Blue Team Cybersecurity Conference
22/04/24 12:46
Attention students interested in cybersecurity. Blue Team Con student tickets are now available. You can attend this great cybersecurity conference in early September.
You can snag your ticket for just $50 on Eventbrite at this link.
The conference features a Career Village where cybersecurity pros are ready to review your resumes and prep you for a future in cybersecurity. Plus, there'll be a variety of engaging talks across different areas of cybersecurity. The conference will be posting more details on these sessions soon.
Zoom Security Settings
18/01/22 12:09
Zoom has shared some recommended security settings. These are worth re-sharing:
Features to Secure Meetings
Features to Secure Meetings
- Allow only signed-in users to join: If someone tries to join your meeting and isn’t logged into Zoom with the email they were invited through, they will receive a message that says, “This meeting is for authorized attendees only.” This is useful if you want to allow only signed-in users to attend your meeting and only those from a certain domain — other students at your school or colleagues, for example.
- Enable the Waiting Room: The Waiting Room is an important feature for securing a Zoom Meeting. Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them to join your meeting.
- Lock the meeting: It’s always smart to lock your front door, even when you’re inside the house. When you lock a Zoom Meeting that has already started, no new participants can join, even if they have the meeting ID and passcode. Just click the Security icon at the bottom of your Zoom window. In the pop-up, click the button that says Lock Meeting.
- Avoid using your Personal Meeting ID (PMI): Your PMI is basically one continuous meeting, and you don’t want outsiders crashing your personal virtual space after your designated meeting is over.
- Report a user: Hosts can report users to Zoom’s Trust & Safety team, who will review any potential misuse of the platform and take appropriate action. Find this option within our Security icon or under the green shield icon in the top left corner of your meeting, where you can attach screenshots and other documentation as needed.
- End-to-End Encryption (E2EE): Account owners and admins can enable end-to-end encryption for meetings, providing additional protection when needed. Enabling end-to-end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.
- Remove unwanted or disruptive participants: You can remove someone from your meeting by using the Security Icon or Participants menu. On the Participants menu, you can mouse over a participant’s name and several options will appear, including Remove. Click Remove to kick someone out of the meeting. When you do remove someone, they can’t rejoin the meeting. But you can toggle your settings to allow removed participants to rejoin in case you boot the wrong person. Hosts can also mute and turn off the video of participants to block unwanted, distracting, or inappropriate noise/gestures from other participants.
- Automatic Updates: Automatic updates help users easily receive important security fixes and helpful features, improving their overall experience with the Zoom platform. Our automatic updates feature periodically checks Zoom servers to determine whether a new update is available and is enabled by default for most individual users. If you utilize mass deployment packages for Windows (MSI) and macOS (PKG), this user-level feature is disabled by default.
- Designate a Security Contact: Account owners can assign users (individual or group aliases) within their organization who are not assigned admins or owners to also receive email communications from Zoom’s Security teams. This field can be used to add internal security team members that would like to receive communications about security updates.
Information Security Alert - Identity Protection
11/09/17 10:23
Advice from Information Services:
On September 7th, the major credit bureau Equifax announced that they had suffered a data breach which included personal information of 143 million Americans. To understand the scale of this, you might want to consider that the estimated number of households in the United States is less than 126 million. The data breached included social security numbers, birthdates, addresses, and, for some records, driver's license numbers and credit information. With this type of information, a criminal may well be able to apply for credit in your name.
Equifax has responded to this breach by providing an informational website and offering credit monitoring - www.equifaxsecurity2017.com . At the site you can click on a "Potential Impact" button to get an answer from Equifax on the likelihood of your data being included in the breach. Even if your data is not included in the breach, you can enroll for a year of complimentary credit monitoring from Equifax by clicking on the "Enroll" button and then getting on their schedule for an enrollment date. Both of these functions will require you to enter your last name and last 6 numbers of your social security number - so be very sure you are on the correct site by checking the site name in your browser. If you enroll in Equifax's monitoring, be aware that you may be waiving rights to participate in a class action lawsuit on this breach later.
Given that this breach will affect most persons in this country, it is very advisable to put some type of credit monitoring in place, even if you choose, understandably, not to do so through Equifax. You might also consider placing a credit freeze with each of the major credit bureaus; though this function will probably cost a small amount. There is a very nice write-up on credit freezes, including their benefits and inconveniences by Brian Krebs, a well-known security journalist, at http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/ .
It's also a good idea to periodically request your credit report to look for erroneous entries, which you can do at http://www.annualcreditreport.com/ .
Other tips for further protecting your identity:
The government web site www.identitytheft.gov is also a good resource for learning to protect yourself. The DePaul Information Security team can be reached at email address security@depaul.edu.
On September 7th, the major credit bureau Equifax announced that they had suffered a data breach which included personal information of 143 million Americans. To understand the scale of this, you might want to consider that the estimated number of households in the United States is less than 126 million. The data breached included social security numbers, birthdates, addresses, and, for some records, driver's license numbers and credit information. With this type of information, a criminal may well be able to apply for credit in your name.
Equifax has responded to this breach by providing an informational website and offering credit monitoring - www.equifaxsecurity2017.com . At the site you can click on a "Potential Impact" button to get an answer from Equifax on the likelihood of your data being included in the breach. Even if your data is not included in the breach, you can enroll for a year of complimentary credit monitoring from Equifax by clicking on the "Enroll" button and then getting on their schedule for an enrollment date. Both of these functions will require you to enter your last name and last 6 numbers of your social security number - so be very sure you are on the correct site by checking the site name in your browser. If you enroll in Equifax's monitoring, be aware that you may be waiving rights to participate in a class action lawsuit on this breach later.
Given that this breach will affect most persons in this country, it is very advisable to put some type of credit monitoring in place, even if you choose, understandably, not to do so through Equifax. You might also consider placing a credit freeze with each of the major credit bureaus; though this function will probably cost a small amount. There is a very nice write-up on credit freezes, including their benefits and inconveniences by Brian Krebs, a well-known security journalist, at http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/ .
It's also a good idea to periodically request your credit report to look for erroneous entries, which you can do at http://www.annualcreditreport.com/ .
Other tips for further protecting your identity:
- File your tax return at the earliest you can. There has been an increase in fraudulent filings in the past few years, and filing before the bad guys file a return in your name helps prevent tax return fraud.
- Sign up for your account with the Social Security Administration at www.ssa.gov. Reports of criminals signing up fraudulent accounts at the SSA have been increasing. Claiming your account before the criminals have a chance to do it is helpful.
The government web site www.identitytheft.gov is also a good resource for learning to protect yourself. The DePaul Information Security team can be reached at email address security@depaul.edu.