The document provides information about IT security and the internet. It begins with the author's background and then covers topics such as how the internet works, domain name system address translation, what is needed to make the internet work, threats to security, and steps individuals can take to help improve security. It notes that hacking is common and attackers are financially motivated to steal personal and corporate data, which is then sold on black markets. The document emphasizes being aware of security risks and taking steps like using antivirus software and strong passwords.
The Internet is inescapable – both in your professional as well as your personal life. With our computers and phones, we are on the net at all times. But the net is dangerous. Whether you use e-mail, e-commerce, or even just a spreadsheet, you may not only be putting yourself in danger, but your whole company.
In this presentation, Prof. Dias explains some of the common ways you may be attacked when using Internet services, and how you can protect yourself against these attacks.
Slides produced for a workshop on measures to use to protect your computer and system security. By Computer Troubleshooters, Dayton, Ohio. February 15, 2014
Computer Security Guide to Pc Security
“Your Info Guide to Beefing Up Your Personal Computer’s Safety From Malicious Threats
As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Computer Security is very important
The Internet is inescapable – both in your professional as well as your personal life. With our computers and phones, we are on the net at all times. But the net is dangerous. Whether you use e-mail, e-commerce, or even just a spreadsheet, you may not only be putting yourself in danger, but your whole company.
In this presentation, Prof. Dias explains some of the common ways you may be attacked when using Internet services, and how you can protect yourself against these attacks.
Slides produced for a workshop on measures to use to protect your computer and system security. By Computer Troubleshooters, Dayton, Ohio. February 15, 2014
Computer Security Guide to Pc Security
“Your Info Guide to Beefing Up Your Personal Computer’s Safety From Malicious Threats
As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Computer Security is very important
How to Protect Your PC from Malware, Ransomware, VirusHabFg
Your info guide to beefing up your personal computer’s safety from malicious threats! Inside this eBook, you will discover the topics about protecting your computer’s system, fighting spam, spyware & adware, phishing & identity theft, computer viruses… and anti-viruses, protection you can afford and so much more!
This is a high-level introduction from The Lorenzi Group discussing the after-effects of the recent data breach at Epsilon. We cover what consumers and businesses need to be aware of and how they can begin to protect themselves.
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016Codemotion
Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be! Don't worry, I'm not trying to scare you (that much). We have plenty of safeguards against attempts on our applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA? We'll take a look into generating one time passwords, implementing 2FA in web applications and the only real life compelling use case for QR codes. Together, we'll make the web a more secure place.
Dollar Shave Club’s Billion Dollar User EngagementIterable
How does a billion dollar startup engage its customers? This User Engagement Teardown answers that question.
From their viral launch video in 2012 to this week’s $1B acquisition by Unilever, Dollar Shave Club has been a massive success. In just four years they captured 15% of their market and became legitimate competitors to consumer packaged goods (CPG) giants like P&G and Unilever.
We took 21 days to analyze what Dollar Shave Club does to convert users into customers and customers into loyal brand advocates. We signed up, subscribed, downloaded, followed, liked, clicked, tapped, browsed, and even purchased, and now we’re sharing it with you.
Open iTunes and go to “File” and then select “Add Folder to Library”. Import all the music folders on your computer using this method. You can also add music by purchasing songs from the iTunes music store.
How to Protect Your PC from Malware, Ransomware, VirusHabFg
Your info guide to beefing up your personal computer’s safety from malicious threats! Inside this eBook, you will discover the topics about protecting your computer’s system, fighting spam, spyware & adware, phishing & identity theft, computer viruses… and anti-viruses, protection you can afford and so much more!
This is a high-level introduction from The Lorenzi Group discussing the after-effects of the recent data breach at Epsilon. We cover what consumers and businesses need to be aware of and how they can begin to protect themselves.
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016Codemotion
Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be! Don't worry, I'm not trying to scare you (that much). We have plenty of safeguards against attempts on our applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA? We'll take a look into generating one time passwords, implementing 2FA in web applications and the only real life compelling use case for QR codes. Together, we'll make the web a more secure place.
Dollar Shave Club’s Billion Dollar User EngagementIterable
How does a billion dollar startup engage its customers? This User Engagement Teardown answers that question.
From their viral launch video in 2012 to this week’s $1B acquisition by Unilever, Dollar Shave Club has been a massive success. In just four years they captured 15% of their market and became legitimate competitors to consumer packaged goods (CPG) giants like P&G and Unilever.
