SlideShare a Scribd company logo

Cyber Security for Everybody

Download as PPT, PDF
A
avahe

The document provides tips for improving cyber security by taking simple steps such as keeping your operating system and software updated, using strong and unique passwords, being wary of emails and links, and using encryption and VPNs when connecting to public WiFi networks. It discusses threats like phishing and how to reduce risks online by shopping securely, managing passwords wisely, and avoiding giving out private information to unknown parties. Resources are also provided to help users protect their privacy and online security.

1 of 19
Cyber Security for Everybody simple steps for defensive surfing Vahe Amirbekyan
Plans for today • Introduction • Internet ‘101’ • Steps to prevent cyber crime • Keep your PC clean (OS, Browser, security updates) • Know about Browser security • Never Trust Emails • Manage your Passwords Wisely • Defensive Online Shopping • Mind Open Access Points • Resources
Introduction • Cyber security is much like real life security, the same rules apply, e.g.: • Lock the doors • Don’t give away your keys • Stay away from dangerous places • Don’t talk to strangers • Don’t give your contact information to random acquaintances
Internet “plumbing” – quick 101 browser DNS Server www.google.com 1 74.125.19.103 2 Web Server HTTP request(s) 3 HTTP response(s) 4 plugins 5
What is HTTPS? Web Server HTTP request(s) HTTP response(s) S S SSL
Protect your PC! Data source: McAfee; NCSA  Regularly check OS and S/W patches  Install anti-virus/spyware/phishing/spam S/W  Enable Firewalls  Change H/W default passwords  Download software only from trusted sources Update software on a regular basis!
Be aware of Browser (in)security browser plugins ! Browser is on the ‘frontline’ of our Internet adventure ! The HTML pages are not static documents anymore ! Browser scripting is very powerful but also poses a serious security threat It is possible to stay secure and get maximum features via:  tuning your browser’s security settings  regular clearing up browser’s file caches and cookies  explicitly logoff your (bank, retail etc.) account as soon as you are done  using a different browser for ‘adventurous surfing’
Don’t trust Emails (and phone calls, too) ! Emails are another ‘door’ to you computer – just like web sites – with the exception that you don’t even have to initiate the action ! Emails are easily faked – including the sender’s name and the reply-to address ! Most emails are easily ‘sniffed’ ! Malicious emails are widely used to: ! make you give away sensitive information (passwords, bank account numbers, SSN etc.) ! infect your computer with viruses ! SPAM you
‘Phishing’ – the most popular way to steal your valuable data
Some ‘Phishing’ examples
Fighting phishing…
Email: reducing the threat Never send sensitive information (e.g.: passwords, SSN, credit card number) via email Never open an email attachment if you are not sure about the email’s origin Never click on links directly from emails (if you clicked) Always pay attention to the address bar to see the real address of the site you are redirected to Use anti-phishing tools – toolbars or IE7 Use different account name and password for your email address Keep low profile – use your email address judiciously; use ‘lightweight’ email providers as a substitute
Manage your Passwords wisely ! Passwords are often the only way of identifying us ! Passwords can be ‘phished’, stolen, guessed… ! By taking over your password the fraudsters take over your cyber-identity Minimize the risk by following:  Avoid simple passwords (never a single word from dictionary!), use special signs, digits, both upper and lower cases  Use at least 6-10 characters long passwords  Don’t use password as a super/sub-string of your login name  Come out with your own password policy  Don’t use the same password on multiple accounts  Change your passwords regularly (at least once in 3 months)  Whenever possible use two-factor authentication
Two-factor authentication There are three universally recognized factors for authenticating individuals:  'Something you know‘ (e.g.: password, PIN).  'Something you have‘ (e.g.: physical credit card, mobile phone, security token)  'Something you are‘ (e.g.: fingerprint, a retinal scan) A system is said to leverage Two-factor authentication when it requires at least two of the authentication form factors Two-factor authentication is virtually bullet-proof
Defensive Online Shopping Poorly secured online stores may lose your credit card/financial data! Know your online merchant Check if the URL you post the sensitive data into uses secure connection Don’t provide more information than needed for a transaction Keep good records Use one-time generated credit card numbers whenever possible Some online stores may be fake – temporary sites setup to collect your valuable data
Defensive Online Shopping on Check the feedback - any feedback lower than 98% is a risk Carefully read the item's description Contact the seller if you have any doubts Prefer items under eBay/PayPal cash back protection Always prefer paying by PayPal - avoid Instant Cash Transfer Services If received Second Chance Offer in the mailbox - always check its validity by logging into your eBay account's inbox Be careful with 'unusual' requests coming from other users - most probably it's a fraud Completely avoid off-eBay transactions
Mind Open Access Points ! Web traffic going via non-secure connection is easily readable by anybody else who shares the connection When setting up your own wireless network at home be sure to turn on the encryption (WPA, not WEP) When using public access points use VPN (Virtual Private Network) services to encrypt all the traffic –
Resources Cyber Security Glossary http://www.staysafeonline .org/basics/glossary.html Browsers:  IE7 http://microsoft.com/windows/downloads/ie/getitnow.mspx  Firefox http://www.mozilla.com/en-US/  Safari http://www.apple.com/safari/download/  Opera http://www.opera.com/ Tuning security zones on IE: http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm#security Trusted software download site: http://www.download.com/ Lightweight e-mailbox provider - http://mailinator.com/ PayPal/eBay security key http://ebay.com/securitykey or http://paypal.com/securitykey PayPal plugin https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hub eBay security tips http://pages.ebay.com/securitycenter/mrkt_safety.html VPN solutions http://anonymizer.com/, http://hotspotvpn.com, http://publicvpn.com/
Final words… Internet is a cyber-jungle! You are responsible for your own protection! You can achieve reasonable security by following simple rules! Any questions?

