This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats such as viruses, worms, and social engineering, best practices to avoid threats such as using strong passwords and antivirus software, and what to do if a cybersecurity incident is suspected. Key points covered include the risks of identity theft and data loss if security is not followed, common vectors for vulnerabilities exploited by cyber criminals, and the need to protect systems in the same way doors are secured at home.
This document discusses the importance of cybersecurity and provides best practices to protect against common cyber threats. It begins by outlining the risks of identity theft, monetary theft, and legal ramifications from poor cybersecurity practices. It then describes common vectors for vulnerabilities like web browsers and excess user rights. The document summarizes several leading cyber threats like viruses, worms, Trojan horses, and social engineering. It provides examples of these threats and recommends practices like using antivirus software, firewalls, strong passwords, and regular backups to help avoid security compromises. The summary emphasizes implementing multiple layers of defense to address technical, personnel, and operational cybersecurity issues.
The document discusses various cybersecurity risks and best practices for protection. It notes that the internet allows attackers to strike from anywhere in the world. Poor security practices can enable identity theft, monetary theft, and legal issues. According to SANS.org, the top vulnerabilities are web browsers, IM clients, web applications, and excessive user rights. The document provides tips for protecting computers and data, such as using secure passwords, updating software, and practicing safe online behaviors. It also outlines common cyber attacks like viruses, worms, trojans, and social engineering and recommends defenses such as antivirus software, firewalls, and regular software updates.
User awareness and security practices are important to prevent attacks and vulnerabilities. Poor security can lead to identity theft, monetary theft, and legal issues. The top vulnerabilities according to SANS.org are web browsers, IM clients, web applications, and excessive user rights. Various types of malware like viruses, worms, Trojan horses, and botnets pose threats. Social engineering is another risk. Users should practice secure behaviors like strong passwords, antivirus software, and firewalls to protect themselves and their organizations.
End User Security Awareness - Information SecurityWorldTrade3
User awareness and security practices are important due to the risks posed by poor security knowledge and attacks from anywhere in the world via the internet. The top vulnerabilities exploited by cyber criminals include web browsers, IM clients, web applications, and excessive user rights. Maintaining updated anti-virus software, using strong and unique passwords, avoiding suspicious emails and attachments, and practicing good cyber hygiene can help protect users from common security risks. Organizations should implement defense in depth with multiple layers of security to address technical, personnel, and operational issues.
This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats like viruses and worms, social engineering, and best practices. It explains that cyber criminals exploit weaknesses like web browsers and applications to conduct identity theft, data theft, and cause legal issues. The document outlines common threats and how to identify security compromises, and recommends using antivirus software, firewalls, strong passwords, and regularly updating operating systems to help avoid risks.
This document discusses various cybersecurity risks and best practices. It describes how attackers can compromise computers through vulnerabilities in web browsers, applications, and weak user access rights. Common cyber attacks like viruses, worms, Trojans, and botnets are also explained. The document recommends implementing security measures like firewalls, antivirus software, and strong passwords to help defend against these threats. Regular software updates and awareness of social engineering tactics are also emphasized as important aspects of cybersecurity defense.
User awareness and security practices are important for protecting against cyber threats. It is not possible to ensure 100% security through technology alone. Individual responsibility and following best practices are key to a successful security program. The document outlines various cyber threats like viruses, social engineering, and password cracking. It emphasizes the importance of security awareness, strong passwords, keeping systems updated, anti-virus software, and careful handling of personal information. Multiple layers of security through practices like firewalls, access control, and backups can help bolster defenses.
This document provides information about cybersecurity and threats. It discusses the importance of cybersecurity and some common threats like viruses, worms, Trojan horses, and social engineering. It provides details on specific threats like phishing, man-in-the-middle attacks, and rootkits. The document also offers tips for secure practices like using strong passwords, backing up data, applying software updates, and reporting any suspected cybersecurity incidents. The overall message is that cybersecurity is important to protect individuals and organizations from online threats and risks.
