Information Security and Best Online Practices

Introductions About Us About the Class (MGMT636) About the MSISA program Cybersecurity Data Analysis Database Management And more The top emplyers for graduates are the National laboratories, the DHS, DOD, and UNM itself.

Google Trends “Cybersecurity” Worldwide Interesting because it runs counter to trends in hack, hackers, cybercrime, security. Encouraged everyone to check out Google Trends. A very useful tool for finding trending information and exploring patterns in the world.

Overview What are we going to talk about? More In-depth, Real Quickly, Encryption, Hashing Tech Demos Real Quickly, Password Creation Password management/protection

Instagram Accounts got HACKED!!! Recently some Russian hackers have hacked several people’s Instagram Account The reason is still unknown. Facebook and Cambridge Analytica too.

HSBC Bank suffers data breach HSBC Bank suffered a data breach in last October 4 and October 14,2018 Fortunately only a small amount of customers were affected, reportedly less than 1%. Important information stolen: full name, mailing address, date of birth, phone number, email address, account numbers etc.

Encryption Video Local Location ../Documents/TrimmedEncryption.mp4 Web Location https://youtu.be/r4HQ8Bp-pfw?t=55

Hashing vs. Encryption Not the same thing. Both result in “jumbled” text. Encryption can be decrypted with a key Hash cannot be un-hashed (one-way)

What is Encryption? Turn data into unreadable character. These unreadable characters can be converted back to the data. (with the right key). Two Types (symmetric key, public key).

Where is Encryption Used? Anywhere and everywhere that information is stored. Anywhere a password is used or communication is used. Internet, Phones, computers, applications, banking, cars, IoT, communication, computer games, etc…

One of first Examples Caesar Cipher The Caesar cipher is named after Julius Caesar, who used it with a shift of three to protect messages of military significance. While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have been used earlier.

Using A Keyword

What is Hashing? A string or number generated from a string or text. Fixed Length. Varies Widely. (“hello” vs. “Hello”) Best algorithms are designed to be nearly impossible to turn hash back to original string.

When is Hashing Used? Used to store passwords(SQL Database). Strong hashing algorithm with salt = hard to reverse. When user logs in. To make sure a file wasn’t changed.

What is a Salt???? Salt is extra text added to the end. If password was “password” the database can salt it by adding “safe” to the end of it. “passwordsafe” now gets hashed and saved. Protect against dictionary attack and rainbow table.

Salt in The News LinkedIn sued for a data breach (2013) They were deemed negligent for not salting their stored passwords. The database was susceptible to SQL injection attacks.

TECH DEMO!!! Hashing and Encrypting using Terminal (applies to Windows in a similar manner) Comes pre-installed on Mac OSX For windows, https://www.openssl.org/source/ can be downloaded at this link. openssl list-cipher-commands  this command will show you all the types of encryption you can use. openssl des –in filename.txt –out filename.txt.enc  encrypt the file using the DES algorithm emacs filename.txt.enc  (opens the file in emacs) in order to see what encryption text (most text editors will work). openssl des –d –in filename.txt.enc –out filenameOUTPUT.txt openssl aes-256-cbc –a –salt –in filename.txt –out filename.txt.enc  using aes-256-cbc algorithm very powerful, common, widely used. Adding salt makes it even more secure. Basically need a super computer to crack this now. -a makes the encryption use plain text. openssl aes-256-cbc -d –a –salt in filename.txt.enc –out filenameOUTPUT.txt  decrypt previous encryption. Openssl –h  give you all the options available Openssl dgst –h  gives you all Hash functions available. echo –n “testing string” | openssl md5 echo –n “testing string” | openssl sha256 echo –n filename.txt | openssl sha1 The Handout provides examples of the code used.

Types of Authentication

Types of Authentication cont. Knowledge factors: Factors the user must know in order to log in are considered a knowledge factor. This can be anything from a username, password, or pin number

Types of Authentication cont. Possession factors. Anything that the user must have in order to log in is known as a possession factor. One-time password tokens, key fobs, ID cards, and physical tokens are all considered possession factors

Types of Authentication Cont. Inheritance factors. Using a person’s biological characteristics is known as an inheritance factor.

Password Creation

Some Common Password

How long it takes to hack?

Combinatorics How we do calculate the number of possible combinations from a password of 8 – 12 characters? (Password Characters)^(Password Length) Numbers 0-9, letters a-z, A-Z, symbols (!@#$%) 958 +959 +9510 +9511 +9512 = 546,108,599,162,939,437,890,625

Some Interesting Stats 2 out of 5 people have been 'hacked' in the last year 21% use password that are at least 10 years old 47% use passwords that are at least 5 years old 54% use 5 or fewer passwords across their entire online presence On average, only 6 unique passwords are used to guard 24 online accounts

Password Recommendations At least 8 characters long Use mixture of upper case, lower case, digits, symbols Utilize biometrics (Automatic on iPhones) Do not use words listed in the dictionary Do not store in text or word file It should be used and known by one person only

Password Manager Stores different login information and passwords from all sites you want No need to remember them all! Can autofill during login process Password managers are secure

Lastly Why is all this protection of data important? You might not know what data these companies are keeping on you. Why is facebook free? Why is Instagram free? Snapchat…

Why are these Apps free? A staggering $24.1 billion of Google's $27.77 billion revenue for Q3 2018 was from advertising Facebook reported $11.97 billion in revenue and $4.98 billion in profit for the past quarter, with 91 percent of its advertising revenue coming from mobile.

Download Your Information We have passed out a handout that gives you quick easy instructions for requesting and downloading your information from facebook, google, Instagram and snapchat.

References https://securityscorecard.com/blog/worlds-worst-passwords https://swoopnow.com/user-authentication/ https://latesthackingnews.com/2018/11/07/hsbc-bank-suffers-data-breach/ https://www.independent.co.uk/life-style/gadgets-and-tech/news/instagram-hack-accounts-russia-breached-take-over-accounts-how-locked-2018-a8553776.html

References Cont. https://www.cbsnews.com/news/how-easy-is-it-to-hack-your-password-john-pozadzides-tells-all/ https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting