ICT Security Presentation

www.iita.orgA member of CGIAR consortium
“ICT Security is Everyone’s
Business”
Presented by
Adeoluwa Modupe

Outline
Preambles
Terms of reference
Issues Identified
Justification

INTRODUCTION
What is Computer Security?
- protection
- confidentiality,
- integrity
- availability
-computing systems and the data that they store or
access.

Security refers to the degree of protection against
danger, damage, loss and crime.
Can refer to physical media, financial transactions,
computer hardware, data, application, email,
information and network security.
Terms of reference

Sources that call for interest
• Internet
• Exchange of information on Network
within an organization
• Files
• Server

RISKS AND REMEDY
Internet sites
e.g. Social Networking sites
On-line Scams
Information Security
Personal computers

Social Networking sites
Hacking
Malicious applications that are
suggested for inclusion/update

Hacking
• Sites such as Facebook, Tweeter, LinkedIn,
MySpace ask users to create profiles of
themselves in order to help build links with
friends and family.
• Anyone with a link to one of your friends, or
friend friend could potentially access the
information held on your page

Malicious Applications
• Don’t respond to friend request from people
that you don’t recognise
• Check applications before installing them
• Call ICT helpdesk

Phishing
• Use of e-mail purporting to be from banks or other
companies such as utilities to fool people
• The e-mail generally claims to be part of security
check. The URL used in the mail disguises the true
location of the sites.
• The destination pages are designed to look like the
genuine site.
• For example First Bank or GTB

Pharming
• The “Troj/BankAsh-virus” is the latest attack
which divert people visiting legitimate bank
websites to fake domain addresses owned by
criminals.
• Unlike phishing, which relies on the user
clicking on a link to a bogus websites
•

On-line Scams
• Never reply to phishing emails –once
asking you to confirm your bank
details.
• Never open email from people
unknown to you.
• Personal information of your finances
must be deleted from your emails

• Who is a target?
• Who is responsible for
protection?
• How is protection done?
• What are the issues
involved (computer,
communication
network, files, file
systems, structures)
Files /Information
Systems
Network/
Communication
Global
Protection Layers- 4 layers

Social engineering
(Hacking the mind!)
• The hack that requires no knowledge of code.
• Social engineering is the art of manipulating/tricking
people so they give up confidential information
• Accounts for an estimated 90% of security breaches.
• Everyone is a target and be vigilantly aware of anyone
asking for personal or private information.

Social Engineering (Contd.)
• Criminals can only succeed if they obtain your secret
security information such as a PIN number or
password.
• No bank will ever ask you for your full PIN or
password when identifying you over the phone or
online.
• If asked to call back the number on the back of the
card; use another phone line or wait a few minutes
before using the same phone again.

Social Engineering - Can lead to Identity Theft
• WHAT IS IDENTITY THEFT?
• It occurs when someone steals your
personal information – e.g., credit card or
Personal Identification number – and uses it
fraudulently.
• When your private financial information gets
into the wrong hands, the consequences can
be devastating.

How to minimize the risk of becoming a victim of
identity theft
• Practice Safe Internet Use.
• keep your anti-virus software up-to-date. Delete spam emails that
ask for personal information.
• Shop online only with secure web pages (check the bottom of your
browser for an image of a lock or look for “https” in the address
bar).
• Never send credit card numbers and other personal information
via email.
• Regularly check your credit card statements.
• Destroy Private Records
Tear up or shred credit/debit card, ATM and bank deposit
statement/receipts.

Social Engineering - Password Phishing
• Phishing is a form of social engineering that attempts to
obtain your username and password.
• Downloading unknown attachments could be dangerous
• Check the sender (trusted e.g. @cgiar.org)
• Check any web link (trusted links)
• Check hyperlink is the same as the web link
• Does the “feel” of the email seem right?
• If in doubt contact US! (Helpdesk x2255)

What makes a good password?
Password
Length
Comparative time to Crack* Depends on currently
available processing speeds.
Character Set a-z plus upper
case (A-Z)
plus numbers
plus symbols
Set size 26 52 96
6 Seconds Minutes Few Minutes
7 Seconds Minutes Hours
8 Minutes Days Many months
9 Hours Year Years
A balance between “hackable” password and “easy-
to-remember”

Password Policy
• Change every 180 days.
• Must be at least 8 characters from at least three of
the following sets:
• Lower case letters a-z
• UPPER CASE LETTERS A-Z
• Numerics 0-9
• Special characters (!"# $%& ' *+, -./ : ;<=>?@ []^_` {|}~ )
• If you feel your password has been compromised
change it immediately.

How to change your password
• CTL-ALT-DEL and select change a password
• Windows

How to change your password
• If outside of Ibadan you can use webmail.
• In OWA.IITA.ORG: Go to options, change
password

Examples of false password change
requests (Phishing)

Social Engineering - Phishing Attempts

Social Engineering - Phishing attempts

Email – genuine examples
• Email box nearly full
• Quota on server full
• Spam filter
• Bank update

Email – box full

Email - Spam filter

Other security issues
• If sharing a folder specify who is allowed to
access it. Otherwise anyone can read or
possibly delete the information.
• Be careful when downloading and installing
software from the internet. Many links
especially to anti malware and anti-virus
sites are 419.

Opendns blocks many malware sites

• Lock your screen when leaving the office
• (use CTRL-ALT-DEL and select lock this
computer)
• Do not paste your password near your computer

• Wireless SSID broadcasts
• Be aware which wireless networks you are
connecting to, especially if carrying out bank
transactions.

Why Backups
• Systems do crash
• Media failures
• Hard disks fail
• USB sticks stolen

Backups
• Keep any backup separate from your computer
• Copy all your files
• To a mixture of
• Network storage (Drive U:)
• External hard disk
• Removable media (Flash)
• Cloud

Cyber security: The DOs
• If unclear about any aspect of cyber security, call
helpdesk
• Change password if suspicious it may have been
compromised
• Keep antivirus and software up to date
• Comply with the institutes acceptable usage / user policy
• Beware of the risks of using unsecured(open) wireless
networks in public places
• Know that cyber security is relevant to YOU and begins
with you.

Cyber security: The DON’Ts
• Don’t disclose your password to anyone
• Don’t send unauthorized bulk email (Spam)
• Don’t leave your computer unlocked when not in use
• Don’t leave hard copies of confidential information unsecured
• Don’t give unauthorized access to your system or institutes
information

Summary
• Security depends on all of us
90/10 rule:
• 10% of security safeguards are technical
• 90% rely on the computer user adhering to good
computer practices
• Beware of phishing attempts
• Passwords are to be changed regularly
• Beware of clicking on untrusted web sites
• Backup, backup and backup your data!

ICT Help contacts
• Helpdesk: EXT.2255
• Email:IITA-Helpdesk@cgiar.org
• Skype: IITAhelpdesk
• Office: Bld500 Rm 221 upper floor

THANK YOU
Merci pour votre attention

?

ICT Security Presentation

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to ICT Security Presentation

Similar to ICT Security Presentation (20)

More from International Institute of Tropical Agriculture

More from International Institute of Tropical Agriculture (20)

Recently uploaded

Recently uploaded (20)

ICT Security Presentation

Editor's Notes