This document discusses various cybersecurity threats and best practices for protection. It begins by defining key cybersecurity terminology. It then describes the spectrum of cyber threats from personal to global levels, including viruses, worms, Trojans, and types of hacking like phishing, spoofing and hacktivism. Examples of cyberwarfare and its purposes are provided. The document recommends developing literacy about threats, protecting vulnerabilities in devices, software and user behavior, and describes approaches for secure environments like backups and system updates. Cyber threats targeting students are also outlined.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
System Security:
1. Security problem & User Authentication
2. Program, network And system Threats
3. Handling the Security problem
CONTACT ME AT: reddhisb@gmail.com
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
Security and Ethical Challenges
Contributors: Kim Wandersee, Les Pang
Computer Security
Computer Security Goals
Computer security must be viewed in a holistic manner and provide an end-to-end protection
as data moves through its lifecycle. Data originates from a user or sensor, passes over a
network to reach a computing system that hosts software. This computer system has software
and processes the data and stores in in a storage device. That data is backed up on a device
and finally archived. The elements that handle the data need to be secure. Computer security
pertains to all the means to protect the confidentiality, integrity, availability, authenticity,
utility, and possession of data throughout its lifecycle.
Confidentiality: A security principle that
works to ensure that data is not disclosed to
unauthorized persons.
Integrity: A security principle that makes sure
that information and systems are not
modified maliciously or accidentally.
Availability: A security principle that assures
reliable and timely access to data and
resources by authorized individuals.
Authenticity: A security principle that the
data, transactions, communications or
documents are genuine, valid, and not
fraudulent.
Utility: A security principle that addresses
that the information is usable for its intended
purpose. .
Possession: A security principle that works to
ensure that data remains under the control of
the authorized individuals.
Figure 1. Parkerian Hexad (PH) security model.
The Parerian Hexad (PH) model expands on the Confidentiality, Integrity, and Availability (CIA)
triad that has been the basic model of Information Security for over 20 years. This framework is
used to list all aspects of security at a basic level. It provides a complete security framework to
provide the means for information owners to protect their information from any adversaries
and vulnerabilities. It adds Authenticity, Utility, and Possession to CIA triad security model. It
addresses security aspects for data throughout its lifecycle.
The Center for Internet Security has identified 20 controls necessary to protect an organization
from known cyber-attack. The first 5 controls will provide effective defense against the most
common cyber-attacks, approximately 85% of attacks. The 5 controls are:
1. Inventory of Authorized and Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software
4. Continuous Vulnerability Assessment and Remediation
5. Controlled User of Administrative Privileges
A full explanation of all 20 controls is available at the Center for Internet Security website.
Search for CIS controls.
Security Standards and Regulations
The National Institute of Standards and Technology (NIST), Computer Security Division, provides
security standards in its Federal Information Processing Standards (.
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
Security and Ethical Challenges
Contributors: Kim Wandersee, Les Pang
Computer Security
Computer Security Goals
Computer security must be viewed in a holistic manner and provide an end-to-end protection
as data moves through its lifecycle. Data originates from a user or sensor, passes over a
network to reach a computing system that hosts software. This computer system has software
and processes the data and stores in in a storage device. That data is backed up on a device
and finally archived. The elements that handle the data need to be secure. Computer security
pertains to all the means to protect the confidentiality, integrity, availability, authenticity,
utility, and possession of data throughout its lifecycle.
Confidentiality: A security principle that
works to ensure that data is not disclosed to
unauthorized persons.
Integrity: A security principle that makes sure
that information and systems are not
modified maliciously or accidentally.
Availability: A security principle that assures
reliable and timely access to data and
resources by authorized individuals.
Authenticity: A security principle that the
data, transactions, communications or
documents are genuine, valid, and not
fraudulent.
Utility: A security principle that addresses
that the information is usable for its intended
purpose. .
Possession: A security principle that works to
ensure that data remains under the control of
the authorized individuals.
Figure 1. Parkerian Hexad (PH) security model.
The Parerian Hexad (PH) model expands on the Confidentiality, Integrity, and Availability (CIA)
triad that has been the basic model of Information Security for over 20 years. This framework is
used to list all aspects of security at a basic level. It provides a complete security framework to
provide the means for information owners to protect their information from any adversaries
and vulnerabilities. It adds Authenticity, Utility, and Possession to CIA triad security model. It
addresses security aspects for data throughout its lifecycle.