Recommended

Phishing and prevention
Phishing and preventionPhishing and prevention
Phishing and prevention
Stephen Hasford
 
Preventions of Email Hacking
Preventions of Email HackingPreventions of Email Hacking
Preventions of Email Hacking
Usman Khan
 
Email hacking
Email hackingEmail hacking
Email hacking
ShreyaBhoje
 
ACESnWS cyber security tips
ACESnWS cyber security tipsACESnWS cyber security tips
ACESnWS cyber security tips
ACE Software n Web Solutions
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
One-IT
 
eSmart Libraries cybersafety presentation june 2015
eSmart Libraries cybersafety presentation june 2015eSmart Libraries cybersafety presentation june 2015
eSmart Libraries cybersafety presentation june 2015
Monash Public Library Service
 
Staying Safe Online
Staying Safe OnlineStaying Safe Online
Staying Safe Online
Kathryn White
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
Barry Caplin
 

Recommended

Phishing and prevention
Phishing and preventionPhishing and prevention
Phishing and prevention
Stephen Hasford
 
Preventions of Email Hacking
Preventions of Email HackingPreventions of Email Hacking
Preventions of Email Hacking
Usman Khan
 
Email hacking
Email hackingEmail hacking
Email hacking
ShreyaBhoje
 
ACESnWS cyber security tips
ACESnWS cyber security tipsACESnWS cyber security tips
ACESnWS cyber security tips
ACE Software n Web Solutions
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
One-IT
 
eSmart Libraries cybersafety presentation june 2015
eSmart Libraries cybersafety presentation june 2015eSmart Libraries cybersafety presentation june 2015
eSmart Libraries cybersafety presentation june 2015
Monash Public Library Service
 
Staying Safe Online
Staying Safe OnlineStaying Safe Online
Staying Safe Online
Kathryn White
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
Barry Caplin
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Karina Moreno Verpeide
 
Internet Security
Internet SecurityInternet Security
Internet Security
Avnish Jain
 
Phishing
PhishingPhishing
Phishing
Max Friel
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
PowerPoint Presentation: Hacking
PowerPoint Presentation: HackingPowerPoint Presentation: Hacking
PowerPoint Presentation: Hacking
BareetSingh
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safe
aaberra
 
S01.L06 - Internet Security
S01.L06 - Internet SecurityS01.L06 - Internet Security
S01.L06 - Internet Security
selcukca84
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
santhuana sg
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
JoshuaWisniewski3
 
Cybersecurity tips
Cybersecurity tipsCybersecurity tips
Cybersecurity tips
Rachael Lewis Anna
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
Jorge Luis Sierra
 
E-Safety and Kite Info
E-Safety and Kite InfoE-Safety and Kite Info
E-Safety and Kite Info
oneill74
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
Paul Feldman
 
Succeding@ibm summary
Succeding@ibm summarySucceding@ibm summary
Succeding@ibm summary
Jeff Miller
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
Jeff Miller
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
Dale Butler
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
Awais Shibli
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Being the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing ForwardBeing the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing Forward
James DeLuccia IV
 

More Related Content

What's hot

Cybercrime
CybercrimeCybercrime
Cybercrime
Karina Moreno Verpeide
 
Internet Security
Internet SecurityInternet Security
Internet Security
Avnish Jain
 
