Successfully reported this slideshow.
Your SlideShare is downloading. ×

م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوماتك فى العصر الرقمى

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 87 Ad

م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوماتك فى العصر الرقمى

Download to read offline

50
مبادرة
#تواصل_تطوير
المحاضرة الخمسون من المبادرة مع
المهندس / أشرف صلاح الدين إبراهيم
استشاري أمن المعلومات والتحول الرقمي

بعنوان
كيف تبقى آمنا وتحمي معلوماتك في العصر الرقمي
(التحديات -الأساليب-المخاطر)
How to stay secured online
( challenges - Risks - Tools )

التاسعة مساء توقيت مكة المكرمةالإثنين31أغسطس2020
وذلك عبر تطبيق زووم من خلال الرابط
https://us02web.zoom.us/meeting/register/tZMtdeCtpj0pGtdEDxCUQAp7hw760rmy719g

علما ان هناك بث مباشر للمحاضرة على وقناة يوتيوب
https://www.youtube.com/user/EEAchannal

للتواصل مع إدارة المبادرة عبر قناة تيليجرام
الرابط
https://t.me/EEAKSA

رابط اللينكدان والمكتبة الالكترونية
www.linkedin.com/company/eeaksa-egyptian-engineers-association/

رابط التسجيل العام للمحاضرات
https://forms.gle/vVmw7L187tiATRPw9

50
مبادرة
#تواصل_تطوير
المحاضرة الخمسون من المبادرة مع
المهندس / أشرف صلاح الدين إبراهيم
استشاري أمن المعلومات والتحول الرقمي

بعنوان
كيف تبقى آمنا وتحمي معلوماتك في العصر الرقمي
(التحديات -الأساليب-المخاطر)
How to stay secured online
( challenges - Risks - Tools )

التاسعة مساء توقيت مكة المكرمةالإثنين31أغسطس2020
وذلك عبر تطبيق زووم من خلال الرابط
https://us02web.zoom.us/meeting/register/tZMtdeCtpj0pGtdEDxCUQAp7hw760rmy719g

علما ان هناك بث مباشر للمحاضرة على وقناة يوتيوب
https://www.youtube.com/user/EEAchannal

للتواصل مع إدارة المبادرة عبر قناة تيليجرام
الرابط
https://t.me/EEAKSA

رابط اللينكدان والمكتبة الالكترونية
www.linkedin.com/company/eeaksa-egyptian-engineers-association/

رابط التسجيل العام للمحاضرات
https://forms.gle/vVmw7L187tiATRPw9

Advertisement
Advertisement

More Related Content

Similar to م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوماتك فى العصر الرقمى (20)

More from Egyptian Engineers Association (20)

Advertisement

Recently uploaded (20)

