Computer Security

Hacking, Phishing, Passwords

Kausalya S. And Sushil Mujumdar (CCCF)04 - Aug - 15

Computer security: why?

Secure your computer, accounts, and the data  Hackers break laws: consequences will be yours Infected machines send millions/billions of messages

closing down the network, our servers get black listed. Intruders may destroy data: scientific, pay roll ... Hackers may launch attacks from your machine on

more sensitive installations: banks, defence

Protect your PC / data : To-dos Use security software

Windows defender / TIFR licensed antivirus Always login as normal user (not admin) Leave admin job to sysadmin if you are novice Use updated software Back up important documents / files regularly Check URL & think before you click a link. No unwanted / copyrighted downloads

What can you do about hacking?

Always check the URL for correctness. inspect login messages check last login date /

time, close sessions and log out Ask a system administrator for security tips to

administer your own machine / laptop Be aware of social hacking tricks like phishing NEVER share your password / credentials

Varieties of social hacking Social hacking=confidence tricking to get

sensitive information (passwords, ATM PINs...) Identify sensitive information and refuse to give

it. Got any seemingly genuine mail (phishing) /

phone ? Check back, Don’t be in a hurry to respond.

Refuse freebies : million $ or £ to be credited to your account, IT refund …

What can you do? Are you at the right URL before keying in ? Your passwords are secret. Do not give them

away. Legitimate users and system administrators never ask for your password

Choose strong passwords Choose a different password for every

application. How do you remember so many? Log out of every application when you leave a

public terminal

What is a strong password?

Not easy ones-”tifr123” “abcd1234” “password” Never use personal information: that can

always be found out. Use random combinations of any character that

you have on the keyboard: Lcase + Ucase + Nos + spl chars at least 8. Gu_e$t!@3 or cA-nuS3e or Sy5OuCa.n

How do you remember passwords?

High tech solution: your browser can remember passwords for you. Then lock the set using a single strong password

Low tech solution: use the same security that you use for your money; keep in your wallet or lock it up in a drawer. But encrypt them before writing them down.

Tokenize: GenToken+Specifickeyword: e.g. Gu_e$tWb , Gu_e$tMl, Gu_e$tIci, Gu_e$tcBi

Main points to remember You are liable for crimes committed in your

name: so protect your identity from theft. In cyberspace protect your passwords. They

must be secret, strong and all different. System administrators never ask for your password

Be suspicious of all attempts to get personal information by email or phone. Check back

Always check the URL before you click Helpline for IT Security : 2121 / cc@tifr.res.in