Cybersecurity

Document Sample
Cybersecurity Powered By Docstoc
					      Personal Cybersecurity
                     Think before you click!

                           Dan O‟Callaghan
                       Sinclair Community College




SPDD, Oct 29, 2010
                 By the numbers…
•   6.9B – Global population (census.gov)
•   2B – Global Internet users (internetworldstats.com)
•   28.7% - Global Internet penetration rate (internetworldstats.com)
•   5.3B – Global mobile phones subscribers (itu.org)
     – 940M are 3G
•   310.6M – US population (census.gov)
•   239M – US Internet users (internetworldstats.com)
•   77.4% - US Internet penetration rate (internetworldstats.com)
•   292M US mobile phone subscribers (ctia.org)
     – 123.2M are 3G
By the numbers…
             By the numbers…
• 251M – Number of data records exposed through
  domestic data breaches from Jan ‟05 – Aug ‟10
  (Privacy Rights Clearing House)
• 3.2B – Total dollars lost to phishing scams against
  U.S. residents in 2007 (Gartner)
• 3.6M – Number of U.S. residents that lost $3.2B in
  2007 (Gartner)
• 275,284 – Number of complaints filed with the IC3
  (Internet Crime Complaint Center) in 2008– a 33%
  increase from 2007
                  Attacker Profiles

• “teen next door” - curiosity
   –   Age 14-24
   –   Computer Obsessed
   –   No „real‟ social life, much idle time
   –   Target:
        Widespread, random, „opportunity‟
   – Motivation:
        Curiosity------------------------------Bragging Rights
                 Attacker Profiles
• “professional” or “mature”
  – Highly skilled and extensive knowledge
  – On-line social life, increasingly organized
  – Target:
     Specific, picked to meet a goal/need
  – Motivation:
     Profit, harvest a resource, organized crime
     Primary Attacker Goals
Access
 1. to information
 2. to systems/infrastructure to assist with
    additional attacks
           Primary Attack Vectors
•       Deception
    –     Social engineering- get user to compromise
          account or machine
    –     Scams/Fraud PHISHING!
•       E-Mail
    –     Attachments…still a risk
    –     Content…particularly links
•       Web
    –     Active content
    –     Ads
           Primary Attack Vectors
•       IM, IRC, P2P
    –     Combines threats to Email, Web, etc.
•       Worm
    –     Web, Email, IM, RIM
    –     Worm typically does NOT require direct user action
•       Trojan (Horse)
    –     Appears to offer desirable function (and may)
    –     Actually (also) contains malicious payload
             Primary Attack Vectors
•       Back Doors
    –       Secret access to PC or account (pwned)
    –       Often installed as Trojan payload
•       Botnets
    –       Networks of compromised PCs under remote
            control
    –       100‟s, 1000‟s, 10,000‟s ???
    –       Used for multiple illicit purposes
        •     Sending spam
        •     Phish host/receive
        •     Illicit file server (child porn)
        •     DDOS
     Defense?
(Technical Practices)
        Basic “Technical” Security
•       Firewall ON
•       Anti-Malware software ON & auto-update
    –     Schedule routine scans
•       Microsoft & other software auto-update
    –     Do not ignore non MS updates
•       DO NOT use an “Admin” account for
        routine PC use
    –     Anything YOU can do, your browser can do
      Defense?
(Effective Practices)
http://www.youtube.com/user/SecurityVideoContest#p/a/u/2/wpbPh-yqNJs
        1. Think Before You Click
         http://www.youtube.com/user/SecurityVideoContest#p/u/7/3aSWYS19U2w


1. Be aware/wary of ALL links
   Before you click on any link (or linked image) in an
    email, instant message, on a web site, in a text
    message or elsewhere, pause and think about what
    you expect and possible consequences.
   Be cautious when you receive an attachment/link from
    known and unknown sources.
   Even if you know and trust the sender of the email,
    instant message, web site, or a friend's social
    networking page, it is still prudent to use caution when
    navigating pages and clicking on links or images.
    2. Use Hard to Guess Passwords
    Develop good password practices to help keep your
     personal information and identity more secure.
            http://www.youtube.com/user/SecurityVideoContest#p/u/0/1QptFg8VQ88

