This document discusses the risks of phishing and social networks. It begins with some basic terminology and context around key players like individuals, technology, and services involved. It describes the basic methodology that criminals and terrorists use to exploit common activities on the internet like social networks, email, and web browsing. This includes making counterfeit activities look normal to attract users. The document provides some statistics on data breaches and privacy losses. It emphasizes knowing yourself and potential threats to understand your risk profile. It recommends practical precautions to mitigate risks like keeping software updated, using security tools, and exercising common sense online. Resources for more information are also included.
This document discusses social and mobile security issues. It covers topics like the psychological impact of social media, internet addiction among college students, privacy concerns with sharing information and photos online, and tips for safe social media and mobile device use. Specific recommendations include educating yourself and loved ones on online risks, setting guidelines for internet and phone use, installing parental control software, using strong passwords, and being aware of location data and metadata attached to photos.
7 Tips for teen safety online
-Check your comments and images
- Talk to your friends about what is ok to post
- Review your account settings
- Know your friends, contacts and followers
- Keep an eye on 3rd party apps
- Don't forget mobile
- Report
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
The document appears to be a syllabus for a course on social media security basics. It includes sections on definition of terms, risks, common attacks, and what can be done to protect yourself. Some common social media attacks mentioned are malware distribution, command and control of malware, compromise of sensitive data, social media worms like KoobFace that spread through messages/posts, targeted attacks, password/account hacking, and spam. The syllabus suggests users should avoid random links, use strong unique passwords, and not trust unsolicited messages. Vendors and enterprises are encouraged to implement better security practices while more research should be done on social media threats.
When it comes to social media, most of us expect that we are in control of what we share about ourselves, and who we share with. In this hands-on workshop, we will dispel common myths and misconception about social media privacy as well as discuss step-by-step instructions for securing out social media selves.
This document provides information to parents on protecting children from online risks and predators. It discusses different types of online predators like attracters, attackers, and enablers. It emphasizes the importance of educating children about online safety, using parental controls to block inappropriate content, monitoring children's internet activity, and creating an emergency plan in case a child encounters an online threat. Overall, the document stresses that while no protection is full-proof, open communication and utilizing available tools can help reduce children's risk of being targeted by online predators.
One in three internet users globally is a child. This proportion is likely to be even higher in the global South.
Organizations working to advance children’s rights and promote well-being need to understand how to reduce the risk of harm children face online while maximizing their opportunities for learning, participation and creativity.
The PPT covers digital safety for children.
This document provides online safety tips for seniors. It discusses common online activities seniors engage in and basic safety practices like using strong passwords and privacy settings. Common scams targeting seniors are described such as personal emergency scams and online dating scams. Tips are provided for safe online banking, shopping, social media use, and identifying fake news. The document encourages fact checking information before sharing and outlines strategies for dealing with hate speech.
Spiritual social media & mobile devicesErnest Staats
Ernest Staats is the technology director with extensive technical certifications and experience. He provides a link to resources on network security.
The document discusses several concerning trends regarding students' internet and technology use including feelings of addiction and dependence, negative physical and mental health impacts, and engaging in risky online behaviors like online gambling and oversharing personal information. It suggests that many students may need intervention for internet addiction.
This document discusses social and mobile security issues. It covers topics like the psychological impact of social media, internet addiction among college students, privacy concerns with sharing information and photos online, and tips for safe social media and mobile device use. Specific recommendations include educating yourself and loved ones on online risks, setting guidelines for internet and phone use, installing parental control software, using strong passwords, and being aware of location data and metadata attached to photos.
7 Tips for teen safety online
-Check your comments and images
- Talk to your friends about what is ok to post
- Review your account settings
- Know your friends, contacts and followers
- Keep an eye on 3rd party apps
- Don't forget mobile
- Report
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
The document appears to be a syllabus for a course on social media security basics. It includes sections on definition of terms, risks, common attacks, and what can be done to protect yourself. Some common social media attacks mentioned are malware distribution, command and control of malware, compromise of sensitive data, social media worms like KoobFace that spread through messages/posts, targeted attacks, password/account hacking, and spam. The syllabus suggests users should avoid random links, use strong unique passwords, and not trust unsolicited messages. Vendors and enterprises are encouraged to implement better security practices while more research should be done on social media threats.
When it comes to social media, most of us expect that we are in control of what we share about ourselves, and who we share with. In this hands-on workshop, we will dispel common myths and misconception about social media privacy as well as discuss step-by-step instructions for securing out social media selves.
This document provides information to parents on protecting children from online risks and predators. It discusses different types of online predators like attracters, attackers, and enablers. It emphasizes the importance of educating children about online safety, using parental controls to block inappropriate content, monitoring children's internet activity, and creating an emergency plan in case a child encounters an online threat. Overall, the document stresses that while no protection is full-proof, open communication and utilizing available tools can help reduce children's risk of being targeted by online predators.
One in three internet users globally is a child. This proportion is likely to be even higher in the global South.
Organizations working to advance children’s rights and promote well-being need to understand how to reduce the risk of harm children face online while maximizing their opportunities for learning, participation and creativity.
The PPT covers digital safety for children.
This document provides online safety tips for seniors. It discusses common online activities seniors engage in and basic safety practices like using strong passwords and privacy settings. Common scams targeting seniors are described such as personal emergency scams and online dating scams. Tips are provided for safe online banking, shopping, social media use, and identifying fake news. The document encourages fact checking information before sharing and outlines strategies for dealing with hate speech.