The Center for Internet Security has identified 20 controls necessary to protect an organization
from known cyber-attack. The first 5 controls will provide effective defense against the most
common cyber-attacks, approximately 85% of attacks. The 5 controls are:
1. Inventory of Authorized and Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software
4. Continuous Vulnerability Assessment and Remediation
5. Controlled User of Administrative Privileges
A full explanation of all 20 controls is available at the Center for Internet Security website.
Search for CIS controls.
Security Standards and Regulations
The National Institute of Standards and Technology (NIST), Computer Security Division, provides
security standards in its Federal Information Processing Standards ( ...
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
Discovering History Through Digital Newspaper CollectionCengage Learning
Hear from Seth Cayley, Director of Research Publishing at Gale, a part of Cengage Learning, as he discusses the historic media coverage of familiar and little known events, cultural phenomena, and everyday life found in 19th and early 20th century newspapers. Learn how historical newspapers can support faculty research, drive inquiry and critical thinking among students, and stimulate classroom debate.
Are Your Students Ready for Lab?
11/5/2015
Presenters: Bill Heslop and Tony Baldwin, Directors and Co-founders, Learning Science Ltd.
LabSkills is an online program that prepares students for their lab sessions through assignments inOWLv2, the leading online learning system for Chemistry. LabSkills makes it easy for you to requirestudents to complete laboratory preparation prior to attending lab with demonstrations, interactivesimulations, and quizzes. The newest version of LabSkills PreLabs is an enhanced course with 10 new techniques, plus new mobile-compatible simulations. LabSkills content is easy to assign and is automatically graded. LabSkills is currently used by schools and universities in more than 30 countries worldwide.In this webinar, you will learn how to get your students:-Engaged with practical work-Prepared when they get to the lab-Confident in performing the experiments-Using the time in the lab effectively
5 Course Design Tips to Increase Engagement and OutcomesCengage Learning
Facilitated by: Professor Greg Gellene, Texas Tech University, Lubbock, Texas
10/21/2015
How do you get the most out of your students? Do you wish for them to participate more? Complete their homework? Improve their outcomes? Listen as Greg Gellene reveals his 5 tips for designing a course to better engage college students. Greg will share his experience building a digitally-infused course that increased class attendance and drove homework completion rates to over 80%. Attend this second webinar in our Journey to Digital Professional Development Series to hear from Greg, ask advice for implementing such methods in your own course, and discover why Greg’s students say technology helped to keep them well-engaged in his course.
The Journey to Digital: Incorporating Technology to Strengthen Critical MindsCengage Learning
Dr. Dale Prentiss, Special Lecturer, Oakland University, Rochester, Michigan
Have you gone digital? 74% of surveyed college students feel that they would fare better if their instructors would use more technology. Whether you are a technology novice or a digital pro, we welcome you to a webinar inspired by a recent case study at Oakland University. Dr. Dale Prentiss will share his journey to digital, his mission to help students strengthen their critical thinking skills, and how personalizing his course resulted in better student engagement. Join Dale as he discusses the highs and lows of moving from a non-digital to a fully-digital experience and offers tips on how to make the transition in your own course in this first webinar of The Journey to Digital Professional Development Series.
Google Drive Plus TexQuest Equals a Match Made in Research HeavenCengage Learning
Learn more about how Prosper (TX) High School is using their Gale In Context resources through the Google integration with tools such as Drive, Docs, and Apps, to help their students and teachers more easily access and share content within the classroom, library and from home.
Improving Time Management: Tips that Will Help College Students Start the Yea...Cengage Learning
Successful time management can have a major positive impact on grades and classroom performance. In addition, students who improve their time management report less stress, better focus and improved quality of life. Keep reading to review Cengage Learning’s top time-management tips!
How successful is MindTap? Just ask the Students! We asked and you answered, students are more likely to recommend to fellow students and professors alike!
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Cengage Learning
Get up and running with Enhanced WebAssign (EWA) quickly! In this hour long peer-to-peer training session you will learn how to log in, create your own course, build and schedule assignments, and more. In addition, you’ll also get advice on what to require of students during the first couple of weeks of class.
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeCengage Learning
Hear from respected educational technologist, Lenny Schad, as he shares his experiences in leading a large Texas school district through a program of inclusion – creating an environment where it no longer matters which brands of hardware are being used or who owns the devices. Lenny is also an author with a recent ISTE published title Bring Your Own Learning.
