This is your last chance to register for the free IT security training event being held tomorrow, Wednesday, April 13, in the K-State Student Union. This year’s event is 8:30 a.m.-4 pm. and will feature eight break-out sessions. Most sessions will be presented twice. The event is open to all K-State faculty, staff, and students. To attend either the full day or even part of the day, register here.
Note that one of the break-out sessions is the live version of the mandatory “SecureIT@K-State” IT security training. A separate attendance will be taken at that session in order to ensure that attendees receive credit from Human Resources for completing the annual security-training requirement.
A full list of the available sessions are listed below.
Keynote — Emerging Threats
Abstract: 1,089 IT security incidents; 456 stolen eID passwords; 560,518 instances of malware detected by Trend Micro; 83 instances of malware that steals financial account information; 83 DMCA violations; 20+ stolen laptops; 10 defaced K-State websites. 2010 was an active year for security incidents at K-State. This presentation will set the stage for the rest of the day’s sessions by providing a brief overview of statistics and trends for security incidents over the past four years and describing how the threats have changed. The attacks are considerably more sophisticated and numerous, but also more furtive and cunning, so we cannot let down our guard. In fact, we must bolster our defenses or we will lose the battle to protect K-State’s information and people.
SecureIT Live!
Abstract: The State of Kansas has mandated all state employees to receive cyber-security awareness training. For most, K-State security training will be offered online, but if you would prefer to take it in person so that you can ask questions, provide feedback, or just get a free donut out of the deal, you should take advantage of this opportunity. This session will cover the basics of online security that K-Staters need to know in order to stay prepared to handle any threat. Attendance at this session will be recorded so that your HR file can be updated to indicate that you have met the state requirement.
Mobile Device Security
Abstract: iPods, iPads, smartphones, laptops and netbooks! Mobile devices are taking over! More innovations and improved functionality have made mobile devices a part of everyday life for many people, but these wondrous devices can come with greater risks if not taken seriously. Come learn some tips and tricks on how to stay safe and secure with mobile devices.
Dissecting a Phishing Scam
Abstract: Since January 2008, K-State has been plagued by spear-phishing scams that attempt to steal users’ eIDs and passwords. Unfortunately, this has proven to be a particularly effective form of social engineering, with over 1,000 K-Staters falling victim to these scams in the last three years. This presentation will provide detailed statistics about these scams, demographics of the victims (it’s not just naive freshmen!), how to recognize a phishing scam, examples that were particularly effective at tricking people, how a few compromised accounts can affect the entire campus, and what K-State is doing to defend against these attacks.
A Breakdown of Malicious Software
Abstract: Computers are integral to nearly all parts of our modern lives. Consequently, modern malware has evolved beyond just targeting our personal information to targeting control systems for complex systems like centrifuges used for uranium enrichment. Next generation malware like Stuxnet has made the threat of a physical or “kinetic” attack using computers a very real possibility. In this session we’ll discuss some current events like the Wikileaks and HBGary incidents as they relate to this changing threat landscape, and what we’re doing at K-State to protect ourselves.
Lightning Round
Abstract: This presentation will feature three topics.
1. Virtual Private Networking: Examining the state of VPN @ K-State. Why should our users care about VPN technology? Why are we transitioning to SSL VPN and how do we support our users through this transition? In this presentation, we will provide an overview of the VPN technologies available to K-Staters. We will discuss the differences between our current use of IPSec VPN and why we are moving towards an SSL-based implementation. We will demonstrate the features of the new AnyConnect client and highlight available resources that will provide VPN support to our user community.
2. InCommon Certificates: K-State’s secure websites use hundreds of SSL certificates, and the number is growing every year. This year, K-State will be subscribing to the InCommon Certificate Service, which provides unlimited SSL certificates to educational institutions. Obtaining certificates will be easier, faster, and less expensive for website administrators at K-State. This session will describe the changes that you can expect as the service becomes available.
3. IPv6: We’ve heard for years that “IPv6 is coming so you better get ready.” Well, IPv6 is enabled by default in Windows 7 and Mac OS X 10.6 so it’s already here – you better get ready! This is exacerbated by the fact that the last blocks of available IPv4 addresses were allocated earlier in 2011. This session will provide an overview of IPv6, compare it to IPv4, describe the current state of IPv6 on the K-State campus, and explain why people should disable IPv6 on their computers until we can systematically deploy it across the campus.
Secure Browsing Using a CD or Thumb Drive
Abstract: How to set up a secure browsing environment using Linux that can be used for banking or other clean browser needs. A bootable Linux can be set up to run from a CD or USB thumb drive for web browsing when needed. We will show how you can do this and give information on how to get one that is already set up.
Social Networking
Abstract: Social networks like Facebook, Twitter, YouTube, and MySpace are a fact of life and they have permanently altered the privacy landscape on many fronts. This session will focus on security risks of social networking; the ways hackers are using social networks to try to infect your computer and/or steal your personal information; the subtle and not-so-subtle threats to your privacy; and tips on how to navigate the social networking landscape safely.
Standard in Configuration
Abstract: An important part of secure computing is securing your computer. While this sounds obvious, successfully doing so is sometimes a bit of a challenge. In this presentation we’ll cover a few easy ways to secure your computer and a few ways to enable your computer to keep itself secure.
Copiers Meet the Network
Abstract: Today’s high-tech photocopiers do so much more than make copies. They have operating systems, web servers, e-mail engines, fax machines, and scanners. All of which are accessible over the public network. All of which can pose a security threat to your data. Find out where your office might be vulnerable to sensitive data leakage and what to do about it. Learn the ins and outs of securely configuring your copier to prevent unauthorized access and how to securely connect it to the network so you can do your job without putting the university at risk.
Peering into the Crystal Ball – An Open Dialog About the Future of IT Security at K-State
Abstract: What does the future of IT security at K-State look like? The growing sophistication and frequency of attacks calls for more restrictive IT security controls, but at what point do these restrictions pose an unacceptable barrier to users, keeping them from getting their work done? On the other hand, if users push back against security mandates, how do we get them to accept responsibility for the critical role they play in security given the fact that social engineering is THE most common way targeted attacks infiltrate an organization’s network? As one security practitioner put it, “There’s no patch for users!” The highly distributed control and management of IT resources at K-State also poses a significant challenge to managing security. When does it make sense to centralize security versus leaving it up to the local system administrator, or in many cases, the user? Furthermore, increased security has implications for individuals’ privacy. Join K-State’s central IT security team in an open discussion of these challenging trade-offs as we contemplate together the bumpy, twisting road ahead that leads to cyber-Shangri-La (that mythical utopia of secure information and people).
The full day’s schedule is available here.