Spiritual social media & mobile devicesErnest Staats
Ernest Staats is the technology director with extensive technical certifications and experience. He provides a link to resources on network security.
The document discusses several concerning trends regarding students' internet and technology use including feelings of addiction and dependence, negative physical and mental health impacts, and engaging in risky online behaviors like online gambling and oversharing personal information. It suggests that many students may need intervention for internet addiction.
The document summarizes key findings from research analyzing 250 public Facebook profiles:
- One third of profiles contained at least 2 pieces of personal information that could be used to guess passwords.
- Most people do not trust all of their Facebook friends, yet 9% would accept requests from strangers.
- Six percent allow full public access to their profiles, and 15% share their date of birth publicly.
- Half are aware personal details on social media could enable identity fraud, yet security practices remain lax.
Lisa Turner presented on privacy and social media. She discussed several privacy concerns with social media use including oversharing personal information, social data mining where companies extract user data, and location sharing potentially revealing when users are away from home. She also reviewed how social media use can impact careers, giving examples of individuals who were fired for inappropriate social media posts. Additionally, she covered how data breaches are a risk as personal data online has increased dramatically in the last 20 years. She concluded with some best practices for social media users to help protect their privacy.
Social networking sites provide opportunities to connect with others but can also reveal sensitive personal information to adversaries if users are not careful. Critical information includes names, photos, work details, schedules and passwords. To minimize risks, users should follow computer security guidelines, control privacy settings, avoid posting critical information, and be wary of links, files and applications from unknown users. Practicing good operations security helps protect user information on social networking sites.
3Rs of Internet Safety: Rights, Responsibilities and Risk ManagementConnectSafely
This is not your tired old Internet Safety lecture, but a presentation by ConnectSafely.org CEO Larry Magid that emphasizes youth rights as well as responsibliities and the importance of media literacy
Learn internet governance initiative child online safety by shreedeep rayamaj...Shreedeep Rayamajhi
This document discusses many online safety issues that children may face and provides guidance for parents. It notes that internet sites can be addictive for youth and pose privacy and commercial risks. It outlines core internet values for children, such as using the internet for communication and learning only under adult supervision. It then discusses specific online risks like exposure to inappropriate content, cyberbullying, sexting, identity theft, and online abuse. Finally, it recommends that parents educate themselves on these issues, use parental control software and firewalls, and communicate openly with their children about staying safe online.
Social media poses risks to users such as revealing private information, reputation damage, or identity theft from hackers seeking personal data for financial gain. Hackers send spam, phishing messages, and malware through social media networks, with 57% of users reporting spam and 30% reporting phishing attacks. The document provides tips for staying safe such as using strong passwords, checking privacy settings, thinking before posting or clicking links, and being wary of strangers.
This document provides information and tips for staying secure when using social media. It defines different types of social networks such as personal networks like Facebook, content sharing networks like YouTube, and shared interest networks like LinkedIn. It discusses how to create strong passwords and adjust privacy settings. The document warns that information shared on social media can be accessed by identity thieves, advertisers, and government agencies. It provides tips for managing privacy such as using privacy settings, logging out of accounts, and being aware of how information is tracked online. Sources for further information on social media security are also listed.
This document discusses the risks of social media and how threats work. It defines social media as online communities that allow users to create profiles and connect with friends. The main risks are revealing private information, defamation of others, and financial crimes by hackers seeking personal data. Hackers can send spam, spread malware through links or attachments, and phish for passwords or details to steal identities for profit. The document advises users to use strong, unique passwords, secure computers and accounts, think before clicking links or posting images, and be wary of strangers to help stay safe on social media.
When we speak of the digital self, we are referring to the self as it exists in digital realms. This varies depending on the individual, since some of us prefer to live online under a pseudonymous or anonymous persona, apart from our physical selves, and others consider the digital to be a more holistic identity that goes beyond the physical.
This document provides an overview of online privacy and offers guidance for parents and teachers on discussing privacy risks with children. It emphasizes that bringing ethical behavior online involves respecting others, practicing safety, and protecting personal information. The document outlines key aspects of privacy statements, social media, and legal protections like COPPA and privacy seals. Its goal is to educate readers so they can help children enjoy the internet safely.
This document discusses various online risks to computers, families, and personal information. It identifies primary threats to computer security such as viruses, worms, Trojans, and spyware. It also outlines primary online risks for children like cyberbullies, file-sharing abuses, disturbing content, predators, and invasion of privacy. The document recommends talking to kids about online safety, setting rules for internet use, keeping personal information private, and using tools for family safety.
This document provides information and resources for educating children about cyber safety. It covers topics like basic computer use, privacy, predators, social networks, cyberbullying, and inappropriate content. The document recommends open communication with kids and using filtering software and parental controls. Resources listed include websites like NetSmartz, NCMEC, iSafe, and ChildQuest which provide safety tools, education materials, and advice for parents.
This document discusses establishing positive digital footprints and safe searching for elementary school children. It covers age-appropriate social media tools like blogs and wikis that Trinity School uses. It also discusses privacy laws like COPPA and how to make portions of profiles private versus public. Finally, it provides safety tips for social media sites like YouTube, Facebook, Instagram and searching tools like browsers and Google's safe search features. Students and parents with questions should contact the instructional technology specialists.
This document outlines various internet-related topics including internet dangers, online predators, cyberbullying, personal profiles, communication methods, gaming, cell phones, plagiarism, viruses, parenting tips and resources, and frequently asked questions - all aimed at educating parents and students about potential online risks and how to stay safe on the internet. It also provides statistics on children's internet usage and the dangers of social media and chat rooms. The document serves as a guide for parents to have important conversations with their children about navigating the online world safely.