م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوماتك فى العصر الرقمى

  1. 1. ‫فى‬ ‫وهويتك‬ ‫معلوماتك‬ ‫وتحمى‬ ‫آمنا‬ ‫تبقى‬ ‫كيف‬ ‫الرقمى‬ ‫العصر‬ ‫مهندس‬:‫الدٌن‬ ‫صالح‬ ‫أشرف‬ ‫وكندا‬ ‫أمرٌكا‬ ‫فى‬ ‫المصرٌٌن‬ ‫العلماء‬ ‫رابطة‬ ‫عضو‬ ‫الرقمى‬ ‫والتحول‬ ‫المعلومات‬ ‫أمن‬ ‫إستشارى‬
  2. 2. Agenda • What is information security • Why should we care • Modern threads • Phishing • Password • How you can protect yourself • Privacy and social media • How you can protect yourself online • Encryption • Social engineering • Practical session
  3. 3. Information security ‫المعلىمبت‬ ‫أمن‬
  4. 4. SECURITY VISION FOR THE 2020S ‫بأ‬ ‫خبصة‬ ‫واضحة‬ ‫رؤية‬ ‫لىضع‬ ‫بحبجة‬ ‫نحن‬ ‫لمبرا‬‫المعلىمبت‬ ‫من‬ Virtually everything is on the table as we enter a new decade that will be defined by global innovation and technology breakthroughs. Companies and governments worldwide are jockeying for position to define the new technology landscape. ‫مع‬ ‫واقعا‬ ‫أصبح‬ ‫شًء‬ ‫كل‬ ‫فى‬ ‫رقمٌا‬ ‫التحول‬ ‫خالل‬ ‫من‬ ‫تحدٌده‬ ‫سٌتم‬ ‫ًا‬‫د‬ٌ‫جد‬ ‫ًا‬‫د‬‫عق‬ ‫دخولنا‬ ‫الحدٌثة‬ ‫التقنٌات‬ ‫ووتوغل‬ ً‫العالم‬ ‫االبتكار‬ ‫التكنولوجٌة‬. ‫أنحاء‬ ‫جمٌع‬ ً‫ف‬ ‫والحكومات‬ ‫الشركات‬ ‫وتنافس‬ ‫المشهد‬ ‫لتحدٌد‬ ‫موقع‬ ‫على‬ ‫للحصول‬ ‫العالم‬ ‫الجدٌد‬ ً‫التكنولوج‬.
  5. 5. What is Information Security? • Protects the confidentiality, integrity, and availability of important data • Controls can be Physical or Technical • Locks and safes – encryption and passwords • Technology has made our lives easier in many ways, but this convenience has also increased our exposure to threats • Thieves and attackers can also work more effectively •‫الهامة‬ ‫البٌانات‬ ‫وتوافر‬ ‫وسالمة‬ ‫سرٌة‬ ً‫ٌحم‬ •‫فنٌة‬ ‫أو‬ ‫مادٌة‬ ‫التحكم‬ ‫عناصر‬ ‫تكون‬ ‫أن‬ ‫ٌمكن‬ •‫وخزائن‬ ‫أقفال‬-‫مرور‬ ‫وكلمات‬ ‫تشفٌر‬ •، ‫كثٌرة‬ ‫نواح‬ ‫من‬ ‫أسهل‬ ‫حٌاتنا‬ ‫التكنولوجٌا‬ ‫جعلت‬ ‫للتهدٌدات‬ ‫تعرضنا‬ ‫من‬ ‫ا‬ً‫ض‬ٌ‫أ‬ ‫زادت‬ ‫الراحة‬ ‫هذه‬ ‫ولكن‬ •‫والمهاجمٌن‬ ‫اللصوص‬ ‫مكنت‬ ‫التكنولوجٌا‬ ‫وسرعة‬ ‫فعالٌة‬ ‫أكثر‬ ‫بشكل‬ ‫العمل‬ ‫ا‬ً‫ض‬ٌ‫أ‬ ‫والمخربٌن‬
  6. 6. Why Should We Care? • Theft is becoming increasingly digital • Ease of identity, account, and credential theft makes everyone an ideal target • Applies to organizations that house such data or individuals themselves • Compromise may affect customers, coworkers, friends, and family •‫فى‬ ‫اإللكترونٌة‬ ‫والجرائم‬ ‫السرقات‬ ‫أصبحت‬ ‫مستمر‬ ‫تزاٌد‬ •‫وبٌانات‬ ‫والحساب‬ ‫الهوٌة‬ ‫سرقة‬ ‫سهولة‬ ‫ا‬ًٌ‫مثال‬ ‫ا‬ً‫ف‬‫هد‬ ‫الجمٌع‬ ‫تجعل‬ ‫اإلئتمان‬ ‫بطاقات‬ •‫هذه‬ ‫مثل‬ ‫تضم‬ ً‫الت‬ ‫المنظمات‬ ‫على‬ ‫ٌنطبق‬ ‫هذا‬ ‫أنفسهم‬ ‫األفراد‬ ‫أو‬ ‫البٌانات‬ •‫وزمالء‬ ‫العمالء‬ ‫على‬ ‫ٌؤثر‬ ‫قد‬ ‫التأثٌر‬ ‫هذا‬ ‫والعائلة‬ ‫واألصدقاء‬ ‫العمل‬
  7. 7. Historical Perspective • Many historical methods of monetary theft • Stagecoach Robberies • Train Hijacking • Armed Assault • “Inside Jobs” • Losses from tens of thousands of dollars, up into the millions • Today, most banks do not house “millions of dollars” on- premises • Liquid economy • Data is the new commodity
  8. 8. Modern Threats - ‫الحذيثة‬ ‫التهذيبت‬ • Viruses, Trojans, Worms, and Root Kits • Adware/Spyware • Spam, Phishing, and other Email attacks • Identity Theft • Social Engineering ‫ومجموعات‬ ‫والدٌدان‬ ‫طروادة‬ ‫وأحصنة‬ ‫الفٌروسات‬ ‫نفسه‬ ‫الكود‬ ‫على‬ ‫العمل‬Root kits ‫المزعجة‬ ‫الموجهة‬ ‫اإلعالنات‬/‫التجسس‬ ‫برامج‬ ً‫اإللكترون‬ ‫البرٌد‬ ‫وهجمات‬ ‫والتصٌد‬ ً‫العشوائ‬ ‫البرٌد‬ ‫األخرى‬ ‫الهوٌة‬ ‫سرقة‬ ‫اجتماعٌة‬ ‫هندسة‬
  9. 9. How do we do It
  10. 10. Frauds committed internally and externally across Europe European Economic Crime Survey 2019 PriceWaterhouseCoopers External fraud 41%Internal fraud 59% External fraud 41%Internal fraud 59%
  11. 11. ‫الخبيثة‬ ‫البرمجيبت‬ ‫أنىاع‬ ‫أشهر‬
  12. 12. Viruses • Viruses are malicious programs that hide themselves on your computer • Usually very small • May have access to view or delete your information • Often contracted through a website, email, or p2p applications • May destroy your documents, format your hard drive, send emails from your computer or a variety of other nefarious actions – it just depends on the strain! • Viruses are created for the sole purpose of causing trouble • Taking revenge, political statements, etc… • Most modern viruses are financially motivated – may hold data for ransom or steal information Just like real viruses, computer viruses spread to others… Other computers on the network Sending out email replications of itself Always use anti-virus protection! Famous viruses: Love Bug Code Red Ransamware
  13. 13. Worms, Trojans, and Root Kits • Trojan appears as a legitimate program • Possible to repackage Trojans with legitimate programs • Worms are self-replicating • Typically propagate through un-patched systems • Blaster • Sasser • Root Kits • Low level programs that embed themselves in the operating system itself • Difficult if not impossible to detect •ً‫شرع‬ ‫كبرنامج‬ ‫طروادة‬ ‫حصان‬ ‫ٌظهر‬ •‫البرامج‬ ‫مع‬ ‫طروادة‬ ‫أحصنة‬ ‫حزم‬ ‫إعادة‬ ‫الممكن‬ ‫من‬ ‫الشرعٌة‬ •‫التكاثر‬ ‫ذاتٌة‬ •‫مصححة‬ ‫غٌر‬ ‫أنظمة‬ ‫خالل‬ ‫من‬ ‫عادة‬ ‫ٌنتشر‬ •‫مكبر‬ •‫ساسر‬ •‫التشغٌل‬ ‫نظام‬ ‫مستوى‬ ‫على‬ ‫تعمل‬ ‫خبٌثة‬ ‫برامج‬ •‫نظام‬ ً‫ف‬ ‫نفسها‬ ‫تدمج‬ ً‫الت‬ ‫المنخفض‬ ‫المستوى‬ ‫ذات‬ ‫البرامج‬ ‫نفسه‬ ‫التشغٌل‬ •‫اكتشافه‬ ‫المستحٌل‬ ‫من‬ ‫ٌكن‬ ‫لم‬ ‫إن‬ ‫صعب‬
  14. 14. Adware/Spyware •‫جمع‬ ‫أو‬ ‫إنتباهك‬ ‫لجذب‬ ‫الضارة‬ ‫البرامج‬ ‫بعض‬ ‫تصمٌم‬ ‫تم‬ ‫الحاسوبٌة‬ ‫عاداتك‬ ‫حول‬ ‫معلومات‬ •‫تزورها؟‬ ً‫الت‬ ‫المواقع‬ ‫ما‬ •‫وقت؟‬ ‫باي‬ ‫متً؟‬ •‫تشتري؟‬ ‫ماذا‬ •‫الموقع؟‬ ‫تصفح‬ ‫تستغرق‬ ‫الوقت‬ ‫من‬ ‫كم‬ •‫بك؟‬ ‫الخاص‬ ‫الكمبٌوتر‬ ‫جهاز‬ ‫تستخدم‬ ‫ماذا‬ ‫أو‬ ‫كٌف‬ •‫مثال‬:Sony "Root Kit" •‫مخصص‬"‫التسوٌق‬ ‫ألغراض‬" •‫برامج‬ ‫مع‬ ‫شائع‬ ‫بشكل‬ ‫تثبٌته‬ ‫ٌتم‬p2p‫مجانٌة‬ ‫برامج‬ ‫أو‬ •‫ضرر‬ ‫أي‬ ‫ٌسبب‬ ‫وال‬ ‫إزعاج‬ ‫مصدر‬ ‫فقط‬ ‫ٌكون‬ ‫قد‬ •‫اإلعالنٌة؟‬ ‫البرامج‬ ‫بجانب‬ ‫تثبٌتها‬ ‫ٌمكن‬ ً‫الت‬ ‫األخرى‬ ‫األشٌاء‬ ‫ما‬ • Some malware is designed to solicit you, or gather information about your computing habits • Which websites you visit? • When? What times? • What are you purchasing? • How long do spend surfing the website? • How or what do you use your computer for? • Example: Sony “Root Kit” • Intended for “Marketing Purposes” • Commonly installed with p2p or free software • May be only an annoyance and cause no harm • What else may be installed alongside adware?
  15. 15. Email • Common Attacks • Phishing • Malicious attachments • Hoaxes • Spam • Scams (offers too good to be true) • Best Practices • Don’t open suspicious attachments • Don’t follow links • Don’t attempt to “unsubscribe” •‫الشائعة‬ ‫الهجمات‬ •‫التصٌد‬ •‫الخبٌثة‬ ‫المرفقات‬ •‫خدع‬ •‫مؤذي‬ ‫برٌد‬ •‫الخداع‬(‫ٌصعب‬ ‫لدرجة‬ ‫ا‬ً‫د‬‫ج‬ ‫جٌدة‬ ‫عروض‬ ‫تصدٌقها‬) •‫الممارسات‬ ‫أفضل‬ •‫المشبوهة‬ ‫المرفقات‬ ‫تفتح‬ ‫ال‬ •‫الروابط‬ ‫تتبع‬ ‫ال‬ •‫تحاول‬ ‫ال‬"‫االشتراك‬ ‫إلغاء‬"