This document discusses the importance of cybersecurity and provides best practices to protect against common cyber threats. It begins by outlining the risks of identity theft, monetary theft, and legal ramifications from poor cybersecurity practices. It then describes common vectors for vulnerabilities like web browsers and excess user rights. The document summarizes several leading cyber threats like viruses, worms, Trojan horses, and social engineering. It provides examples of these threats and recommends practices like using antivirus software, firewalls, strong passwords, and regular backups to help avoid security compromises. The summary emphasizes implementing multiple layers of defense to address technical, personnel, and operational cybersecurity issues.
The document discusses various cybersecurity risks and best practices for protection. It notes that the internet allows attackers to strike from anywhere in the world. Poor security practices can enable identity theft, monetary theft, and legal issues. According to SANS.org, the top vulnerabilities are web browsers, IM clients, web applications, and excessive user rights. The document provides tips for protecting computers and data, such as using secure passwords, updating software, and practicing safe online behaviors. It also outlines common cyber attacks like viruses, worms, trojans, and social engineering and recommends defenses such as antivirus software, firewalls, and regular software updates.
User awareness and security practices are important to prevent attacks and vulnerabilities. Poor security can lead to identity theft, monetary theft, and legal issues. The top vulnerabilities according to SANS.org are web browsers, IM clients, web applications, and excessive user rights. Various types of malware like viruses, worms, Trojan horses, and botnets pose threats. Social engineering is another risk. Users should practice secure behaviors like strong passwords, antivirus software, and firewalls to protect themselves and their organizations.
End User Security Awareness - Information SecurityWorldTrade3
User awareness and security practices are important due to the risks posed by poor security knowledge and attacks from anywhere in the world via the internet. The top vulnerabilities exploited by cyber criminals include web browsers, IM clients, web applications, and excessive user rights. Maintaining updated anti-virus software, using strong and unique passwords, avoiding suspicious emails and attachments, and practicing good cyber hygiene can help protect users from common security risks. Organizations should implement defense in depth with multiple layers of security to address technical, personnel, and operational issues.
This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats like viruses and worms, social engineering, and best practices. It explains that cyber criminals exploit weaknesses like web browsers and applications to conduct identity theft, data theft, and cause legal issues. The document outlines common threats and how to identify security compromises, and recommends using antivirus software, firewalls, strong passwords, and regularly updating operating systems to help avoid risks.
This document discusses various cybersecurity risks and best practices. It describes how attackers can compromise computers through vulnerabilities in web browsers, applications, and weak user access rights. Common cyber attacks like viruses, worms, Trojans, and botnets are also explained. The document recommends implementing security measures like firewalls, antivirus software, and strong passwords to help defend against these threats. Regular software updates and awareness of social engineering tactics are also emphasized as important aspects of cybersecurity defense.
User awareness and security practices are important for protecting against cyber threats. It is not possible to ensure 100% security through technology alone. Individual responsibility and following best practices are key to a successful security program. The document outlines various cyber threats like viruses, social engineering, and password cracking. It emphasizes the importance of security awareness, strong passwords, keeping systems updated, anti-virus software, and careful handling of personal information. Multiple layers of security through practices like firewalls, access control, and backups can help bolster defenses.
This document provides information about cybersecurity and threats. It discusses the importance of cybersecurity and some common threats like viruses, worms, Trojan horses, and social engineering. It provides details on specific threats like phishing, man-in-the-middle attacks, and rootkits. The document also offers tips for secure practices like using strong passwords, backing up data, applying software updates, and reporting any suspected cybersecurity incidents. The overall message is that cybersecurity is important to protect individuals and organizations from online threats and risks.
Cybersafety is the safe and responsible use of information and communication technology. It is about keeping information safe and secure, but also about being responsible with that information, being respectful of other people online, and using good 'netiquette' (internet etiquette).
This document discusses the security responsibilities of service desk staff. It emphasizes that security is a team effort and individual responsibility. The service desk plays an important role by being aware of potential threats, communicating security messages to users, and properly handling security incidents. As the main point of contact for IT issues, the service desk is well positioned to help the organization by noticing suspicious activity and serving as role models for secure practices.
This document provides an overview of cybersecurity training for Windstone Health Services employees in 2021. It defines cybersecurity and why it is important, discusses common cybersecurity threats like malware, phishing, and denial of service attacks. It also outlines responsibilities for both employees and the company, including maintaining secure passwords, updating software, and employing firewalls and encryption. The overall message is that cyberattacks are a serious risk and all entities must work together to protect systems, be wary of suspicious activities, and keep security protocols up to date.
This document provides an overview of user awareness and practices related to computer and network security. It discusses common internet threats like viruses, worms, Trojans, and social engineering. Proper password practices and defense in depth with tools like firewalls and antivirus software are recommended. Common attacks using techniques like phishing, man-in-the-middle, and botnets are also outlined. The importance of backups, pop-up blockers, and secure browsing habits are emphasized to help users protect themselves and their organizations from cyber threats.
This document summarizes a cyber security workshop covering various topics to help small businesses protect themselves from cyber threats. The workshop will take place on June 26 from 8-10 AM at the Madison Lakes Training & Conference Center in Dayton, OH. It will provide mentoring and training to business owners on topics like starting up a business, growing an existing business, and improving performance. Mentoring is free and seminars have a small or no charge. The document then introduces the speakers and their backgrounds and qualifications to discuss cyber security topics. [END SUMMARY]
This document discusses the importance of security for computer users and provides tips to improve security practices. It notes that the internet allows attackers to strike from anywhere in the world and that poor security can lead to identity theft, monetary theft, legal issues, and job termination. It distinguishes between security, which protects computers and data, and safety, which protects users from technology risks. The document provides examples of different types of attackers and threats like viruses, worms, Trojan horses, and botnets. It offers recommendations for creating strong passwords, avoiding suspicious emails and links, and not installing unauthorized programs or plugging in personal devices without permission.
This document provides definitions and information related to hacking and web defacement. It defines hacking as unauthorized use of computer and network resources. A hacker is described as an expert programmer who breaks security, while a cracker breaks in with malicious intent. Web defacement is when a hacker compromises a web server and changes the visual appearance or data on a page. Types of hacking discussed include password, email, site, banking and network hacking. The effects of hacking and methods to prevent hacking like software updates, firewalls, and antivirus software are also summarized.
Shawon Raffi is presenting on the topic of hacking. He explains that hacking has negative connotations but can actually be used for positive purposes like security testing and finding vulnerabilities. There are different types of hackers, including black hat hackers who perform criminal acts and white hat hackers who work in cybersecurity. The presentation then covers the history of hacking, definitions, famous hackers, countries with many hackers, and tips for protecting against hackers. It aims to provide an overview of hacking and clear up misconceptions, while emphasizing the importance of ethical hacking for security.
(1) The document is a seminar report presented by Parag S. Kosarkar on the topic of ethical hacking.
(2) It introduces ethical hacking and discusses techniques like SQL injection, keylogging, phishing, remote administration tools, and cookie stealing.
(3) The report provides steps people can take to protect themselves from being hacked, such as using antivirus software, firewalls, and secure passwords.
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
Personal Internet Security System or "PISS" doesn't exist. It's a mindset that comes from knowledge. Stop looking for someone else's and handle your own. You have an Antivirus? Firewall? Great! But the real threat comes from YOU! The user. That takes knowledge. I attached briefing slides for the typical user with minimal IT knowledge. Sometimes we all need a reminder that we are the ones who is the greatest threat to our networks. It's not a country states or actor. But we are the ones who inadvertently let them walk in.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
Ethical hacking for Business or Management.pptxFarhanaMariyam1
The document discusses ethical hacking and password cracking techniques. It begins with an introduction to ethical hacking and defines it as testing systems for security purposes with authorization. It then covers various password cracking techniques like dictionary attacks, brute force attacks, default passwords, and social engineering. Specific tools mentioned that can be used for password cracking include Cain and Abel, John the Ripper, THC Hydra, and rainbow tables. Common password mistakes are also listed. The document provides information on ethical hacking and analyzing various methods for cracking passwords.
