SlideShare a Scribd company logo
1 of 37
Download to read offline
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
UNIT FOUR
Principles of Cybersecurity
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION ONE
Cybersecurity Goals and Tools
© Air Force Association
• 3 Goals of information security:
‐ Maintain information confidentiality
• Making sure only approved users have
access to data
‐ Maintain information integrity
• Data Integrity: assurance that information
has not been tampered with or corrupted
between the source and the end user
• Source Integrity: assurance that the
sender of the information is who it is
supposed to be
‐ Maintain information availability
• Ensuring data is accessible by approved
users when needed
The CIA Triad
Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
© Air Force Association
• Confidentiality
‐ Encryption
• Passwords, encryption keys
‐ User access control
• controlling which users have access to networks
and what level of access each user has
• Integrity
‐ Encryption
‐ User access control
‐ File permissions
• Customizable settings that only allow certain
users to view and edit files
‐ Version control systems/backups
• Availability
‐ Offsite data storage/backups
‐ Redundant architecture (hardware and
software)
The CIA Triad: Tools of the Trade
© Air Force Association
• Process of verifying the identity of a user
• Used to control access to a resource
• Methods:
‐ Passwords
‐ Physical “keys” (key chains, swipe cards)
‐ Biometrics (fingerprints, retina scanning)
• Threats:
‐ Brute force cracking
• Test every possible combination of letters, numbers, and
characters until the password is found
‐ Dictionary cracking
• Test words and combinations of words found in the dictionary or
from a slightly shorter list of words known to be commonly used
in passwords
4
Authentication/Encryption
Password:
* * * * * * * *
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION TWO
Building Strong Passwords
© Air Force Association
Building Strong Passwords
NOT…
6
C
L
O
U
D
S
S
U
N
Source: tamutimes.tamu.edu
Remember…….
© Air Force Association
1234
7
Passwords
NOT GOOD!
This is Ronald Donald’s Password:
© Air Force Association
• Passwords of 8 characters consisting of
Numbers only: 100 million
+ Lower case: 2.8 trillion
+ Upper case: 210 trillion
+ Symbols: 7.2 quadrillion
8
Passwords - Complex
Cracked in < one second
Cracked in eleven minutes
Cracked in fifteen hours
Cracked in three weeks
Ronald’s Old Password: 1234 New Password: Pa123!
• Always use at least 3 of the following:
 Numbers
 Lower case letters
 Upper case letters
 Symbols (% # * & ! : { “ > |)
Source: www.howsecureismypassword.net
© Air Force Association
Six or fewer characters
Seven characters
Eight characters
Nine characters
Ten characters
• Brute force attacks can run 4 billion calculations per
second
9
Passwords - Lengthy
Ronald’s Old Password: Pa123!
New Password: Password123!
Cracked in three minutes
Cracked in five hours
Cracked in three weeks
Cracked in five years
Cracked in 526 years
• Always use at least 8 characters
© Air Force Association
Do not Share Your
Password with
ANYONE
10
Passwords – Only Yours
© Air Force Association
• Any of the top 10,000 passwords will be broken immediately
• 91% of people have one of the 1,000 most popular passwords
• Almost half of all people use one of the 100 most popular
11
Passwords - Unique
Ronald’s Old Password: Password123!
New Password: Ronald123!
– letmein
– dragon
– 111111
– baseball
– iloveyou
– trustno1
– password
– 123456
– 12345678
– abc123
– qwerty
– monkey
– 1234567
– sunshine
– master
– 123123
– welcome
– shadow
© Air Force Association
Example: [base password] [site]
Gmail: [Ronald123!] [GMA] = Ronald123!GMA
Facebook: [Ronald123!] [FAC] = Ronald123!FAC
12
Passwords - Different
• Use different passwords for each login (e.g. Gmail and Facebook)
– 73% of people do not
Ronald’s Old Password: Ronald123!
New Passwords: Ronald123!FAC and Ronald123!GMA
© Air Force Association
• The longer you keep a password the longer attackers have to try and crack it
• Changing your passwords regularly can help foil cracking attempts as they happen
• It’s best to change your passwords at least every few months
13
Passwords – Short Term
© Air Force Association
• Do not use dictionary words
‐ Fend off dictionary cracking attacks
by using passphrases
14
Passwords NOT Simple
Where’s the beef?
Wh D@ B33f?
WhD@B33f?
© Air Force Association
• User ID is publicly available
• Using it as a password = Giving it away
15
Passwords – NOT User ID
© Air Force Association
• Do not use any personal info – can be easily found
by other means
‐ Name
‐ Birthday
‐ Pet’s Name
‐ Mother’s Maiden Name
‐ Hometown
16
Passwords – NOT Name
Old Gmail Password: Ronald123!GMA
New Password: WhD@B33f?GMA
Old Facebook Password: Ronald1234FAC
New Password: WhD@B33f?FAC
© Air Force Association
Building Strong Passwords
NOT…
17
Source: tamutimes.tamu.edu
Remember…….
Complex
Lengthy
Only Yours
Unique
Different
Short Term
Simple
User ID
Name
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION THREE
Cyber Threats
18
© Air Force Association
• Dumpster Diving: Thieves sift through garbage for receipts with credit card information,
medical forms with social security numbers, or other documents with PII
• Shoulder Surfing: By looking over your shoulder as you type, thieves can glean your
passwords, account information, and other sensitive information
• Simple, but often overlooked threats
19
Physical Threats
© Air Force Association