  16. 16. Example of email fraud
  17. 17. Example of email fraud
  18. 18. Example of email fraud
  19. 19. Phishing ، ‫مكان‬ ‫كل‬ ً‫ف‬ ‫اإلنترنت‬ ‫مجرمو‬ ‫ٌتربص‬ ‫عن‬ ‫وتتخلى‬ ‫عم‬ُ‫الط‬ ‫تأخذ‬ ‫أن‬ ‫أمل‬ ‫على‬ ‫الشخصٌة‬ ‫معلوماتك‬.
  20. 20. •‫إلى‬ ‫المستخدمٌن‬ ‫لدفع‬ ‫المخادعة‬ ً‫اإللكترون‬ ‫البرٌد‬ ‫رسائل‬ ‫الضارة‬ ‫الروابط‬ ‫فوق‬ ‫النقر‬ •‫الحساسة‬ ‫المعلومات‬ ‫أدخل‬ •‫التطبٌقات‬ ‫بتشغٌل‬ ‫قم‬ •‫الشرعٌة‬ ً‫اإللكترون‬ ‫البرٌد‬ ‫رسائل‬ ‫مع‬ ‫متطابقة‬ ‫تبدو‬ •‫بك‬ ‫الخاص‬ ‫البنك‬ •‫بال‬ ‫باي‬ •‫حكومة‬ •‫المتغٌرات‬ •ً‫الصوت‬ ‫التصٌد‬-‫بصوت‬ ‫ولكن‬ ‫المفهوم‬ ‫نفس‬ •‫النظام‬ ً‫ف‬ ‫لالتصال‬ ‫المستخدم‬ ‫تعلٌمات‬ •‫العادي‬ ‫والبرٌد‬ ‫النصٌة‬ ‫الرسائل‬ Phishing ‫التصيذ‬‫خبدعة‬ ‫برسبئل‬ • Deceptive emails to get users to click on malicious links • Enter sensitive information • Run applications • Look identical to legitimate emails • Your Bank • PayPal • Government • Variants • Vishing – same concept but with voice • User instructed to call into system • Text messages and postal mail
  21. 21. Samples of phishing emails
  22. 22. Samples of phishing emails
  23. 23. •‫حساسة‬ ‫معلومات‬ ‫على‬ ‫الحصول‬ ‫محاولة‬(‫اسم‬ ‫االئتمان‬ ‫وبطاقة‬ ‫المرور‬ ‫وكلمة‬ ‫المستخدم‬-‫النهاٌة‬ ً‫ف‬ $$) •‫بالثقة‬ ‫جدٌر‬ ‫ككٌان‬ ً‫الجنائ‬ ‫التنكر‬(، ‫بنك‬ ، ‫جامعة‬ ‫حكومى‬ ‫موقع‬ ‫أو‬ ‫رسالة‬) •، ‫الفورٌة‬ ‫والرسائل‬ ، ً‫اإللكترون‬ ‫البرٌد‬ ‫عبر‬ ‫األخرى‬ ‫اإللكترونٌة‬ ‫واالتصاالت‬( .‫البرٌد‬ ‫عبر‬ ‫واالتصاالت‬ ، ‫الفورٌة‬ ‫والرسائل‬ ، ً‫اإللكترون‬ ‫األخرى‬ ‫اإللكترونٌة‬) What is Phishing ‫التصيد‬‫برسائل‬ ‫خادعة‬ Attempt to obtain sensitive information (username, password, credit card – ultimately $$) Criminal Masquerades as a trustworthy entity (University, Bank, Canadian Government) Via email, instant message, other electronic comm. (via email, instant message, other electronic communication)
  24. 24. •ً‫اإللكترون‬ ‫البرٌد‬ ‫ٌبدو‬/‫ًا‬ٌ‫شرع‬ ‫النص‬(‫توقٌع‬ ‫على‬ ‫ٌحتوي‬ ‫رسومات‬ ‫ٌتضمن‬ ‫وقد‬ ، ‫المظهر‬ ‫صالح‬) •‫رابط‬ ‫على‬ ‫الضغط‬ ‫منك‬ ‫ٌطلب‬(‫التحقق‬ ، ‫المثال‬ ‫سبٌل‬ ‫على‬ ‫حسابك‬ ‫تفعٌل‬ ‫أو‬ ‫اإلجراءات‬ ‫بعض‬ ‫اتخاذ‬ ‫أو‬ ‫الحساب‬ ‫من‬) •‫االعتماد‬ ‫بٌانات‬ ‫بإدخال‬ ‫تقوم‬ ‫مزٌف‬ ‫موقع‬ ‫إلى‬ ‫الرابط‬ ‫ٌنتقل‬ ‫بك‬ ‫الخاصة‬(‫أخرى‬ ‫ومعلومات‬) •‫المفاتٌح‬ ‫مسجل‬ ‫مثل‬ ، ‫ضارة‬ ‫برامج‬ ‫تثبٌت‬ ‫للمرفقات‬ ‫ٌمكن‬ ‫الفٌروسات‬ ‫أو‬ •‫هاتفك‬ ‫ٌحتوي‬ ‫المحمول‬ ‫الجهاز‬ ‫من‬ ‫الفورٌة‬ ‫الرسائل‬ ‫مكانك‬ ‫حول‬ ‫معلومات‬ ‫على‬ ‫المحمول‬... How does it Work?Email/text looks legitimate (contains valid-looking signature, may include graphics) Asks you to click on a link (e.g., verify account, or take some action) Link goes to fake website You enter your credentials (and other info) Attachments Can install malware, such as key logger or virus IM from mobile device Your mobile contains information about where you are…
  25. 25. •‫عناوٌن‬URL‫المزٌفة‬-‫من‬ ‫قرٌبة‬ ‫تبدو‬ ً‫الت‬ ‫الروابط‬ ‫المثال‬ ‫سبٌل‬ ‫على‬ ،‫األصلٌة‬ ‫المواقع‬"payapl.com" •‫عاجل‬ ‫إجراء‬ ‫مطلوب‬/‫فوري‬-‫حسابك‬ ‫صالحٌة‬ ً‫ستنته‬ ‫إلخ‬ ،. •‫االسم‬/‫المثال‬ ‫سبٌل‬ ‫على‬ ، ‫السبر‬ ً‫الرسم‬ ‫التوقٌع‬"‫إدارة‬ ‫ماكجٌل‬ ‫جامعة‬" •‫الشعار‬-‫الشركات‬ ‫مواقع‬ ‫من‬ ‫النسخ‬ ‫سهل‬/‫المؤسسات‬ ‫الحقٌقٌة‬ •‫الجائزة‬/‫لـ‬ ‫اختٌارك‬ ‫تم‬ ‫لقد‬ ‫المثال‬ ‫سبٌل‬ ‫على‬ ‫االعتراف‬ ... •‫مثل‬ ‫المحتوى‬ ‫مشاركة‬ ‫تطبٌقات‬OneDrive‫و‬Google Drive Watch out for Fake URLs – Links that look close to legit sites, e.g. "payapl.com" Urgent / immediate action required – Your account will expire, etc. Official sounding Name/Signature e.g. "McGill University Admin" Logo – Easy to copy from real corporate/institutional websites Prize / recognition e.g. you have been selected for … Content sharing apps e.g., OneDrive, Google Drive
