SlideShare a Scribd company logo

Securing and Safeguarding Your Library Setup

Brian Pichman
Brian Pichman

We will explore various tools, techniques, & procedures to ensure our environment's safety & security. Leave with a list of ideas you can use today within your library.

1 of 110
Download to read offline
Securing & Safeguarding Your Library Setup Brian Pichman Twitter: @Bpichman
Agenda • Understanding Anonymity, Privacy, and Everything in Between • Protecting Yourself • Getting Hacked • Best Security Tool: A Policy That Is Followed • Tools for Protecting Your Network
Cloak of Invisibility Anonymous Browsing tools like the Tor Project
Cloak of Invisibility Top reasons why people want to hide their IP address: 1. Hide their geographical location 2. Prevent Web tracking 3. Avoid leaving a digital footprint 4. Bypass any bans or blacklisting of their IP address 5. Perform illegal acts without being detected
Onion Routing, Tor Browsing • Technique for anonymous communication to take place over a network. The encryption takes place at three different times: • Entry Node • Relay Node • Exit Node • Tor is made up of volunteers running relay servers. No single router knows the entire network (only its to and from). • Tor can bypass internet content filtering, restricted government networks (like China) or allow people to be anonymous whistle blowers. • Tor allows you to gain access to “.onion” websites that are not accessible via a normal web browser. • Communication on the Dark Web happens, via Web, Telnet, IRC, and other means of communication being developed daily.
Cloak of Invisibility How do you Hide an 800lb Gorilla? • Use Free Wifi (To Hide your location) • Use a Secure Web Browser • Use a Private VPN • Go back to Dial-up • Setup RF Data Transfer over CB Radio Waves • Use Kali linux to hack someone else’s Wifi Encryption. • Setup long-range Wireless Antennas
Cloak of Invisibility • How to hide yourself? • Private VPN • You want a TOTALLY anonymous service. • Look for one that keeps no log history (Verify via reviews) • Look at Bandwidth & Available Servers • Recommendations: • Private Internet Access (PIA) • TorGuard VPN • Pure VPN • Opera Web Browser • Avast AntiVirus (SecureLine) • Worst Case: Free WIFI
Cloak of Invisibility • How Tor anonymizes – “You”. • How VPN keeps ”You” protected.
Dial Up? • Use an ISPs like NetZero that can be registered with fictitious personal information, and to which you can connect with caller ID disabled • Makes it a bit more difficult to identity “you”
Free WiFi • Sometimes a good alternative if you need to do something anonymously • Nothing is ever 100% anonymous • Some public wifi does track websites you access, what you do, etc. • Make sure your computer name you are using doesn’t include your actual name
Hacked WiFi – Cain and Abel
Best Tips and Practices Do • Use a device that you’ve never signed into anything ”personal on”. • Pro Tip: buy a computer from a Pawn Shop or Garage Sale Don’t • While on a VPN or any other anonymous tool; don’t sign into personal accounts (banks, social media, etc). • If posting, don’t use anything that could be associated to you
Easy Wins for Privacy • 10 Minute Email • https://10minutemail.com/ • Temporarily get an email box that’s anonymous and disappears after 10 minutes • Dr Cleaner (Mac) or Eraser (Win) can overwrite files on your computer with “blank” data to make file recovery near impossible. • Tools like Recuva is free softwares to allow you to restore deleted files.
What People Pay For Your Data • https://www.fortinet.com/blog/industry-trends/the-true-value-of- data.html • Credit Card Numbers: 50 cents to 2.50 per card. • Bank Account Information (logins/information): $1.00 to $70 • Medical Records: $10-$20
Protecting Yourself
Google Isn’t Always Your Friend
Tools For Use • Sites to protect yourself all the time (not free) • IdentityGuard.com • LifeLock.com • Sites to monitor when breached data gets related (this is free) • Haveibeenpwned.com • Password Management Sites (like lastpass.com) • Don’t have the same password for all your sites. • Don’t write your passwords down on a post-it-note and leave it at your desk
Dual Factor Authentication • After logging in; verify login via Email, SMS, or an app with a code.
Credit Card Tools for Online Shopping • Check out Privacy.Com • https://privacy.com/join/473XB ßshameless plug
Basic Tips • Accept only people you know to personal and professional accounts • Never click on links from people you don’t know. • Especially if they are using a url shortner: bit.ly, tinyurl.com, etc • https://www.urlvoid.com/ - test the website to see if its safe • https://snapito.com/ gets a screenshot of what will load on the site • https://www.site-shot.com/ get a screenshot of what will load on site • If there are people claiming to be you on social media, it’s best to get your account “verified” on those social media platforms • This lets users distinguish that you’re the actual official account • Dual factor authenticate all of your social media logins
Checking Your Accounts / Name Online • Use this site to check your usernames: https://namechk.com/ • The next is a tool searches through your email with things you may have signed up for (I've paid for their premium service as well, not really worth it, the free does just fine) https://brandyourself.com/privacy-overview. • This tool: https://email-lookup.online/index.php searches public searches to see what links. Its similar to https://www.spokeo.com/email-search.
Myths • I’m/my library not worth being attacked. • Hackers won’t guess my password. • I/we have anti-virus software. • I’ll/we know if I/we been compromised.
Understanding Breaches and Hacks • A hack involves a person or group to gain authorized access to a protected computer or network • A breach typically indicates a release of confidential data (including those done by accident) • Both of these require different responses if breaches/hacks occur.
The Costs Of Breaches • This year’s study found the average consolidated total cost of a data breach is 3.9 million dollars and in the US the average is actually higher at 8.19 million. [IBM 2019 http://www-03.ibm.com/security/data-breach/] • Data Breached Companies Experience… • People loose faith in your brand • Loss in patrons • Financial Costs • Government Requirements, Penalties, Fees, etc. • Sending of Notifications • Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
Top Hacker Tools • #1 Metasploit. • #2 Nmap. • #3 Acunetix WVS. • #4 Wireshark. • #5 oclHashcat. ... • #6 Nessus Vulnerability Scanner. ... • #7 Maltego. ... • #8 Social-Engineer Toolkit.
BackTrack can get you ALOT • BackTrack was a Linux distribution that focused on security based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux. https://en.wikipedia.org/wiki/BackTrack
You as a Organization - Obligations • You are obligated to protect the data and privacy of: • Employees • Customers • Business Partners/Vendors/Etc. • Sometimes, we forget we house a lot of personal and identifying information about our employees and customers. • Employees Social/Payroll/HR • Customer Records/Accounts/History • What employees/customers are accessing on the web • A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use for their username / password
Steps – Communication and Speed! • Communicate • People will ask “How long did you know XYZ happened” - know this information before communicating to them an attack occurred. • If you discover a breach, hack, or any other compromise that may have the impact of data being stolen or viewed, you MUST communicate quickly and effectively. • While every scenario is different and has different factors – groups that move faster with the information they know (as soon as they know it) they are generally better off long term (ie don’t’ wait months as you “investigate” the issue. Give people time to protect themselves) • Don’t over communicate and have one spokesperson • Be clear and concise. Too many details can be harmful.
Other Points on Communication • Once you know a breach has occurred, by law you are required to inform customers if their data has been compromised. • Some states have deadlines of when the announcement has to be made • Every impacted person must be told that a data breach has occurred, when it occurred, and what kind of information was compromised. • Answer: what are you doing to provide a remedy and should they do • (next slide)
what are you doing to provide a remedy and should they do You as the Organization • Build a website with information about the breach • Offer a Toll Free number people to call in for questions • If the possibility of social information provide contact information for Equifax, Experian and Transunion, and the quick links for fraud protection. Them as Impacted Parties • Fraud Protection (if necessary) • Request them to change their passwords if their password was compromised • Highlight if they use this password on OTHER sites to change those passwords too
Step 2 - Investigate • You will most likely need to hire an outside cyber security firm – they have the tools and resources to track what might have been stolen and who stole it. • Solve which computers and accounts were compromised, which data was accessed (viewed) or stolen (copied) and whether any other parties – such as clients, customers, business partners, users, employees. Was the stolen data encrypted or unencrypted? • Also involve folks from the people you pay for services (depending on where the breach occurred) such as ISPs, Web Hosting Providers, Security Software, Firewall Vendors, etc. • Contact your local, county or state police computer crimes unit and the FBI, which can do forensic analyses and provide valuable guidance
Step 3 – More Communication and Follow Up • If you notify more than 500 impacted people from a breach, many states will also require you to file a notice with your state attorney general’s office. • HIPPA, FERPA, CIPA, and all those other scary acronyms have requirements and regulations – make sure none of those rules are violated.
Legal Stuff • There are a lot of laws that help a certain level of security standards. The landscape of these laws is evolving as the level of threats increase. • There is compliance standards that organizations should reach for security as well – as a precaution and preventive measure to mitigate risk. • The ISO/IEC 27000 family of standards helps organizations keep information assets secure. • https://www.iso.org/isoiec-27001- information-security.html
Why have a policy? Staring Will Ferrell ….
Increases Efficiency • Having a security policy allows you to be consistent in your approach to issues and how processes should work. • It should outline how and what to do, and repeatable across your organization. • Everyone is doing XYZ the same way and on the same page.
Accountability, Discipline, and Penalties • Think of it as a contract – for legal purposes – that you have taken the steps needed to secure your organization. • Need to define penalties when violations occur. People need to know the consequences are for failure to comply – both from a legal and HR standpoint or even access permissions. • Policies and procedures provide what the expectation is and how to achieve that expectation. It should define what the consequence are for failure to adhere.
Education For Employees • By reading these policies (and signing them), it helps educate your employees (and users) the sense of ownership for assets and data. • Everything from advice on choosing the proper passwords, to providing guidelines for file transfers and data storage, internet access and rules, will help to increase employees’ overall awareness of security and how it can be strengthened
Addresses Threats and Risks • A good policy should address all threats, strategies to decrease the vulnerabilities of those threats, and how to recover if those threats became actionable. • This makes the “what do we do if someone hacks our network” a defined process already and who to call and what to do to mitigate further damage.
Access Definitions and Permissions • A good policy would outline who accesses what and why. This makes reporting a security violation easier and streamlined. • Policies are like bouncers at a night club • It states who has access to the VIP section of the club, why, and any reasons to allow entry. • Without these rules, VIP wouldn’t be really VIP.
Protecting Your Library you threats Delicious Library Data
Why do People Attack? • Financial Gain • Stocks • Getting Paid • Selling of information • Data Theft • For a single person • For a bundle of people • Just Because • Malicious
How to navigate and prevent wrong turns • Who are the people we’re trying to avoid? Hacker Groups • Lizard Squad. ... • Anonymous. ... • LulzSec. ... • Syrian Electronic Army. ... • Chaos Computer Club (CCC) ... • Iran's Tarh Andishan. ... • The Level Seven Crew. ... • globalHell.
So what Do You Need to Protect? • Website(s) • ILS • Staff Computers • And what they do on them • Patron Computers • And what they do on them • Network • And what people do on them • Stored Data, Files, etc. • Business Assets • Personal Assets • ….anything and everything that is plugged in…
Outside • Modem Router Firewall Switches • Servers End User • Phones • Computers • Laptops
Outer Defenses (Routers/Firewalls) • Site to Site Protection (Router to Router or Firewall to Firewall) • Encrypted over a VPN Connection • Protection With: • IDS • IPS • Web filtering • Antivirus at Web Level • Protecting INBOUND and OUTBOUND
Unified Threat Management • Single Device Security • All traffic is routed through a unified threat management device.
Areas of Attack On Outer Defense External Facing Applications • Anything with an “External IP” • NAT, ONE to ONE, etc. • Website • EZProxy Connection • Custom Built Web Applications or Services Internal Applications • File Shares • Active Directory (usernames / passwords) • Patron Records • DNS Routing • Outbound Network Traffic • Who is going where
Attacks • Man in the Middle • Sitting between a conversation and either listening or altering the data as its sent across. • DNS Spoofing (https://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns- lan-redirect-traffic-your-fake-website-0151620/) set up a fake website and let people login to it. • D/DoS Attack (Distributed/Denial of Service Attack) • Directing a large amount of traffic to disrupt service to a particular box or an entire network. • Could be done via sending bad traffic or data • That device can be brought down to an unrecoverable state to disrupt business operations. • Sniffing Attacks • Monitoring of data and traffic to determine what people are doing.
Inner Defenses (Switches/Server Configs) • Protecting Internal Traffic, Outbound Traffic, and Inbound Traffic • Internal Traffic = device to device • Servers • Printers • Computers • Protected By: • Software Configurations • Group Policy • Password Policy • Hardware Configurations • Routing Rules
Updates, Patches, Firmware • Keeping your system updated is important. • Being on the latest and greatest [software/update/firmware] isn’t always good. • Need to test and vet all updates before implementation • If you can – build a dev environment to test and validate.
Casper Suite / JAMF - https://www.jamf.com/products/jamf-pro/
SCCM tools
Protecting End Devices • Protecting Assets • Business Assets • Thefts • Hacking • Personal Devices • Security Risk • Usually pose an INBOUND threat to your network
Passwords • Let’s talk about Passwords • Length of Password • Complexity of password requirements • DO NOT USE POST IT NOTES • A person’s “every day account” should never have admin rights to machines. • That includes your IT Folks!
Your Security is as Strong As the Weakest Link
Tools To Train • Knowbe4
Impersonation Some people will create emails of VIPs to trick you into getting a message to them
Spoofing Is when someone masks themselves as another user or domain Sometimes they create a new domain with slight spelling: example g00gle.com
Pulling Everything Together • Do A Risk Assessment • Develop Policies • Training Plans For Staff • Implement tools to help protect
Free Resources - CISA • https://www.cisa.gov/topics/cyber-threats-and-advisories/cyber- hygiene-services
Free Resources - Tenable • https://www.tenable.com/products/nessus/nessus- essentials?action=register
IT Admin Tricks for Security • Administrative Accounts are easy to figure out if they are something like “administrator” ”root” or “power users”. At the same time, no employee should have their account as a full admin. • Instead, give them their own username for admin access (like brian.admin) • Change the default “login” pages for sites to something that’s not www.mysitename.com/login. Bots look for this and attack. • My Drupal Site login page is www.evolveproject.org/catpower • User Awareness is key to any secure organization. Teach users how to identify potential threats and how to respond quickly. • Avoid shared accounts. One account should only be used by one person.
“Cool” Hardware https://krebsonsecurity.com/2016/08/road-warriors-beware-of-video-jacking/ Be careful when plugging your device in o public USB Outlet… Either read the data on your device OR Record your screen ->
Credit Card Skimmers
Some Recommended Security Tools
ESET Products https://www.eset.com/us/home-store/
Sophos Home https://home.sophos.com/en-us/free-anti-virus-windows.aspx
Proactive Scanning • Malwarebytes (Free): https://www.malwarebytes.com/
Proactive Cleaning • CCleaner (https://www.ccleaner.com/ ) • CleanMyMac (https://macpaw.com/cleanmymac )
How About Your Network?
Web Security – No Installs Needed https://www.opendns.com/
Parental Controls
Email for Kids • There are service providers that can help manage kid’s emails and help protect them. • Google has an option where you can manage a Google Account for your child: https://support.google.com/families/answer/7103338?hl=en
Apple iOS Parental Controls • https://support.apple.com/en-us/HT201304 • https://www.apple.com/families/
Microsoft Families • https://account.microsoft.com/family/about
Google Families • https://support.google.com/families#topic=7327495 • https://families.google.com/familylink/
App Based Monitoring
Advance Cyber Protection Tools • MDR / NDR Solutions (Managed Detection Response / Network Detection Response) • Network detection and response (NDR) products detect abnormal system behaviors by applying behavioral analytics to network traffic data. • Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
• Evolve Project • https://www.linkedin.com/in/bpichman • Twitter: @bpichman • Email: bpichman@evolveproject.org Brian Pichman Questions?