Phishing
PhishingPhishing
Phishing
Max Friel
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
PowerPoint Presentation: Hacking
PowerPoint Presentation: HackingPowerPoint Presentation: Hacking
PowerPoint Presentation: Hacking
BareetSingh
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safe
aaberra
 
S01.L06 - Internet Security
S01.L06 - Internet SecurityS01.L06 - Internet Security
S01.L06 - Internet Security
selcukca84
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
santhuana sg
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
JoshuaWisniewski3
 
Cybersecurity tips
Cybersecurity tipsCybersecurity tips
Cybersecurity tips
Rachael Lewis Anna
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
Jorge Luis Sierra
 
E-Safety and Kite Info
E-Safety and Kite InfoE-Safety and Kite Info
E-Safety and Kite Info
oneill74
 

What's hot (12)

Cybercrime
CybercrimeCybercrime
Cybercrime
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
PowerPoint Presentation: Hacking
PowerPoint Presentation: HackingPowerPoint Presentation: Hacking
PowerPoint Presentation: Hacking
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safe
 
S01.L06 - Internet Security
S01.L06 - Internet SecurityS01.L06 - Internet Security
S01.L06 - Internet Security
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Cybersecurity tips
Cybersecurity tipsCybersecurity tips
Cybersecurity tips
 
Spear phishing attacks
Spear phishing attacksSpear phishing attacks
Spear phishing attacks
 
E-Safety and Kite Info
E-Safety and Kite InfoE-Safety and Kite Info
E-Safety and Kite Info
 

Viewers also liked

Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
Paul Feldman
 
Succeding@ibm summary
Succeding@ibm summarySucceding@ibm summary
Succeding@ibm summary
Jeff Miller
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
Jeff Miller
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
Dale Butler
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
Awais Shibli
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Being the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing ForwardBeing the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing Forward
James DeLuccia IV
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
Phil Agcaoili
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Neha Gupta
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Newborn examination
Newborn examinationNewborn examination
Newborn examination
Ramesh Ramachundran
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
Ramiro Cid
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
PaloAltoNetworks
 

Viewers also liked (20)

Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
Succeding@ibm summary
Succeding@ibm summarySucceding@ibm summary
Succeding@ibm summary
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Being the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing ForwardBeing the best cybersecurity strategy - Failing Forward
Being the best cybersecurity strategy - Failing Forward
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Newborn examination
Newborn examinationNewborn examination
Newborn examination
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
 

Similar to Cyber Security for Everybody

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
Tanvir Amin
 
7 Small Business Security Tips
7 Small Business Security Tips7 Small Business Security Tips
7 Small Business Security Tips
Infusionsoft
 
E commerce Security for end Users
E commerce Security for end UsersE commerce Security for end Users
E commerce Security for end Users
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Phishing
PhishingPhishing
Phishing
Deepak Kumar (D3)
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2
NetLockSmith
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Safe Computing
Safe ComputingSafe Computing
Safe Computing
Dr. Dheeraj Mehrotra (National Awardee)
 
Internet Phishing
Internet PhishingInternet Phishing
Internet Phishing
DigeratiGroup
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
Namik Heydarov
 
Identity theft
Identity theftIdentity theft
Identity theft
bhabagrahi dash
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
CharithraaAR
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
mohmd-kutbi
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness
Pedro Serrano
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
mariotoronto
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
Gihan Dias
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
jaysonstreet
 
Day 2
Day 2Day 2
Day 2
sefreed
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1
Pedro Serrano
 

Similar to Cyber Security for Everybody (20)

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
7 Small Business Security Tips
7 Small Business Security Tips7 Small Business Security Tips
7 Small Business Security Tips
 
E commerce Security for end Users
E commerce Security for end UsersE commerce Security for end Users
E commerce Security for end Users
 
Phishing
PhishingPhishing
Phishing
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2
 
Phishing
PhishingPhishing
Phishing
 
Safe Computing
Safe ComputingSafe Computing
Safe Computing
 
Internet Phishing
Internet PhishingInternet Phishing
Internet Phishing
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
 
Day 2
Day 2Day 2
Day 2
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1
 

Recently uploaded

不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 

Recently uploaded (19)