Decimal and Fraction Jeopardy - A Game for Developmental MathCengage Learning
Each year colleges identify a significant number of students needing developmental math classes. Classes include capable students who may have fallen behind as well as students who have never acquired the skills to be successful in math. Game based learning can enhance motivation and help students succeed. Creating a game does not require advance technical skills. This user-friendly Powerpoint game is modeled on the popular Jeopardy game show and provides students with the opportunity to develop basic math skills. With game based learning, your lesson plan will become a focused, interactive opportunity for learning.
Game it up! Introducing Game Based Learning for Developmental MathCengage Learning
Addressing the needs of developmental math students is difficult but important challenge facing instructors. Game based learning adds excitement to your lesson and helps students focus. In this presentation, Dr Kathleen Offenholly reviews best practices and simple steps for adding game based learning to your class. The games are not flashy and do not require advanced technical skills. They are simple to implement and have proven to be effective.
Our esteemed guest, and author of the ASCD published title "Overcoming Textbook Fatigue", ReLeah Lent, shares ways in which over-reliance on textbooks as a sole-source of curriculum instruction can unintentionally create a barrier between our students and 21st Century effectiveness. Ms. Lent discuss actionable strategies for navigating this barrier while engaging our students more effectively.
Adult Student Success: How Does Awareness Correlate to Program Completion?Cengage Learning
Adult Student Success: How Does Awareness Correlate to Program Completion?
Presented by: Dr. Barbara Calabro and Dr. Melanie Yerk
Date Recorded: 12/9/2014
This installment of Cengage Learning’s College Success Faculty Engagement Webinar Series will help instructors and administrators to better understand the multi-faceted approaches to adult student success and retention by exploring the factors that specifically impact how adult students learn (including motivation, personality development, Maslow’s Hierarchy of Needs as they relate to adult students, self-esteem, and financial literacy) and by discussing the foundational competencies necessary for success both in college and in the workplace.
You're responsible for teaching, and your students are resonsible for learnin...Cengage Learning
Presenter: Dr. Debora Katz, United States Naval Academy
We've all heard the expression, "You can lead a horse to water, but you cannot make him drink." Many of us think this expression applies to our physics students. We lead them to physics, but we make them drink it in. Put in more concrete terms we are responsible for teaching, but our students are responsible for learning. So how can we get them to learn? In this webinar, Dr. Debora Katz, author of the new calculus-based physics text, Physics for Scientists and Engineers: Foundations and Connections, will discuss how flipping her classroom has shifted the focus from her teaching to her students' learning.
What is the Impact of the New Standard on the Intermediate Accounting Course?Cengage Learning
Presented by: Jefferson P. Jones Auburn University and Donald P. Pagach North Carolina State University
This session will address why the new standard was issued, its impact on the intermediate accounting course, and guidance on how to teach the new standard in the intermediate accounting course. Authors Jeff Jones and Don Pagach will also discuss how the new standard will be addressed in the second edition of Wahlen/Jones/Pagach Intermediate Accounting 2e.
The ABCs Approach to Goal Setting and ImplementationCengage Learning
Presented by: Dr. Christine Harrington - Director for the Center for the Enrichment of Learning and Teaching, Middlesex County College
Despite its' widespread use, you may be surprised to discover the research supporting the SMART goal setting framework is lacking. In fact, the SMART model is missing the most important factor in goal setting. Come discover a research-based framework (and the most important goal setting factor!) that will assist your students with setting and implementing effective goals that will lead to high levels of success.
Competency-based Education: Out with the new, in with the old? Cengage Learning
Presented by: Sally M. Johnstone, PhD - Vice President for Academic Advancement, Western Governors University; Dr. Larry Banks - Provost, Daymar Colleges Group, Competency Based Education Consultant, Wonderlic Assessments; and Anne Gupton, L.P.C., N.C.C. - Counselor and Associate Professor, Mott Community College
Date Recorded: 10/3/2014
The idea of competency-based education has steadily gained traction in the media, but its appropriateness in the educational arena remains questioned. How does this drive critical thinking? Should we measure learning based on the application of existing knowledge, or the ability to acquire and apply new knowledge?
