Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Similar presentations


Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1 Chapter 10: Cybersecurity for End Users, Social Media, and Virtual Worlds

2 Doing an Ego Search An ego search reveals what is known about you on the Internet – Everyone should try this You are likely to be surprised by the information you find, such as: –Your phone numbers –Your home address –Personal details, such as family members and hobbies, that could be used to guess your passwords Even more details about are known in the deep Internet (databases) – such as your browsing habits, your buying habits, your sales hot buttons You can request that information be removed from website; there are services that do that 10/12/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Protecting Laptops, PCs and Mobile Devices Physically securing and maintaining your systems and mobile devices is essential Use a laptop cable lock – Lock out the screen before you walk away (Microsoft Button L on Windows) Always keep tablets and smart phones under your control – Don’t leave them unattended 10/12/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Staying Current with Anti- Malware and Software Updates Internet threats are constantly changing, evolving, and innovating Keep your defenses up by keeping your anti-malware updated as well as your operating system, plug-ins, and software applications Configure your software to auto-update; then verify that auto-update is working 10/12/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Managing Passwords Make your passwords less vulnerable, here are some methods: –Use longer passwords (> 8 characters) –Choose non-dictionary words –Avoid using anything that turns up in your ego search –Use upper and lower case text with numbers and special characters –Base your password on an easily remembered phrase, e.g. “91% of dogs are diagnosed with dental disease before age 3,” which could be shortened to the passphrase 91%DaDwDD<A3 –If you write down passwords, lock them up securely 10/12/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 Guarding Against Drive-By- Malware Drive-By-Malware is a rapidly emerging threat –Simply by visiting a web page, your system can be infected with malware Drive-By-Malware can even appear on legitimate websites as malvertisements – Ad content is provided by third parties, web sites that sell add space are easily compromised by malicious organizations, this is especially prevalent late on Fridays when defenses relax for the weekend Comments and discussion boards may contain malware posted by attackers 10/12/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 Guarding Against Drive-By- Malware (2) There are many ways to defend against Drive-By- Malware, such as: –Increase browser security level slider in browser properties –Disable pop-ups in browser properties –Use private browsing mode –Use a website filtering plug-in which comes with your anti- malware suite –Use black listing built into selected browsers –Do not type in URLs Many malware sites are at slightly misspelled URLs Instead use a search engine which filters out malicious sites Use a script filtering plug-in such as NoScript to stop all unwanted scripts 10/12/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Staying Safe with E-mail E-mail attacks include: –Malicious attached files which infect machines when they are opened –E-mails containing Drive-By-Malware URLs –HTML E-mails containing Drive-By-Malware scripts Social engineering involves using a false pretext to: –Encourage you to self-infect your machine –Coax you into divulging sensitive information, such as you bank account login End user awareness of these forms of attacks is a critical key to network defense. 10/12/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 Staying Safe with E-mail (2) Phishing (pronounced “fishing”) is a spam email attack the can deliver any form of E-mail attack Spear Phishing is a personalized email attack –Based upon the attackers recognizance about you (like an ego search) –This form of attack is usually directed at persons of authority (executives, financial officers, privileged system administrators, security professionals) –The social engineering (false pretext) is very effective, even against sophisticated users 10/12/2014 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10 Securely Banking and Buying Online Be especially careful when banking or buying online, this is when your identity and finances are at high risk. At a minimum, use a separate Internet browser with no other tabs or windows open –Malicious websites running in other tabs can impersonate your identity and conduct financial transactions without your knowledge The banking industry standard is to use a completely separate machine dedicated only to financial transactions – that is ideal 10/12/2014 DRAFT10 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

11 Understanding Scareware and Ransomware Scareware and ransomware are threats that can appear when Internet browsing, e-mailing, or using other Internet connections Scareware often appears as a pop-up urging you to take an action that can infect your machine, often attackers are impersonating law enforcement (e.g. FBI) or an anti-malware vendor Ransomware infects your machine then demands payment to release control, it is a form of blackmail 10/12/2014 DRAFT11 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

12 Is Your Machine p0wned? When your machine is attacked and successfully penetrated, the attackers may install persistent malware, called a rootkit, which can conceal it’s presence from you and your anti- malware. Once infected it is often necessary to completely re-image (wipe clean and re-build) your machine, losing all your data and installed applications Even so there are a variety of tools to remove rootkits that work to varying degrees 10/12/2014 DRAFT12 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

13 Being Careful with Social Media Social Media (e.g. Facebook) encourages you to share personal information that can be used against you by attackers Social media broadcasts your vulnerabilities and multiplies ways that you can be attacked –Tidbits of information about you can be used by attackers to guess passwords or attack you with social engineering such as phishing and spear phishing. –Be very careful what you share with the whole world online and use appropriate security settings in the social media tool, restrict sharing to friends only 10/12/2014 DRAFT13 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

14 Staying Safe in Virtual Worlds Virtual worlds allow us to travel virtually to real and imaginary places, as well as meet and interact with people from all over the world. Your virtual presence is an avatar. Attackers, called griefers, will threaten your avatar from time to time, especially if you are in a public area with scripts enabled such as sandboxes. Take care about how you configure your defenses such as blocking adware because adware is built into applications such as Second Life’s newest viewers. 10/12/2014 DRAFT14 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

15 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/12/2014 DRAFT15


Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."

Similar presentations


Ads by Google