  26. 26. Watch this video then let us discuss
  27. 27. Common Practice  Website used to create temporary email accounts  Click here  Website used to create fake social media chat, messages . ..etc  Click here
  28. 28. Applications to create fake social media chats
  29. 29. Passwords
  30. 30. Today’s world Do you know how many passwords you have?
  31. 31. Why we use passwords • Authentication is the first line of defense against bad guys • Logins and passwords authenticate you to the system you wish to access • Never share your password with others! • If someone using your login credentials does something illegal or inappropriate, you will be held responsible • The stronger the password, the less likely it will be cracked • Cracking: Using computers to guess the password through “brute-force” methods or by going through entire dictionary lists to guess the password •‫المخربٌن‬ ‫ضد‬ ‫األول‬ ‫الدفاع‬ ‫خط‬ ً‫ه‬ ‫الدخول‬ ‫بٌانات‬ ‫على‬ ‫المصادقة‬ •‫الذي‬ ‫النظام‬ ‫على‬ ‫المرور‬ ‫وكلمات‬ ‫الدخول‬ ‫تسجٌل‬ ‫عملٌات‬ ‫تصادقك‬ ‫إلٌه‬ ‫الوصول‬ ً‫ف‬ ‫ترغب‬ •‫اآلخرٌن‬ ‫مع‬ ‫مرورك‬ ‫كلمة‬ ‫تشارك‬ ‫ال‬! •‫الخاصة‬ ‫الدخول‬ ‫تسجٌل‬ ‫اعتماد‬ ‫بٌانات‬ ‫باستخدام‬ ‫ما‬ ‫شخص‬ ‫قام‬ ‫إذا‬ ‫المسؤولٌة‬ ‫فستتحمل‬ ، ‫مناسب‬ ‫غٌر‬ ‫أو‬ ً‫قانون‬ ‫غٌر‬ ‫شًء‬ ‫بعمل‬ ‫بك‬ •‫اختراقها‬ ‫احتمال‬ ‫قل‬ ، ‫أقوى‬ ‫المرور‬ ‫كلمة‬ ‫كانت‬ ‫كلما‬ •‫االختراق‬:‫خالل‬ ‫من‬ ‫المرور‬ ‫كلمة‬ ‫لتخمٌن‬ ‫الكمبٌوتر‬ ‫أجهزة‬ ‫استخدام‬ ‫أسالٌب‬"‫الغاشمة‬ ‫القوة‬"‫بالكامل‬ ‫القاموس‬ ‫قوائم‬ ‫تصفح‬ ‫خالل‬ ‫من‬ ‫أو‬ ‫المرور‬ ‫كلمة‬ ‫لتخمٌن‬
  32. 32. Strong password • Strong passwords should be: • A minimum of 8 characters in length • Include numbers, symbols, upper and lowercase letters (!,1,a,B) • Not include personal information, such as your name, previously used passwords, anniversary dates, pet names, or credit-union related words Examples: Strong Password: H81h@x0rZ -Micr@$@ft234 Weak Password: jack1 Pass Phrase: 33PurpleDoves@Home? - Long, complex, easy to recall
  33. 33. What are the dangers? ‫الهوٌة‬ ‫سرقة‬ ً‫المال‬ ‫االحتٌال‬ ‫ابتزاز‬ ‫انتقام‬ Identity theft Financial fraud Extortion Revenge
  34. 34. •‫الفدٌة‬ ‫برامج‬ •‫البٌانات‬ ‫سرقة‬ •ً‫الصناع‬ ‫التجسس‬ •‫المالٌة‬ ‫الخسائر‬ Ransomware Data theft Industrial espionage Financial losses
  35. 35. Know your enemy •‫قاموس‬ •‫الغاشمة‬ ‫القوة‬ •‫اجتماعٌة‬ ‫هندسة‬ •‫التصٌد‬ Dictionary Brute-force Social engineering phishing
  36. 36. Common mistakes •‫جدا‬ ‫قصٌر‬ •‫جدا‬ ‫شائعة‬ •‫جدا‬ ‫قدٌم‬ •‫التخمٌن‬ ‫سهل‬ •ً‫إفتراض‬ Too short Too common Too old Easy to guess Default
  37. 37. •‫استخدامها‬ ‫معاد‬ •‫سًء‬ ‫بشكل‬ ‫تخزٌنها‬ •‫مؤمن‬ ‫غٌر‬ ‫جهاز‬ •‫مشترك‬ Reused Poorly stored Unsecured Device shared
  38. 38. Use a long password: 12 characters or more Use a combination of: Lowercase letters Uppercase letters Numbers Symbols don’t use a common password: Remember Spaceballs? How you can protect yourself
