This document discusses various cybersecurity risks and best practices. It describes how attackers can compromise computers through vulnerabilities in web browsers, applications, and weak user access rights. Common cyber attacks like viruses, worms, Trojans, and botnets are also explained. The document recommends implementing security measures like firewalls, antivirus software, and strong passwords to help defend against these threats. Regular software updates and awareness of social engineering tactics are also emphasized as important aspects of cybersecurity defense.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Basic4ppc is a programming language designed for mobile applications development.
With Basic4ppc you can develop programs directly on the Pocket PC / Window Mobile or on the desktop
Cybersafety is the safe and responsible use of information and communication technology. It is about keeping information safe and secure, but also about being responsible with that information, being respectful of other people online, and using good 'netiquette' (internet etiquette).
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
The general direction in which something tends to move.
A general tendency or inclination. Current style. The Internet is a global revolution in communication – as long as You use letters from the Western alphabet.
People want their own domains in their own languages.
PHP is a server-side scripting language designed for web development, but also used as a general-purpose programming language. Most of the websites are using PHP in their dynamic content
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
2. The internet allows an attacker to attack from anywhere on the planet.
Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and companies)
Termination if company policies are not followed
According to www.SANS.org , the top vulnerabilities available for a
cyber criminal are:
Web Browser
IM Clients
Web Applications
Excessive User Rights
3. Security: We must
protect our computers and
data in the same way that
we secure the doors to
our homes.
Safety: We must behave
in ways that protect us
against risks and threats
that come with
technology.
4.
5. Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users
who know how to
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Criminals:
Create & sell bots -> spam
Sell credit card numbers,…
System Administrators
Some scripts are useful
to protect networks…
Malware package=$1K-2K
1 M Email addresses = $8
10,000 PCs = $1000
7. A virus attaches itself to a program, file, or disk
When the program is executed, the virus activates
and replicates itself
The virus may be benign or malignant but executes
its payload at some point (often upon contact)
Viruses result in crashing of computers and loss of data.
In order to recover/prevent virus/attacks:
Avoid potentially unreliable websites/emails
System Restore
Re-install operating system
Anti-virus (i.e. Avira, AVG, Norton)
Program
A
Extra Code
infects
Program
B
8. Independent program which replicates itself and sends copies from
computer to computer across network connections. Upon arrival the worm
may be activated to replicate.
To Joe
To Ann
To Bob
Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@uwp.edu
9. Logic Bomb: Malware logic executes upon certain conditions.
Program is often used for legitimate reasons.
• Software which malfunctions if maintenance fee is not paid
• Employee triggers a database erase when he is fired.
Trojan Horse: Masquerades as beneficial program while
quietly destroying data or damaging your system.
• Download a game: Might be fun but has hidden part that emails your
password file without you knowing.
10. Social engineering manipulates people into performing actions or divulging
confidential information. Similar to a confidence trick or simple fraud, the term applies
to the use of deception to gain information, commit fraud, or access computer systems.
Phone Call:
This is John,
the System
Admin. What
is your
password?
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
software
patches
I have come
to repair
your
machine…
11. Phishing: a ‘trustworthy entity’ asks
via e-mail for sensitive information
such as SSN, credit card numbers,
login IDs or passwords.
12. The link provided in the e-mail leads to a fake webpage which
collects important information and submits it to the owner.
The fake web page looks like the real thing
• Extracts account information
13. A botnet is a large number of compromised computers that are used to create
and send spam or viruses or flood a network with messages as a denial of service
attack.
The compromised computers are called zombies
14. An attacker pretends to be your final destination on the network. If a
person tries to connect to a specific WLAN access point or web server, an
attacker can mislead him to his computer, pretending to be that access
point or server.
15. Upon penetrating a computer, a hacker
installs a collection of programs, called a
rootkit.
May enable:
Easy access for the hacker (and others)
Keystroke logger
Eliminates evidence of break-in
Modifies the operating system
16. Pattern Calculation Result Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
17. Symptoms:
Antivirus software detects a problem
Pop-ups suddenly appear (may sell security software)
Disk space disappears
Files or transactions appear that should not be there
System slows down to a crawl
Unusual messages, sounds, or displays on your monitor
Stolen laptop (1 in 10 stolen in laptop lifetime)
Your mouse moves by itself
Your computer shuts down and powers off by itself
Often not recognized
18. Spyware symptoms:
• Change to your browser homepage/start page
• Ending up on a strange site when conducting a search
• System-based firewall is turned off automatically
• Lots of network activity while not particularly active
• Excessive pop-up windows
• New icons, programs, favorites which you did not add
• Frequent firewall alerts about unknown programs trying to
access the Internet
• Bad/slow system performance
19.