Student-to-Student Learning, Powered by FlashNotes Cengage Learning
Presented by: Lester Lefton, President Emeritus of Kent State and Lou Lataif, Dean Emeritus of the School of Business at Boston University
Join Lester Lefton, President Emeritus of Kent State and Lou Lataif, Dean Emeritus of the School of Business at Boston University as they share the power of peer to peer education. We’ll also be joined by Michael Matousek as he shares the story of his company, Flashnotes.com, and its mission to compliment and reinforce the in-class experience and assigned textbook through the Flashnotes.com marketplace. By leveraging original student-created content, students have another opportunity to get help in real-time, preventing them from falling behind throughout the semester, to improve academic outcomes, student retention and graduation rate. In addition, hear the thoughts and experiences of fellow educators on this topic, and learn how you can help your students to take advantage of this technology.
Presented by: Francine Fabricant, MA, EdM - Lecturer at Hofstra University Continuing Education
It is possible for today's students to look at an unpredictable world and feel confident about their career potential. Students are facing a rapidly-changing, technologically-advanced, global economy, where job security is a thing of the past. To help students feel more secure and optimistic, they need a new set of tools.
Using strategies from the latest academic research and best-selling authors, we'll explore the new skills for career success, including open-mindedness, proactive behavior, creative thinking, sponsorship, personal branding, and lifelong learning. We'll also discuss how structured tools can help your students, such as a career portfolio and a flexible plan of action.
3. Syllabus Objectives
• Describe the broad spectrum of cyber threats and how
they affect you and your students.
• Define essential terminology used in discussing cyber
security.
• Through discussion, participants will share their
experiences concerning data security.
• Identify to students using lecture, lab or discussion,
three or more data security risks they may encounter.
• Describe 3 “best practices” you can use to limit risk
from a cyber threat.
• Create anti-matter (no… not really).
Upon completing this presentation, you shall be able to:
4. Spectrum of threat
Personal Global
Virus on my PC
Tracking people
My data stolen
Work National
Ineffective/slow
computer
Resource usage
Corporate data
Intellectual
Property
Infra-structure
Privacy (Personal
& Corporate)
Economic
impact, piracy,
intelligence
Cyberwarfare
Hacktivisim
Financial
5. Purpose of Cyberwarefare attacks
• Disable websites and networks
• Disrupt or disable essential services
• Steal or alter classified data
• Cripple financial systems
(source: searchsecurity.techtarget.com)
Cyberwarfare is Internet-based conflict involving politically motivated
attacks on information and information systems.
6. Global Cyberwarefare Examples
• Iranian nuclear espionage
Stuxnet (June 2010) – ruined appox. 1/5 of
their centrifuge systems.
(Wikipedia, n.d.); (globalresearch)
• "GhostNet“, a spy network, accessed
confidential information belonging to both
governmental and private organizations in
over 100 countries around the world.
• In 2007, in Estonia, a botnet of over a million
computers brought down government,
business and media websites.
(searchsecurity.techtarget.com)
7. Hacktivism – “hack” & “activism”
• Defacing websites who
oppose their ideology.
• Development of PGP was in
response to bill permitting
government to obtain plain
text content.
(Wikipedia, n.d.)
… the act of hacking, or breaking into a computer system, for a politically or
socially motivated purpose.
(source)
8. Hacktivism examples
• During the 2009 Iranian election
protests, Anonymous played a
role in disseminating
information to and from Iran by
setting up the website
Anonymous Iran; they also
released a video manifesto to
the Iranian government.
• Anonymous - Message to the
American People
https://www.youtube.com/watc
h?v=HrXyLrTRXso
• Google helped SayNow and
Twitter to provide
communications for the
Egyptian people in response to
the government sanctioned
internet blackout during the
2011 protests. The result, Speak
To Tweet, was a service in which
voicemail left by phone was
then tweeted via Twitter with a
link to the voice message on
Google's SayNow.
9. Domestic Cyber threats
• Intellectual Property theft
from both government and
businesses.
(Source: The Dragon and the Computer: Why Intellectual Property
Theft is Compatible with Chinese Cyber-Warfare Doctrine)
• Infra-structure – electrical
grid, water systems,
communications,
transportation.
10. Malware stories
• Target cyber attack
– "memory-parsing" software known as
a "RAM scraper," -- it steals the
transaction data from a credit or
debit card's magnetic strip during a
brief unencrypted moment in the
transaction process .
(AP Photo/Steven Senne)
11. Data Security – Surveillance? Privacy?
• NSA wireless transmitter
NSA’s malware program,
codenamed QUANTUM.
