Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Published byBlaze Bracken Modified over 10 years ago

Similar presentations

Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1 Chapter 10: Cybersecurity for End Users, Social Media, and Virtual Worlds

2 Doing an Ego Search An ego search reveals what is known about you on the Internet – Everyone should try this You are likely to be surprised by the information you find, such as: –Your phone numbers –Your home address –Personal details, such as family members and hobbies, that could be used to guess your passwords Even more details about are known in the deep Internet (databases) – such as your browsing habits, your buying habits, your sales hot buttons You can request that information be removed from website; there are services that do that 10/12/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Protecting Laptops, PCs and Mobile Devices Physically securing and maintaining your systems and mobile devices is essential Use a laptop cable lock – Lock out the screen before you walk away (Microsoft Button L on Windows) Always keep tablets and smart phones under your control – Don’t leave them unattended 10/12/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Staying Current with Anti- Malware and Software Updates Internet threats are constantly changing, evolving, and innovating Keep your defenses up by keeping your anti-malware updated as well as your operating system, plug-ins, and software applications Configure your software to auto-update; then verify that auto-update is working 10/12/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Managing Passwords Make your passwords less vulnerable, here are some methods: –Use longer passwords (> 8 characters) –Choose non-dictionary words –Avoid using anything that turns up in your ego search –Use upper and lower case text with numbers and special characters –Base your password on an easily remembered phrase, e.g. “91% of dogs are diagnosed with dental disease before age 3,” which could be shortened to the passphrase 91%DaDwDD<A3 –If you write down passwords, lock them up securely 10/12/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 Guarding Against Drive-By- Malware Drive-By-Malware is a rapidly emerging threat –Simply by visiting a web page, your system can be infected with malware Drive-By-Malware can even appear on legitimate websites as malvertisements – Ad content is provided by third parties, web sites that sell add space are easily compromised by malicious organizations, this is especially prevalent late on Fridays when defenses relax for the weekend Comments and discussion boards may contain malware posted by attackers 10/12/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 Guarding Against Drive-By- Malware (2) There are many ways to defend against Drive-By- Malware, such as: –Increase browser security level slider in browser properties –Disable pop-ups in browser properties –Use private browsing mode –Use a website filtering plug-in which comes with your anti- malware suite –Use black listing built into selected browsers –Do not type in URLs Many malware sites are at slightly misspelled URLs Instead use a search engine which filters out malicious sites Use a script filtering plug-in such as NoScript to stop all unwanted scripts 10/12/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Staying Safe with E-mail E-mail attacks include: –Malicious attached files which infect machines when they are opened –E-mails containing Drive-By-Malware URLs –HTML E-mails containing Drive-By-Malware scripts Social engineering involves using a false pretext to: –Encourage you to self-infect your machine –Coax you into divulging sensitive information, such as you bank account login End user awareness of these forms of attacks is a critical key to network defense. 10/12/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 Staying Safe with E-mail (2) Phishing (pronounced “fishing”) is a spam email attack the can deliver any form of E-mail attack Spear Phishing is a personalized email attack –Based upon the attackers recognizance about you (like an ego search) –This form of attack is usually directed at persons of authority (executives, financial officers, privileged system administrators, security professionals) –The social engineering (false pretext) is very effective, even against sophisticated users 10/12/2014 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10 Securely Banking and Buying Online Be especially careful when banking or buying online, this is when your identity and finances are at high risk. At a minimum, use a separate Internet browser with no other tabs or windows open –Malicious websites running in other tabs can impersonate your identity and conduct financial transactions without your knowledge The banking industry standard is to use a completely separate machine dedicated only to financial transactions – that is ideal 10/12/2014 DRAFT10 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

11 Understanding Scareware and Ransomware Scareware and ransomware are threats that can appear when Internet browsing, e-mailing, or using other Internet connections Scareware often appears as a pop-up urging you to take an action that can infect your machine, often attackers are impersonating law enforcement (e.g. FBI) or an anti-malware vendor Ransomware infects your machine then demands payment to release control, it is a form of blackmail 10/12/2014 DRAFT11 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

12 Is Your Machine p0wned? When your machine is attacked and successfully penetrated, the attackers may install persistent malware, called a rootkit, which can conceal it’s presence from you and your anti- malware. Once infected it is often necessary to completely re-image (wipe clean and re-build) your machine, losing all your data and installed applications Even so there are a variety of tools to remove rootkits that work to varying degrees 10/12/2014 DRAFT12 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

13 Being Careful with Social Media Social Media (e.g. Facebook) encourages you to share personal information that can be used against you by attackers Social media broadcasts your vulnerabilities and multiplies ways that you can be attacked –Tidbits of information about you can be used by attackers to guess passwords or attack you with social engineering such as phishing and spear phishing. –Be very careful what you share with the whole world online and use appropriate security settings in the social media tool, restrict sharing to friends only 10/12/2014 DRAFT13 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

14 Staying Safe in Virtual Worlds Virtual worlds allow us to travel virtually to real and imaginary places, as well as meet and interact with people from all over the world. Your virtual presence is an avatar. Attackers, called griefers, will threaten your avatar from time to time, especially if you are in a public area with scripts enabled such as sandboxes. Take care about how you configure your defenses such as blocking adware because adware is built into applications such as Second Life’s newest viewers. 10/12/2014 DRAFT14 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

15 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/12/2014 DRAFT15

Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."

Similar presentations

Web Shift Booking System

Web Shift Booking System
Speaker Name, Title Windows 8 Pro: For Small Business.

Speaker Name, Title Windows 8 Pro: For Small Business.
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.

1 State Records Center Searching and Requesting Inventory  Versatile web address:  Look for any new ‘Special.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON

Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
James Sees Senior Network Administrator Management Analyst Cyber Protection Strategies White Hall Business Association - Cyber Security & Awareness Conference.

James Sees Senior Network Administrator Management Analyst Cyber Protection Strategies White Hall Business Association - Cyber Security & Awareness Conference.
Information Security Awareness:

Information Security Awareness:
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Chit Fund Software. First we will try to see how to create a (Chit Scheme) 1. Enter the Chit Name 2. Enter Chit Value. 3. Total No. of members in that.

Chit Fund Software. First we will try to see how to create a (Chit Scheme) 1. Enter the Chit Name 2. Enter Chit Value. 3. Total No. of members in that.

Similar presentations

Ads by Google