  39. 39. don’t base it on personal information: Social security number Name of a relative/pet Favorite things (book, team, etc.) Change the Default How you can protect yourself
  40. 40. Never reuse a password Store it securely: Don’t write it down Secure your Device Never share a password How you can protect yourself
  41. 41. How you can protect yourself The math behind password length & complexity Lowercase letters = 26 possibilities Uppercase letters = 26 possibilities Numbers = 10 possibilities Special characters = 33 possibilities Using them all provides 95 possibilities (26+26+10+33) for each character in a password (Also, there are 65,000 different Unicode characters…)
  42. 42. How you can protect yourself 8 character password with lowercase only: 268 = 208,827,064,576 For fun: 8 character password with Unicode characters: 650008 = 318,644,812,890,625,000,000,000,000,000,000,000,000 (3.18 x 1038) The math behind password length & complexity 2 character password with all possibilities: 95*95 = 9025 8 character password with all possibilities: 958 = 6,634,204,312,890,625 2 character password with lowercase only: 26*26 = 676
  43. 43. Test your password https://password.kaspersky.com/ http://www.passwordmeter.com/ https://www.grc.com/haystack.htm How you can protect yourself
  44. 44. Passwordmeter.com
  45. 45. Use a password manager Helps generating secure passwords No need to remember them all Work across platforms Cloud based or desktop Many are free How you can protect yourself
  46. 46. Privacy & Social Media
  47. 47. TodayThe good ol’ days Vs
  48. 48. What are the dangers? Identity theft Location tracking & sharing apps Social Engineering Phishing
  49. 49. Know your ‘Legal’ enemy How much money did Facebook make from you in Q1’2019? 3 billion Monthly Active Users 98% revenue from Advertising In US and Canada, average revenue per user: $39.38
  50. 50. Common mistakes Provide your personal info Post when you aren’t home Ignore privacy settings Use easy-to-guess password
  51. 51. How you can protect yourself You Be mindful about what you share Think twice before clicking links & installing apps Don’t accept unknown connection / friend requests
  52. 52. Avoid third party applications
  53. 53. The result ‫النتيجة‬
  54. 54. How you can protect yourself Your account(s) Check your privacy settings Practice password hygiene Secure with two-Factor Authentication https://twofactorauth.org/
  55. 55. How you can protect yourself Your device(s) Lock it Keep OS, browser & software updated Antivirus
  56. 56. Socialization Safety Guidelines: Improve your privacy and security settings Facebook: https://www.facebook.com/settings?tab=privacy Snapchat: https://support.snapchat.com/en-US/a/privacy-settings Google: https://myaccount.google.com/intro/privacycheckup LinkedIn: https://www.linkedin.com/psettings/privacy Twitter: https://twitter.com/settings/safety Apple: https://www.apple.com/ca/privacy/manage-your-privacy/ Microsoft: https://account.microsoft.com/account/privacy
  57. 57. Encryption ‫التشفير‬