Recommended

Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
Brian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
Brian Pichman
 
How To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayHow To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber Monday
Michele Chubirka
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
Nicholas Davis
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
Stephen Abram
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNs
Iulia Porneala
 

Recommended

Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
Brian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Brian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
Brian Pichman
 
How To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber MondayHow To Keep the Grinch From Ruining Your Cyber Monday
How To Keep the Grinch From Ruining Your Cyber Monday
Michele Chubirka
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
Nicholas Davis
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
Stephen Abram
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNs
Iulia Porneala
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
Geoffrey Vaughan
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
CharithraaAR
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
ShubhamGupta833557
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
HarishParthasarathy4
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
samina khan
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Unit 3B.pdf
Unit 3B.pdfUnit 3B.pdf
Unit 3B.pdf
TuhinUtsabPaul
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
Justin Denton
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
Jack Maynard
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
Brian Pichman
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
Quick Heal Technologies Ltd.
 
AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)
Brian Pichman
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
Brian Pichman
 

More Related Content

Similar to Securing and Safeguarding Your Library Setup

Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
Geoffrey Vaughan
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
CharithraaAR
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraudRadiant Minds
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
ShubhamGupta833557
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
HarishParthasarathy4
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
samina khan
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Unit 3B.pdf
Unit 3B.pdfUnit 3B.pdf
Unit 3B.pdf
TuhinUtsabPaul
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
Justin Denton
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
Jack Maynard
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
Brian Pichman
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
Quick Heal Technologies Ltd.
 

Similar to Securing and Safeguarding Your Library Setup (20)

Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Unit 3B.pdf
Unit 3B.pdfUnit 3B.pdf
Unit 3B.pdf
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...Creating a digital toolkit for users: How to teach our users how to limit the...
Creating a digital toolkit for users: How to teach our users how to limit the...
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 

More from Brian Pichman

AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)
Brian Pichman
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
Brian Pichman
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
Brian Pichman
 
Community Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory CareCommunity Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory Care
Brian Pichman
 
Robotics in Libraries - Education and Automation
Robotics in Libraries - Education and AutomationRobotics in Libraries - Education and Automation
Robotics in Libraries - Education and Automation
Brian Pichman
 
NCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve ProjectNCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve Project
Brian Pichman
 
AI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and PublishingAI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and Publishing
Brian Pichman
 
Tech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOreTech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOre
Brian Pichman
 
Content Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for LibrariesContent Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for Libraries
Brian Pichman
 
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptxArtificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
Brian Pichman
 