This document discusses safe searching and YouTube for kids. It provides information on YouTube's safety mode feature which allows users to filter out mature content. It also discusses the filtering software used at Trinity School, including Webroot and monitoring software. The document emphasizes that parents should talk to their kids about online safety and monitor their internet usage, as filters cannot catch everything and kids can sometimes find ways around them.
The document outlines a plan to address cyberbullying through education and community involvement. It proposes creating educational packets for schools, parents, and students to raise awareness about cyberbullying and how to prevent and address it. It also suggests engaging the broader community through organizations, social media campaigns, and pushing for laws against cyberbullying. Success would be measured by engagement on social media, website traffic, and number of participating groups and individuals. Key resources on the issues are provided.
This document provides summaries and resources on various topics related to appropriate and ethical technology use for students, including:
- Acceptable use policies that students and parents must sign
- Copyright guidelines and avoiding plagiarism
- Online safety and avoiding interaction with cyber predators
- Issues with peer-to-peer file sharing and illegal downloading
- Protecting personal privacy and avoiding sharing too much personal information online
- Cyberbullying and how it can occur online
- Parent guides and resources on promoting internet safety
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
Symantec’s Internet Security Threat Report (ISTR) demonstrates how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
The document summarizes key findings from research analyzing 250 public Facebook profiles:
- One third of profiles contained at least 2 pieces of personal information that could be used to guess passwords.
- Most people do not trust all of their Facebook friends, yet 9% would accept requests from strangers.
- Six percent allow full public access to their profiles, and 15% share their date of birth publicly.
- Half are aware personal details on social media could enable identity fraud, yet security practices remain lax.
Lisa Turner presented on privacy and social media. She discussed several privacy concerns with social media use including oversharing personal information, social data mining where companies extract user data, and location sharing potentially revealing when users are away from home. She also reviewed how social media use can impact careers, giving examples of individuals who were fired for inappropriate social media posts. Additionally, she covered how data breaches are a risk as personal data online has increased dramatically in the last 20 years. She concluded with some best practices for social media users to help protect their privacy.
Social networking sites provide opportunities to connect with others but can also reveal sensitive personal information to adversaries if users are not careful. Critical information includes names, photos, work details, schedules and passwords. To minimize risks, users should follow computer security guidelines, control privacy settings, avoid posting critical information, and be wary of links, files and applications from unknown users. Practicing good operations security helps protect user information on social networking sites.
3Rs of Internet Safety: Rights, Responsibilities and Risk ManagementConnectSafely
This is not your tired old Internet Safety lecture, but a presentation by ConnectSafely.org CEO Larry Magid that emphasizes youth rights as well as responsibliities and the importance of media literacy
Learn internet governance initiative child online safety by shreedeep rayamaj...Shreedeep Rayamajhi
This document discusses many online safety issues that children may face and provides guidance for parents. It notes that internet sites can be addictive for youth and pose privacy and commercial risks. It outlines core internet values for children, such as using the internet for communication and learning only under adult supervision. It then discusses specific online risks like exposure to inappropriate content, cyberbullying, sexting, identity theft, and online abuse. Finally, it recommends that parents educate themselves on these issues, use parental control software and firewalls, and communicate openly with their children about staying safe online.
Social media poses risks to users such as revealing private information, reputation damage, or identity theft from hackers seeking personal data for financial gain. Hackers send spam, phishing messages, and malware through social media networks, with 57% of users reporting spam and 30% reporting phishing attacks. The document provides tips for staying safe such as using strong passwords, checking privacy settings, thinking before posting or clicking links, and being wary of strangers.
This document provides information and tips for staying secure when using social media. It defines different types of social networks such as personal networks like Facebook, content sharing networks like YouTube, and shared interest networks like LinkedIn. It discusses how to create strong passwords and adjust privacy settings. The document warns that information shared on social media can be accessed by identity thieves, advertisers, and government agencies. It provides tips for managing privacy such as using privacy settings, logging out of accounts, and being aware of how information is tracked online. Sources for further information on social media security are also listed.
This document discusses the risks of social media and how threats work. It defines social media as online communities that allow users to create profiles and connect with friends. The main risks are revealing private information, defamation of others, and financial crimes by hackers seeking personal data. Hackers can send spam, spread malware through links or attachments, and phish for passwords or details to steal identities for profit. The document advises users to use strong, unique passwords, secure computers and accounts, think before clicking links or posting images, and be wary of strangers to help stay safe on social media.
When we speak of the digital self, we are referring to the self as it exists in digital realms. This varies depending on the individual, since some of us prefer to live online under a pseudonymous or anonymous persona, apart from our physical selves, and others consider the digital to be a more holistic identity that goes beyond the physical.
This document provides an overview of online privacy and offers guidance for parents and teachers on discussing privacy risks with children. It emphasizes that bringing ethical behavior online involves respecting others, practicing safety, and protecting personal information. The document outlines key aspects of privacy statements, social media, and legal protections like COPPA and privacy seals. Its goal is to educate readers so they can help children enjoy the internet safely.
This document discusses various online risks to computers, families, and personal information. It identifies primary threats to computer security such as viruses, worms, Trojans, and spyware. It also outlines primary online risks for children like cyberbullies, file-sharing abuses, disturbing content, predators, and invasion of privacy. The document recommends talking to kids about online safety, setting rules for internet use, keeping personal information private, and using tools for family safety.