  58. 58. Encryption  Encryption allows confidential or sensitive data to be scrambled when stored on media or transmitted over public networks (such as the Internet)  Many services, such as web and email, use unencrypted protocols by default  Your messages can be read by anyone who intercepts the message  For example, think of shouting a secret to one person in a crowded room of people  Always use encryption when storing or transferring confidential material  For Business use - Ask IT for assistance with encryption  For Personal use - Free programs, such as TrueCrypt, allow you to encrypt hard drives, flash drives, CompactFlash/SD cards and more  When purchasing online or using online banking, ensure that you are using an encrypted connection  Secure URLs begin with HTTPS://  Most browsers notify you that you are entering an encrypted transmission – be very cautious of warnings!  Padlock in bottom, right-hand corner of browser
  59. 59. Digital Threats: Protect Yourself  Never disable anti-virus programs or your firewall  This causes a lapse in security  Never download documents or files without the express permission of a supervisor, or unless otherwise stated in IT Policies  Could contain malware/spyware, viruses, or Trojans  Don’t open unexpected email attachments  Make sure it’s a file you were expecting and from someone you know  Never share login or password information  Anyone with your credentials can masquerade as you!  Do not ever send confidential information or customer data over unencrypted channels  Email  Instant Messaging  If you suspect you have been a victim of fraud, theft, or a hacking attempt, notify the IT Department immediately!
  60. 60. Social Engineering  People are often the weakest links  All the technical controls in the world are worthless if you share your password or hold the door open  Attempts to gain  Confidential information or credentials  Access to sensitive areas or equipment  Can take many forms  In person  Email  Phone  Postal Mail
  61. 61. One Man’s Trash…  Dumpster diving is the act of sorting through garbage to find documents and information that has been improperly discarded  Customer information  Internal records  Applications  Some things we’ve found:  Credit cards  Technical documentation  Backup tapes  Loan applications  Floor plans/schematics  Copies of identification  Lots of banana peels and coffee cups
  62. 62. Your Workstation  Access to a personal computer allows you to complete work more efficiently  Email  Word processing software  Online resources  Someone with access to your workstation now has access to your resources:  Databases  Customer records  Personal data  Email  Lock your workstation when you leave – even if you will be gone briefly!  Critical Data can be stolen in a matter of seconds Windows Key + L lock your computer This will prevent somebody from “volunteering” you for the lunch tab tomorrow!
  63. 63. Wireless • Common Attacks • WEP Cracking • Sniffing • Fake Access Points • Beware of the WiFi Pineapple! • Best Practices • WPA/WPA2 • VPN
  64. 64. Social Networking  Sites that allow users to post profiles, pictures and group together by similar interests  MySpace  Facebook  Livejournal  Some sites “enforce” age limitations, but no verification process exists to determine a user’s actual age  This means there are no barriers in place to prevent children from registering  Often lists personal details like name, age, location, pictures or place of business  Photos entice stalkers  Don’t list personal details on public websites  Popular with teenagers and young adults  False sense of anonymity – anyone can access this information  College admissions offices and employers are now utilizing social networking websites to perform background checks