40 Day Challenge
40 Day Challenge40 Day Challenge
40 Day Challenge
Brian Pichman
 
NCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's BoxNCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's Box
Brian Pichman
 
Lets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPTLets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPT
Brian Pichman
 
CES 2023
CES 2023CES 2023
CES 2023
Brian Pichman
 
Lets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPTLets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPT
Brian Pichman
 
STEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdfSTEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdf
Brian Pichman
 
Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)
Brian Pichman
 
Coding with Maker Tech
Coding with Maker Tech Coding with Maker Tech
Coding with Maker Tech
Brian Pichman
 
CES 2023
CES 2023CES 2023
CES 2023
Brian Pichman
 
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptx
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptxInnovation and Libraries Building a Collaborative Learning Ecosystem.pptx
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptx
Brian Pichman
 

More from Brian Pichman (20)

AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
Community Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory CareCommunity Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory Care
 
Robotics in Libraries - Education and Automation
Robotics in Libraries - Education and AutomationRobotics in Libraries - Education and Automation
Robotics in Libraries - Education and Automation
 
NCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve ProjectNCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve Project
 
AI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and PublishingAI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and Publishing
 
Tech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOreTech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOre
 
Content Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for LibrariesContent Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for Libraries
 
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptxArtificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
 
40 Day Challenge
40 Day Challenge40 Day Challenge
40 Day Challenge
 
NCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's BoxNCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's Box
 
Lets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPTLets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPT
 
CES 2023
CES 2023CES 2023
CES 2023
 
Lets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPTLets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPT
 
STEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdfSTEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdf
 
Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)
 
Coding with Maker Tech
Coding with Maker Tech Coding with Maker Tech
Coding with Maker Tech
 
CES 2023
CES 2023CES 2023
CES 2023
 
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptx
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptxInnovation and Libraries Building a Collaborative Learning Ecosystem.pptx
Innovation and Libraries Building a Collaborative Learning Ecosystem.pptx
 

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

Securing and Safeguarding Your Library Setup

  • 1. Securing & Safeguarding Your Library Setup Brian Pichman Twitter: @Bpichman
  • 2.
  • 3. Agenda • Understanding Anonymity, Privacy, and Everything in Between • Protecting Yourself • Getting Hacked • Best Security Tool: A Policy That Is Followed • Tools for Protecting Your Network
  • 4.
  • 5. Cloak of Invisibility Anonymous Browsing tools like the Tor Project
  • 6. Cloak of Invisibility Top reasons why people want to hide their IP address: 1. Hide their geographical location 2. Prevent Web tracking 3. Avoid leaving a digital footprint 4. Bypass any bans or blacklisting of their IP address 5. Perform illegal acts without being detected
  • 7. Onion Routing, Tor Browsing • Technique for anonymous communication to take place over a network. The encryption takes place at three different times: • Entry Node • Relay Node • Exit Node • Tor is made up of volunteers running relay servers. No single router knows the entire network (only its to and from). • Tor can bypass internet content filtering, restricted government networks (like China) or allow people to be anonymous whistle blowers. • Tor allows you to gain access to “.onion” websites that are not accessible via a normal web browser. • Communication on the Dark Web happens, via Web, Telnet, IRC, and other means of communication being developed daily.
  • 8. Cloak of Invisibility How do you Hide an 800lb Gorilla? • Use Free Wifi (To Hide your location) • Use a Secure Web Browser • Use a Private VPN • Go back to Dial-up • Setup RF Data Transfer over CB Radio Waves • Use Kali linux to hack someone else’s Wifi Encryption. • Setup long-range Wireless Antennas
  • 9. Cloak of Invisibility • How to hide yourself? • Private VPN • You want a TOTALLY anonymous service. • Look for one that keeps no log history (Verify via reviews) • Look at Bandwidth & Available Servers • Recommendations: • Private Internet Access (PIA) • TorGuard VPN • Pure VPN • Opera Web Browser • Avast AntiVirus (SecureLine) • Worst Case: Free WIFI
  • 10. Cloak of Invisibility • How Tor anonymizes – “You”. • How VPN keeps ”You” protected.
  • 11. Dial Up? • Use an ISPs like NetZero that can be registered with fictitious personal information, and to which you can connect with caller ID disabled • Makes it a bit more difficult to identity “you”
  • 12. Free WiFi • Sometimes a good alternative if you need to do something anonymously • Nothing is ever 100% anonymous • Some public wifi does track websites you access, what you do, etc. • Make sure your computer name you are using doesn’t include your actual name
  • 13. Hacked WiFi – Cain and Abel
  • 14. Best Tips and Practices Do • Use a device that you’ve never signed into anything ”personal on”. • Pro Tip: buy a computer from a Pawn Shop or Garage Sale Don’t • While on a VPN or any other anonymous tool; don’t sign into personal accounts (banks, social media, etc). • If posting, don’t use anything that could be associated to you
  • 15. Easy Wins for Privacy • 10 Minute Email • https://10minutemail.com/ • Temporarily get an email box that’s anonymous and disappears after 10 minutes • Dr Cleaner (Mac) or Eraser (Win) can overwrite files on your computer with “blank” data to make file recovery near impossible. • Tools like Recuva is free softwares to allow you to restore deleted files.
  • 16. What People Pay For Your Data • https://www.fortinet.com/blog/industry-trends/the-true-value-of- data.html • Credit Card Numbers: 50 cents to 2.50 per card. • Bank Account Information (logins/information): $1.00 to $70 • Medical Records: $10-$20
  • 17.
  • 18.
  • 19.
  • 21. Google Isn’t Always Your Friend
  • 22. Tools For Use • Sites to protect yourself all the time (not free) • IdentityGuard.com • LifeLock.com • Sites to monitor when breached data gets related (this is free) • Haveibeenpwned.com • Password Management Sites (like lastpass.com) • Don’t have the same password for all your sites. • Don’t write your passwords down on a post-it-note and leave it at your desk
  • 23.
  • 24.
  • 25. Dual Factor Authentication • After logging in; verify login via Email, SMS, or an app with a code.
  • 26. Credit Card Tools for Online Shopping • Check out Privacy.Com • https://privacy.com/join/473XB ßshameless plug
  • 27. Basic Tips • Accept only people you know to personal and professional accounts • Never click on links from people you don’t know. • Especially if they are using a url shortner: bit.ly, tinyurl.com, etc • https://www.urlvoid.com/ - test the website to see if its safe • https://snapito.com/ gets a screenshot of what will load on the site • https://www.site-shot.com/ get a screenshot of what will load on site • If there are people claiming to be you on social media, it’s best to get your account “verified” on those social media platforms • This lets users distinguish that you’re the actual official account • Dual factor authenticate all of your social media logins
  • 28. Checking Your Accounts / Name Online • Use this site to check your usernames: https://namechk.com/ • The next is a tool searches through your email with things you may have signed up for (I've paid for their premium service as well, not really worth it, the free does just fine) https://brandyourself.com/privacy-overview. • This tool: https://email-lookup.online/index.php searches public searches to see what links. Its similar to https://www.spokeo.com/email-search.
  • 29.
  • 30. Myths • I’m/my library not worth being attacked. • Hackers won’t guess my password. • I/we have anti-virus software. • I’ll/we know if I/we been compromised.
  • 31. Understanding Breaches and Hacks • A hack involves a person or group to gain authorized access to a protected computer or network • A breach typically indicates a release of confidential data (including those done by accident) • Both of these require different responses if breaches/hacks occur.
  • 32.
  • 33. The Costs Of Breaches • This year’s study found the average consolidated total cost of a data breach is 3.9 million dollars and in the US the average is actually higher at 8.19 million. [IBM 2019 http://www-03.ibm.com/security/data-breach/] • Data Breached Companies Experience… • People loose faith in your brand • Loss in patrons • Financial Costs • Government Requirements, Penalties, Fees, etc. • Sending of Notifications • Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
  • 34.
  • 35. Top Hacker Tools • #1 Metasploit. • #2 Nmap. • #3 Acunetix WVS. • #4 Wireshark. • #5 oclHashcat. ... • #6 Nessus Vulnerability Scanner. ... • #7 Maltego. ... • #8 Social-Engineer Toolkit.
  • 36.
  • 37.
  • 38. BackTrack can get you ALOT • BackTrack was a Linux distribution that focused on security based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux. https://en.wikipedia.org/wiki/BackTrack
  • 39.
  • 40.
  • 41. You as a Organization - Obligations • You are obligated to protect the data and privacy of: • Employees • Customers • Business Partners/Vendors/Etc. • Sometimes, we forget we house a lot of personal and identifying information about our employees and customers. • Employees Social/Payroll/HR • Customer Records/Accounts/History • What employees/customers are accessing on the web • A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use for their username / password
  • 42. Steps – Communication and Speed! • Communicate • People will ask “How long did you know XYZ happened” - know this information before communicating to them an attack occurred. • If you discover a breach, hack, or any other compromise that may have the impact of data being stolen or viewed, you MUST communicate quickly and effectively. • While every scenario is different and has different factors – groups that move faster with the information they know (as soon as they know it) they are generally better off long term (ie don’t’ wait months as you “investigate” the issue. Give people time to protect themselves) • Don’t over communicate and have one spokesperson • Be clear and concise. Too many details can be harmful.
  • 43. Other Points on Communication • Once you know a breach has occurred, by law you are required to inform customers if their data has been compromised. • Some states have deadlines of when the announcement has to be made • Every impacted person must be told that a data breach has occurred, when it occurred, and what kind of information was compromised. • Answer: what are you doing to provide a remedy and should they do • (next slide)
  • 44. what are you doing to provide a remedy and should they do You as the Organization • Build a website with information about the breach • Offer a Toll Free number people to call in for questions • If the possibility of social information provide contact information for Equifax, Experian and Transunion, and the quick links for fraud protection. Them as Impacted Parties • Fraud Protection (if necessary) • Request them to change their passwords if their password was compromised • Highlight if they use this password on OTHER sites to change those passwords too
  • 45.
  • 46.
  • 47. Step 2 - Investigate • You will most likely need to hire an outside cyber security firm – they have the tools and resources to track what might have been stolen and who stole it. • Solve which computers and accounts were compromised, which data was accessed (viewed) or stolen (copied) and whether any other parties – such as clients, customers, business partners, users, employees. Was the stolen data encrypted or unencrypted? • Also involve folks from the people you pay for services (depending on where the breach occurred) such as ISPs, Web Hosting Providers, Security Software, Firewall Vendors, etc. • Contact your local, county or state police computer crimes unit and the FBI, which can do forensic analyses and provide valuable guidance
  • 48. Step 3 – More Communication and Follow Up • If you notify more than 500 impacted people from a breach, many states will also require you to file a notice with your state attorney general’s office. • HIPPA, FERPA, CIPA, and all those other scary acronyms have requirements and regulations – make sure none of those rules are violated.
  • 49. Legal Stuff • There are a lot of laws that help a certain level of security standards. The landscape of these laws is evolving as the level of threats increase. • There is compliance standards that organizations should reach for security as well – as a precaution and preventive measure to mitigate risk. • The ISO/IEC 27000 family of standards helps organizations keep information assets secure. • https://www.iso.org/isoiec-27001- information-security.html
  • 50. Why have a policy? Staring Will Ferrell ….
  • 51. Increases Efficiency • Having a security policy allows you to be consistent in your approach to issues and how processes should work. • It should outline how and what to do, and repeatable across your organization. • Everyone is doing XYZ the same way and on the same page.
  • 52. Accountability, Discipline, and Penalties • Think of it as a contract – for legal purposes – that you have taken the steps needed to secure your organization. • Need to define penalties when violations occur. People need to know the consequences are for failure to comply – both from a legal and HR standpoint or even access permissions. • Policies and procedures provide what the expectation is and how to achieve that expectation. It should define what the consequence are for failure to adhere.
  • 53. Education For Employees • By reading these policies (and signing them), it helps educate your employees (and users) the sense of ownership for assets and data. • Everything from advice on choosing the proper passwords, to providing guidelines for file transfers and data storage, internet access and rules, will help to increase employees’ overall awareness of security and how it can be strengthened
  • 54. Addresses Threats and Risks • A good policy should address all threats, strategies to decrease the vulnerabilities of those threats, and how to recover if those threats became actionable. • This makes the “what do we do if someone hacks our network” a defined process already and who to call and what to do to mitigate further damage.
  • 55. Access Definitions and Permissions • A good policy would outline who accesses what and why. This makes reporting a security violation easier and streamlined. • Policies are like bouncers at a night club • It states who has access to the VIP section of the club, why, and any reasons to allow entry. • Without these rules, VIP wouldn’t be really VIP.
  • 57. Why do People Attack? • Financial Gain • Stocks • Getting Paid • Selling of information • Data Theft • For a single person • For a bundle of people • Just Because • Malicious
  • 58. How to navigate and prevent wrong turns • Who are the people we’re trying to avoid? Hacker Groups • Lizard Squad. ... • Anonymous. ... • LulzSec. ... • Syrian Electronic Army. ... • Chaos Computer Club (CCC) ... • Iran's Tarh Andishan. ... • The Level Seven Crew. ... • globalHell.
  • 59. So what Do You Need to Protect? • Website(s) • ILS • Staff Computers • And what they do on them • Patron Computers • And what they do on them • Network • And what people do on them • Stored Data, Files, etc. • Business Assets • Personal Assets • ….anything and everything that is plugged in…
  • 60. Outside • Modem Router Firewall Switches • Servers End User • Phones • Computers • Laptops
  • 61. Outer Defenses (Routers/Firewalls) • Site to Site Protection (Router to Router or Firewall to Firewall) • Encrypted over a VPN Connection • Protection With: • IDS • IPS • Web filtering • Antivirus at Web Level • Protecting INBOUND and OUTBOUND
  • 62. Unified Threat Management • Single Device Security • All traffic is routed through a unified threat management device.
  • 63. Areas of Attack On Outer Defense External Facing Applications • Anything with an “External IP” • NAT, ONE to ONE, etc. • Website • EZProxy Connection • Custom Built Web Applications or Services Internal Applications • File Shares • Active Directory (usernames / passwords) • Patron Records • DNS Routing • Outbound Network Traffic • Who is going where
  • 64. Attacks • Man in the Middle • Sitting between a conversation and either listening or altering the data as its sent across. • DNS Spoofing (https://null-byte.wonderhowto.com/how-to/hack-like-pro-spoof-dns- lan-redirect-traffic-your-fake-website-0151620/) set up a fake website and let people login to it. • D/DoS Attack (Distributed/Denial of Service Attack) • Directing a large amount of traffic to disrupt service to a particular box or an entire network. • Could be done via sending bad traffic or data • That device can be brought down to an unrecoverable state to disrupt business operations. • Sniffing Attacks • Monitoring of data and traffic to determine what people are doing.
  • 65. Inner Defenses (Switches/Server Configs) • Protecting Internal Traffic, Outbound Traffic, and Inbound Traffic • Internal Traffic = device to device • Servers • Printers • Computers • Protected By: • Software Configurations • Group Policy • Password Policy • Hardware Configurations • Routing Rules
  • 66.
  • 67.
  • 68. Updates, Patches, Firmware • Keeping your system updated is important. • Being on the latest and greatest [software/update/firmware] isn’t always good. • Need to test and vet all updates before implementation • If you can – build a dev environment to test and validate.
  • 69. Casper Suite / JAMF - https://www.jamf.com/products/jamf-pro/
  • 71.
  • 72. Protecting End Devices • Protecting Assets • Business Assets • Thefts • Hacking • Personal Devices • Security Risk • Usually pose an INBOUND threat to your network
  • 73.
  • 74. Passwords • Let’s talk about Passwords • Length of Password • Complexity of password requirements • DO NOT USE POST IT NOTES • A person’s “every day account” should never have admin rights to machines. • That includes your IT Folks!
  • 75. Your Security is as Strong As the Weakest Link
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82. Impersonation Some people will create emails of VIPs to trick you into getting a message to them
  • 83. Spoofing Is when someone masks themselves as another user or domain Sometimes they create a new domain with slight spelling: example g00gle.com
  • 84. Pulling Everything Together • Do A Risk Assessment • Develop Policies • Training Plans For Staff • Implement tools to help protect
  • 85.
  • 86.
  • 87.
  • 88. Free Resources - CISA • https://www.cisa.gov/topics/cyber-threats-and-advisories/cyber- hygiene-services
  • 89. Free Resources - Tenable • https://www.tenable.com/products/nessus/nessus- essentials?action=register
  • 90. IT Admin Tricks for Security • Administrative Accounts are easy to figure out if they are something like “administrator” ”root” or “power users”. At the same time, no employee should have their account as a full admin. • Instead, give them their own username for admin access (like brian.admin) • Change the default “login” pages for sites to something that’s not www.mysitename.com/login. Bots look for this and attack. • My Drupal Site login page is www.evolveproject.org/catpower • User Awareness is key to any secure organization. Teach users how to identify potential threats and how to respond quickly. • Avoid shared accounts. One account should only be used by one person.
  • 91. “Cool” Hardware https://krebsonsecurity.com/2016/08/road-warriors-beware-of-video-jacking/ Be careful when plugging your device in o public USB Outlet… Either read the data on your device OR Record your screen ->
  • 96. Proactive Scanning • Malwarebytes (Free): https://www.malwarebytes.com/
  • 97. Proactive Cleaning • CCleaner (https://www.ccleaner.com/ ) • CleanMyMac (https://macpaw.com/cleanmymac )
  • 98. How About Your Network?
  • 99. Web Security – No Installs Needed https://www.opendns.com/
  • 101. Email for Kids • There are service providers that can help manage kid’s emails and help protect them. • Google has an option where you can manage a Google Account for your child: https://support.google.com/families/answer/7103338?hl=en
  • 102. Apple iOS Parental Controls • https://support.apple.com/en-us/HT201304 • https://www.apple.com/families/
  • 106.
  • 107. Advance Cyber Protection Tools • MDR / NDR Solutions (Managed Detection Response / Network Detection Response) • Network detection and response (NDR) products detect abnormal system behaviors by applying behavioral analytics to network traffic data. • Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
  • 108.
  • 109.
  • 110. • Evolve Project • https://www.linkedin.com/in/bpichman • Twitter: @bpichman • Email: bpichman@evolveproject.org Brian Pichman Questions?