We took 21 days to analyze what Dollar Shave Club does to convert users into customers and customers into loyal brand advocates. We signed up, subscribed, downloaded, followed, liked, clicked, tapped, browsed, and even purchased, and now we’re sharing it with you.
Open iTunes and go to “File” and then select “Add Folder to Library”. Import all the music folders on your computer using this method. You can also add music by purchasing songs from the iTunes music store.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
*
Compiled and designed by Mark Fullbright, Certified Identity Theft Risk Management Specialist™ (CITRMS) as a free service for consumers to protect themselves online and reduce their exposure to identity theft. Stay Safe, Stay Secure
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more.
You may take your privacy and security for granted but these tech companies might be letting you down. Discover the quick fixes these software giants could make to keep your data (and ass) safer. All this with help of our special infographic. Visit www.hmavpn.com for more details.
If you are looking for free security awareness training presentation look no further - we have you covered! :) Not only is this a great PowerPoint presentation, it's also short and to the point with only 25 slides including the cover and summary slides. But don't let this security awareness training example for employees fool you - it includes all the security awareness basics plus a bit more.
Notes to The Ten Commandments of Online Security and PrivacyJonathan Bacon
These are the notes for the slideshow offered as a JCCCRA TechTalk on Thursday, November 30, 2018. See the slideshow that is also available at www.slideshare.net/jbacon
This power-point present Explain about security risk by internet to government offices. here is some important tools and method for safely handheld internet
1st Students Led conference of Surefoot International School, presented by Grade 10 students on 17th October, 2014. An ICT Integrated into Leadership and Service program the topic covered is CYBER CRIME.
Similar to WCC 2012: General security introduction for non-security students (20)
GRRCON 2017 - Shuttle Columbia - Risk Management Lessons That Were Not LearnedJoel Cardella
17 years after the Challenger disaster, NASA suffered another loss of life when Columbia burned up on re-entry. Compounding this tragedy was the fact that all the failures of Challenger were repeated. This talk looks at some of those reasons and how to learn the lessons so they won't be repeated.
This talk is a summarized view of the various other talks in my profile. It was given to TACOM HQ LCMC as part of the "Our Shared Responsibility" initiative.
This is a good topical overview with some technical information.
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
My GRRCON 2013 talk on imparting security awareness. This is based on a highly successful and well received awareness program I created and rolled out for both blue collar and white collar users.
INFRAGARD 2014: Back to basics securityJoel Cardella
This talk focuses on getting Back To Basics with security controls. Too many enterprises are focusing on the wrong threats and spending money in the wrong places. Often overlooked are our basic security controls that require care and feeding, and regular review. This talk focuses on a few of those areas.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
2. Joel Cardella
jscardella@pobox.com
BS in English from Eastern Michigan University
involved in IT since 1992
Began in IT as a network administrator of 3 PCs in the
“Windows For Workgroups [3.11]” days
In 1997, went to work for America Online (ANS), and started
to ride the dot-com boom
Began IT career-track as a network operator – fixing low level
issues
ABOUT ME
4. The internet is like a global neighborhood where everyone has
a house address
Your data knocks on doors until it finds out the right address,
and then settles there
It knows what doors to knock on, because the people who own
the networks (neighborhoods) that you need to look in have
agreed to let your data pass through, and give it direction
Without these peering arrangements, the data would not get
to its destination
HOW DOES THE INTERNET WORK?
5. Domain Name Services are used to render crazy Internet
addresses into real world words
www.google.com is really
Addresses: 2607:f8b0:400f:801::1010
74.125.225.209
74.125.225.208
74.125.225.211
74.125.225.212
74.125.225.210
So who knows this? Who do I ask?
DNS ADDRESS TRANSLATION
6. The internet is a giant social network!
However, instead of reply on humans to transmit the
messages, we use computers, routers, DNS, peer
arrangements, etc
SOCIALLY SPEAKING
7. Power
Copper cable
Fiber optic cable
Switches
Routers
Operating Systems
Buildings
DNS
Agreements with neighbors
SECURITY!
SO WHAT DO WE NEED TO MAKE THE
INTERNET WORK?
9. WHAT IS EFFECTIVE SECURITY?
(Offense) (Defense)
Likelihood Impact
THREATS X VULNERABILITIES = RISK
Reduces Risk
Drives risk calculation
Threats increase risk
Dealing with vulnerabilities reduces risk
When a threat connects with a vulnerability, there is impact
10. IT Security is about managing risk, very similar to an
insurance model
Risk Strategies
Accept – based on relative low value, low frequency of occurrence, or
low impact
Mitigate – Implement controls to reduce risk
Transfer – Transfer risk to other entity (outsource)
Deny – Dispute the reality of the risk
Denying risk is considered by some courts as not applying Due
Care
RISK MANAGEMENT
11. IT Security has been a focus of law and review, and some
legal terms have migrated to IT Security
These terms have precedent and have been used
successfully to both prosecute and defend in courts
Due care – steps are taken to show the company has protections in
place
Due diligence – continual activities – people are doing activities to
monitor and maintain protection, and these are ongoing
Non-repudiation - one party of a transaction cannot deny having
received a transaction nor can the other party deny having sent a
transaction
CROSSOVERS WITH LAW
12. Confidentiality - prevent the
disclosure of information to
unauthorized individuals or
systems
Integrity – protect data from
modification
Availability - systems used
to store and process the
information, the security
controls used to protect it,
and the communication
channels used to access it
must all be functioning
correctly
SECURITY PRINCIPLES
13. Separation of duties – ensures that an individual cannot
complete a critical task by themselves
Least privilege - an individual, program or system process is
not granted any more access privileges than are necessary to
perform the task
Access based on need to know (Access Control) – information
is segregated and only available to individuals who have a
need to consume it
SECURITY BEST PRACTICES
15. Failing to install anti-virus, keep its signatures up to date, and apply it
to all files.
Opening unsolicited e-mail attachments without verifying their source
and checking their content first, or executing games or screen savers or
other programs from untrusted sources.
Failing to install security patches-especially for Microsoft Office,
Microsoft Internet Explorer, Firefox, and Safari…Opera, Netscape, etc
Not making and testing backups.
Being connected to more than one network such as wireless and a
physical Ethernet or using a modem while connected through a local
area network.
Reusing the same username and password across multiple websites
Linking accounts across the internet to a single point of failure (one
email address)
SEVEN WORST SECURITY MISTAKES
END USERS MAKE
17. What is the cloud?
What can you do with it?
Why is it useful?
CLOUDS OR FOG?
18. Apple is working hard to get all of its
customers to use iCloud.
Google’s entire operating system is cloud-
based.
Windows 8, the most cloud-centric operating
system yet, will hit desktops by the tens of
millions in the coming year or two.
WHO USES THE CLOUD?
19. Password-based security
mechanisms — which can be
cracked, reset, and socially
engineered — no longer suffice in the
era of cloud computing
CLOUD SECURITY IS STILL
A WORK IN PROGRESS
22. “I realized something was wrong at about 5 p.m. on Friday. I
was playing with my daughter when my iPhone suddenly
powered down. I was expecting a call, so I went to plug it back
in.”
“It then rebooted to the setup screen. This was irritating, but I
wasn’t concerned. I assumed it was a software glitch. And, my
phone automatically backs up every night. I just assumed it
would be a pain in the ass, and nothing more. I entered my
iCloud login to restore, and it wasn’t accepted. Again, I was
irritated, but not alarmed. ”
THE SYMPTOMS APPEAR
23. “I went to connect the iPhone to my computer and restore from
that backup — which I had just happened to do the other day.
When I opened my laptop, an iCal message popped up telling me
that my Gmail account information was wrong. Then the screen
went gray, and asked for a four-digit PIN.”
“I didn’t have a four-digit PIN.”
“By now, I knew something was very, very wrong. For the first
time it occurred to me that I was being hacked. Unsure of exactly
what was happening, I unplugged my router and cable modem,
turned off the Mac Mini we use as an entertainment center,
grabbed my wife’s phone, and called AppleCare, the company’s
tech support service, and spoke with a rep for the next hour and
a half.”
FROM BAD TO WORSE
24. His first call was to AppleCare – but according to them it was
not his first time calling!
Someone had called at 4:33 claiming to be Mat, saying he
could not get to his Me.Com email
In response, Apple issued a temporary password. It did this
despite the caller’s inability to answer security questions Mat
had set up. And it did this after the hacker supplied only two
pieces of information that anyone with an internet connection
and a phone can discover.
WHITHER GOES MAT?
25. It turns out, a billing address and the last four digits of a
credit card number are the only two pieces of information
anyone needs to get into your iCloud account. Once supplied,
Apple will issue a temporary password, and that password
grants access to iCloud.
Once someone has access to iCloud, they have access to your
AppleID
A hacker, going by the name Phobia, was able to track down
this information easily
WHAT HAD HAPPENED
26. “After coming across my account, the hackers did some
background research. My Twitter account linked to my personal
website, where they found my Gmail address. Guessing that this
was also the e-mail address I used for Twitter, Phobia went to
Google’s account recovery page. He didn’t even have to actually
attempt a recovery. This was just a recon mission.
Phobia could view the alternate e-mail Mat had set up for
account recovery. Google partially obscures that information,
starring out many characters, but there were enough characters
available, m••••n@me.com. Jackpot.
This was how the hack progressed. If I had some other account
aside from an Apple e-mail address, or had used two-factor
authentication for Gmail, everything would have stopped here.
But using that Apple-run me.com e-mail account as a backup told
the hacker I had an AppleID account, which meant I was
vulnerable to being hacked.”
THE HACK
27. All you need to access someone’s AppleID is
the associated e-mail address,
a credit card number,
the billing address,
and the last four digits of a credit card on file
Phobia had gone to Google and requested a password
recovery
Google had shown him that it was using a @me.com email
Phobia knows Mat has an AppleID and now needs access
So Phobia knew part of the email address – how did he get
the other pieces?
IT’S ALL YOU NEED!
28. He got the billing address by doing a whois search on Mat’s
personal web domain. If someone doesn’t have a domain, you
can also look up his or her information on Spokeo,
WhitePages, and PeopleSmart.
First you call Amazon and tell them you are the account
holder, and want to add a credit card number to the account.
All you need is the
name on the account,
an associated e-mail address,
and the billing address.
Amazon then allows you to input a new credit card. (Wired
used a bogus credit card number from a website that
generates fake card numbers that conform with the industry’s
published self-check algorithm.) Then you hang up.
AMAZIN AMAZON
29. Next you call back, and tell Amazon that you’ve lost access to
your account.
Upon providing a name, billing address, and the new credit
card number you gave the company on the prior call, Amazon
will allow you to add a new e-mail address to the account.
From here, you go to the Amazon website, and send a
password reset to the new e-mail account. This allows you to
see all the credit cards on file for the account — not the
complete numbers, just the last four digits.
But, as we know, Apple only needs those last four digits!
MORE DATA THAN YOU CAN EAT
30. Any waiter or waitress in a restaurant where you paid for your
meal
Any cashier at any store who took your credit card as payment
Any 16-year old kid working anywhere that accepts credit cards,
with enough sense to memorize 4 digits and a last name –
especially an easy one
So Phobia calls AppleCare and gives them his name
“Mat Honan”
His billing address
Found using internet search tools
Last 4 of the credit card
Found from the email from Amazon
And now Apple resets Mat’s iCloud account, giving Phobia access
WHO ELSE HAS THE LAST 4 OF YOUR
CREDIT CARD?
31. Phobia accesses Mat’s account, gets access to his @me.com
password- then a race ensues
4:50 p.m., a password reset confirmation arrived in my @me.com
inbox. They then were able to follow the link in that e-mail to
permanently reset my AppleID password.
4:52 p.m., a Gmail password recovery e-mail arrived in my me.com
mailbox. Two minutes later, another e-mail arrived notifying me that
my Google account password had changed.
5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone.
5:02 p.m., they reset my Twitter password.
5:05 they remotely wiped my MacBook. Around this same time, they
deleted my Google account.
5:10, I placed the call to AppleCare.
5:12 the attackers posted a message to my account on Twitter taking
credit for the hack.
PWNED
33. Mat says:
They could have used my e-mail accounts to gain access to my
online banking, or financial services.
They could have used them to contact other people, and
socially engineer them as well.
As Ed Bott pointed out on TWiT.tv, my years as a technology
journalist have put some very influential people in my address
book. They could have been victimized too.
COULDA BEEN WORSE!
34. Why did it happen?
What was the reason he got hacked, his personal info erased,
moments from his life gone forever?
What was the reason?
He had a 3 character Twitter user name, and they thought it
was cool and wanted it
WHY?
