The latest issue of Secure IT! has been released, now located on the new Information Technology site. While this brings a slightly different look to the newsletter, it continues to offer timely tips to keep you safe online.
We invite you to peruse this issue, view back issues (to 2010) and send us ideas for future ones. Enjoy!
- CISO Memo: Spam, Spam, Spam, Spam :: A nuisance that can also be malicious.
- October means National Cyber Security Awareness Month :: And lots of chances to "Don't Get Caught, Get Cautious" and enter a contest to win an iPad mini or Samsung Galaxy Tab 3.
- Identity Finder Reminder :: Not running Identity Finder regularly? Find out how and why.
- Android Malware :: Being popular makes you a desirable target.
- ISG Moves to Main Campus :: Now conveniently located at the intersection of Angell & Thayer.
- Two-Step Verification :: When passwords aren't enough.
- Protecting Brown's Information :: Never taken the class? Like a refresher?
Excited about your new tablet? Top tips to keep it safe and secure are: use some type of screen or passcode lock, run the latest version of the operating system and be mindful of your privacy and Cloud options.
Get the details from Chad Tilbury, who prepared this article that appeared in the December 2013 issue of OUCH! newsletter. More details about this author and the newsletter appear at the end of this article.
Your New Tablet
Congratulations on your new tablet. This technology is a powerful and convenient way to communicate with others, shop online, read, listen to music, game and perform a myriad of other activities. Since this new tool may become an important part of your daily life, we strongly encourage you to take some simple steps to help keep it safe and secure.
Securing Your Tablet
The first step is to set a passcode or some other screen locking mechanism. Tablets are easy to take wherever you go, which also means they are easy to lose or have stolen. To help prevent your information from falling into the wrong hands, be sure you lock your tablet screen with some type of hard-to-guess PIN, passcode or swiping motions. In newer devices, there may be some type of biometric authentication, such as a fingerprint reader. Use the strongest method your tablet supports, and be sure to set your tablet so that it locks automatically after a short idle time.
Next, update your tablet so it has the latest version of its operating system. Bad guys are constantly finding new weaknesses in software, and vendors are constantly releasing new updates and patches to fix them. By running the latest operating system, you make it harder for anyone to hack into your tablet.
Pay attention when configuring your tablet for the first time. The most important configuration choices will be your privacy and Cloud options. Privacy is about protecting your personal information. One of your tablet’s biggest privacy issues is its ability to know and track your location. We recommend that you go into the privacy features and disable location tracking for everything, then enable it on an app-by-app basis. For some apps, it is important to be able to track your location (such as mapping software or finding a local restaurant near you), but the majority of apps do not need real-time location information.
The other important option is Cloud storage. Cloud services such as Apple’s iCloud, Microsoft’s Skydrive, Dropbox or Google Drive allow you to store your data on servers through the Internet. Most tablets have built-in options for automatically storing just about anything in the Cloud, including documents, pictures and videos. Think about the sensitivity of your data and decide whether it is appropriate to store it in the Cloud. Make sure you understand how your data will be protected (such as by a password) and how you can control who will have access to it. The last thing you want is for the private pictures you just took to be posted on the Internet without your knowledge, complete with their geo-location information embedded.
Be aware that tablets are increasingly synchronizing your apps with other devices, like your smartphone or laptop. This is common with many applications (including Google’s Chrome), is pervasive in Windows 8 and is one of the most widely used features of iCloud. Device synchronization can be a wonderful feature, but if you have it enabled, don’t be surprised to see the sites you visited or the tabs you created on your tablet’s browser appear in your browser at work.
Keeping Your Tablet Secure
Once you have your tablet secured, you want to be sure it stays that way. Here are some simple steps for you to consider as you continue to use your tablet:
- Keep your tablet operating system and apps current and running their latest version. Many tablets now automatically update your apps, a feature we encourage you to enable.
- Do not jailbreak or hack into your own tablet. This will bypass and render a tremendous number of security controls useless, making your tablet far more vulnerable to attacks.
- Only download apps you need, and only download them from trusted sources. For iPads, this is simple as only downloading apps from iTunes. These apps are screened by Apple before they are made available. For Google, we recommend you limit your apps to those found on Google Play. While you can download apps from other sites, they are usually not vetted and could be created with malicious intent. Finally, regardless of where you got your app, we recommend you remove it from your tablet once you no longer need or actively use it.
- When installing a new app, make sure you review and set the privacy options, just like you did when initially configuring your new tablet. Be careful of what information you allow the app to access, or what you allow the app to do with that information. For example, does the app you just downloaded really need access to all of your contacts?
- Be sure to install or configure software that allows you to remotely track, lock or erase your tablet in case it is ever lost or stolen.
- Syncing Chrome:
- Dangers of Cloud Computing: http://www.businessnewsdaily.com/5215-dangers-cloud-computing.html
- Common Security Terms: http://www.securingthehuman.org/resources/security-terms
- SANS Security Tip of the Day: https://www.sans.org/tip_of_the_day.php
Chad Tilbury is the guest editor of this issue. He has extensive experience investigating computer crimes and is the co-author of the FOR408 Windows Forensics and FOR508 Advanced Forensics and Incident Response classes at the SANS Institute. You can find him on Twitter as @chadtilbury, or on his blog, http://forensicmethods.com.
