Pathways - Team 1's Play Space
From WolfWikis
WOLF HITS (Home IT Security) 
Contents
|
Purpose
The purpose of this WIKI is so that Team 1 will have a place to upload any documents from their research for the Team Project. It is also a means of Team Communication.
Team 1 Members & Roles
Chastity Buehring - Project Manager
Goal
We will create an online collection of a basic set of resources to increase users' awareness of computer security issues while working away from the office, with the goal of reducing NC State Employees' away from work computer security risk
STATEMENT OF WORK
PURPOSE
To enhance team development and project management skills.
To provide a valuable resource tool for NCSU Employees about security for home and wireless computer devices.
GOAL
To practice team and leadership skills by working on a project together.
By May 8, 2007, to develop an example/model of a website (this website could then be developed and maintained by an appropriate unit on campus) that would help employees be more knowledgeable about security risks related to their using a computer at home, working with university-related information at home, accessing websites from home and working with personal information.
SCOPE
The scope of this project is to design and develop the research tool during the spring semester of the 2006-2007 Pathways year, due May 8, 2007. Because of the time contraint, the project scope does not include implementation of project or evaluation of the project's success. Implementation will happen after approval and if it is possible to do. This project will not include all possible issues related to this topic, but give enough information to be used by other appropriate units on campus.
DELIVERABLE
On May 8, 2007 the following items will be submitted to the Pathways Program Manager.
- Introductory Page
- Statement of Work
- WOLF HITS - A resource tool in the form of an online Fact Sheet/Web Page.
- Team presentation May 8. We will submit the resource and the planning pages in printed format.
TIMELINE
Team Task Assigned on January 25, 2007 (done)
WIKI Page created by February 8, 2007 (completed)
Statement of Work drafted by February 8, 2007
Each Team Member will submit information for uploading or typed on WIKI Page and presentation outlined by March 7, 2007
April 1, 2007 - Everyone's section edits complete and any items to be uploaded, sent to Project Manager.
April 6, 2007 - Skit draft e-mailed to everyone for changes.
April 13, 2007 - Final documents to Kim to be entered on the webpage.
May 4, 2007 - Final dress rehersal for presentation.
COST
No budget has been allocated for this project; therefore any costs encured for this project will have to come from team members.
STAKEHOLDERS
NCSU Community
REPORTING STRUCTURE
Chastity Buehring is the project manager and all communication about the project, as a whole, should go to her and through her to Pathways Leadership Program directors Stephanie Kelber and Kevin Rice.
Kevin Rice is the team's support person from the Pathways Leadership Program.
There will be no other subcommittees on this team.
ASSUMPTIONS AND AGREEMENTS
We assume and agree that each person will complete their assigned tasks in a timely manner or communicate any issue to the Project Manager.
Note takers for each meeting will be rotated.
The team will meet before and after each scheduled class time to discuss the project and its progress.
Each team member will have to do some work outside of meeting times, but this will be kept to less than 1 hour per week.
COMMUNICATION PLAN
The team has agreed to meet once outside of class (before final presentation) - Location TBD.// Information will be shared via the working WIKI.// We can also keep connected via email.// The project manager will provide any updates to the Program Manager that she requests.//
Categories
What Can Happen? - Bruce
Why It Matters! (increase of data attacks on Univ. - Bruce)
Image:The Need for Awareness.doc
“What can happen to me?” Click on the link above to read more...
You, your family and friends, and business information could be compromised when working on your computer. If confidential business or academic information, social security or bank and credit card account numbers, and logins and passwords are obtained, then you could lose your job, others’ identity could be compromised, and/or you could experience something worse than your car or family jewels being stolen!
For Group #1's info and input:
Items to be added to the checklist that I recommend (though they seem very basic) are:
___ Are your logins and passwords for your computer, laptop, and any accounts or programs that you access kept private and secure?
___ Are your passwords “strong”? In other words, do they contain lower and uppercase letters, numbers, and symbols that are not easily known? Do you have different passwords for different accounts or access points, in the event that one of your passwords is stolen or becomes known?
___ Are all of your electronic disks (floppy, zip, CD) that contain confidential information password protected? In other words, if your disk was stolen, would someone be able to see what is on the disk without a special password just for that disk?
