Security Best Practices and Resources at Brandeis Melanie Radik Brandeis Library Brandeis University October 2017 Best Practice Overview Everyone strong passwords password protect all devices ID: 643061
Download Presentation The PPT/PDF document "How Not to Have Your Research Stolen o..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
How Not to Have Your Research Stolen or Corrupted
Security Best Practices and Resources at Brandeis
Melanie
Radik
Brandeis Library
Brandeis University
October 2017Slide2
Best Practice Overview
Everyonestrong passwords
password protect all devices
secure wireless
update software and OSantivirusmanage permissions for networked filesphysically secure all devices
Advancedencryptionelectronic signatureswatermarkingfirewallsintrusion detection softwareSlide3
Creating Passphrases
Passphrase requirements length
variety of characters
change it regularly
Protect all deviceslaptop or desktoptabletphone
USB driveSlide4
Managing Passphrases
Use different ones for each accountbanking vs. social media vs. email, etc.
isolates hacking breach
allows for easier site-based creation
Secure your passphrase listdon’t write it down unless kept locked updon’t use browser auto-fillLastpass or KeePass
More on passphrases in Brandeis Knowledge Base (KB)Slide5
Secure Wireless
Wireless on campussecure = eduroam
not secure = brandeis_guest, brandeis_open
Wireless off campus
password protect home wirelessPulse Secure VPN: more details in KB Wormhole, wormhole.brandeis.edu: more details in KB
Remote Desktop setup details available in KBSlide6
Keep Things Up-To-Date
Things to update
Operating systems on all devices
Installed software and plug-ins
home wireless routerRoutines to implementwhen a program asks to update, let it shut down your computer and programs on a regular basis
uninstall programs you no longer useTech Help Desk is available to help troubleshootXKCD created by Randall MunroeSlide7
Malware Protection
Antivirus softwareSymantec Endpoint Protection (SEP)
More info in KB
Download from: brandeis.onthehub.com
Malwarebytes More info in KBPremium licensed for university-owned computerspersonal computers eligible for discounted Premiumor download free version at www.malwarebytes.org
AdBlock Plusavailable free, https://adblockplus.org/More on malware and anti-virus tools in KBSlide8
Who Has Access?
Manage permissionsGoogle Apps (Drive, Sites, etc.)
Brandeis Box
Brandeis networked drives
User accounts on devicesPhysical securityWho has the key?
Rooms locked or devices cable locked? (Both!)Mobile devices require extra careSlide9
Mandated Security for Data
Official policies dictate the security you must provide for
Personally Identifiable Information (PII)
Brandeis policy on PII
Massachusetts regulationsHIPPAA (federal)data concerning National Security (DOD research)
Trade Secrets, Patents, Copyright, LicensingThe IRB board oversees research compliance with security as part of its approval process. Slide10
High-Security Storage
Network Sharesdata encryption while data is at rest or in transit
access allowed only on Brandeis secure network
or through approved VPN
robust permissions managementBrandeis Boxdata encryption while data is at rest or in transitsupport for WebDAV and FTPSrobust permissions management
apps for mobile devicesSlide11
Encryption
Protects information by encoding the data in an unreadable format, which can be decoded with a key.
Full Disk Encryption
Bitlocker
- WindowsTruCrypt - Windows, Mac, or LinuxFolder-Specific Encryption
FileVault - MacEncrypted File System (EFS) - WindowsWinZipSlide12
Electronic Signatures
A digital signature typically consists of three algorithms;A key generation algorithm outputs the private key and a corresponding public key.A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.
Public Key Encryption can be used on email, PDFs, Word docs, any electronically generated document.Slide13
Watermarking
Embeds a digital marker for authorship in ‘noisy’ files; audio, video, graphic images (usually not text files)
Only
perceptible under certain conditions, i.e. after using
some algorithm, and imperceptible otherwiseCan raise an alert if alterations made to original fileCan be used in distribution of works to track sourceExample of commercially available tool:DigimarcSlide14
Firewalls
Monitor network traffic
block hackers
block viruses and malware
Software-basedWindows, Mac, Linux all have built-in settingsHardware-basedhome router Remote Desktop Access
involves adjusting firewallscheck out Remote Desktop Access best practices at Brandeisconsult the Tech Help Desk with any problemsSlide15
Intrusion Detection Systems
Brandeis maintains a Network Intrusion Detection System (NIDS)
Host-based Intrusion Detection Systems (HIDS)
Snort
OSSECOSSIM