Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: User Education

  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187

    User Education

    Hey Folks,

    I am a network admin for a school district. Periodically, I send out emails warning about new phishing scams, malicious websites, etc.

    I also have an internal web server with examples of scam emails, and a separate site with definitions of security terms and ways to mitigate different attacks. I am trying to take a common sense approach. Basically coaching the users to be very skeptical when it comes to links/attachments in email and social networking sites. [most of which are blocked during school hours, but open up a bit 30 minutes after school lets out].

    Are any of you attempting to educate your users? If so, what methods are you using?

    It really doesn't matter who you are giving advice to, whether it is users, or your family members... what approaches do you take?

    I am just looking for additional ideas here, to cut down on scams making use of social engineering, etc.

    Any suggestions, stories, ideas, etc. would be most appreciated.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #2
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    Threats of violence and service termination does wonders.

    Seriously, I focus on NOT opening email from senders not in an address book or clicking on links from unknown sources. I have a sandbox available for users to open suspicious mail. Clicking on links remains an issue, but loss of access privileges carries a strong message.

  3. #3
    Banned
    Join Date
    Feb 2012
    Posts
    11
    The threat doesn't come in the form of phishing or malicious sites.

    Legitimate business sites are rooted. Everything from ebay to facebook accounts are taken over through password redundancy through those sites. Botnets are out of the equation too. Just pick popular sites and use javascript to refresh multiple hidden iframes to ddos.

    Either the kids are doing it wrong these days, public perception, or both.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi westin,

    In my circumstances I find personal tuition the most effective. The problem with the written word is that not many of those at risk are inclined to read it, and probably wouldn't understand anyway.

    Least privileged accounts and sandboxed browsers.

    With my business customers it is easy as I just tell them to use the business computer for business only, as their livelihoods depend on it. Use their laptop or a more powerful computer for any other stuff.

    I guess none of that is much good in a schools environment which I guess is a public/multi-user scenario?

    I guess that I would look at something like Faronics DeepFreeze. From a user education viewpoint I think that I would be inclined to emphasize the multiple user aspect?

    "If someone before you has been an asshat you won't know, but the bad guys will have all the passwords and other personal data that you key into it. If it's you that goes to an attack site then the same thing will happen."

    Public computing is a very messy area as there are people, especially kids, who will click on something "just to see what happens" because it isn't their computer?

    Legitimate business sites are rooted.
    That is very true, and I would add "popular interest" sites as well.

    Good luck mate!

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi Westin,

    In our company (roughly 20-30) , I do an every two weeks ask me whatever you want story and I also throw in examples of certain things to watch out for.

    I presume you are talking about the educators that are getting scammed or pupils? If its the teachers then have a few of them at a time and go through it with them.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Banned
    Join Date
    Feb 2012
    Posts
    11
    Are any of you attempting to educate your users? If so, what methods are you using?
    You don't! You're job is to setup policies. Leave training and management to someone else. Only do whats listed on the job description. Else you'll get arthritis before you even reach the age of forty. Don't bother. Work smarter not harder. Oh, and exercise all worker-related benefits before they dry you up and toss you into the streets. Outsourcing has caused alot of IT related unions to form, join them!
    I presume you are talking about the educators that are getting scammed or pupils?
    People need to take their money elsewhere. Ebay is just a hedge fund (except you atleast have a 50-50 chance of getting something) as opposed to a certificate that says "you own gold".

    People kept tossing money into the internet bubble and now you can't escape it. The internet has gone the way of television and the radio. (Looks at ads on AO with anger). Stay away from online billing and purchases. Its not only dangerous but its a complete disservice to the internet at large.
    Last edited by AntiEstablishment; February 20th, 2012 at 07:53 AM.

  7. #7
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    People need to take their money elsewhere. Ebay is just a hedge fund (except you atleast have a 50-50 chance of getting something) as opposed to a certificate that says "you own gold".

    People kept tossing money into the internet bubble and now you can't escape it. The internet has gone the way of television and the radio. (Looks at ads on AO with anger). Stay away from online billing and purchases. Its not only dangerous but its a complete disservice to the internet at large.
    Are we talking about the same subject???
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #8
    Banned
    Join Date
    Feb 2012
    Posts
    11
    Yes.
    I presume you are talking about the educators that are getting scammed or pupils?
    Those scams are always finacially motivated or eventually leading up to something that is. Ergo, keep the internet and your wallet seperate.

    But I don't blame your reading skill or my lack of spelling. We where both likely ruined by the same school systems. Now THAT is off topic.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You don't! You're job is to setup policies. Leave training and management to someone else.
    Hmmm.................. now that attitude does sound familiar............... rather like that of US legislators regarding privacy and data protection?

    "O.K. we'll pass these marvelous regulations into law, then it's someone else's problem"

    If you are responsible for policy you are also responsible for it being understood and adhered to.

    Stay away from online billing and purchases. Its not only dangerous but its a complete disservice to the internet at large.
    As I have told you before, e-commerce is just a modern manifestation of the old mail order and catalogue shopping business models. It is extremely convenient to those who do not have ready access to their desired goods and services providers.

    Dangerous? not really, when you consider that the security risk comes from your payment method if it isn't cash. If you look at the really large or common frauds, they have come from compromising business databases or intercepting transactions being made face to face in stores, restaurants, gas stations and so on.

    To return to westin's original theme, his main concern is obviously the security of his infrastructure and regulatory compliance in respect of minors he is responsible for.

    If people have a cavalier attitude toward their use of computers and in particular where it concerns their personal information and finances, they are a real and present threat to their administrator.

    And please don't underestimate the CYA factor................ if you can demonstrate that you have warned or advised them then it cannot be taken as your responsibility if they have deliberately ignored you?

  10. #10
    Banned
    Join Date
    Feb 2012
    Posts
    11
    Televisions, vending machines, and computers are put in schools to distract people. They want to keep the kids away from things like free will and critical thinking. They tell you to "Shhh..." in libraries because that sort of thing is taboo.

    Viacom, Google, PepsiCo... these are the real teachers and staff of these schools.

    They're under a hypnotic state of consciousness. You can't "teach" them responsibility when they're not even in control of their own actions.

    There is no such thing as "security" without a TRUE zero trust security model. Otherwise you're just drawing an invisible line and asking them not to cross.

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. Defeating Shoulder Surfing (Tutorial)
    By catch in forum The Security Tutorials Forum
    Replies: 4
    Last Post: August 15th, 2005, 06:47 AM
  3. Apache, PHP, MySQL with basic security settings.
    By nightcat in forum The Security Tutorials Forum
    Replies: 9
    Last Post: May 28th, 2005, 02:47 AM
  4. OS Types and Functions!
    By Black Cluster in forum Other Tutorials Forum
    Replies: 4
    Last Post: April 24th, 2005, 07:28 PM
  5. User Profiles In A Windows XP Domain COntroller
    By FallenZer0 in forum Operating Systems
    Replies: 6
    Last Post: October 20th, 2004, 01:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •