Date post: | 14-Dec-2015 |
Category: |
Documents |
Upload: | simon-whinery |
View: | 215 times |
Download: | 1 times |
Security QuestionnairePlease read each question and then choose one of the possible answers.
© Members of the ISSeG Collaboration, 2008. See http://www.isseg.eu for details
1/331/33
Are the computers on our site under attack?
Viruses
Worms
Trojans
SPAM(>90% of incoming mail)
“Phishing” Attacks
3/333/33
Yes, they certainly are!Security monitoring detects about XXX intrusion attacks and YYY viruses per month. More than ZZZ computers per year need reinstallation after a break-in!
What happens if my computer is infected?
4/334/33
Not really a problem Re-install O/SDelete infection
For simple cases of infection by known viruses, if you are running up-to-date anti-virus software, the infection can be deleted.
However, particularly if your machine is not centrally managed, it is often necessary to:
• Re format disk
• Re install operating system
• Re install applications
• Restore files from backup
What happens if my computer is infected?
Lost time!
5/335/33
Does our site forbid certain applications ?
Peer-to-Peer file-sharing software (e.g. BitTorrent) must NOT be run on computers on site.
Yes! Some kinds of software are explicitly forbidden and their use will be detected and sanctioned
Neither is use of “Chat Rooms” permitted (IRC - Internet Relay Chat) because they are used by attackers and “botnets”.(Instant Messaging applications like MSN Messenger are allowed)
For details of rules, see “Restrictions” section in:http://www.abcd.xx/security/
7/337/33
Can I install software on my office computer?
Don’t download programs or plug-ins from unfamiliar sources on the Internet. These may contain Trojan horses, spyware or other malicious software that will infect your PC!
Yes, if it is essential, but use only software provided by the computer department or from a reliable source.
9/339/33
Does our site allow personal use of computing facilities?
Computing facilities are intended to achieve our institutes mission. Nevertheless, personal use is tolerated, e.g. for Email or Web browsing, provided that:
Yes, but… It is in compliance with the official rules governing computer use and not detrimental to official duties, including those of other users;
The frequency and duration is limited and there is a negligible use of site resources;
It does not constitute a political, commercial and/or profit-making activity;
It is not inappropriate or offensive;
It does not violate applicable laws.
11/3311/33
Surely Web browsing is safe?
Clicking on links in Web pages may download malicious code!
Not necessarily!
By hovering your mouse over a web link WITHOUT CLICKING you reveal its real destination. If in doubt, don’t click the link:
http://www.look-at-me/I’m-great
http://69.27.119.85/this.is.a.sting
13/3313/33
Well, what about Email attachments?
Email attachments may be infectedDo you know the person who sent it?Does the message look genuine or a forgery?
Be careful!
15/3315/33
If you are suspicious, don’t open it and delete the mail immediately.
Should I be careful about Phishing?
Yes, you should be!!! “Phishing” is associated with criminal activity.
By masquerading as a trustworthy entity, phishing tries to trick computer users into giving away confidential information, such as usernames, passwords, or credit card details, or to download malicious code into their computer.
Verify the source before you click!
17/3317/33
Should I worry about Key Loggers?
A Key logger is a program that sends everything you type to someone who wants your password, credit card details, and much more…It can be installed when you click on an infected Email or Web page.
Yes, you should!
19/3319/33
Are Linux and Macintosh computers safe?
Up to now they suffer fewer attacks than Windows, but they are attacked nevertheless!
Unfortunately not…
21/3321/33
Can I share my files and calendar with my collaborators?
22/3322/33
Not advised No, it is forbiddenYes, of course
Can I share my files and calendar with my collaborators?
Yes, by configuring access controls correctly.
However, you must never divulge your password
to anyone (and don’t need to).
Helpdesk staff will NEVER ask for your password
23/3323/33
Are six characters good enough for my password?24/3324/33
NeitherNo, but eight letters are OKYes, of course
Are six characters good enough for my password?
A strong password should be at least 8 characters long and a mixture of at least 3 of the following:
upper case letters,lower case letters,numbers,punctuation symbols.
And neither is a name, any word in the dictionary,nor something simple like ABCDEFGH
25/3325/33
No they are not!
Can I manage my own computer?
You can, but IT recommends that you do not.
Are you sure you have the tools and the expertise, as well as the time, to install the latest system versions and all the latest patches?
If your machine is infected, it will be blocked from the network.
Note that for production machines central management allows machine owners to specify when updates take place.
27/3327/33
Not recommended
Conclusion: Central management is MUCH safer and much less time consuming.
Can I get privileged access?
Normal operations don’t require it.
But when needed for professional reasons, you will be able to obtain elevated privileges such as administrator or root on a computer or access to sensitive data.
HOWEVER when the privilege is no longer required, you should make sure it is removed to make your computer less vulnerable and protect yourself from accidents.
29/3329/33
What should I do if it seems that someone else knows my passworddid something with my accountused my machine
30/3330/33
Inform Security TeamRebootLog out
What should I do if I think my account was compromised?
If you think there has been unauthorized access to your machine
or your account, then
report this to [email protected] a.s.a.p.
31/3331/33
I still have questions, what should I do?
Computer Security Information can be found here:http://xxx.yy/security/
Computing Rules can be found here:http://xxx.yy/ComputingRules/
32/3332/33