___ Never, never open a questionable attachment – especially if you are not sure who sent it.
___ NEVER, NEVER give or enter your logins, passwords, access account codes, social security number and/or financial account numbers (bank, credit card, investments) to a website that has been emailed to you!!! Do not do this even on a website that looks exactly like a website that you already access through the internet. Only enter information on the appropriate official website that you have selected and know to be the correct website. It is wise to “bookmark” these official websites on your computer.
Identity Theft - Joe
Hoaxes- Eva
What are Hoaxes?
Hoaxes are specialized kinds of SPAM that include false information, especially regarding computer safety, financial opportunities, and risks to the health or well-being of the reader.
For more information on what a hoax is: Hoaxes
The Problem
Hoaxes, at their mildest, waste time and can cause needless alarm. More dangerous hoaxes can persuade the reader to release personal financial or other valuable information, to delete or change files that run their computer, or to take other unnecessary, potentially problem-causing actions.
Prevention
According to NC State's "Email Etiquette" guidelines:
"Verify warnings before you pass them on. If you receive a message about a virus or other seemingly urgent news, be sure to verify it before you forward it. The message may be outdated or a hoax. Several easy-to-find Internet sites track hoaxes and tell you how to recognize them. Take a few seconds to do a search for "hoaxes" and see if the message has already been recognized as false."
Links:
Before believing or forwarding an email message, check these links FIRST if you are not sure whether the email's content is true:
The easiest way to determine if an email is a hoax:
COPY a sentence of the email that conveys the main idea of the warning. Then PASTE that sentence into a Google search: Google. The results of your search will quickly tell you how true the warning really is.
Spyware - Kim
Viruses - Karen
SPAM - Hermine
What is SPAM?
SPAM is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most SPAM is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. SPAM costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.
There are two main types of SPAM, and they have different effects on Internet users. Cancelable Usenet SPAM is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet SPAM is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet SPAM robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet SPAM subverts the ability of system administrators and owners to manage the topics they accept on their systems.
Email SPAM targets individual users with direct mail messages. Email SPAM lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email SPAM typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. SPAM costs them additional money. On top of that, it costs money for ISPs(internet service providers) and online services to transmit SPAM, and these costs are transmitted directly to subscribers.
Prevention:
Separate work email from home email by simply creating two different email accounts. Keep separate the critical issues; do not use e-mail for sensitive or personal information. When a bank or other financial institution send you an e-mail requesting confidential information, call the bank and double check that they indeed sent the e-mail. It is very unlikely that a bank would request that you confirm your account number. They already have your number, so why would they need you to confirm it?
One of the primary goals is to stay a step ahead of SPAMers. However, keep in mind that no anti spam measure will work forever. SPAMers will eventually figure out our countermeasures and will find a way to go around them.
When trying to filter out SPAM it is important to use multiple filtering technologies. For example, NCSU uses a product called SPAM Assassin on the mail servers, and that will get a significant percent of the SPAM. If we then use an email client that also filters SPAM, then there is a higher probability of higher percent SPAM removal. In addition, if we have SPAM folders imbedded within our email system, then even higher percent SPAM will be removed from unwanted emails.
Gmail and AOL use additional SPAM filtering technologies for more personal emails. Therefore, use 2 different accounts simultaneously.
It is a bad idea to reply to, acknowledge, or even send a request to the SPAMer to be removed from their mailing list. All that will accomplish is to confirm that you are real and your e-mail address is valid and will result in you receiving more emails. You should never click on or open images or attachments associated with any kind of SPAM emails.
Some email systems depict actual pictures and images and are misguiding because actual pictures and images are appealing to the human eye. However, one needs to be careful and not click on those images. Mulberry, which is one email system and the College of Engineering uses, is ugly looking because it just says the word “image” rather than depicting the picture for all of our SPAM emails. This is another way of prevention. However, it is a security balancing act and choice.
Security measures are always a trade off. As soon as we are connected to the internet there is the possibility of receiving SPAM and as soon as there is an email account the possibility of the SPAM is multiplied.
Layered Filtering is another way of diminishing SPAMS. For Example; if UNC cuts down from 800 pieces of SPAM to 600 pieces, then NCSU cuts down to 400, then the colleges cut down to 300, etc (you get the message).
Other Spam related links:
Free Basic spam filtering software
Coalition Against Unsolicited Commercial Email
Federal Trade Commission’s webpage on spam
Regulations - Susan/Leo
What: Regulations - There are numerous federal and state laws, as well as, private industry regulations that mandate special protection requirements for individual's and University information and data. Some of the more important mandates come from the Health Insurance Accountability and Portability Act (HIPAA), Family Education Rights and Privacy Act (FERPA), NC Identity Theft Protection Act (SB-1048), Gramm-Leach-Bliley Act (GLBA) and the Payment Card Industry Data Security Standard (PCI DSS).
Problem: Lack of awareness of regulations and laws governing data security.
Prevention:
1. Please visit the Office of Legal Affairs for more information on these laws and regulations. Consequently, all University users should take special precaution to prevent unauthorized access to University data in their custody, whether on their computers at work, laptops, home computers, USB drives, on printed papers, or other media.
2. Please refer to section 4 of the University Data Management Procedures document for detailed user responsibilities in protecting University data.
Additional Links
NC State Policies, Regulations and Rules
Wireless - Leo
Setting up a home network can be intimidating and frustrating for the average home user, especially when the manufacturer's instructions seems very detailed, cryptic and fill with jargons that you need a computer science degree to understand. To make this even worst, who wants to drill holes in their new $250K house to run some stupid computer cable from the study to the master bed room, anyway! It's no wonder there is such a sense of relief when you bring home a new SOHO (small office home office) wireless router from the store, plugs it in, fireup your PC and "Bam!!" there is instant Internet connection - network built, everythig works perfectly, time to surf the internet and tell all your friends how great you are to have built your network in 20 minutes. Time to buy new gadgets on ebay, time to update your Wachovia account, time to e-file your taxes, right after you test out a few unmensionable websites. Wireless, it's a beautiful thing, no wires, access from inside and outside the house, life could not be better!
But wait, there is a missing ingredient - security! Who else within a 200 ft. radius is enjoying your new wireless network? Is it possible for your neighbors or passerbys to get onto your wireless network? If you have not secured your network, the answer is "they can access if they want to". This poses two categories of threats: 1. Impersenation in which an unauthorized person could log on to your network and use it as a launch pad for committing cyber crimes. This could include "hacking" into another network from your network. And participating in illicit online activities online like child pornagraphy, credit card fraud, online gambling, etc. The problem with this is that an investigation of a cyber crime could very well bring law enforcement to your door steps.
2. Unauthorised access to your computers. Once someone gains access to your wireless network, then ina few more steps he could be on your computer poking around in your files, accessing bank account and credit card numbers and PINS, tax records, passwords and other sensitive material. And of couse, if you access work files and applications from your home computers, then you may have just allowed the University to be "hacked" because of your failure to secure your wireless network.
So as to ensure that you are not going to fall victim to wireless attacks, please consult your wireless device user manual and perform the following seven activities: 1. Change the wireless router Default Administrator User Name and Password. This will ensure that only you can access and change your wireless router settings. 2. Turn on encryption (WEP or WPA) on your wireless router. This will prevent anyone trying to eavesdropp on your communication over your wireless network 3. Change the Default SSID. The SSID is the name of your wireless network and is needed by any device trying to conect to it. This will make it difficult for anyone to know which network is yours. Please use a name for your SSID that does not provide an attacker with any information about you. E.g., do not use your home address, family name, pet's name, your name, etc. 4. Disable SSID Broadcast. When disabled, your neighbors and others won't even know that you have a wireless network, because it will not show up on their computers. 5. Reduce Dynamic IP Address range. The basic recommendation is, if you have 3 computers in your house, then the router should be setup to only give out 3 dynamic IP addresses. 6. Enable the firewall on your router as well as on your PC 7. Turn off your wireless router and computers when not in use for long periods of time.
Additional Links:
Laptop Theft - Christine
Putting It All Together - Joni
Putting the power point together
WIKI Page - Chastity
Any documents that need uploading, please forward to me for the upload.
Team 1 WIKI page was born on 1/25/07
Meetings/Announcements
May 15 - Graduation! and 5 minute presentation will be done by Joni
Presentation Comments
Here is a summary of the comments we received from our Presentation on May 7.
Can you take the program Campus Wide????
Very Creative
Skit was comical
Interesting Topic
Excellent Job
Researched very well
Informative
Entertaining
Very helpful safety tips
Great group participation from everyone on the team
Great Idea and beneficial for University Community
Great Concept
More info on individual deliveries
Good Acting
Great overall presentation
Website looks very user friendly
Good presentation skills used
Very impressed with the team and the project
Made our Team Leader Kevin Proud!
Final Web Drafts and Links
Karen
Joe
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.