OUCH! January 2014 issue: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201401_en.pdf. OUCH! is published by SANS Securing The Human and is distributed under the Creative Commons BY-NC-ND 3.0 license.
The latest issue of Secure IT! has been released. We invite you to peruse this issue, view back issues (to 2010) and send us ideas for future ones. Enjoy!
- CISO Memo: It's All About Privacy :: With so much of our lives and actions online, protecting one's privacy is becoming increasingly more difficult. ISG is here to help.
- Identity Finder Reminder :: Not running Identity Finder regularly? Find out why you should.
- Targeted in a Recent Security Breach? :: Were you affected by the latest retail security breaches? Read ISG's recommendations on what you can do.
- Secure Your Home Network :: In his recent article "The Internet of Things is Wildly Insecure", security expert Bruce Schneier said, "If we don't solve this soon, we're in for a security disaster as hackers figure out that it's easier to hack routers than computers." Find out if your home router at risk and what you can do to mitigate it.
- Securing Your New Tablet :: If Santa surprised you with a new tablet, learn how to keep it safe.
- Follow us on Twitter :: ISG and CISO alerts, tips and more.
On Monday March 3rd the old voicemail system will be completely decommissioned. All old messages left on the system will be lostforever. If you need final access to the old system prior to March 3rd please contract the Telecommunications office at 863-2007 for instructions.
The Brown Linux User Group hosts a Linux Installfest once a semester. This Saturday, March 1st, you can join them in the CIT Motorola Room - Room 165 at 115 Waterman St - from 10AM to 3PM. They will provide install CDs, power cables, monitors, keyboards, mice, and, most importantly, pizza.
They note "If you don't have Linux installed but have always been tempted to install it, now is the time! Stop by, and we'll get you up and running. If you have Linux installed but there's some bugs or configuration errors, stop by and we'll fix your system."
For more information, see their event website at http://blug.brown.edu/installfest.
Privacy is important year-round, but January 28 - February 28 is a time specifically set aside to highlight the issue of privacy. ISG recommends three ways to get involved:
- 1/30 1-2 PM: Web event "Location, Location, Location" with privacy expert Robert Ellis Smith. brown.edu/go/privacy
- 2/11 6:30-8 PM: Free screening of award-winning documentary "Terms and Conditions May Apply", "mandatory viewing for everyone who uses the Internet." Q&A session follows. Light refreshments + door prizes. brown.edu/go/tacma
- 2/24 Noon: "Your Life Online" Brown Bag. brown.edu/go/YourLifeOnline
We want to make it easier for you to get technology help at the IT Service Center. We’ve extended our hours to 8pm on weekdays for phone, email, and walk-in service. Services Supported include technology troubleshooting, repair of Brown-owned equipment, password resets, and laptop and camera rentals.
Please note that the Service Center will be closed on Monday, 1/21 for the holiday.
Starting next week, the http://gmail.brown.edu login page will look and function like a consumer (non-Brown) Google login page. What does this mean for us? Instead of logging in with just the beginning of our Brown email address (e.g., josiah_carberry), we will have to type the whole email address (e.g., firstname.lastname@example.org). The login page will no longer display the words "Brown University."
Choosing “stay signed in” can be a convenient way to avoid retyping your username and password. However, if you do so, make sure your computer is password protected. If you need help setting up password protection, speak with your department’s computing representative, the IT Service Center, or the Information Security Group.
You can set up 2-step authentication on your Google account to prevent someone from accessing your account even if they have your password.
- This new login screen will be more resistant to security attacks and will allow you to more easily switch between accounts.
Compare the old and new login screens in the image below:
Due to a change in the Google login page for Brown, we've received a lot of questions about being prompted to resolve a "conflict account" after logging in. This is normal, and simply means you once accessed a Google product with your Brown email address before we started using Google at Brown.
For your privacy, Google does not automatically move any personal content into your Brown account. For that reason, you are prompted either to move content to your Brown account, or associate it with a new Gmail account or a non-Gmail personal email address. The decision you make is personal and depends on the type of content and what you intend to do with it.
For detailed information and instructions, see our page on resolving conflicting accounts.
Update: Please note that the Wednesday 2/5 clinic has been cancelled due to the weather.
Can't make it to the IT Service Center? Get tech help in the following locations. We'll be keeping this list updated as we schedule more clinics.
- Wednesday 1/22/14, 9am-5pm, atrium of the CIT Building
- Thursday 1/23/14, 9am - 5pm, atrium of the CIT Building
- Friday 1/24/2014, 11:30am - 1pm, Sharpe Refectory
- Monday 1/27/2014, 11:30am-1pm Verney-Woolley
- Tuesday 1/28/14, 3pm - 5pm, Digital Scholarship Lab, Rockefeller Library
- Wednesday 1/29/14, 3:30pm - 5pm, Stephen Robert '62 Campus Center
- Thursday 1/30/14, 3pm - 5pm, Hecker Center, Rockefeller Library
- Friday 1/31/2014, 2pm - 4pm Arnold Lounge - Keeney Quad
- Monday 2/3/2014, 2pm - 4pm, Barbour Hall - 1st Floor Lounge
- Tuesday 2/4/2014, 11:30am - 1pm, Emery Hall - Entrance near gym
- Wednesday 2/5/2014, 2pm - 4pm, Vartan Gregorian Quand - Entry to Josiah's - Cancelled due to weather