• Basic personal practices that
keep computers and data safe
‐ Lock your computer when in
public areas
‐ Shield your keyboard when you
type passwords
‐ Do not let strangers use your
computer
‐ Keep sensitive information in
secure places
20
Cyber Hygiene
© Air Force Association
Portable or handheld devices that have data or can
connect to another device that has data
21
What are mobile devices?
© Air Force Association 22
Securing Mobile Devices
Risk Fix
1. Easily stolen and lost
2. Often not encrypted
3. Targets of malware, tools for attackers
4. Can be compromised via wireless
5. Applications collect information
1. Guard your devices
2. Set a strong passcode
3. Use anti-malware and updates
4. Avoid using open networks
5. Customize security settings
© Air Force Association
• Social Engineering: Manipulating people into giving up
personal information
23
Online Threats
Thrift Shopping Room
M@ckelm0re
Guests
Ry@nLew1s
| Send
M@ckelm0re: Yo man I got the illest sweaters yesterday
Ry@nLew1s: Really? What are we talkin? Wool?
Pullover? Cardigan?
Ry@nLew1s: I got a dope cardigan last week. Only 99 cents.
M@ckelm0re: A couple of sick purple pullovers. Dont know
if I need 2 tho….whats ur address? I will drop 1 in the mail
for u.
© Air Force Association
• Phishing: fraud attempts perpetrated by random attackers against a wide number of
users
• Spear-phishing: fraud attempts targeted at specific people based on their membership
or affiliation with a the spoofed group
‐ e.g. fraudulent emails sent to Microsoft employees aiming to steal Microsoft secrets
• Vishing: Attempts to manipulate people into giving up PII over the phone
• Smishing: Attempts to manipulate people into giving up PII by text message (SMS)
24
Social Engineering Methods
© Air Force Association
Sincerely,
Customer Service
Barclays
*Phishing attempts are rarely this obvious, but these are useful errors to look for
25
How to Spot Phishing Emails
Spoofed email address
Spelling Errors/Typos
ALL CAPS
Asks for Personally
Identifying Information
Executable attachment or link
to a Website
Signed by a department, not
an individual
Source: www.Vanish.org
© Air Force Association
• Report phishing attempts so
other people aren’t victimized
• Go to the legitimate website
of the spoofed organization
(not through a link in the
email)
• Follow the site’s procedure for
reporting
• Report the spoof to your email
provider
26
Reporting Email Scams
© Air Force Association
• Malicious Software = Malware
• Software designed and written to:
‐ Steal information
‐ Spy on users
‐ Gain control of computers
• Categorized by
‐ How it spreads
‐ What it does
27
Malware: What is it?
© Air Force Association
• V
• T
• Z
• K
• B
• L
• S
28
Malware: What is it?
iruses/Worms
rojan Horses
ombies and Botnets
eyloggers
ackdoors
ogic/Time Bombs
pyware
© Air Force Association
• Viruses: Can infect and spread but need human assistance
‐ People download infected email attachments, shared files, spoof links, etc.
‐ Example: ILOVEYOU virus
• Worms: Can infect and spread without human assistance
‐ Example: Sasser worm
29
Malware: Viruses/Worms
© Air Force Association
• Trojan horse: Program with a hidden malicious function
‐ It looks like something you want
‐ It does something you do not want
• Can cause computer crashes and be used by attackers to
gain remote access to your system or steal information
30
Malware: Trojan Horses
© Air Force Association
• Zombies (a.k.a bots): compromised computers under the control of an
attacker
‐ Make it possible for someone else to control your computer from
anywhere in the world
• Botnet: a collection of compromised computers (zombies) under the
control of an attacker
‐ Attackers pool the computing power of all of the zombie machines to
launch huge spam attacks or to bring down websites through Distributed
Denial of Service (DDoS) attacks
‐ DDoS attacks direct massive amounts of communication requests and
traffic to websites in attempt to overwhelm their servers
31
Malware: Zombies and Botnets
© Air Force Association
• Keylogger: Tracks users’ keystrokes, obtains passwords and other
personal information
• Especially dangerous, because they track everything a user does, not
just what they do on an unprotected Internet browser
32
Malware: Keyloggers
My Computer
Password:
* * * * * *
Attacker’s Computer
Password:
Q W E R T Y
Keylogger
© Air Force Association
• Backdoor: An entry point into a program without all the normal, built-
in security checks
• Programmers sometimes install backdoors when they develop
programs so that they can manipulate a program’s code more easily
during troubleshooting and testing
‐ Sometimes they forget to close them
• Attackers use malware like viruses, worms, and Trojan Horses to
install backdoors on the computers they infect
33
Malware: Backdoors
© Air Force Association
• Logic/time bomb: Malware designed to lie dormant until a
specific logical condition is met
‐ A particular person logs in
‐ A specific date or time
‐ A message is received
34
Malware: Logic/Time Bombs
00:00:00
© Air Force Association
• Spyware: Collects information about you, without
your knowledge or consent
‐ Keyloggers are a type of Spyware
Malware: Spyware
35
© Air Force Association
Anti-malware Software
36
Quarantines and
removes
infected files
Scans files for
matches in
databases of
known malware
Alerts you when
a match is
identified or a
suspect
program
attempts to run
Source: www.zdnet.com
Source: www.pcworld.com Source: www.royalpccare.com Source: www.digital-defender.com

