computing security
play

Computing Security @ Carnegie Mellon University John K. Lerchey - PowerPoint PPT Presentation

Feb 09, 2024 •209 likes •301 views

Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office lerchey@andrew.cmu.edu Start with the Basics Patching Antivirus and anti-malware software Strong passwords Be aware of Theft

  1. Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office lerchey@andrew.cmu.edu

  2. Start with the Basics • Patching • Antivirus and anti-malware software • Strong passwords • Be aware of Theft – (Computer, Account) • Back up your data • Read our Policies and Guidelines • Take advantage of our tools: – Identity Finder, Anti-Phishing Phil, Anti-Phishing Phyllis, ISO Patch-Check

  3. What’s infecting the Campus now • Fake A/V – fake antivirus that ties up the system with pop-ups, sometimes installs backdoors or other malware. • Zbot/Zeus - acquired from phish messages, causes spamming, steals banking credentials. • Torpig – identity stealer, reboots the computer, lodges in the MBR, hidden.

  4. Why are computers getting compromised? • Unpatched Java, Adobe Reader and Adobe Flash. • Rotating web-ads are often involved. • Downloading exploits with P2P. • Clicking on e-mail objects. • Clicking on pop-up windows • Passing around infected USBs.

  5. Be Afraid • CMU is a big target (reputation). • People inside are always trying out new hacker tools on this network. • People from other countries want your credentials to get Library/other resources. • 51% of students participating in a phish study fell for phishing attempts on day one (IDtheft study, 4/2009).

  6. A Few Words About Phishing… • Computing Services will NEVER ask for your password • Notices from Computing Services will always come from a valid Carnegie Mellon email address • General announcements can be verified at: http:www.cmu.edu/computing/news

  7. What ISO Sees • Signatures, flows, logs. • Only the most egregious stuff, and not all of it. • Events and incidents reported to us. • We pay much more attention to administrative systems.

  8. What you can do • Take advantage of the antivirus/anti-malware software on Computing Services’s site: http://www.cmu.edu/computing/software/all/index.html • Take advantage of the ISO Patch-Check tool https://www.cmu.edu/iso/patch-check/ • Follow the polices and guidelines • Be careful with “course software” and projects • Register your computer with the CMU Police http://www.cmu.edu/police/programsandservices/crime- prevention.html

  9. Questions? Information Security Office (ISO) iso@andrew.cmu.edu www.cmu.edu/iso Computing Services Help Center: 412-268-4357

Recommend

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and

Computer S ecurity: Principles and Practice Chapter 10 Trusted Computing Trusted Computing Chapter 10 and Multilevel Security and Multilevel Security First Edition by William S tallings and Lawrie Brown Lecture slides by Lawrie

636 views • 40 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Computing Security @ Carnegie Mellon University Allison MacFarlan Wiam Younes & Training

Computing Security @ Carnegie Mellon University Allison MacFarlan Wiam Younes & Training

Computing Security @ Carnegie Mellon University Allison MacFarlan Wiam Younes & Training and Awareness Information Security Coordinator Engineer Five Computing Security Tips Back to the Basics Patching Antivirus and

342 views • 11 slides
Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc

Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc

Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc Langheinrich Institute for Pervasive Computing Institute for Pervasive Computing ETH Zurich, Switzerland Approaches to Security & Privacy in

749 views • 39 slides
Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive

Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive

Security for Pervasive Computing CS239 Kevin Eustice V. Ramakrishna 4/24/06 What is Pervasive Computing? One Vision of Pervasive Computing PHYSICAL INTEGRATION Coffee Shop Personal Network Change route! My location? L o c a t i

318 views • 20 slides
SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2019-03-01 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

794 views • 66 slides
SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson

SYSTEM SECURITY III: TRUSTED COMPUTING TDDD17 Informationsskerhet Ben Smeets Ericsson Research Security / Lund University 1 2020-02-28 B. Smeets LiTH course Goal of this lecture Understand trusted computing and its purpose Threats

1.42k views • 65 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The

Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The

Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The Open University, GB http://www.umlsec.org Challenge: Security Security is holistic property: Attackers often circumvent (not: break) mechanisms.

639 views • 36 slides
Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Security & Cryptography I Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small

955 views • 51 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing

Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing

Enabling Grids for E-sciencE Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing OSCT Security Workshop on 7 th March in Taipei www.eu-egee.org 1 Jinny Chien, ASGC Training and Dissemination

1.05k views • 39 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
Security Research Community Through Data Products and Computing Minaxi Gupta

Security Research Community Through Data Products and Computing Minaxi Gupta

Project Bloom: Empowering the Security Research Community Through Data Products and Computing Minaxi Gupta School of Informatics and Computing Greg Travis, David Ripley ANML Doug D. Pearson REN-ISAC

317 views • 17 slides
Multiplicity Computing Engineering Software for Reliability, Performance, and Security Alexander

Multiplicity Computing Engineering Software for Reliability, Performance, and Security Alexander

Multiplicity Computing Engineering Software for Reliability, Performance, and Security Alexander Wolf Department of Computing Imperial College London in collaboration with Cristian Cadar, Paolo Costa, and Peter Pietzuch An inspiring example

243 views • 13 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Academia Sinica Grid Computing Certification Authority (ASGCCA) C.C.Chang Academia Sinica

Academia Sinica Grid Computing Certification Authority (ASGCCA) C.C.Chang Academia Sinica

Academia Sinica Grid Computing Certification Authority (ASGCCA) C.C.Chang Academia Sinica Computing Centre Outline Introduction to ASGCC / ASGCCA Procedural Security Physical Security Technical Security Contact

214 views • 20 slides
Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics

Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics

Introductions CSci 8271 Security and Privacy in Computing Day 1: Introduction and Logistics Stephen McCamant University of Minnesota Outline What is computer security? Big-Picture Introduction Keep bad things from happening Course

371 views • 8 slides

More recommend