Uses a secretly installed
radio transmitter. Affected
computers do not need to
be connected to the
Internet.
12. Data Security Examples
• FBI could remotely and secretly activate video
cameras on devices.
(From a web article that cites a Washington Post report.)
• Students at John Hopkins discovered how to disable
the LED on a Mac so that the camera could take
pictures without indicating it was on.
• Student doctoral research details how he accessed
network through a CISCO VoIP phone.
13. Business attacks
• Taking over web sites
– To harm reputation
– To redirect customers
– To capture login credentials or financial information
• Stealing Intellectual Property or Trade Secrets
• Disruption operations both internally and externally,
such as with a Distributed Denial of Service (DDoS)
14. Schools & Colleges Data Security
• Grade and transcripts
modifications
Blackboard - Dutch company
Online24 reports vulnerability
that student could alter grades.
(http://www.utwente.nl/onderwijssystemen/nieuwsarchief/ni
euwsberichten/blackboard_veiligheid_eng/)
• Changes to financial records
Unauthorized access to student records
15. Targeting your Devices & Information
Motivation for creating malware
Outcome Computer action
“bragging rights” / name
recognition
System access or proliferation of malware
Obtaining personal data Identity theft / social engineering attacks /
account access
Using / Controlling computer E-mail SPAM campaigns; DDoS attacks; bot-nets
Financial benefit Directs user to buy software to repair / recover
Spying / Voyeurism Secretly listen or watch people
16. Description
Purposes to create another copy of
itself as part of its function.
It must be run or executed as code
by exploiting a weakness in the OS,
a program or trick the user.
Analogy
As implied by the name, a molecular
virus attaches to a healthy cell and
injects its viral nucleic acids so that the
healthy cell regenerates the virus cell.
Malware explained - Viruses
17. Description
Appearing as a legitimate program, a
Trojan infection installs unwanted,
often harmful additional program.
Trojans are not self-replicating like
viruses.
Trojans drop a ‘payload’ – keyloggers,
Remote Access Trojans (RATs), back-
doors, Internet Relay Chats (IRC). Can
be used to create bot-nets.
Analogy
The threat from the classical “Trojan
Horse” was not the horse, but the
armies that were inside and released.
Malware explained - Trojans
18. Description
Worms, similar to viruses, make
copies of themselves. However,
worm infections do not attach to
other programs, requiring you to
“run” them.
Often Worms will replicate through
networks using e-mails.
Analogy
Tapeworm eggs eaten by flea larvae, in
turn create a cyst in flea, ingested by
dog during grooming, eggs excreted by
dog and cycles again.
Malware explained - Worms
19. Spoofing
Impersonating another person or
web site in an effort to trick
someone into giving up
information or install some form of
malware.
Entire web sites have been
duplicated and their domain
redirected to the false site.
Spoofing
20. Phishing
Here the sender is targeting a person to
give up sensitive information.
An e-mail that asks the user to click on a
link and verify their login information,
but the link is to a spoofed web site.
A phone call where the support agent
reports that he is with Microsoft and
they have detected a problem with the
computer and want you to allow them a
remote support session to fix it.
Phishing
21. Aurora Botnet
Fake Malware Alerts
Virus repair utility is actually a dropper
that creates a bot-net.
Description of how the “Aurora
Botnet” infected and used other
systems.
https://blog.damballa.com/archives/tag
/aurora-botnet
22. Literacy – learn about the threats; how to minimize
exposure; and how to fix if infected.
Protect three areas of vulnerabilities
1. Access to your devices – both physically and electronically.
2. Use of security software – Firewall, AV, encryption, backup,
system updates, etc.
3. Realize the YOU can be the “weakest link”
Register devices; use location apps like “find iPhone”
Protection & Solutions
23. Access to your devices
• Keep device(s) with you; in a
locked/secure area when you
are not using them.
• Know about the networks
you are using – wired,
wireless, or both.
• Follow “good practices” with
regard to passwords. And for
sensitive/confidential data,
consider multi-factor
authentication.
24. Security Software
• Anti-Virus – Free ones are
good; consider one for
mobile devices; Mac and
iPhone have low risk, but
viruses are possible.
• Anti-Spyware – spyware
can slow down a computer;
threats are not usually as
severe.
25. What is a Firewall and why do I need it?
Simplify the function of your firewall to be that of a
security guard at the entrance to a community.