This document provides information and resources for educating children about cyber safety. It covers topics like basic computer use, privacy, predators, social networks, cyberbullying, and inappropriate content. The document recommends open communication with kids and using filtering software and parental controls. Resources listed include websites like NetSmartz, NCMEC, iSafe, and ChildQuest which provide safety tools, education materials, and advice for parents.
This document discusses establishing positive digital footprints and safe searching for elementary school children. It covers age-appropriate social media tools like blogs and wikis that Trinity School uses. It also discusses privacy laws like COPPA and how to make portions of profiles private versus public. Finally, it provides safety tips for social media sites like YouTube, Facebook, Instagram and searching tools like browsers and Google's safe search features. Students and parents with questions should contact the instructional technology specialists.
This document outlines various internet-related topics including internet dangers, online predators, cyberbullying, personal profiles, communication methods, gaming, cell phones, plagiarism, viruses, parenting tips and resources, and frequently asked questions - all aimed at educating parents and students about potential online risks and how to stay safe on the internet. It also provides statistics on children's internet usage and the dangers of social media and chat rooms. The document serves as a guide for parents to have important conversations with their children about navigating the online world safely.
This document discusses safe searching and YouTube for kids. It provides information on YouTube's safety mode feature which allows users to filter out mature content. It also discusses the filtering software used at Trinity School, including Webroot and monitoring software. The document emphasizes that parents should talk to their kids about online safety and monitor their internet usage, as filters cannot catch everything and kids can sometimes find ways around them.
The document outlines a plan to address cyberbullying through education and community involvement. It proposes creating educational packets for schools, parents, and students to raise awareness about cyberbullying and how to prevent and address it. It also suggests engaging the broader community through organizations, social media campaigns, and pushing for laws against cyberbullying. Success would be measured by engagement on social media, website traffic, and number of participating groups and individuals. Key resources on the issues are provided.
This document provides summaries and resources on various topics related to appropriate and ethical technology use for students, including:
- Acceptable use policies that students and parents must sign
- Copyright guidelines and avoiding plagiarism
- Online safety and avoiding interaction with cyber predators
- Issues with peer-to-peer file sharing and illegal downloading
- Protecting personal privacy and avoiding sharing too much personal information online
- Cyberbullying and how it can occur online
- Parent guides and resources on promoting internet safety
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
Symantec’s Internet Security Threat Report (ISTR) demonstrates how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
Abstract:
Writing Regular Expressions (Regex) is a versatile skill set to have across the IT landscape. Regex has a number of information security related uses and applications. We are going to provide an overview and show examples of writing Regex for pattern matching and file content analysis using sample threat feed data in this presentation. Along with a healthy dose of motherly advice, we cover Regex syntax, character classes, capture groups, and sub-capture groups. Whether Regex is something completely new or worth brushing up on, this talk is geared toward you.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds CompTIA Security+, MCP, MCPS, MCTS, MCSA, and MCITP certifications. He maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati SMBA.
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
Learn what is Comodo Multi Domain SSL certificate, how it works, understand its key features along with the encryption process of protecting multiple domains under a single certificate.
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
This document discusses accelerating incident response in organizations using Cisco's security solutions. It describes Cisco's approach of integrating tools across the network, email, web and endpoints to provide 30+ days of recorded system history and continuous automated hunting and analysis. This integrated view is meant to translate raw security data into meaningful intelligence to accelerate the incident response process of protecting systems, hunting for threats, and responding to incidents. The presentation provides examples of how specific Cisco products like AMP for Email, AMP ThreatGrid, AMP for Network, and AMP for Endpoint contribute capabilities like continuous analysis, retrospective detection, and enhanced visibility to speed up an organization's incident response.
Abstract:
Writing Regular Expressions (Regex) is a versatile skill set to have across the IT landscape. Regex has a number of information security related uses and applications. We are going to provide an overview and work through examples of writing Regex as a group for pattern matching and file content analysis using sample threat feed data in this presentation. Along with a healthy dose of motherly advice, we cover Regex syntax, character classes, capture groups, sub-capture groups, and quantifiers. Whether Regex is something completely new or worth brushing up on, this talk is geared toward you.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds a CompTIA Security+ Certification and possesses a number of Microsoft Certifications including: MCP, MCPS, MCTS, MCSA, and MCITP. Matt has presented on numerous Information Security topics as a featured speaker at a number of area Information Security meetup groups. Matt also had notable speaking engagements as a presenter at DerbyCon 5.0, DerbyCon 7.0, and the 10th Annual Northern Kentucky University Cyber Security Symposium. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati Security MBA (SMBA).
This document provides an overview and agenda for a presentation on securing and hardening DNS servers. It discusses configuring DNS servers at both the local system level and network level. At the local level, it recommends partitioning the file system, using chroot jails, firewalls, and access control configurations. At the network level, it discusses topics like limiting services, securing NTP, and managing DNS zones and records. The overall goal is to understand the high-level requirements for securing a DNS server and limiting access to the DNS service.
A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space.
Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.
Umbrella Webcast: Redefining Security for the Nomadic WorkerOpenDNS
The document summarizes a webcast about redefining security for nomadic workers. It discusses the challenges of securing mobile devices and remote employees. The webcast introduces OpenDNS's new product called Umbrella, which is designed to provide security for devices across networks. Umbrella is described as being device agnostic, simple to deploy, instantly scalable, and utilizing big data and security algorithms. A customer from Veterans United Home Loans then discusses their experience deploying Umbrella and lessons learned.