More Related Content

What's hot

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 

What's hot (20)

Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini ArttırmakWebinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
CCNA Security 02- fundamentals of network security
CCNA Security 02-  fundamentals of network securityCCNA Security 02-  fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
information security management
information security managementinformation security management
information security management
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 

Similar to Unit+four+ +principles+of+cybersecurity

INTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptxINTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptx
BHUt6
 

Similar to Unit+four+ +principles+of+cybersecurity (20)

CyberSecurity.ppt
CyberSecurity.pptCyberSecurity.ppt
CyberSecurity.ppt
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
INTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptxINTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & Anywhere
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
hacking
hackinghacking
hacking
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 

More from Erdo Deshiant Garnaby

More from Erdo Deshiant Garnaby (15)

Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Org Design
Org DesignOrg Design
Org Design
 
HOS Talent management presentation
HOS Talent management presentationHOS Talent management presentation
HOS Talent management presentation
 
Talent management
Talent managementTalent management
Talent management
 
Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resources
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoring
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+security
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machines
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 

Recently uploaded

Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
Sérgio Sacani
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...
Sérgio Sacani
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
University of Hertfordshire
 
Continuum emission from within the plunging region of black hole discs
Continuum emission from within the plunging region of black hole discsContinuum emission from within the plunging region of black hole discs
Continuum emission from within the plunging region of black hole discs
Sérgio Sacani
 

Recently uploaded (20)

Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
 
family therapy psychotherapy types .pdf
family therapy psychotherapy types  .pdffamily therapy psychotherapy types  .pdf
family therapy psychotherapy types .pdf
 
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 RpWASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
 
Factor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary GlandFactor Causing low production and physiology of mamary Gland
Factor Causing low production and physiology of mamary Gland
 
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of CarbohydratesGBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
 
NUMERICAL Proof Of TIme Electron Theory.
NUMERICAL Proof Of TIme Electron Theory.NUMERICAL Proof Of TIme Electron Theory.
NUMERICAL Proof Of TIme Electron Theory.
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...
 
Plasmapheresis - Dr. E. Muralinath - Kalyan . C.pptx
Plasmapheresis - Dr. E. Muralinath - Kalyan . C.pptxPlasmapheresis - Dr. E. Muralinath - Kalyan . C.pptx
Plasmapheresis - Dr. E. Muralinath - Kalyan . C.pptx
 
Biochemistry and Biomolecules - Science - 9th Grade by Slidesgo.pptx
Biochemistry and Biomolecules - Science - 9th Grade by Slidesgo.pptxBiochemistry and Biomolecules - Science - 9th Grade by Slidesgo.pptx
Biochemistry and Biomolecules - Science - 9th Grade by Slidesgo.pptx
 
Microbial bio Synthesis of nanoparticles.pptx
Microbial bio Synthesis of nanoparticles.pptxMicrobial bio Synthesis of nanoparticles.pptx
Microbial bio Synthesis of nanoparticles.pptx
 
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
Molecular and Cellular Mechanism of Action of Hormones such as Growth Hormone...
 
Emergent ribozyme behaviors in oxychlorine brines indicate a unique niche for...
Emergent ribozyme behaviors in oxychlorine brines indicate a unique niche for...Emergent ribozyme behaviors in oxychlorine brines indicate a unique niche for...
Emergent ribozyme behaviors in oxychlorine brines indicate a unique niche for...
 
Triploidy ...............................pptx
Triploidy ...............................pptxTriploidy ...............................pptx
Triploidy ...............................pptx
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
 
Continuum emission from within the plunging region of black hole discs
Continuum emission from within the plunging region of black hole discsContinuum emission from within the plunging region of black hole discs
Continuum emission from within the plunging region of black hole discs
 
Virulence Analysis of Citrus canker caused by Xanthomonas axonopodis pv. citr...
Virulence Analysis of Citrus canker caused by Xanthomonas axonopodis pv. citr...Virulence Analysis of Citrus canker caused by Xanthomonas axonopodis pv. citr...
Virulence Analysis of Citrus canker caused by Xanthomonas axonopodis pv. citr...
 
NuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent UniversityNuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent University
 
In-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptxIn-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptx
 
GBSN - Microbiology Lab (Compound Microscope)
GBSN - Microbiology Lab (Compound Microscope)GBSN - Microbiology Lab (Compound Microscope)
GBSN - Microbiology Lab (Compound Microscope)
 