35. Mat was able to get some data back
He sent his machine to a firm called DriveSavers, who have
custom hardware and software which can recover data from
hard drives (even SSDs)
They recovered about 75% of the data, including most of his
digital pictures
The cost: $1,690
HE GOT SOME DATA BACK
36. 2 factor authentication means you need 2 things to prove who
you are
Something you know [a password]
Something you have [a cell phone]
If Mat had enabled Google’s 2nd factor authentication, this
would not have happened
Duo Security makes a product which can be used for free –
you can get SMS, iPhone push, phone call, software token
generation
2 FACTOR AUTHENTICATION
38. Security is a behavior, and it applies to you everywhere
Your phone, cell- or smart-
Your other mobile devices
Your computer at work
Your computer at home
Your personal documents & assets
Your company assets
Everything about security has overlap in all the spaces you
live in and move through
So security awareness applies to everything you do in life: at
work, at home, with family & friends
We will show you good behaviors to use wherever you are
SECURITY APPLIES TO EVERYTHING IN YOUR
LIFE
39. Hacking is happening all the time:
Sony – over a dozen data breaches and 100,000,000 Playstation
Network (PSN) records stolen
Zappos.com – 24,000,000 customer records stolen
LinkedIn – 6,500,000 emails and records stolen
Sutter Physicians Services – 3,300,000 patient records containing
medical details stolen from a physical desktop theft
This one is concerning because it could have data about you and me that
could be used to steal identities
DATA BREACHES ARE MORE COMMON THAN
PEOPLE THINK
Source: privacyrights.org
40. “Hacking” used to be about challenge and bragging rights.
Now, attackers have a monetary incentive to steal your data
Black market data dealing operations worldwide buy and sell
names, social security numbers, credit card and debit card
numbers, email addresses and other information very cheaply
Cybercrime now sits at $1 Trillion per year according to
McAfee – this is mostly profit!
Whether it’s personal data or corporate data, everything
about you is for sale!
ATTACKERS WANT YOUR DATA
(1)Symantec.com “Ponemon Cost of a Data Breach” (2) Eurostat Feb 2011 (3) RSA
41. Take necessary safeguards to ensure you are secure
Be aware! Know that your data could be at risk
Reboot your machine periodically – every day is encouraged – At
home and at work
Make your password strong and easy to remember
When on the phone with someone you don’t know, do not give any
personal or company details, even if they give details about the
company – much of this information could be easily found on public
websites
On your home PCs, follow these steps
Use antivirus software, and keep it updated all the time
You can use multiple programs, and several frees ones
If programs like Java, Firefox, Chrome, Abode, etc ask you if you want
the latest update say YES and accept it
WHAT CAN YOU DO TO HELP?
42. NEVER USE THE WORD PASSWORD IN YOUR PASSWORD!
Keep your password to yourself, and lock your PC when it is
unattended
Never write your password down or store it on or near your
computer or laptop
Use password management software, like KeePass
Ensure that you change the initial passwords supplied to you
as soon as possible.
Passwords must not be communicated to anybody. In
particular, ensure that you do not e-mail your password or use
the automatic password saver within an Internet browser.
PASSWORD RULES!
43. Passwords are usually kept in a scrambled format,
so they can’t be read
When passwords are stolen, hackers use password
cracking programs which guess your password
The guesses are based on dictionaries of words,
found at universities everywhere – including almost
all languages
Hackers feed the dictionaries into the password
crackers, and the crackers scramble the guess just
like the password
They then look for matches, and when they find one
it is cracked
HOW ARE PASSWORDS CRACKED?
44. From a list of 860,160 posted on the internet
ACTUAL CRACKED PASSWORDS
Patterns too easy to detect
They all use the word password in
them. NEVER use the word
password in your password
Keyboard patterns – too easy to
detect
Real words – never use real
words in any language! Password
which look like real words are
generally bad passwords
45. The best passwords are pass phrases but not all applications
can support them
“I was married on November 5th.”
“And the cow jumped over the moon!”
“I got friends in low places, says Garth Brooks.”
If you can’t do a passphrase, use the first letter from each
word in the phrase – add a number and symbol if you need it
IwmoN5th.
Atcjotm!2
Igfilp,sGB.7
Use a song, movie quote, book quote, anything that is easy to
remember. Songs can yield several years worth of passwords!
BEST PASSWORDS ARE PASS PHRASES
I was married on November 5th.