The document provides an introduction to hacking and cracking, describing what hacking and cracking are, different types of hackers (high-level and low-level), and the difference between hackers and crackers. It also discusses common hacking techniques like password attacks, spoofing, and sniffing. The document is intended to educate about hacking and related cybersecurity topics.
This document discusses password cracking and keyloggers. It defines passwords and describes different types of password attacks like dictionary attacks and brute force attacks. It also lists popular password cracking tools. The document also defines keyloggers and discusses how they can be used legitimately for monitoring or illegally to steal sensitive information. It provides examples of hardware and software keyloggers and describes some methods of preventing keylogger infections like using antivirus software and alternative keyboards.
1) Ethical hacking involves legally accessing a network or system with the owner's permission to test security vulnerabilities. It helps find weaknesses that malicious hackers could exploit.
2) The document provides a history of hacking from the 1960s to present day, including early hackers at MIT and incidents involving stolen credit cards and hacked email accounts.
3) It describes ethical hackers as "white hats" who test security with permission, and outlines some common hacking techniques like port scanning, password cracking, and denial of service attacks used to gather information and launch attacks. The document provides safety tips for online privacy and security.
Cybersafety is the safe and responsible use of information and communication technology. It is about keeping information safe and secure, but also about being responsible with that information, being respectful of other people online, and using good 'netiquette' (internet etiquette).
This document discusses the security responsibilities of service desk staff. It emphasizes that security is a team effort and individual responsibility. The service desk plays an important role by being aware of potential threats, communicating security messages to users, and properly handling security incidents. As the main point of contact for IT issues, the service desk is well positioned to help the organization by noticing suspicious activity and serving as role models for secure practices.
This document provides an overview of cybersecurity training for Windstone Health Services employees in 2021. It defines cybersecurity and why it is important, discusses common cybersecurity threats like malware, phishing, and denial of service attacks. It also outlines responsibilities for both employees and the company, including maintaining secure passwords, updating software, and employing firewalls and encryption. The overall message is that cyberattacks are a serious risk and all entities must work together to protect systems, be wary of suspicious activities, and keep security protocols up to date.
This document provides an overview of user awareness and practices related to computer and network security. It discusses common internet threats like viruses, worms, Trojans, and social engineering. Proper password practices and defense in depth with tools like firewalls and antivirus software are recommended. Common attacks using techniques like phishing, man-in-the-middle, and botnets are also outlined. The importance of backups, pop-up blockers, and secure browsing habits are emphasized to help users protect themselves and their organizations from cyber threats.
This document summarizes a cyber security workshop covering various topics to help small businesses protect themselves from cyber threats. The workshop will take place on June 26 from 8-10 AM at the Madison Lakes Training & Conference Center in Dayton, OH. It will provide mentoring and training to business owners on topics like starting up a business, growing an existing business, and improving performance. Mentoring is free and seminars have a small or no charge. The document then introduces the speakers and their backgrounds and qualifications to discuss cyber security topics. [END SUMMARY]
This document discusses the importance of security for computer users and provides tips to improve security practices. It notes that the internet allows attackers to strike from anywhere in the world and that poor security can lead to identity theft, monetary theft, legal issues, and job termination. It distinguishes between security, which protects computers and data, and safety, which protects users from technology risks. The document provides examples of different types of attackers and threats like viruses, worms, Trojan horses, and botnets. It offers recommendations for creating strong passwords, avoiding suspicious emails and links, and not installing unauthorized programs or plugging in personal devices without permission.
This document provides definitions and information related to hacking and web defacement. It defines hacking as unauthorized use of computer and network resources. A hacker is described as an expert programmer who breaks security, while a cracker breaks in with malicious intent. Web defacement is when a hacker compromises a web server and changes the visual appearance or data on a page. Types of hacking discussed include password, email, site, banking and network hacking. The effects of hacking and methods to prevent hacking like software updates, firewalls, and antivirus software are also summarized.
Shawon Raffi is presenting on the topic of hacking. He explains that hacking has negative connotations but can actually be used for positive purposes like security testing and finding vulnerabilities. There are different types of hackers, including black hat hackers who perform criminal acts and white hat hackers who work in cybersecurity. The presentation then covers the history of hacking, definitions, famous hackers, countries with many hackers, and tips for protecting against hackers. It aims to provide an overview of hacking and clear up misconceptions, while emphasizing the importance of ethical hacking for security.
(1) The document is a seminar report presented by Parag S. Kosarkar on the topic of ethical hacking.
(2) It introduces ethical hacking and discusses techniques like SQL injection, keylogging, phishing, remote administration tools, and cookie stealing.
(3) The report provides steps people can take to protect themselves from being hacked, such as using antivirus software, firewalls, and secure passwords.
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
Personal Internet Security System or "PISS" doesn't exist. It's a mindset that comes from knowledge. Stop looking for someone else's and handle your own. You have an Antivirus? Firewall? Great! But the real threat comes from YOU! The user. That takes knowledge. I attached briefing slides for the typical user with minimal IT knowledge. Sometimes we all need a reminder that we are the ones who is the greatest threat to our networks. It's not a country states or actor. But we are the ones who inadvertently let them walk in.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
Ethical hacking for Business or Management.pptxFarhanaMariyam1
The document discusses ethical hacking and password cracking techniques. It begins with an introduction to ethical hacking and defines it as testing systems for security purposes with authorization. It then covers various password cracking techniques like dictionary attacks, brute force attacks, default passwords, and social engineering. Specific tools mentioned that can be used for password cracking include Cain and Abel, John the Ripper, THC Hydra, and rainbow tables. Common password mistakes are also listed. The document provides information on ethical hacking and analyzing various methods for cracking passwords.
The document provides an introduction to hacking and cracking, describing what hacking and cracking are, different types of hackers (high-level and low-level), and the difference between hackers and crackers. It also discusses common hacking techniques like password attacks, spoofing, and sniffing. The document is intended to educate about hacking and related cybersecurity topics.
This document discusses password cracking and keyloggers. It defines passwords and describes different types of password attacks like dictionary attacks and brute force attacks. It also lists popular password cracking tools. The document also defines keyloggers and discusses how they can be used legitimately for monitoring or illegally to steal sensitive information. It provides examples of hardware and software keyloggers and describes some methods of preventing keylogger infections like using antivirus software and alternative keyboards.
1) Ethical hacking involves legally accessing a network or system with the owner's permission to test security vulnerabilities. It helps find weaknesses that malicious hackers could exploit.
2) The document provides a history of hacking from the 1960s to present day, including early hackers at MIT and incidents involving stolen credit cards and hacked email accounts.
3) It describes ethical hackers as "white hats" who test security with permission, and outlines some common hacking techniques like port scanning, password cracking, and denial of service attacks used to gather information and launch attacks. The document provides safety tips for online privacy and security.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
2. Importance of Cybersecurity
The internet allows an attacker to work from
anywhere on the planet.
Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your organization)
Sanctions or termination if policies are not followed
According to the SANS Institute, the top vectors for
vulnerabilities available to a cyber criminal are:
Web Browser
IM Clients
Web Applications
Excessive User Rights
2
3. Cybersecurity is Safety
Security: We must protect our computers and data
in the same way that we secure the doors to
our homes.
Safety: We must behave in ways that protect us
against risks and threats that come with technology.
3
4. User Awareness
4
Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users who
know how to
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Criminals: Create & sell
bots -> generate spam
Sell credit card numbers,
etc…
System Administrators
Some scripts appear useful
to manage networks…
Malware package earns $1K-2K
1 M Email addresses earn $8
10,000 PCs earn $1000
Posts to
6. Viruses
6
A virus attaches itself to a program,
file, or disk.
When the program is executed, the
virus activates and replicates itself.
The virus may be benign or
malignant but executes its payload
at some point (often upon contact).
Viruses can cause computer crashes and
loss of data.
In order to recover or prevent virus
attacks:
Avoid potentially unreliable
websites/emails.
System Restore.
Re-install operating system.
Use and maintain anti-virus software.
Program
A
Extra Code
Program
B
infects
7. Worms
7
Independent program that replicates itself and sends copies from
computer to computer across network connections.