不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 

Cyber Security for Everybody

  • 1. Cyber Security for Everybody simple steps for defensive surfing Vahe Amirbekyan
  • 2. Plans for today • Introduction • Internet ‘101’ • Steps to prevent cyber crime • Keep your PC clean (OS, Browser, security updates) • Know about Browser security • Never Trust Emails • Manage your Passwords Wisely • Defensive Online Shopping • Mind Open Access Points • Resources
  • 3. Introduction • Cyber security is much like real life security, the same rules apply, e.g.: • Lock the doors • Don’t give away your keys • Stay away from dangerous places • Don’t talk to strangers • Don’t give your contact information to random acquaintances
  • 4. Internet “plumbing” – quick 101 browser DNS Server www.google.com 1 74.125.19.103 2 Web Server HTTP request(s) 3 HTTP response(s) 4 plugins 5
  • 6. Protect your PC! Data source: McAfee; NCSA  Regularly check OS and S/W patches  Install anti-virus/spyware/phishing/spam S/W  Enable Firewalls  Change H/W default passwords  Download software only from trusted sources Update software on a regular basis!
  • 7. Be aware of Browser (in)security browser plugins ! Browser is on the ‘frontline’ of our Internet adventure ! The HTML pages are not static documents anymore ! Browser scripting is very powerful but also poses a serious security threat It is possible to stay secure and get maximum features via:  tuning your browser’s security settings  regular clearing up browser’s file caches and cookies  explicitly logoff your (bank, retail etc.) account as soon as you are done  using a different browser for ‘adventurous surfing’
  • 8. Don’t trust Emails (and phone calls, too) ! Emails are another ‘door’ to you computer – just like web sites – with the exception that you don’t even have to initiate the action ! Emails are easily faked – including the sender’s name and the reply-to address ! Most emails are easily ‘sniffed’ ! Malicious emails are widely used to: ! make you give away sensitive information (passwords, bank account numbers, SSN etc.) ! infect your computer with viruses ! SPAM you
  • 9. ‘Phishing’ – the most popular way to steal your valuable data
  • 12. Email: reducing the threat Never send sensitive information (e.g.: passwords, SSN, credit card number) via email Never open an email attachment if you are not sure about the email’s origin Never click on links directly from emails (if you clicked) Always pay attention to the address bar to see the real address of the site you are redirected to Use anti-phishing tools – toolbars or IE7 Use different account name and password for your email address Keep low profile – use your email address judiciously; use ‘lightweight’ email providers as a substitute
  • 13. Manage your Passwords wisely ! Passwords are often the only way of identifying us ! Passwords can be ‘phished’, stolen, guessed… ! By taking over your password the fraudsters take over your cyber-identity Minimize the risk by following:  Avoid simple passwords (never a single word from dictionary!), use special signs, digits, both upper and lower cases  Use at least 6-10 characters long passwords  Don’t use password as a super/sub-string of your login name  Come out with your own password policy  Don’t use the same password on multiple accounts  Change your passwords regularly (at least once in 3 months)  Whenever possible use two-factor authentication
  • 14. Two-factor authentication There are three universally recognized factors for authenticating individuals:  'Something you know‘ (e.g.: password, PIN).  'Something you have‘ (e.g.: physical credit card, mobile phone, security token)  'Something you are‘ (e.g.: fingerprint, a retinal scan) A system is said to leverage Two-factor authentication when it requires at least two of the authentication form factors Two-factor authentication is virtually bullet-proof
  • 15. Defensive Online Shopping Poorly secured online stores may lose your credit card/financial data! Know your online merchant Check if the URL you post the sensitive data into uses secure connection Don’t provide more information than needed for a transaction Keep good records Use one-time generated credit card numbers whenever possible Some online stores may be fake – temporary sites setup to collect your valuable data
  • 16. Defensive Online Shopping on Check the feedback - any feedback lower than 98% is a risk Carefully read the item's description Contact the seller if you have any doubts Prefer items under eBay/PayPal cash back protection Always prefer paying by PayPal - avoid Instant Cash Transfer Services If received Second Chance Offer in the mailbox - always check its validity by logging into your eBay account's inbox Be careful with 'unusual' requests coming from other users - most probably it's a fraud Completely avoid off-eBay transactions
  • 17. Mind Open Access Points ! Web traffic going via non-secure connection is easily readable by anybody else who shares the connection When setting up your own wireless network at home be sure to turn on the encryption (WPA, not WEP) When using public access points use VPN (Virtual Private Network) services to encrypt all the traffic –
  • 18. Resources Cyber Security Glossary http://www.staysafeonline .org/basics/glossary.html Browsers:  IE7 http://microsoft.com/windows/downloads/ie/getitnow.mspx  Firefox http://www.mozilla.com/en-US/  Safari http://www.apple.com/safari/download/  Opera http://www.opera.com/ Tuning security zones on IE: http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm#security Trusted software download site: http://www.download.com/ Lightweight e-mailbox provider - http://mailinator.com/ PayPal/eBay security key http://ebay.com/securitykey or http://paypal.com/securitykey PayPal plugin https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hub eBay security tips http://pages.ebay.com/securitycenter/mrkt_safety.html VPN solutions http://anonymizer.com/, http://hotspotvpn.com, http://publicvpn.com/
  • 19. Final words… Internet is a cyber-jungle! You are responsible for your own protection! You can achieve reasonable security by following simple rules! Any questions?