And the cow jumped over the moon!2
I got friends in low places, says Garth Brooks .7
46. Try for 14 characters – if you can get to 10 that is very good,
but more is always better
They need 4 things: an uppercase letter, a lowercase letter, a
number and a symbol - anything on top keyboard row -
!@#$%^&*()_+
avoid semi-colon (;) and apostrophe (‘) as these can break IT
systems
At home, create one strong, special password for your online
banking – you only ever use this password for this, and never
use it anywhere else
Use this technique to make as many distinct passwords as you
can – one for each website or program you use is your goal!
FOR ALL PASSWORDS, AT HOME AND AT
WORK
47. Are these strong passwords? Why or why not?
Cindy2012
No! Too many patterns too easily guessed
Fisherman
NO! Real word in the dictionary
GoTigers!4
No, this password is too easily guessed
Don’t use sports teams or players in your password!
P@ssw0rd#1
No. These substitution tricks are too common – looks too
much like a real world, easily guessed – has the word
password in it
H,dyhtstmbgitw?1
Yes! It doesn’t look like any words and it has enough
complexity
It has special characters which break up the password
It has 16 characters!
Can you remember Hey, did you happen to see the most beautiful girl in the
world?
PASSWORD QUIZ!
49. LOCK YOUR PC WHEN IT IS UNATTENDED
Pressing the Windows Logo key + L
key at the same time, will lock the
computer instantly
50. In the same way you should safeguard your password and its
value, you should also safeguard your PC and the data on it
Train yourself into pressing Win + L each time you leave your
PC, even for a moment
You will need to log back in each time, but remember this is
because you are safeguarding the value of your business
process – this is the key you are using to unlock your
valuables
Just as you would lock the door to your house when you leave
it to protect your values, lock your PC
LOCKING YOUR PC SECURES THE DATA
ON IT
51. Take all precautions to protect your IT devices and
data assets from damage or loss
Treat your laptop and mobile device like cash.
Be on guard in airports and hotels.
Don’t leave your device unattended — even for just a
moment.
Don’t leave your laptop visible in the car, put it in the trunk –
or cover valuables with a blanket, make them unseen
Don’t keep passwords with your laptop or in its case.
Backup your files on the network drives.
Remember that the information contained in a laptop or
mobile device is more valuable than the hardware.
PROTECT YOUR IT DEVICES AND DATA
52. Secure and hide your laptop & other valuables in your vehicles
– cover them with blankets or make them otherwise not
noticeable by passersby
Do not leave your smartphone unattended, especially when
it’s powering up at a charging station
Always have your bags in contact with your body
If bags are on ground, step your foot through the loop of a carry bag,
or have contact with your wheeled bag
Do not store your passwords with your laptop (do not write
them down!)
Theft is a crime of opportunity – limit the opportunities
available and the odds are in your favor
TRAVELING SECURITY
53. Beware of security risks when using e-mail or the
internet
Do not reveal personal or financial information in emails,
and do not respond to email solicitations for this
information.
If it sounds too good to be true, it is.
Be wary of pop-up windows and advertisements for free
downloadable software—they may be disguising spyware
Forwarded emails can contain viruses or other malicious
activity. Open attachments only from those you trust.
Don’t click email web links, or copy-paste them - choose
from your favorites
Pay attention to the address of a website.
Your browser can help tell you what website you are on
BEWARE OF SECURITY RISKS
54. PIN lock your smart phones (mobile devices) – this is a
tradeoff between convenience and security
Remember this stops someone from snooping through your device
Apps that access your data will be easily accessible by someone who
“finds” your device– many apps never log you out
Your identity could be stolen, and you could be impersonated
by someone using your device with all of your apps available
to them
Before you download that cool app – think, “Do I really want
this to have access to my personal data?”
SMART PHONE SECURITY
55. CURIOSITY PWNS THE LOSER
Operation Honey Stick
50 smartphones were
distributed in Silicon Valley,
Washington, D.C., New York,
Los Angeles, and Ottawa. The
devices, loaded with a buffet of
juicy, fake data, were left in
restaurants, elevators,
convenience stores, and
student unions. Symantec
equipped them with monitoring
software that let its security
gurus track where the devices
were taken once found, and
what type of information was
accessed by the finders.