Your cars get a sticker which tells the guard it is OK to let
you by. And perhaps there is the local pizza guy or a
friend can come in, but you need to let the guard know
and provide him a name or number.
The security would not work if you agreed to mail out
access stickers to someone who sent you an email
saying they wanted to drop off a package.
Data traffic uses TCP/IP communication protocols with port numbers to communicate with
software services. The firewall uses rules and, at times, behaviors to determine which
connections should be allowed.
26. Backup (Most ignored advice)
• Malware attacks quite often result in a loss of data.
Either the files are deleted or infected or the drive
needs to be erased to fully clean the system.
• Backup strategies that work best involve:
– Automated scheduled backups… local or in the cloud.
– Periodic full backups to an alternate location (to protect
against corrupt backups being unusable).
– Password protect and for sensitive data; encrypt.
27. Encrypting Data
• Making data unreadable except by the encryptor
• Used for data “in transit” (being transferred) or “at
rest” (stored)
• cryptographic algorithms (you may see these along the
way – only a sampling)
– AES (Advanced Encryption Standard)
– SHA (Secure Hash Algorithm)
– DSS (Digital Signature Standard)
28. Encryption basics
• A cipher is used in an
algorithm to code the
message. As a simple
example, shift three letters
down the alphabet.
• “Hello” becomes “Khoor”
• The cipher is the key.
29. Using encryption keys
• Send your lock to me open; I put
my stuff in, lock it, and send it
back to you. You use your key to
open and access.
• The process:
– Two “keys” are made, one public; one
private.
– Files can be encrypted with the public
one.
– Only the holder of the private key can
decrypt.
30. Public Key - aka Asymmetric cryptography
It is "impossible"
(computationally
unfeasible) for a properly
generated private key to be
determined from its
corresponding public key.
Keys are used to encrypt
files or validate digital
signatures.
31. Digital signatures
• Validates the originator or
the sender – ensures three
aspects of data security:
– Authentication
Verifies the identity of the
sender.
– Non-repudiation
One cannot claim the data has
changed.
– Integrity
Message was not altered in
transit.
32. Internet Protocol Security (IPSec )
• IPSec is a general-purpose security technology
(protocol) that can be used to help secure network
traffic in many scenarios.
• Operates below the “application” layer in the protocol
stack at the Internet Layer. Secure Sockets
Layer (SSL), Transport Layer Security (TLS) and Secure
Shell (SSH) operate in the “Application” layer.
• Handles authenticating and encryptingeach IP
packet of a communication session.
• Establishes mutual authentication between agents at
the beginning of the session and negotiation
of cryptographic keys to be used during the session.
• IPsec can be used in protecting data flows between a
pair of hosts (host-to-host), between a pair of security
gateways (network-to-network), or between a security
gateway and a host (network-to-host).[1]
• Applications do not need to be specifically designed to
use Ipsec because they sit “a top”.
(Source: Wikipedia.org)
34. Protecting you from… you
• Getting tricked by phishing
scams.
• Opening malware in e-
mails.
• Downloading & installing
“free” software or utilities.
• Poor passwords
management.
• Securely disposing of old
equipment.
• Not aware of or ensuring
use of secure protocols
(e.g. https, SSL, SSH)
• Backup strategy missing or
weak.
35. Social Engineering
• social engineering hacker—
someone who tries to gain
unauthorized access to
your computer systems
• Tailgates past security door.
• Distracts user away from
computer so that malware
can be installed.
• Collects organizational
information to engage in
credible discussions about
getting access.
36. How to remove threats
• Turn-off or disconnect to prevent further loss
(consider backing up data before repairs)
• Using another device, “Google” symptoms
• Boot off a Rescue CD or USB (free downloads)
• Safest is to recover, restore image or reinstall.
37. Approaches to secure environments
• Use of UAC on a PC and other
security settings.
• Browser security settings.
• Use of a “sandbox” and/or
virtual machines.
• Programs that reboot to stored
image – Deep Freeze. (Mac &
PC)
• Boot from IDP or utility CD/DVD,
Linux OS; does not mount C:
drive; support Internet.
• Monitor updates of virus
protection and system.
• Periodically scan from rescue
CD.
• Regularly create a System
Images along with any needed
support files.
• Test your “Restore” process –
many backup programs create
proprietary files and
incremental files.