Upon arrival, the worm may be activated to replicate.
To Joe
To Ann
To Bob
Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@u.edu
8. Logic Bombs and Trojan Horses
8
Logic Bomb: Malware logic executes upon certain
conditions. The program is often used for otherwise
legitimate reasons.
Examples:
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired.
Trojan Horse: Masquerades as a benign program while
quietly destroying data or damaging your system.
Download a game: It may be fun but contains hidden code that gathers personal
information without your knowledge.
9. Social Engineering
9
Social engineering manipulates people into performing actions or divulging
confidential information. Similar to a confidence trick or simple fraud, the term
applies to the use of deception to gain information, commit fraud, or access computer
systems.
Phone Call:
This is John,
the System
Administrator.
What is your
password?
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
lovely
software
patches!
I have come
to repair
your
machine…
10. Phishing: Counterfeit Email
10
Phishing: A seemingly
trustworthy entity asks for
sensitive information such
as SSN, credit card
numbers, login IDs or
passwords via e-mail.
11. Pharming: Counterfeit Web Pages
11
The link provided in the e-mail leads to a counterfeit
webpage which collects important information and
submits it to the owner.
The counterfeit web page looks like the real thing
Extracts account information
Misspelled
Wiping
over, but
not clicking
the link
may reveal
a different
address.
With whom?
Copyright
date is old
12. Botnet
12
A botnet is a number of compromised computers used to
create and send spam or viruses or flood a network with
messages as a denial of service attack.
The compromised computers are called zombies.
13. Man In The Middle Attack
13
An attacker pretends to be your final destination on the network.
When a person tries to connect to a specific destination, an attacker
can mislead him to a different service and pretend to be that
network access point or server.
14. Rootkit
14
Upon penetrating a
computer, a hacker may
install a collection of
programs, called a rootkit.
May enable:
Easy access for the hacker (and
others)into the enterprise
Keystroke logger
Eliminates evidence of
break-in.
Modifies the operating
system.
15. Password Cracking
Dictionary Attack and Brute Force
15
Pattern Calculation Result Time to Guess
(2.6x1018 tries/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
16. Georgia Data Breach Notification Law
O.C.G.A. §§10-1-910, -911, -912
An unauthorized acquisition of electronic data that
compromises the security, confidentiality or
integrity of “personal information.”
Personal Information
Social Security Number.
Driver’s license or state ID number.
Information permitting access to personal accounts.
Account passwords or PIN numbers or access codes.
Any of the above in connection with a person’s name if
the information is sufficient to perform identity theft
against the individual.
16
17. Identifying Security Compromises
17
Symptoms:
Antivirus software detects a problem.
Disk space disappears unexpectedly.
Pop-ups suddenly appear, sometimes selling security
software.
Files or transactions appear that should not be there.
The computer slows down to a crawl.
Unusual messages, sounds, or displays on your monitor.
Stolen laptop: 1 stolen every 53 seconds; 97% never
recovered.
The mouse pointer moves by itself.
The computer spontaneously shuts down or reboots.
Often unrecognized or ignored problems.
18. Malware detection
18
• Spyware symptoms:
• Changes to your browser homepage/start page.
• Ending up on a strange site when conducting a search.
• System-based firewall is turned off automatically.
• Lots of network activity while not particularly active.
• Excessive pop-up windows.
• New icons, programs, favorites which you did not add.
• Frequent firewall alerts about unknown programs
when trying to access the Internet.
• Poor system performance.
19. Best Practices to avoid these threats
19
uses multiple layers of defense to
address technical, personnel and operational issues.
User Account Controls
20. Anti-virus and Anti-spyware Software
20
• Anti-virus software detects certain types of malware and
can destroy it before any damage is done.
• Install and maintain anti-virus and anti-spyware
software.
• Be sure to keep anti-virus software updated.
• Many free and commercial options exist.
• Contact your Technology Support Professional for
assistance.
21. Host-based Firewalls
21
• A firewall acts as a barrier between your computer/private
network and the internet. Hackers may use the internet to
find, use, and install applications on your computer. A firewall
prevents many hacker connections to your computer.