Editor's Notes

  1. We are ultimately responsible for our own security Never forget that the Internet is like any big city: Much of it is safe and relatively secure, but there are definitely places you don't want to go at all. When surfing around the Internet it's very easy to end up in a dark corner with a single click. Always be careful.
  2. HTTPS (Hyper Text Transfer Protocol Secure) encrypts the session with a digital certificate i.e., HTTP over SSL (Secure Sockets Layer) which can be used by Web browsers and HTTPS - capable client programs. So if the website begins with https:// instead of http://, it is a secure site (in terms of eavesdropping, tampering, or message forgery).
  3. Spyware Any software using someone's Internet connection in the background without their knowledge or explicit permission. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spam To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. Noun: electronic "junk mail". Spam can contain worms, viruses and other malicious code.  Adware: Any software application which displays advertising banners while the program is running. The authors include additional code, which can be viewed through pop-up windows or through a bar that appears on the computer screen. Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. Virus-scan all downloaded software
  4. Browser is on the ‘frontline’ – whenever you click a link, it’s taking the first hit of loading an unknown program to your PC and running it The HTML pages are not static documents anymore, instead they may run sophisticated scripts on the top of your browser Some web sites will not work, or will work in less capacity, if you block scripting – e.g. windows updater How many sites you regularly use? (wikipedia, facebook, amazon, cnn, espn, email, ebay…) How many new sites you visit? ActiveX is much more dangerous than other scripting languages (JavaScript, Flash etc.) – but it’s working on IE only Microsoft puts the responsibility of security on the end user via ‘security zones’ There is much less malware targeting Macintoshes than Windows, and much less for non-IE (Internet Explorer) browsers than for IE. User-generated contents… XSS – Mention the risk!
  5. by “most emails” I mean the ones which are not transmitted via secure connection
  6. Malicious email which looks like a valid email from one of your online service providers (bank, shop, phone company) Typically includes a link to ‘log on’ to your online account, redirects you to a fake website which looks exactly like the legitimate site Once you type in your login/pwd or other sensitive data, fraudsters get hold of it and can use it freely to get access to your money, do an identity theft etc. PHISHING IS NOT NECESSARILY TIED TO EMAILS, YOU CAN ALSO BE REDIRECTED TO A PHISHING SITE THROUGH OTHER MEANS
  7. Malicious email which looks like a valid email from one of your online service providers (bank, shop, phone company) Typically includes a link to ‘log on’ to your online account, redirects you to a fake website which looks exactly like the legitimate site Once you type in your login/pwd or other sensitive data, fraudsters get hold of it and can use it freely to get access to your money, do an identity theft etc.
  8. One of major banks came out with a nice anti-phishing solution… DID’T WORK. Was vulnerable to Man-in-the-middle attack.
  9. If email is claimed to be coming from online service providers, don’t click on the link; instead login to your account directly
  10. Passwords are often symbolized as keys – and they really are – so we should protect them appropriately The old pwd practice was: “Don’t write passwords down (and post-it on your monitor)” – but now it caused people choosing really dump dictionary passwords in order to remember them; nowadays it’s rather DO WRITE your passwords down (and keep the notes in your wallet); The best approach is to come out with your own password policy, e.g. have a constant prefix, add domain name to it and append constant postfix. Or have several level of passwords, for ones you don’t care you can use the same easily typable password
  11. Two-factor authentication is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance. There are three universally recognized factors for authenticating individuals. A system is said to leverage Two-factor authentication (T-FA) (or multi factor authentication) when it requires at least two of the authentication form factors mentioned above.
  12. Protect your privacy. Know what information the merchant is collecting about you, how it will be used, and if they share it with or sell it to others. Make sure to print or save electronically any records related to your online transactions Trust your instincts – the more "too-good-to-be-true" is the deal, the more suspicious it should be (there's a good chance that the site is both legitimate and reliable. But as with most things online or off, if you get a bad feeling about a store, skip it and shop somewhere else)
  13. Q: How many people shop on eBay?
  14. Q: how many of you use open wi-fi spots – such as internet cafes? How many have wireless internet setup at home? How many have it encrypted? In addition, public access points are vulnerable to DNS spoofing A virtual private network typically provides you with a private connection to your end destination. You use the public connection to connect to the internet, the client on your machine creates a secure connection (IPSec) to the service provider server, then all the traffic is tunneled through that connection.