38. Security Essentials for Students
• Cloud apps and storage
– Their data is outside their control, on another device
– Typically not encrypted
• Being connected is a MUST - trying to get
Internet access often leads one to compromise
good practices.
• Using public wi-fi. It can be easily monitored,
“sniffed”.
• Use trusted software and utilities. Avoid
temptation to download “free” – programs,
utilities, movies, music, etc.
39. Students continued
• College security and use policies can be restrictive –
students may get frustrated or inadvertently violate.
• Class requirements, downloads. Are the class
downloads virus free?
• Practice safe sex computing – a practical comparison.
• USB passed around or left in the classroom – was it left
on purpose for someone to think they got a free USB?
• Phones can make an unsecured ‘hotspot’.
40. Can a Mac get a Virus?
• Good article on Macs and viruses. (Jan 5, 2013)
http://www.speedupmypcfree.com/blog/should-you-
install-antivirus-on-your-mac/
• Do I need virus protection on a Mac?
Most users do not need antivirus software on their
Mac.
41. Past Apple Troubles
• Apple admits to infections
http://www.speedupmypcfree.com/blog/apple-finally-admits-
defeat-acknowledges-that-pc-viruses-can-infect-macs/
• Flashback virus –
The Flashback virus was able to steal the personal data
of many of these Mac users by redirecting them to
malicious websites on search engine results pages.
42. Smartphone malware
• The malware targeting mobile devices mirrors the malware commonly found on infected desktops and laptops – backdoors, Trojans and Trojan-
Spies. The one exception is SMS-Trojan programs – a category exclusive to smartphones.
• The threat isn’t just growing in volume. We’re seeing increased complexity too. In June we analyzed the most sophisticated mobile malware Trojan
we’ve seen to-date, a Trojan named Obad. This threat is multi-functional: it sends messages to premium rate numbers, downloads and installs other
malware, uses Bluetooth to send itself to other devices and remotely performs commands at the console. This Trojan is also very complex. The code
is heavily obfuscated and it exploits three previously unpublished vulnerabilities. Not least among these is one that enables the Trojan to gain
extended Device Administrator privileges – but without it being listed on the device as one of the programs that has these rights. This makes it
impossible for the victim to simply remove the malware from the device. It also allows the Trojan to block the screen. It does this for no more than 10
seconds, but that’s enough for the Trojan to send itself (and other malware) to nearby devices – a trick designed to prevent the victim from seeing the
Trojan’s activities.
• Obad also uses multiple methods to spread. We’ve already mentioned the use of Bluetooth. In addition, it spreads through a fake Google Play store,
by means of spam text messages and through redirection from cracked sites. On top of this, it’s also dropped by another mobile Trojan – Opfake.
• The cybercriminals behind Obad are able to control the Trojan using pre-defined strings in text messages. The Trojan can perform several actions.
including sending text messages, pinging a specified resource, operating as a proxy server, connecting to a specified address, downloading and
installing a specified file, sending a list of apps installed on the device, sending information on a specific app, sending the victim’s contacts to the
server and performing commands specified by the server.
• The Trojan harvests data from the device and sends it to the command-and-control server – including the MAC address of the device, the operating
name, the IMEI number, the account balance, local time and whether or not the Trojan has been able to successfully obtain Device Administrator
rights. All of this data is uploaded to the Obad control-and-command server: the Trojan first tries to use the active Internet connection and, if no
connection is available, searches for a nearby Wi-Fi connection that doesn’t require authentication.
43. Smartphone & Tablets
• Android – 98.05% of mobile
malware found this year targets
this platform. (Source)
• Only download from a trusted
store.
44. Protecting windows 8
• Microsoft link to protecting your PC
• PCWorld article on anti-virus for Windows 8
• Bitdefender Antivirus comparison list
http://share.inpwrd.com/r9jo
Generally much of the same topics already presented.
(I wanted to include the links in the presentation stack.)
45. Did we meet the objectives?
Survey of cyber threats.
Essential terminology.
Discussion of experiences.
Advice to give students for data security.
“best practices” to reduce risk and resolve issues.
46. Contact Information for Andrew Pond
COLLEGE:
PALM BEACH STATE COLLEGE
PONDA@PALMBEACHSTATE.EDU
BUSINESS:
PRECEPTS EDUCATION CORP. & PRECEPTS COMPUTING
APOND@PRECEPTSCOMPUTING.COM