20. Defense in depth uses multiple layers of defense to address technical,
personnel and operational issues.
21. Anti-virus software detects malware and can destroy it before any damage is done
Install and maintain anti-virus and anti-spyware software
Be sure to keep anti-virus software updated
Many free and pay options exist
22. A firewall acts as a wall between your computer/private network and the
internet. Hackers may use the internet to find, use, and install applications
on your computer. A firewall prevents hacker connections from entering
your computer.
Filters packets that enter or leave your computer
23. Microsoft regularly issues patches or updates to solve security problems in
their software. If these are not applied, it leaves your computer vulnerable
to hackers.
The Windows Update feature built into Windows can be set up to
automatically download and install updates.
Avoid logging in as administrator
24. Merry Christmas
Bad
Password
(Intertwine
Letters)
Good
Password
Merry Xmas
(Lengthen)
MerryChrisToYou
MerChr2You
mErcHr2yOu
MerryJul
MaryJul
Mary*Jul
(Keypad shift
Right …. Up)
,stuzc,sd Jq46Sjqw
(Abbreviate)
(Synonym)
(convert vowels
to numeric)
M5rryXm1s
MXemrays
Glad*Jes*Birth
25. Combine 2 unrelated
words
Mail + phone = m@!lf0n3
Abbreviate a phrase My favorite color is blue=
Mfciblue
Music lyric Happy birthday to you,
happy birthday to you,
happy birthday dear John,
happy birthday to you.
hb2uhb2uhbdJhb2u
26. Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin
A good password is:
• private: it is used and known by one person only
• secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the
terminal
• easily remembered: so there is no need to write it down
• at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower
case letters, digits and punctuation
• not guessable by any program in a reasonable time, for instance less than one week.
• changed regularly: a good change policy is every 3 months
Beware that someone may see you typing it. If you accidentally type your
password instead of your login name, it may appear in system log files
27. Do not open email attachments unless you are expecting the email with the
attachment and you trust the sender.
Do not click on links in emails unless you are absolutely sure of their validity.
Only visit and/or download software from web pages you trust.
28. Be sure to have a good firewall or pop-up blocker installed
Pop-up blockers do not always block ALL pop-ups so always close a pop-up
window using the ‘X’ in the upper corner.
Never click “yes,” “accept” or even “cancel”
Infected USB drives are often left unattended by hackers in public places.
29. Always use secure browser to do online activities.
Frequently delete temp files, cookies, history, saved passwords etc.
https://
Symbol showing
enhanced security
30. No security measure is 100%
What information is important to you?
Is your back-up:
Recent?
Off-site & Secure?
Process Documented?
Tested?
Encrypted?
31. Organizations lose 5-6% of revenue
annually due to internal fraud = $652
Billion in U.S. (2006)
Average scheme lasts 18 months, costs
$159,000
25% costs exceed $1M
Smaller companies suffer greater
average $ losses than large companies
Internal Fraud Recovery
$0 Recovered
Recovery<=25%
Substantial Recovery
32. 40
35
30
25
20
15
10
5
0
Tip By Accident Internal Audit Internal Controls External Audit Notified by
Tips are most common way fraud is discovered.
Tips come from:
• Employee/Coworkers 64%,
• Anonymous 18%,
• Customer 11%,
• Vendor 7%
If you notice possible fraud, CONTACT: ??????????
Police
%
How Fraud is Discovered
33. Additional Slides to insert
How is information security confidentiality to be
handled? Show table of how information
confidentiality is categorized and treated.
Is there specific legal actions all employees should be
concerned with?
Physical security – how are the rooms laid out and
how is security handled?
Handling information at home on home computer –
any special restrictions?
On fraud slide, specify contact if fraud is suspected.
34. These are best practices involving Information Security.
• Most of these practices are from the National Institute of Standards
and Technology.
Use these practices at home and at work to keep safe
and secure.
Employers have policies and procedures regarding
secure practices. Be sure to understand them and adhere
to them. It will protect you, your employer and your
customers.
