This document discusses self defense for cybersecurity and protecting personal and organizational assets from cyber threats. It provides examples of common cyber attacks like hacking and phishing. It also outlines traditional security fixes like firewalls, antivirus software, and password best practices. Throughout it provides scenarios of past security breaches at companies to illustrate the risks and impacts of attacks. The key messages are that social engineering, weak passwords, and lack of backups leave both personal and business systems vulnerable to cyber criminals. Regular security updates, strong unique passwords, and backing up important data are recommended for protection.
3. Objectives
• Examine how organizations are comprised –
scenarios that put assets at risk
• Identify traditional fixes for computer security
risks that you can’t live without
• Vulnerabilities that disrupt the best laid plans
of mice and IT men
• When in doubt, back it up
• Home computing – what’s at risk?
5. Avenues of Attack
• Specific targets
– Chosen based on attacker’s motivation
– Not reliant on target system’s hardware and
software
• Targets of opportunity
– Systems with hardware or software vulnerable to
a specific exploit
– Often lacking current security patches
6. The Steps in an Attack
1. Conducting reconnaissance
2. Scanning
3. Researching vulnerabilities
4. Performing the attack
5. Creating a backdoor
6. Covering tracks
7. Traditional Fixes for Security Risks
• Firewalls
• Intrusion Detection/Prevention Systems
• Anti-virus Software
• Anti-Spyware and Malware Software
• Email Scanning
• Anti-phishing Protection
8. Security Breach Scenarios
• Company: Stratfor Global Intelligence
• Date: December, 2011
• Breach: website defacement and data theft
10. Social Engineering
• Technique in which the attacker uses
deceptive practices
– Convince someone to divulge information they
normally would not divulge.
– Convince someone to do something they normally
wouldn’t do
• Why social engineering is successful
– People desire to be helpful
– People desire to avoid confrontation
12. Phishing
• Type of social engineering
– Attacker masquerades as a trusted entity
– Typically sent to a large group of random users via
e-mail or instant messenger
• Typically used to obtain
– Usernames, passwords, credit card numbers, and
details of the user’s bank accounts
• Preys on users
– PayPal, eBay, major banks, and brokerage firms
16. Recognizing Phishing
• Analyze any e-mails received asking for
personal information carefully
• Organizations need to educate their employees
– Never send e-mails asking for personal information
– Never request passwords
• Watch for technical or grammatical errors
• Strange URL address
17. Security Breach Scenarios
• Company: Global Payments
• Date: April 2012
• Breach: Theft of card information
• Cost: Visa dropping company as provider
18. Importance of Passwords
• Gateway externally and internally to resources
• Major goal of cybercrime is to capture
passwords
19. Use Passwords to Advantage
• Choose strong passwords
– At least 8 characters long
– Mix letters and numbers
– Add an uppercase letter
– Use non-alpha characters
Don’t share
• Example 1 your passwords
– Bad: flintstone with others!!
– Better: Fl1nst0ne=
20. Use Passwords to Advantage
• Example 2
Jack be nimble, Jack be quick
Jack jumped over the candlestick
Becomes: Jbn,JbqJjotc
• Need to write a password down?
– Keep in a secure place
– Use password encryption products
22. Protecting Your Home Computer
• Common target of cybercriminals
• Personal data
– Tax records, banking information, and lists of
contacts
– Family archive of photos, documents, and other
sentimental items
• Protect your family’s privacy and decrease
your odds of a cyberattack
23. For more information about the Institute and
Cybersecurity training at HCC, see us online at:
www.hagerstowncc.edu/cyber