Security QuestionnairePlease read each question and then choose one of the possible answers.

© Members of the ISSeG Collaboration, 2008. See http://www.isseg.eu for details

1/331/33

Yes, all the time

Are the computers on our site under attack?

No Yes, Occasionally

2/332/33

Oops, you didn’t get that quite right!

Are the computers on our site under attack?

Viruses

Worms

Trojans

SPAM(>90% of incoming mail)

“Phishing” Attacks

3/333/33

Yes, they certainly are!Security monitoring detects about XXX intrusion attacks and YYY viruses per month. More than ZZZ computers per year need reinstallation after a break-in!

What happens if my computer is infected?

4/334/33

Not really a problem Re-install O/SDelete infection

Oops, you didn’t get that quite right!

For simple cases of infection by known viruses, if you are running up-to-date anti-virus software, the infection can be deleted.

However, particularly if your machine is not centrally managed, it is often necessary to:

• Re format disk

• Re install operating system

• Re install applications

• Restore files from backup

What happens if my computer is infected?

Lost time!

5/335/33

Does our site forbid certain applications?

6/336/33

Yes No Don’t know

Oops, you didn’t get that quite right!

Does our site forbid certain applications ?

Peer-to-Peer file-sharing software (e.g. BitTorrent) must NOT be run on computers on site.

Yes! Some kinds of software are explicitly forbidden and their use will be detected and sanctioned

Neither is use of “Chat Rooms” permitted (IRC - Internet Relay Chat) because they are used by attackers and “botnets”.(Instant Messaging applications like MSN Messenger are allowed)

For details of rules, see “Restrictions” section in:http://www.abcd.xx/security/

7/337/33

Can I install software on my office computer?8/338/33

No, you can’t If it’s essentialYes, of course

Oops, you didn’t get that quite right!

Can I install software on my office computer?

Don’t download programs or plug-ins from unfamiliar sources on the Internet. These may contain Trojan horses, spyware or other malicious software that will infect your PC!

Yes, if it is essential, but use only software provided by the computer department or from a reliable source.

9/339/33

Does our site allow personal use of computing facilities?

10/3310/33

No Limited useYes, always

Oops, you didn’t get that quite right!

Does our site allow personal use of computing facilities?

Computing facilities are intended to achieve our institutes mission. Nevertheless, personal use is tolerated, e.g. for Email or Web browsing, provided that:

Yes, but… It is in compliance with the official rules governing computer use and not detrimental to official duties, including those of other users;

The frequency and duration is limited and there is a negligible use of site resources;

It does not constitute a political, commercial and/or profit-making activity;

It is not inappropriate or offensive;

It does not violate applicable laws.

11/3311/33

Surely Web browsing is safe?

12/3312/33

Yes No Not necessarily!

Oops, you didn’t get that quite right!

Surely Web browsing is safe?

Clicking on links in Web pages may download malicious code!

Not necessarily!

By hovering your mouse over a web link WITHOUT CLICKING you reveal its real destination. If in doubt, don’t click the link:

http://www.look-at-me/I’m-great

http://69.27.119.85/this.is.a.sting

13/3313/33

Well, what about Email attachments?

14/3314/33

OK at our site May be infectedDangerous

Oops, you didn’t get that quite right!

Well, what about Email attachments?

Email attachments may be infectedDo you know the person who sent it?Does the message look genuine or a forgery?

Be careful!

15/3315/33

If you are suspicious, don’t open it and delete the mail immediately.

Should I be careful about Phishing?

16/3316/33

Someone can’t spellNoYes

Oops, you didn’t get that quite right!

Should I be careful about Phishing?

Yes, you should be!!! “Phishing” is associated with criminal activity.

By masquerading as a trustworthy entity, phishing tries to trick computer users into giving away confidential information, such as usernames, passwords, or credit card details, or to download malicious code into their computer.

Verify the source before you click!

17/3317/33

Should I worry about Key Loggers?

18/3318/33

Don’t know what they areNoYes

Oops, you didn’t get that quite right!

Should I worry about Key Loggers?

A Key logger is a program that sends everything you type to someone who wants your password, credit card details, and much more…It can be installed when you click on an infected Email or Web page.

Yes, you should!

19/3319/33

Are Linux and Macintosh computers safe?

20/3320/33

Yes No Usually

Oops, you didn’t get that quite right!

Are Linux and Macintosh computers safe?

Up to now they suffer fewer attacks than Windows, but they are attacked nevertheless!

Unfortunately not…

21/3321/33

Can I share my files and calendar with my collaborators?

22/3322/33

Not advised No, it is forbiddenYes, of course

Oops, you didn’t get that quite right!

Can I share my files and calendar with my collaborators?

Yes, by configuring access controls correctly.

However, you must never divulge your password

to anyone (and don’t need to).

Helpdesk staff will NEVER ask for your password

23/3323/33

Are six characters good enough for my password?24/3324/33

NeitherNo, but eight letters are OKYes, of course

Oops, you didn’t get that quite right!

Are six characters good enough for my password?

A strong password should be at least 8 characters long and a mixture of at least 3 of the following:

upper case letters,lower case letters,numbers,punctuation symbols.

And neither is a name, any word in the dictionary,nor something simple like ABCDEFGH

25/3325/33

No they are not!

Can I manage my own computer?

26/3326/33

Yes, of course No, you can’t Not recommended

Oops, you didn’t get that quite right!

Can I manage my own computer?

You can, but IT recommends that you do not.

Are you sure you have the tools and the expertise, as well as the time, to install the latest system versions and all the latest patches?

If your machine is infected, it will be blocked from the network.

Note that for production machines central management allows machine owners to specify when updates take place.

27/3327/33

Not recommended

Conclusion: Central management is MUCH safer and much less time consuming.

Can I get privileged access?

28/3328/33

Yes, when neededNo, you can’tYes, of course

Oops, you didn’t get that quite right!

Can I get privileged access?

Normal operations don’t require it.

But when needed for professional reasons, you will be able to obtain elevated privileges such as administrator or root on a computer or access to sensitive data.

HOWEVER when the privilege is no longer required, you should make sure it is removed to make your computer less vulnerable and protect yourself from accidents.

29/3329/33

What should I do if it seems that someone else knows my passworddid something with my accountused my machine

30/3330/33

Inform Security TeamRebootLog out

Oops, you didn’t get that quite right!

What should I do if I think my account was compromised?

If you think there has been unauthorized access to your machine

or your account, then

report this to computer.security@xxxx.yy a.s.a.p.

31/3331/33

I still have questions, what should I do?

Computer Security Information can be found here:http://xxx.yy/security/

Computing Rules can be found here:http://xxx.yy/ComputingRules/

32/3332/33

You’ve finished the course!

to gain access to our computing facilities, you must formally agree to follow the computing rules.

To do this ………………………..

33/3333/33

BUT