56. Don’t Assume that public Wi-Fi networks are secure – they
aren’t - EVER
So what can you do to protect your information? Here are a
few tips:
When using a Wi-Fi hotspot, only log in or send personal information
to websites that you know are fully encrypted (https or vpn). VPNs
encrypt traffic between your computer and the internet, even on
unsecured networks
Don’t stay permanently signed in to accounts. When you finished
using an account, log out.
If you use a smartphone to connect to a wifi hotspot, all your activity
will be on the network – so beware of what you browse, email or text!
PUBLIC WI-FI
57. Applying real-world judgment can help minimize risks.
The danger of social networks is the reason they are social in the
first place! Linked data gives bad guys easier ways to steal from
you
One innocent post of Facebook saying “We are at a movie!” can
actually post all of the following:
Where I am, with maps to the movie theatre
How long I will be gone from my house, because of the show times listed
Who I am with (We are at a movie!)
This is an invitation to get robbed, or worse
Tell your kids, your SOs, your friends, everyone…
BE CAREFUL OF THE INFORMATION YOU GIVE AWAY
BE AWARE YOU COULD BE GIVING AWAY MORE THAN YOU THINK
SOCIAL NETWORKS
58. Security is not about technology
Security is about YOU
Your behaviors
Your use of tools like computers and smart phones
Your attitude toward how you value your data
Be secure at home and at work
Free tools are available to help you keep track of passwords
Antivirus programs which are up-to-date are critical to maintaining a
secure PC, especially with older operating systems – and many of
these are free!
Unfortunately, IT cannot assure 100% security – so we rely on
you to fill in the gaps
SECURITY IS NOT EQUAL TO TECHNOLOGY
59. KeePass – a free way to help you manage and track all your
passwords - http://keepass.info/
For those using Microsoft Windows, you can download and install
Microsoft Security Essentials, a free antivirus program – other free
antivirus programs are SpyBot, MalwareBytes, Avira, AVG, Avast!
and many more
These should be downloaded *only* from their source sites, or
trusted sites like sourceforge.net – do not use Download.com or other
sites for antivirus downloads
TrueCrypt is an encryption program to help secure data on your PC –
http://truecrypt.org/
Fbackup is a program which can back your local files up to the
network, like your G: or H: drive - http://www.fbackup.com/
There are many others available: if you ever have any questions,
please email jscardella@pobox.com for help or information with any
PC security question whether at work or at home
FREE TOOLS RESOURCES
60. Microsoft Security Essentials –
http:// windows.microsoft.com/mse
Avira (free version)
http://www.avira.com/en/for-home
AVG
http://free.avg.com/us-en/homepage
Avast!
http://www.avast.com/en-us/index
Malware Bytes
http://www.malwarebytes.org/products/malwarebytes_free
SpyBot
http://www.safer-networking.org/en/download/index.html
Many more available
FREE PC ANTI-VIRUS PROGRAMS FOR
HOME USE
62. Employers Will Be Looking for These Hot Tech Skills
In 2012, skills in key computer technologies, especially in
software, will be in much demand. “At IT firms, virtualization,
business intelligence and mobile app developers are really
strong,” Reed says. “App developers are really hot right now,
then .Net, Java, PHP, Silverlight and SharePoint.”
Bass adds to the list of in-demand technology jobs: sales
application engineers, CRM specialists, security experts, backup
and recovery technicians, field application support specialists
and service technicians.
Source: http://career-advice.monster.com/job-search/company-
industry-research/it-jobs-outlook-2012/article.aspx
IT SKILLS NEEDED!
63. The 20 Coolest Jobs in Information Security
#1 Information Security Crime Investigator/Forensics Expert
#2 System, Network, and/or Web Penetration Tester
#3 Forensic Analyst
#4 Incident Responder
#5 Security Architect
#6 Malware Analyst
#7 Network Security Engineer
#8 Security Analyst
#9 Computer Crime Investigator
#10 CISO/ISO or Director of Security
#11 Application Penetration Tester
#12 Security Operations Center Analyst
#13 Prosecutor Specializing in Information Security Crime
#14 Technical Director and Deputy CISO
#15 Intrusion Analyst
#16 Vulnerability Researcher/ Exploit Developer
#17 Security Auditor
#18 Security-savvy Software Developer
#19 Security Maven in an Application Developer Organization
#20 Disaster Recovery/Business Continuity Analyst/Manager
COOL SECURITY JOBS