  65. 65. Portable Devices  Easy to lose, easy to steal  Always keep them within sight, or lock away when not in use  Use caution when in crowded areas  PacSafe bags are cost-effective, great ways to secure your mobile computing devices  http://www.pacsafe.com  Report lost or stolen items immediately  Sometimes carry confidential information  Use strong passwords!  Require the device to lock after a period of inactivity  Use encryption  TrueCrypt: http://www.truecrypt.org  Always cleanly wipe portable devices before disposal  Eraser: http://www.heidi.ie/eraser/  Usually very valuable – you don’t want to pay for a new one!  As expensive as devices these devices are, the information on them is often worth much more.  Your daughter’s piano recital pictures, your tax returns or bank statements, or that dissertation or thesis you’ve been working on for a year!
  66. 66. Personal Protection  Always use antivirus, anti-spyware, and firewall  Educate your family on the dangers of the Internet  Stalkers, sexual predators, crooks and con-men have access to computers too  Be selective in the sites you visit  Some downloads have Adware or Spyware bundled with the file  Monitor children’s internet usage  Encrypt stored data and dispose of data properly
  67. 67. Top Ten Tips  Never write down or share your passwords  Don’t click on links or open attachments in email  Use antivirus, anti-spyware, and firewall and don’t disable  Don’t send sensitive data over unencrypted channels  Dispose of data properly  Cross-cut shredding  Multiple-wipe or physically destroy hard drives
  68. 68. Top Ten Tips  Don’t run programs from un-trusted sources  Lock your machine if you step away  Properly secure information  Safes, locked drawers for physical documents  Encryption for digital information  Verify correct person, website, etc.  If something seems too good to be true, it probably is
  69. 69. ‫تعرضى‬ ‫حال‬ ‫فى‬ ‫أتصرف‬ ‫كيف‬ ‫الرقمية‬ ‫هويتى‬ ‫لسرقة‬ Victim of Identity Theft? • Place a fraud alert on your credit reports • Close the accounts you know or believe to have been compromised • File a complaint with the Federal Trade Commission • File a report with your local police • For more information, visit the FTC’s website: http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html
  70. 70. https://www.egcert.eg/
  71. 71. Further Education  Microsoft:  http://www.microsoft.com/protect/fraud/default.aspx  CERT:  http://www.cert.org/tech_tips/home_networks.html  McAfee:  http://home.mcafee.com/AdviceCenter/Default.aspx  US CERT:  http://www.us-cert.gov/cas/tips/  Trace Security  http://tracesecurity.com (videos on lower-right)  Wikipedia and Google  Research is fun!
  72. 72. Alerts and Advisories  US CERT:  http://www.us-cert.gov/  Microsoft:  http://www.microsoft.com/security/  Security Focus:  http://www.securityfocus.com/  PayPal, your bank, and other popular websites will typically address scams or security problems on their home page
  73. 73. ‫وإستفسبرات‬ ‫أسئلة‬ ‫إلنصبتكم‬ ‫شكرا‬
  74. 74. Thank you

×