication systems, look for ones that use Kerberos, challenge/response, or public key encryption rather than simple passwords (see Understanding ISPs and Supplementing Passwords for more information). Consider challenging service providers who only use passwords to adopt more secure methods.

Also, many programs offer the option of "remembering" your password, but these programs have varying degrees of security protecting that information. Some programs, such as email clients, store the information in clear text in a file on your computer. This means that anyone with access to your computer can discover all of your passwords and can gain access to your information. For this reason, always remember to log out when you are using a public computer (at the library, an Internet cafe, or even a shared computer at your office). Other programs, such as Apple's Keychain and Palm's Secure Desktop, use strong encryption to protect the information. These types of programs may be viable options for managing your passwords if you find you have too many to remember.

There's no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.

Authors: Mindi McDowell, Jason Rafail, Shawn Hernan

Produced by US-Cert

Security Tool Round Up - Spyware

The biggest threat to the internet user today is spyware. How many computers have you seen brought to it's knees by 20 toolbars, and a system try full of useless programs. Not counting the ones you don't see running in the background, and all of them are set to start up automatically. To keep your system clean and spyware free you need a good spyware scanner.

Here is a good list of recommended free utilities:

  • Ad-Aware 2007 Free [Windows] - This is one of the most popular, comprehensive spyware removal tools. Maintains a large blacklisted spyware database and identifies malicious program code for the best possible detection.
  • Spybot - Search & Destroy [Windows, Linux/Unix with Wine support in ver. 1.5] - Uses deep scanning techniques to cleanse your system of the most obscure forms of spyware. Allows you to blacklist certain types of spyware in order to prevent it from showing up on your system again.
  • Zebra scanner [Mac] – Scans files for hidden agendas (e.g. a trojan disguised as an MP3 or image.) Notifies the user of the scanned files integrity. Does not contain a method for disinfecting the computer.

Macworld - Lock It Up series

Take a look at Macworld's series of tips for making your Mac more secure, and ways to prevent others from getting at your private data.

FileVault

bottom of border
Clemson Alphabetical Navigation Clemson Z index Clemson Y index Clemson X index Clemson W index Clemson V index Clemson U index Clemson T index Clemson S index Clemson R index Clemson Q index Clemson P index Clemson O index Clemson N index Clemson M index Clemson L index Clemson K index Clemson J index Clemson I index Clemson H index Clemson G index Clemson F index Clemson E index Clemson D index Clemson C index Clemson B index Clemson A index