Das SlideDeck des Microsoft Cyber Security IT-Camps 2017/2018
Im Slidedeck werden Produkte wie Windows Defender AV, ATP und ApplicationGuard und ExploitGuard behandelt.
How to send DNS over anything encryptedMen and Mice
Today, nearly all DNS queries are send unencrypted. This makes DNS vulnerable to eavesdropping by someone with access to the network. The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as people outside the IETF, are working on new transport protocols to encrypt DNS traffic between DNS clients and resolver.
* DNS over TLS (RFC 7858)
* DNS over DTLS (RFC 8094)
* DNS over HTTP(S) (ID-draft)
* DNS over QUIC (ID-draft)
* DNS over DNSCrypt (outside IETF)
* DNS over TOR (outside IETF)
In this webinar, we will explain the protocols available or discussed inside and outside the IETF, and give some example configurations on how to use this new privacy protocols today.
Scripting and automation with the Men & Mice SuiteMen and Mice
The powerful SOAP interface & how and where scripts can be integrated
Beside the Men & Mice Management Console, the Web Interface and the command line interface (CLI) there are other ways to access the Men & Mice Suite.
The document discusses the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP). UDP is a connectionless protocol that provides process-to-process communication over IP. TCP is connection-oriented and establishes a virtual connection between hosts to reliably send data using flow and error control. TCP numbers data bytes and uses sequence numbers and acknowledgments to ensure reliable in-order delivery. Connection establishment and termination with TCP uses three-way and four-way handshaking protocols. TCP guarantees in-order delivery of data to processes and handles lost packets.
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
The document discusses how cyber attacks have evolved over time and how Cisco security solutions can help address modern threats. It provides examples of ransomware attacks and how Cisco mapped the attacker infrastructure involved. It then summarizes Cisco's Umbrella and Cloudlock solutions, emphasizing how Umbrella provides secure internet access and threat prevention through fast DNS resolution and intelligence-driven models, while Cloudlock focuses on securing usage of cloud apps and accounts.
This document discusses the role of DNS in internet threats like botnets and how hackers have evolved to use DNS for command and control and to evade detection. It explains how hackers can change IP addresses and domain names through techniques like IP flux, domain flux, and DNS tunneling. It argues that defenses must also evolve to track more domain names, handle larger and more complex DNS packets, and identify threats from big DNS traffic data. The document concludes by thanking attendees and providing contact information to continue the discussion.
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...ThreatReel Podcast
Abstract:
What thoughts currently make tech defenders uneasy as they go to bed at night? Despite implementing and properly configuring the latest technological controls and security solutions into our environments, end users typically remain the most vulnerable point of entry into nearly any network. Unfortunately, only one misstep by a single user provides attackers with the foothold they need to begin compromising an entire enterprise network environment. The safety of our inboxes is a key initiative on the battlefront of protecting staff from the scourge of phishing and spear phishing attacks. We will perform a deep-dive look at the latest techniques used by criminals to bypass security products and traditional defense-in-depth strategies. We then focus heavily on conducting a digital forensic investigation on a sample phishing email message. Topics covered include technical analysis of message headers, message source code, message attachments, and malicious landing web pages even when a dedicated sandbox environment is unavailable.
Bio:
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry. Matt holds a CompTIA Security+ Certification and possesses a number of Microsoft Certifications including: MCP, MCPS, MCTS, MCSA, and MCITP. Matt has presented on numerous Information Security topics as a featured speaker at a number of area Information Security meetup groups. Matt also had notable speaking engagements as a presenter at DerbyCon 5.0, DerbyCon 7.0, and the 10th Annual Northern Kentucky University Cyber Security Symposium. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati Security MBA (SMBA).
This document summarizes a presentation about Cisco Umbrella, a cloud-based security platform. The summary includes:
1) Cisco Umbrella protects organizations from internet threats by resolving domain names and inspecting web traffic before connections are made. It uses intelligence from billions of requests to identify malicious destinations and prevent both user and malware-initiated connections.
2) Cisco Umbrella provides visibility into all network activity, anywhere, and integrates with existing security tools. It can deploy protection to an entire global organization within minutes through DNS configuration.
3) The presentation cites case studies of customers seeing a 4-5 fold decrease in alerts, 70% reduction in virus tickets, and thousands saved in ransomware
This document discusses cognitive security, which involves defending against attempts to intentionally or unintentionally manipulate cognition and sensemaking at scale. It covers various topics related to cognitive security including actors, channels, influencers, groups, messaging, and tools used in disinformation campaigns. Frameworks are presented for analyzing disinformation incidents, adapting concepts from information security like the cyber kill chain. Response strategies are discussed, drawing from fields like information operations, crisis management, and risk management. The need for a common language and ongoing monitoring and evaluation is emphasized.
Digital Defense for Activists (and the rest of us)Michele Chubirka
This document provides an overview of digital defense techniques for activists and others concerned about online privacy and security. It begins with introductions and an outline of topics to be covered, which include the current security landscape, risk management principles, and specific defense techniques. The document discusses common online threats such as surveillance, hacking, and social engineering. It provides tips for securing web browsers, encrypting data, using anonymity tools like Tor and VPNs, and choosing secure communication platforms and passwords. Overall, the document aims to educate readers on digital risks and best practices for online privacy and security.
The document summarizes key points about protecting personal information and security on social media:
- The NSA has circumvented or cracked much internet encryption and collaborated with tech companies to introduce weaknesses in encryption standards.
- Users should be aware of how their personal information can be exploited if devices are compromised and privacy is valuable.
- Common tips for safe social media use include using strong passwords, customizing strict privacy settings, being wary of links, cookies and requests for sensitive information.
The document discusses protecting one's electronic identity and the risks of identity theft. It begins with an introduction by Erwin Carrow on his background and role conducting IT evaluations. It then outlines some key points on understanding the risk to personal information, how identities can be stolen both online and offline, and the various ways data can be lost or leaked. It provides examples of commercial and personal threats, describing how identities are exploited using social engineering and technical attacks. It notes the legal implications are still developing and that individuals bear responsibility for initiating action. Overall, the document aims to increase awareness of identity theft risks and provide resources on protecting personal information and responding to potential issues.
This document discusses social engineering and managing the human element of cybersecurity. It begins with an introduction of the author, Dr. John McCarthy, and his background. It then discusses what social engineering is, how attacks are increasing, and the costs organizations face from such attacks. The document outlines common social engineering techniques like phishing and manipulating human psychology. It also discusses how attackers gather information and ways organizations can build countermeasures like security training and evaluating how sensitive information is handled.
The document discusses cyber threats including cybercrime, cyber espionage, cyber warfare, and activism. It provides background on the speaker, EJ Hilbert, including his experience working for Kroll, the FBI, and MySpace. It then discusses how a simple email click by a low-level employee could compromise an entire network. The different types of cyber threats are described, focusing on threats aimed at financial gain like Zeus and SpyEye botnets, long-term espionage efforts, attacks targeting infrastructure like Stuxnet, and hacks intended to embarrass companies. The presentation closes by asking attendees to consider what data they hold, who has access to it, and how they would protect valuable data if it was assigned a
This 2 hour presentation provides an overview of Internet Security. The first part addresses current threats such as viruses, Trojans, backdoors, botnets and more. The second part talks about how to protect yourself from these threats by changing the way you surf the ‘Net and by understanding your software and hardware options.
The document discusses several dark sides of using the internet including computer viruses, spyware/malware, online pornography, social networking, wasting time and decreased productivity, and plagiarism. It provides details on the signs of virus infections, how to prevent viruses, top facts about spyware, statistics on online pornography usage and revenues, both benefits and risks of social networking, examples of popular social networks, and strategies to use social networks safely. It also discusses how wasting time online can decrease work productivity and provides plagiarism statistics and ways to prevent it.
This document outlines an internet safety presentation about the benefits and risks of social networking and technology. It discusses key issues like privacy settings, digital footprints, and cyberbullying. Specifically, it provides statistics on experiences with cyberbullying and outlines strategies for schools and individuals to promote safer online communities and protect themselves, such as thinking before posting, blocking bullies, and reporting incidents.
This document provides guidance on minimizing business risks related to data security. It discusses identifying important business information, threats from outside and inside the organization, assessing risks based on likelihood and impact, and mitigation strategies like technology safeguards, policies, processes, employee training, and physical security measures. The document emphasizes that leadership must be aware of risks and implement adequate safeguards to protect the organization.
The document discusses several topics related to computer issues including computer fraud, copyright, individual privacy, computer viruses and hackers, and dangers of new technology. It provides information on each topic, such as defining computer fraud and ways to prevent it, outlining copyright law and what is protected, discussing concerns about individual privacy and what cookies are, explaining computer viruses and hackers and how to prevent being affected by them, and noting some potential health, social, and educational dangers of new technology.
Social networking poses three primary threats to national security according to the speaker: [1] Open intelligence collection through social engineering and oversharing of personal information, [2] Back office data collection where personal details are aggregated and used for hyper-targeted advertising, and [3] Propaganda dissemination as social media allows information to spread quickly with little verification. The speaker argues that social networking is the greatest threat as it can enable cheap surveillance of individuals and attacks the "weakest link", which is humans oversharing personal details online. Mitigation involves educating users and monitoring for security lapses from employees.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
This document discusses email phishing and countermeasures. It provides examples of data breaches and losses from stolen personal information. Phishing works through social engineering techniques like spoofing emails and websites to steal passwords, credit card numbers, and other details. Users may unwittingly provide such information in response to phishing attacks. Defenses against phishing include educating users, technical filters and monitoring, and legislation against identity theft. Ongoing challenges include the sophistication of attacks versus defenses.
This document provides an overview of cyber security topics and best practices. It discusses basics of information security, standards like ISO 27001, and how to harden operating systems. It covers password security, securing USB devices, email security, ransomware prevention, safe browsing, social media security, and mobile device security. Key advice includes using strong and unique passwords, encrypting USB drives, backing up data, updating software, and avoiding public Wi-Fi. The document also discusses cyber threats, types of hackers, and security incidents from the past as examples.
The document discusses information security and internet snooping. It defines security and notes that security risks can come from many sources like fire, theft, or loss. It then explores how technology like the internet, mobile devices, and digitization of information has expanded security risks, especially around personal information theft and exposure. The document outlines the many ways personal information can be collected, from public records to social media to purchases. It also discusses how collected information can be used, sold to third parties, or exposed. Finally, it provides some security best practices around awareness, limiting exposure, securing devices and networks, and establishing security policies.
This document discusses managing your digital identity online. It begins by defining digital identity and noting that everyone has an online presence and footprint. It then discusses verifying identities online and the challenges of doing so. It outlines some of the risks of having your identity stolen online. The document then discusses managing personal versus professional identities on social media and challenges the idea that anyone is truly anonymous online. It provides examples of legal issues that can arise from improper social media use and shares tips for maintaining privacy and managing one's online reputation.
Cyber Safety How Children Can Protect Themselves From Online Threatsmkinzie
This document discusses strategies for protecting children from online threats and promoting cyber safety. It covers six key areas: personal information, identity theft, safe online transactions, piracy, cyberbullying, inappropriate content, social networks, and cyber predators. Guidelines are provided such as not sharing personal details, using strong passwords, reporting cyberbullying, and telling a trusted adult about any suspicious online interactions or content.
The document discusses the topic of computer privacy and provides information on its history, current legislation, and future concerns. It notes several data breaches that have exposed personal information of millions of individuals. Finally, it offers tips on protecting privacy such as using antivirus software, browser security add-ons, and anonymizing browsers.
This document provides a summary of research on the psychological and physical impacts of media and technology use among students. It finds that social media can foster shallow relationships and an inflated sense of self. Excessive internet and smartphone use has been linked to increased feelings of anxiety, addiction and depression in students. The document also warns that oversharing private details online can have long term consequences and that geotagging photos can reveal more personal information than intended.
1. A Security Perspective on
“Phishing” and “Social
Networks”
Copyright Erwin L. Carrow This work is the intellectual property of the author. Permission is granted for this material to be shared for
non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is
given that the copying is by permission of the author and other identified entities. To disseminate otherwise or to republish requires
written permission from the author. Videos and specific graphics presented are not for public distribution.
2. Session Guide
Erwin “Chris” Louis Carrow
IT Auditor, M.Div., MSIS, BM, CISSP, INFOSEC, CCAI, CCNP, CCSP, CQS, CCNA,
LCP, LCI, OCM, MCSE, MCP+I, LSS Green Belt, etc. (Alphabet soup – who
cares?!)
Board of Regents, University System of Georgia; Office of Internal Audit and Compliance
270 Washington Street S.W., Ste. 7087 Atlanta, GA 30334
(404)657-9890 Office, (678)644-3526 Cell, (404)463-0699 Fax
Email: erwin.carrow@usg.edu http://www.linkedin.com/in/thebishop
http://twitter.com/ecarrow
What I Do? Just a “Glorified Geek”
High level – IT Evaluations System Wide
General focus – Lack granularity of detail regarding day
to day operations
Bottom line “It’s all about ME” (joke)!
3. Session Agenda
Key Takeaways and Introductions
Basic Terminology, Context, &
Methodology
Strategic Use of YOUR and Others
Personal Information
What to Do to Be Safe / Limit Risk
Q&A
4. Key Takeaways
At the end of this session you should be able to:
Understand the RISK with Phishing & Social
Networks;
Understand the Motivation for Exploitation of
YOUR or OTHERS PERSONAL INFORMATION
Identify & Assess Resources to Mitigate
Associated RISK;
Apply Basic Precautions to Mitigate Potential
LOSES;
5. Gone Phishing and Not Just
Wishing -Videos
Safe-guarding the Process
http://www.youtube.com/watch?v=UNanKfY5T9A
online.gov/videos/overview.aspx
Types of Phishing http://www.onguard
6. Threats and the Facts
Recent Email, Browser, & Web Site Exploits (this month!)
Yahoo, Hotmail, & Gmail – Oct 7, self propagating phishing scam; Oct 6,
account username / password s illegally leaked
Google – Oct 13, Web Masters of compromised sites warned with detailed
code samples found
Microsoft– Oct 14, Phishing attacks with Zeus Trojan targeting
Outlook Webmail
Mozilla - Oct 16, disabled a Microsoft plug-in for Firefox
Facebook, My Space, etc. – Oct 16, Twitter phishing login scams
Browsers – Oct 1-5, IE, Chrome, Safari duped by bogus PayPal SSL
certificate of authority
Peer to Peer downloads – Oct 12, Software piracy embeds malware
Puppet Nets / Bot Nets: Trusted Major brand’s Web site - instead of
stealing customer records, the attacker installs malware that infects
the computers of thousands of visitors to the site
Cyber Terrorism – Oct 9, Research points to new cyber terror tactics; Oct
13, Polish Government attack blamed on Russia (duh)!
Click fraud – Oct 23, Botnet click fraud at record high
7. More of the Same “Threats and the
Facts” – But, What are the Results?
Privacy Right Clearinghouse
Chronology of Data Breaches 2,500,000 since January 2005
that have been reported
[www.privacyrights.org/ar/ChronDataBreaches.htm]
Ponemon –HRH 2008 Privacy Breach Index Survey (Sept 2008)
Self evaluation of overall performance of organization: -- 9%
gave an “A” -- 31% gave a “B” -- 26% gave a ”C” -- 29% gave a
“D” – 5% gave a “F” [www.HRH.com/privacy]
80 % believed their organizations experienced information
system data breaches and loss of customer and personal
information
50% Negligence, -- 29% Third-Party, 3% Hacker, --1% other
criminal activity;
36% 1 to 4 breaches involving 100 or records; 32% 5 to 8; 31%
9 or more
8. Terminology, Context, & Who are
the Key Players
People – Good (solution oriented), Bad (problem producers),
and Indifferent (folks who don’t care /understand the problem)
Technology – Good (well managed), Bad (poorly managed),
and Indifferent (don’t care or understand the problem)
Services – The Internet (Home, Work, or Public environment),
and associated resources, e.g., ISP, FaceBook, Games, email, etc.
YOU – “Part of the S0lution” or “Part of the Problem,” e.g., a
Recipient (“Poor Slob” that GOT HIT), Participant
(inadvertently contributed either “for” or “against”), or Initiator
(Johnny or Jill Hacker)?
Specific or Potential Risks – Phishing attempts, Social
Network exploits, etc.
9. Basic Methodology for all -
Terrorist or Criminal Exploitations
Identify Social / Cultural “Normalcy” and associated “Common
Denominators” where potential gain or benefit may exist on Internet
Email has become the primary “Means of Communication”
Browser Based Culture and Community, e.g., On-line Gaming
(Entertainment), Banking (financial), Social Networks (Socialization)
Exploit “Common Denominators” by …
Making it look like normal expected activity
Browser based exploits – Social networks, social engineer, harvest information, or
capitalize on browser technology vulnerabilities
Email based exploits – Phishing
Browser, Email, and Web Site exploitation are all used in conjunction
Obscure and confuse the real with the Counterfeit!
Their Objective …, is to recreate a Counterfeit “Normalcy” that
attracts and is utilized by YOU!!!!
FOR ORGANIZATIONAL (Terrorist) or PERSONAL (Theft, Malice, or
Vendetta) GAIN
10. Response?
Know Yourself – Know Your Enemy!
The Art of War (Chinese: 孫子兵法; pinyin: Sūn Zǐ Bīng Fǎ) is a Chinese military treatise
that was written during the 6th century BC by Sun Tzu.
Two Possible not Recommended Responses to the Challenge
Freak Out: Embrace Hopelessness, Hide, Ignore, Deny, and Play
Computer games until the Inevitable Occurs
Idealistic and Unrealistic: Do the “Don Quixote (To Dream the
Impossible Dream and Fight the Impossible Fight)” - Wear yourself
out Fighting Windmills by shooting at whatever pops its head out!
Third Approach “How do you Eat the Elephant standing in the corner,
Instead of Avoiding it?” Take ONE BITE at a time by…
Assess the level of risk you are willing to incur
Strategize a response
Be deliberate and not apathetic or indifferent
Be practical / understand it is not just about you (or ME)
Be an advocate or part of a culture that supports secure practices
Test and monitor the process with identifiable outcomes
11. Know Yourself
Profile – Who are YOU?
Habits & Preferences
Vocation or Ad-Vocation
Social Outlets, What you do,
& Who you Know
Financial Resources
Education & Military Duty
Government Affiliation
YOUR PERSONAL
IDENTITY is based on what
you share in your “Click!”
12. Know Your Enemy
Profile - Who are They?
Terrorist
Foreign Governments
Organized Crime
Petty Thieves
People trying to have
fun at your expense?
People who don’t Like
you!
All motivated by what
you have or what you
can provide them, e.g.,
“Click”
13. The Internet is Bigger than Any
Person or Government!
No Boundaries,
Constantly Changing, &
High Complexity
Political Alliances w/
Limitations
Governments Sponsored
Terrorism and Hacking
Electronic Relationships
w/ No Commitment
Values vary with Social
Cultural Norms
Fallacy / Pitfall – YOU will
evaluate acceptability by
your own standards!
14. Risk Profile, Probability, & Impact
Risk “reality” is just a
“Click” away!
Am I important, and if so
why?
Why would someone want
me to “Click?”
If I commit to “Clicking,”
what could be the
outcome?
Is the “Click” cost to high?
How will the “Click”
possibly impact others?
15. Campus “Life Cycle” of Security & Process
Provisioning – Are YOU the Weakest Link?
16. What to Do to Be Safe…?
Protect Yourself and Others?
Hardware – OS updates; Latest version of Browser / Email
Clients and ensure they are patched; Dedicated systems per
functional risk
Software – Anti-virus / Anti-Malware, Host level IDS –IPS,
Security Browser Apps, Plug-in filters, etc. (buy from
reputable vendor)
Head-ware, e.g., “Common Sense” that is not too common
Don’t “Bank Online” (personal opinion and choice), limit on-line
purchases, etc. – every transaction has an associated risk!
Don’t share personal identifiable information of any type or form
online without assessing the risk!
Have fun, be cautious, and educate yourself regarding the risk
Remember, once it is on the Internet “it belongs to everyone.” Is it
something you really wanted to share?
17. Thank You for Your Participation
- Any Questions?
Understand the “browser-based” Risk
and potential Phishing and Social
Networking Scams that dominate
“normalcy!”
Profile Your and Others Risk per the
“Click” you take!
Take the necessary Precautions,
Preventive measures, and Practice safe
browsing!
19. Helpful Resources
USGBOR Information Security Reporting Process
http://www.usg.edu/infosec/incident_management/ Twitter:
http://twitter.com/usginfosec/
Internet Alert Dashboard To report cyber infrastructure incidents or to request
information, please contact US-CERT at sos@us-cert.gov or visit their Website:
http://www.us-cert.gov. Information on IT information sharing and analysis
can be found at the IT ISAC (Information Sharing and Analysis Center) Website:
https://www.it-isac.org/
US-CERT: us-cert.gov/cas/tips/st06-003.html
StaySafeOnline: staysafeonline.info/practices/index.html
CyberSmart.org:
www.ccybersmart.org/downloads/pdf/SocialNetworkGuide.pdf
GetNetWise: www.getnetwise.org
OnGuard Online: onguardonline.gov/socialnetworking_youth.html
TechMission, Inc. Safe Families:
www.safefamilies.org/socialnetworking.php
Join my FaceBook “Mafia War” Family (beware it is a social networking
experiment) http://www.facebook.com/TheBishopOfOZ