Editor's Notes
Security: The way in which we protect access to our computers and information. E.g. Anti-virus software, firewall
Safety: The we behave while using the internet. E.g. Safe email behavior, safe software downloading behavior
Stress the difference and the importance of both together to provide a safe and secure computing environment.
Users must be aware of the threats that exist in order to properly detect and prevent them.
Each of these will be covered thoroughly in the slides that follow.
Viruses
Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet.
Computer viruses are often hidden in what appear to be useful or entertaining programs or e-mail attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in e-mail to friends and colleagues.
Worms
Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as email.
Logic Bomb
Malware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database.
Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination.
Trojan Horses
A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later.
The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.
Social Engineering can occur in-person, over the phone, in emails or fake web pages.
Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
The next two slides discuss two types of Social Engineering: phishing and pharming.
Phishing: A type of Social Engineering. The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.
When your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to eliminate.
Zombie: a compromised computer which may host pornography, illegal music and/or movies
Botnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks.
RootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password.
Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation.
At this stage just discuss the attacks and comparisons to password lengths and patterns.
Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.
Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
What are the best practices to avoid all the threats we have been discussing?
Attackers are always creating new viruses, so it is important that anti-virus software stay updated.
Anti-virus and anti-spyware software should be updated on a regular basis.
Anti-virus should be set to auto update at 12 midnight and then do a scan at 12:30.
Anti-spyware should be set to auto update at 2:30 am and then a full system scan should be done at 3:00 am, this procedure makes sure that only one activity is performed at a time.
If the employees work from home, they should also have anti-virus and anti-spyware installed on their home computers.
Windows has a firewall built-in. Be sure to always have it on.
It is necessary to have software firewalls on each computer even if you have a hardware firewall protecting your network. If your hardware firewall is compromised by a hacker or by malicious code of some kind, you don’t want the intruder or malicious program to have unlimited access to your computers and the information on those computers.
Every computer in the network should have its own software firewall enabled.
The Microsoft operating system has an built-in firewall, which can be easily located in the control panel. Ensure it is always turned on.
For other commercial operating system, the operations manual should have instructions about the firewall options.
For an added layer of security, commercial firewall software can be installed.
Windows has automatic update features that should be turned on.
Operating system should be regularly updated with the latest patches and updates provided by the vendors.
Major software applications like Microsoft Office should also be regularly updated.
Other installed business applications should also be updated on a regular basis.
Never use an admin account to surf the web, since in case of a compromise the malicious code would have admin rights.
Bad passwords on top, good passwords on bottom.
Start with a word(s) and do some changes such as: abbreviating, keypad shift, intertwine letters, synonyms, etc.
Other password creation techniques:
Combining words using symbols and numbers
Abbreviating a phrase
Using music lyrics, poems or quotes
Good password techniques:
Private: tell no one your password
Secret: never write your password down
Easily remembered: use something you know well, then change slightly as mentioned previously
Secure combination of letters, numbers and symbols
Change your password at least every three months
Watch for shoulder surfers or other physical techniques to gain password
Email Attachments
Attachments should be opened only from trusted senders.
If you are not expecting an email attachment from the sender, it’s a good idea to call and confirm, before opening the attachment.
Spam email often asks for sensitive information.
Links in emails
Never click on link in email attachment, except only when you are expecting it.
If you are not expecting an email link from the sender, it’s a good idea to call and confirm, before clicking the email link.
If you hover the cursor over an email’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match.
Trustworthy Web Pages
Software download should be done only from trusted websites like Microsoft for Windows updates and Office application updates.
Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.
A pop-up blocker should be installed (many browsers have them as add-ons), but they do not always block all pop-ups
Do not respond to pop ups while working online. For example, a malicious pop up message may say that you have a virus on the system. Close it by clicking on X in the upper right corner. If you click OK, it might install spyware or other malicious code.’
Infected USB drives are often left unattended by hackers in public places. They intend for unsuspecting people to take the USB home or to the office and unknowingly install the worm or malicious code.
Always use secure browser to do online activities.
Frequently delete temp files, cookies, history, saved passwords etc.
Look for https and/or lock or secure symbol
Backup should be done (at least)once a week. If possible, store to a removable media.
The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB).
Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month.
Backup data should be tested periodically to ensure reliability.
Tips on fraud are most frequent method of discovering it.
The percentages given for where the tips come from are percentages of total tips, not total fraud discoveries.