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
 

Unit+four+ +principles+of+cybersecurity

  • 1. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT FOUR Principles of Cybersecurity
  • 2. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Cybersecurity Goals and Tools
  • 3. © Air Force Association • 3 Goals of information security: ‐ Maintain information confidentiality • Making sure only approved users have access to data ‐ Maintain information integrity • Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user • Source Integrity: assurance that the sender of the information is who it is supposed to be ‐ Maintain information availability • Ensuring data is accessible by approved users when needed The CIA Triad Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
  • 4. © Air Force Association • Confidentiality ‐ Encryption • Passwords, encryption keys ‐ User access control • controlling which users have access to networks and what level of access each user has • Integrity ‐ Encryption ‐ User access control ‐ File permissions • Customizable settings that only allow certain users to view and edit files ‐ Version control systems/backups • Availability ‐ Offsite data storage/backups ‐ Redundant architecture (hardware and software) The CIA Triad: Tools of the Trade
  • 5. © Air Force Association • Process of verifying the identity of a user • Used to control access to a resource • Methods: ‐ Passwords ‐ Physical “keys” (key chains, swipe cards) ‐ Biometrics (fingerprints, retina scanning) • Threats: ‐ Brute force cracking • Test every possible combination of letters, numbers, and characters until the password is found ‐ Dictionary cracking • Test words and combinations of words found in the dictionary or from a slightly shorter list of words known to be commonly used in passwords 4 Authentication/Encryption Password: * * * * * * * *
  • 6. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Building Strong Passwords
  • 7. © Air Force Association Building Strong Passwords NOT… 6 C L O U D S S U N Source: tamutimes.tamu.edu Remember…….
  • 8. © Air Force Association 1234 7 Passwords NOT GOOD! This is Ronald Donald’s Password:
  • 9. © Air Force Association • Passwords of 8 characters consisting of Numbers only: 100 million + Lower case: 2.8 trillion + Upper case: 210 trillion + Symbols: 7.2 quadrillion 8 Passwords - Complex Cracked in < one second Cracked in eleven minutes Cracked in fifteen hours Cracked in three weeks Ronald’s Old Password: 1234 New Password: Pa123! • Always use at least 3 of the following:  Numbers  Lower case letters  Upper case letters  Symbols (% # * & ! : { “ > |) Source: www.howsecureismypassword.net
  • 10. © Air Force Association Six or fewer characters Seven characters Eight characters Nine characters Ten characters • Brute force attacks can run 4 billion calculations per second 9 Passwords - Lengthy Ronald’s Old Password: Pa123! New Password: Password123! Cracked in three minutes Cracked in five hours Cracked in three weeks Cracked in five years Cracked in 526 years • Always use at least 8 characters
  • 11. © Air Force Association Do not Share Your Password with ANYONE 10 Passwords – Only Yours
  • 12. © Air Force Association • Any of the top 10,000 passwords will be broken immediately • 91% of people have one of the 1,000 most popular passwords • Almost half of all people use one of the 100 most popular 11 Passwords - Unique Ronald’s Old Password: Password123! New Password: Ronald123! – letmein – dragon – 111111 – baseball – iloveyou – trustno1 – password – 123456 – 12345678 – abc123 – qwerty – monkey – 1234567 – sunshine – master – 123123 – welcome – shadow
  • 13. © Air Force Association Example: [base password] [site] Gmail: [Ronald123!] [GMA] = Ronald123!GMA Facebook: [Ronald123!] [FAC] = Ronald123!FAC 12 Passwords - Different • Use different passwords for each login (e.g. Gmail and Facebook) – 73% of people do not Ronald’s Old Password: Ronald123! New Passwords: Ronald123!FAC and Ronald123!GMA
  • 14. © Air Force Association • The longer you keep a password the longer attackers have to try and crack it • Changing your passwords regularly can help foil cracking attempts as they happen • It’s best to change your passwords at least every few months 13 Passwords – Short Term
  • 15. © Air Force Association • Do not use dictionary words ‐ Fend off dictionary cracking attacks by using passphrases 14 Passwords NOT Simple Where’s the beef? Wh D@ B33f? WhD@B33f?
  • 16. © Air Force Association • User ID is publicly available • Using it as a password = Giving it away 15 Passwords – NOT User ID
  • 17. © Air Force Association • Do not use any personal info – can be easily found by other means ‐ Name ‐ Birthday ‐ Pet’s Name ‐ Mother’s Maiden Name ‐ Hometown 16 Passwords – NOT Name Old Gmail Password: Ronald123!GMA New Password: WhD@B33f?GMA Old Facebook Password: Ronald1234FAC New Password: WhD@B33f?FAC
  • 18. © Air Force Association Building Strong Passwords NOT… 17 Source: tamutimes.tamu.edu Remember……. Complex Lengthy Only Yours Unique Different Short Term Simple User ID Name
  • 19. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Cyber Threats 18
  • 20. © Air Force Association • Dumpster Diving: Thieves sift through garbage for receipts with credit card information, medical forms with social security numbers, or other documents with PII • Shoulder Surfing: By looking over your shoulder as you type, thieves can glean your passwords, account information, and other sensitive information • Simple, but often overlooked threats 19 Physical Threats
  • 21. © Air Force Association • Basic personal practices that keep computers and data safe ‐ Lock your computer when in public areas ‐ Shield your keyboard when you type passwords ‐ Do not let strangers use your computer ‐ Keep sensitive information in secure places 20 Cyber Hygiene
  • 22. © Air Force Association Portable or handheld devices that have data or can connect to another device that has data 21 What are mobile devices?
  • 23. © Air Force Association 22 Securing Mobile Devices Risk Fix 1. Easily stolen and lost 2. Often not encrypted 3. Targets of malware, tools for attackers 4. Can be compromised via wireless 5. Applications collect information 1. Guard your devices 2. Set a strong passcode 3. Use anti-malware and updates 4. Avoid using open networks 5. Customize security settings
  • 24. © Air Force Association • Social Engineering: Manipulating people into giving up personal information 23 Online Threats Thrift Shopping Room M@ckelm0re Guests Ry@nLew1s | Send M@ckelm0re: Yo man I got the illest sweaters yesterday Ry@nLew1s: Really? What are we talkin? Wool? Pullover? Cardigan? Ry@nLew1s: I got a dope cardigan last week. Only 99 cents. M@ckelm0re: A couple of sick purple pullovers. Dont know if I need 2 tho….whats ur address? I will drop 1 in the mail for u.
  • 25. © Air Force Association • Phishing: fraud attempts perpetrated by random attackers against a wide number of users • Spear-phishing: fraud attempts targeted at specific people based on their membership or affiliation with a the spoofed group ‐ e.g. fraudulent emails sent to Microsoft employees aiming to steal Microsoft secrets • Vishing: Attempts to manipulate people into giving up PII over the phone • Smishing: Attempts to manipulate people into giving up PII by text message (SMS) 24 Social Engineering Methods
  • 26. © Air Force Association Sincerely, Customer Service Barclays *Phishing attempts are rarely this obvious, but these are useful errors to look for 25 How to Spot Phishing Emails Spoofed email address Spelling Errors/Typos ALL CAPS Asks for Personally Identifying Information Executable attachment or link to a Website Signed by a department, not an individual Source: www.Vanish.org
  • 27. © Air Force Association • Report phishing attempts so other people aren’t victimized • Go to the legitimate website of the spoofed organization (not through a link in the email) • Follow the site’s procedure for reporting • Report the spoof to your email provider 26 Reporting Email Scams
  • 28. © Air Force Association • Malicious Software = Malware • Software designed and written to: ‐ Steal information ‐ Spy on users ‐ Gain control of computers • Categorized by ‐ How it spreads ‐ What it does 27 Malware: What is it?
  • 29. © Air Force Association • V • T • Z • K • B • L • S 28 Malware: What is it? iruses/Worms rojan Horses ombies and Botnets eyloggers ackdoors ogic/Time Bombs pyware
  • 30. © Air Force Association • Viruses: Can infect and spread but need human assistance ‐ People download infected email attachments, shared files, spoof links, etc. ‐ Example: ILOVEYOU virus • Worms: Can infect and spread without human assistance ‐ Example: Sasser worm 29 Malware: Viruses/Worms
  • 31. © Air Force Association • Trojan horse: Program with a hidden malicious function ‐ It looks like something you want ‐ It does something you do not want • Can cause computer crashes and be used by attackers to gain remote access to your system or steal information 30 Malware: Trojan Horses
  • 32. © Air Force Association • Zombies (a.k.a bots): compromised computers under the control of an attacker ‐ Make it possible for someone else to control your computer from anywhere in the world • Botnet: a collection of compromised computers (zombies) under the control of an attacker ‐ Attackers pool the computing power of all of the zombie machines to launch huge spam attacks or to bring down websites through Distributed Denial of Service (DDoS) attacks ‐ DDoS attacks direct massive amounts of communication requests and traffic to websites in attempt to overwhelm their servers 31 Malware: Zombies and Botnets
  • 33. © Air Force Association • Keylogger: Tracks users’ keystrokes, obtains passwords and other personal information • Especially dangerous, because they track everything a user does, not just what they do on an unprotected Internet browser 32 Malware: Keyloggers My Computer Password: * * * * * * Attacker’s Computer Password: Q W E R T Y Keylogger
  • 34. © Air Force Association • Backdoor: An entry point into a program without all the normal, built- in security checks • Programmers sometimes install backdoors when they develop programs so that they can manipulate a program’s code more easily during troubleshooting and testing ‐ Sometimes they forget to close them • Attackers use malware like viruses, worms, and Trojan Horses to install backdoors on the computers they infect 33 Malware: Backdoors
  • 35. © Air Force Association • Logic/time bomb: Malware designed to lie dormant until a specific logical condition is met ‐ A particular person logs in ‐ A specific date or time ‐ A message is received 34 Malware: Logic/Time Bombs 00:00:00
  • 36. © Air Force Association • Spyware: Collects information about you, without your knowledge or consent ‐ Keyloggers are a type of Spyware Malware: Spyware 35
  • 37. © Air Force Association Anti-malware Software 36 Quarantines and removes infected files Scans files for matches in databases of known malware Alerts you when a match is identified or a suspect program attempts to run Source: www.zdnet.com Source: www.pcworld.com Source: www.royalpccare.com Source: www.digital-defender.com