• Firewalls filter network packets that enter or leave your
computer
22. Protect your Operating System
22
Microsoft regularly issues patches or updates to solve security problems in their
software. If these are not applied, it leaves your computer vulnerable to hackers.
The Windows Update feature built into Windows can be set up to automatically
download and install updates.
Avoid logging in as administrator
Apple provides regular updates to its operating system and software applications.
Apply Apple updates using the App Store application.
23. Use Strong Passwords
Make passwords easy to remember but hard to guess
• USG standards:
• Be at least ten characters in length
• Must contain characters from at least two of the following
four types of characters:
– English upper case (A-Z)
– English lower case (a-z)
– Numbers (0-9)
– Non-alphanumeric special characters ($, !, %, ^, …)
• Must not contain the user’s name or part of the user’s name
• Must not contain easily accessible or guessable personal
information about the user or user’s family, such as
birthdays, children’s names, addresses, etc.
23
24. Creating Strong Passwords
• A familiar quote can be a good start:
• Using the organization standard as a guide,
choose the first character of each word:
• LIASMWTFOS
• Now add complexity the standard requires:
• L1A$mwTF0S (10 characters, 2 numerals, 1 symbol,
mixed English case: password satisfies all 4 types).
• Or be more creative!
24
“LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS”
William Shakespeare
25. Password Guidelines
• Never use admin, root, administrator, or a default
account or password for administrative access.
• A good password is:
– Private: Used by only one person.
– Secret: It is not stored in clear text anywhere,
including on Post-It® notes!
– Easily Remembered: No need to write it down.
– Contains the complexity required by your organization.
– Not easy to guess by a person or a program in a reasonable
time, such as several weeks.
– Changed regularly: Follow organization standards.
• Avoid shoulder surfers and enter your credentials
carefully! If a password is entered in the username
field, those attempts usually appear in system logs.
25
26. Avoid Social Engineering
and Malicious Software
• Do not open email attachments unless you are
expecting the email with the attachment and you
trust the sender.
• Do not click on links in emails unless you are
absolutely sure of their validity.
• Only visit and/or download software from web
pages you trust.
26
27. Avoid Stupid Hacker Tricks
Be sure to have a good firewall or pop-up blocker
installed.
Pop-up blockers do not always block ALL pop-ups so
always close a pop-up window using the ‘X’ in the
upper corner.
Never click “yes,” “accept” or even “cancel.”
Infected USB drives are often left unattended by
hackers in public places.
27
28. Secure Business Transactions
28
Always use secure browser to do online activities.
Frequently delete temp files, cookies, history, saved passwords etc.
https://
Symbol indicating
enhanced security
29. Backup Important Information
29
No security measure is 100% reliable.
Even the best hardware fails.
What information is important to you?
Is your backup:
Recent?
Off-site & Secure?
Process Documented?
Encrypted?
Tested?
30. Cyber Incident Reporting
30
If you suspect a cybersecurity incident, notify your organization’s
help desk or the USG ITS help desk immediately. Be prepared to
supply the details you know and contact information.
1. Do not attempt to investigate or remediate the incident on
your own.
2. Inform other users of the system and instruct them to stop
work immediately.
3. Unless instructed, do not power down the machine.
4. Unless instructed, do not remove the system from the
network.
The cybersecurity incident response team will contact you as
soon as possible to gather additional information.
Each USG organization is required to have a specific plan to
handle cybersecurity incidents. Refer to local policies, standards
and guidelines for specific information.
31. Fraud
31
Organizations lose 5-6% of
revenue annually due to
internal fraud = $652
Billion in U.S. (2006)
Average scheme lasts 18
months, costs $159,000
25% costs exceed $1M
Smaller companies suffer
greater average dollar
losses than large
companies
Internal Fraud Recovery
$0 Recovered
Recovery<=25%
Substantial Recovery
Essentials of Corporate Fraud, T L Coenen,
2008, John Wiley & Sons
32. Fraud Discovery
32
Tips are the most common way fraud is discovered.
Tips come from:
Employee/Coworkers 64%,
Anonymous 18%,
Customer 11%,
Vendor 7%
If you suspect possible fraud, report it anonymously to the USG ethics hot line
at 877-516-3466.
0
5
10
15
20
25
30
35
40
Tip By Accident Internal Audit Internal Controls External Audit Notified by
Police
%
How Fraud is Discovered
Essentials of Corporate Fraud, T L
Coenen, 2008, John Wiley & Sons
Security: The way in which we protect access to our computers and information. E.g. Anti-virus software, firewall
Safety: The we behave while using the internet. E.g. Safe email behavior, safe software downloading behavior
Stress the difference and the importance of both together to provide a safe and secure computing environment.
Users must be aware of the threats that exist in order to properly detect and prevent them.
Viruses
Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet.
Computer viruses are often hidden in what appear to be useful or entertaining programs or e-mail attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in e-mail to friends and colleagues.
Worms
Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as email.
Logic Bomb
Malware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database.
Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination.
Trojan Horses
A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later.
The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.
Social Engineering can occur in-person, over the phone, in emails or fake web pages.
Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
The next two slides discuss two types of Social Engineering: phishing and pharming.
Phishing: A type of Social Engineering. The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a counterfeit website. Typically the e-mail and the web site looks like they are part of a trusted organization with whom the user is familiar.
Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.
When your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to locate and eradicate.
Zombie: a compromised computer which may host pornography, illegal music and/or movies
Botnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks.
Man in the middle attackers can deploy decoy wireless access points near legitimate ones but pretend to be legitimate. The decoy access point resembles the legitimate one, fooling unwitting users into giving up their credentials.
RootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password.
Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation.
At this stage just discuss the attacks and comparisons to password lengths and patterns.
Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.
Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
. NIST also recommends including criminal records, student grades, passport numbers, mortgage numbers, civil court numbers, date/place of birth, and more.
Windows and Mac OS X have host-based firewall software built-in. Be sure to always have it on.
It is necessary to have software firewalls on each computer even if you have a hardware firewall protecting your network. If your hardware firewall is compromised by a hacker or by malicious code of some kind, you don’t want the intruder or malicious program to have unlimited access to your computers and the information on those computers.
Every computer in the network should have its own software firewall enabled.
Windows and Mac OS X operating systems have a built-in firewall, which can be easily located in the control panel on the PC or System Preferences on the Mac. Ensure it is always turned on.
For other commercial operating systems, the operations manual should have instructions about the firewall options.
For an optional implementation of firewall security, commercial third-party firewall software can be installed.
Make passwords according to organization standards. USG has set a minimum.
Email Attachments
Attachments should be opened only from trusted senders.
If you are not expecting an email attachment from the sender, it’s a good idea to call and confirm, before opening the attachment.
Spam email often asks for sensitive information.
Links in emails
Never click on link in email attachment, except only when you are expecting it.
If you are not expecting an email link from the sender, it’s a good idea to call and confirm, before clicking the email link.
If you hover the cursor over an email’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match.
Trustworthy Web Pages
Software download should be done only from trusted websites like Microsoft for Windows updates and Office application updates.
Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.
A pop-up blocker should be installed (many browsers have them as add-ons), but they do not always block all pop-ups
Do not respond to pop ups while working online. For example, a malicious pop up message may say that you have a virus on the system. Close it by clicking on X in the upper right corner. If you click OK, it might install spyware or other malicious code.‘
Infected USB drives are often left unattended by hackers in public places. They intend for unsuspecting people to take the USB home or to the office and unknowingly install the worm or malicious code.
Always use secure browser to do online activities.
Frequently delete temp files, cookies, history, saved passwords etc.
Look for https and/or lock or secure symbol
Backup should be done (at least)once a week. If possible, store to a removable media.
The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB).
Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month.
Backup data should be tested periodically to ensure reliability.
Cyber incident reporting standards are detailed in section 5.3 of the IT handbook. These are general standards and are operationalized by guidelines specific to the USG organization.
Tips on fraud are most frequent method of discovering it.
The percentages given for where the tips come from are percentages of total tips, not total fraud discoveries.