     Passwords should:
         be at least eight characters
         include uppercase and lowercase letters, numerals
          and symbols
         be secret – if someone else knows it, it is not!
    If a password is on the monitor, under your keyboard, or
          in your „pencil drawer‟ – it is NOT “hard to guess”
               http://www.youtube.com/user/SecurityVideoContest#p/u/8/IK_ojxFGhk4
      3. Avoid Phishing Scams
•   Phishing is a form of identity theft in
    which the intent is to steal your personal
    data, such as credit card numbers,
    passwords, account data, or other
    information. Do not reply to emails that
    ask you to "verify your information" or to
    “confirm your user-id and password.”
         http://www.youtube.com/user/SecurityVideoContest#p/u/3/XS6DyebVzIg
                 3. Avoid Phishing Scams
•Nigerian 419:
   •ATTNFUND BENEFICIARY.htm

•“Legal”    Phishing:
   • grouply.gif

•IRS?
   •Your Federal Tax Payment.htm

•Itunes?
   •Itunes_receipt.htm

•Compromised Email?
   •Validate Your Mailbox.htm
   http://www.sonicwall.com/phishing/
          4. Shop Safely Online
•   When shopping online always know with whom
    you're dealing. When submitting your purchase
    information, look for the “https:” and/or “lock”
    icon on the browser's status bar to be sure
    your information is encrypted during
    transmission. Always pay by credit card or
    other method that generates a paper trail.
         4. Shop Safely Online

http://www.microsoft.com/protect/fraud/finances/shopping_us.aspx

http://www.onguardonline.gov/topics/online-shopping.aspx



     Don't email financial information.
            Email is not secure!
            5. Protect Your Identity
•    Web sites track visitors
    – Data may be collected about you as a result of many of your
      online activities.
    – Most legitimate web sites include a privacy statement.
•    Resources:
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html


http://www.foxnews.com/story/0,2933,275583,00.html
    6. Dispose of Information Properly
     – Before discarding your computer or portable storage
       devices, you need to be sure that the data contained
       on the device has been erased or "wiped."
       Read/writable media (including your hard drive)
       should be "wiped" using Department of Defense
       (DOD) compliant software.
     – Recycle home PCs, but be aware much of this is
       contracted overseas
•     http://eraser.heidi.ie/
   7. Protect Your Children Online
    – Discuss and set guidelines and rules for computer
       use with your child. Post these rules by the computer
       as a reminder. Familiarize yourself with your child's
       online activities and maintain a dialogue with your
       child about what applications they are using. Consider
       using parental control tools that are provided by some
       Internet Service Providers and available for purchase
       as separate software packages.
    http://www.youtube.com/watch?v=GX6_wdLdYeE
http://www.microsoft.com/protect/familysafety/default.aspx
  8. Protect Your Portable Devices
   – It is important to make sure you secure your portable devices to
     protect both the device and the information contained on the
     device.
   – Password protect all devices.
   – If your device has Bluetooth or other connectivity function and it's
     not used, check to be sure this setting is disabled.
       • If the Bluetooth functionality is used, be sure to change the default
         password
   – Encrypt data and data transmissions whenever possible.

http://www.onguardonline.gov/topics/laptop-security.aspx
    9. Use Only „Secure‟ Wireless
                 http://www.youtube.com/watch?v=ritz3pDopF0


•   Wireless networks are not as secure as the
    traditional "wired" networks, but you can
    minimize the risk on your wireless network
    – enable encryption
    – change the default password
    – changing the Service Set Identifier (SSID)
    – turn off SSID broadcasting
    – using the MAC filtering feature.
http://www.onguardonline.gov/topics/wireless-security.aspx
      10. Back-Up Important Files
                  http://www.youtube.com/watch?v=WnLSKWrJTaA

   – Back-up your important files minimally on a weekly
     basis.
   – Two Kinds of Computer Users
      • Those who have already lost data
      • Those who are going to lose data in future
   – Back-up Options:
      • CDs
      • USB Drives
      • Online
http://www.pcmag.com/article2/0,2817,2288745,00.asp
               …and Finally
       http://www.youtube.com/watch?v=qs9XG3ZGm7A




…NEVER click anywhere in a rogue AV
             window!
          More Information?
           Any Questions?

              Dan O‟Callaghan
             Sinclair Community College
              444 W Third St, 13-000F
                 Dayton, OH 45402


Voice: 512-2452
Email (NOT SECURE!): daniel.ocallaghan@sinclair.edu

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:8/15/2011
language:Malay
pages:27