Information Security Awareness

Information Security Awareness

INFORMATI ON User Awareness and Practices SECURITY IMPORTANCE OF SECURITY The internet allows an attacker to attack from anywhere on the planet. Risks caused by poor security knowledge and practice: Identity Theft Monetary Theft Legal Ramifications (for yourself and districts) Termination if policies are not followed

According to , the top vulnerabilities available for a cyber criminal are: Web Browser Instant Messenger (IM) Clients Web Applications Excessive User Rights SECURITY VS SAFETY Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. USER AWARENESS

System Administrators COMPUTER CRIMINALS Some scripts are useful to protect networks Hacker: Computer-savvy programmer creates attack software Script Kiddies: Computer users who know how to execute programs Criminals: Create & sell bots -> spam Sell credit card numbers, Hacker Bulletin Board SQL Injection Buffer overflow

Password Crackers Password Dictionaries Successful attacks! Crazyman broke into CoolCat penetrated Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000 LEADING THREATS Virus Worm Trojan Horse / Logic Bomb

Social Engineering Rootkits Botnets / Zombies VIRUS A virus attaches itself to a program, file, or disk When the program is executed, the virus activates and replicates itself The virus may be benign or malignant but executes its payload at some point (often upon contact) Viruses result in crashing of computers and loss Program A Extra Code

infects of data. In order to recover/prevent virus/attacks: Avoid potentially unreliable websites/emails System Restore Re-install operating system Anti-virus (i.e. Avira, AVG, Norton) Program B WORM Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate.

To Joe To Ann To Bob Email List: [email protected] [email protected] [email protected] LOGIC BOMB / TROJAN HORSE Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid. Crypto-ransomware, encrypts certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system. Download a game: Might be fun but has hidden part that emails your password file without you knowing. SOCIAL ENGINEERING Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password?

Email: ABC Bank has noticed a problem with your account In Person: What ethnicity are you? Your mothers maiden name? and have some software patches I have come to repair your machine

PHISHING = FAKE EMAIL Phishing: a trustworthy entity asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords. PHARMING = FAKE WEB PAGES The link provided in the e-mail leads to a fake webpage

which collects important information and submits it to the owner. The fake web page looks like the real thing Extracts account information BOTNET A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. The compromised computers are called zombies MAN IN THE MIDDLE ATTACK An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to

be that access point or server. ROOTKIT Upon penetrating a computer, a hacker installs a collection of programs, called a rootkit. May enable: Easy access for the hacker (and others) Keystroke logger Eliminates evidence of break-in

Modifies the operating system Backdo or entry Keystro ke Logg er r e s nu e d Hid PASSWORD CRACKING: DICTIONARY ATTACK & BRUTE FORCE Pattern Calculati

on Personal Info: interests, relatives Social Engineering American Dictionary Result Time to Guess (2.6x1018/month) 20 Manual 5 minutes 1 Manual 2 minutes 80,000

< 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric

628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015

2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512

5x1023 16 chars: alphanumeric 6216 5x1028 Family Educational Rights and Privacy Act (FERPA) "Personally Identifiable Information" The term includes, but is not limited to (a) The students name; (b) The name of the students parent or other family members; (c) The address of the student or students family; (d) A personal identifier, such as the students social security number, student number, or biometric record; (e) Other indirect identifiers, such as the students date of birth, place of birth, and mothers maiden name;

(f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or (g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates. RECOGNIZING A BREAK-IN OR COMPROMISE Symptoms: Antivirus software detects a problem Pop-ups suddenly appear (may sell security software) Disk space disappears Files or transactions appear that should not be there System slows down to a crawl Unusual messages, sounds, or displays on your monitor Stolen laptop (1 in 10 stolen in laptop lifetime)

Your mouse moves by itself Your computer shuts down and powers off by itself Often not recognized MALWARE DETECTION Spyware symptoms: Change to your browser homepage/start page Ending up on a strange site when conducting a search System-based firewall is turned off automatically Lots of network activity while not particularly active Excessive pop-up windows New icons, programs, favorites which you did not add Frequent firewall alerts about unknown programs trying to access the Internet Bad/slow system performance

SAFE & SECURE USER PRACTICES SECURITY: DEFENSE IN DEPTH Defense in depth uses multiple layers of defense to address technical, personnel and operational issues. ANTI-VIRUS & ANTI-SPYWARE Anti-virus software detects malware and can destroy it before any damage is done Install and maintain anti-virus and antispyware software Be sure to keep anti-virus software updated Many free and pay options exist FIREWALL

A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer. Filters packets that enter or leave your computer PROTECT YOUR OPERATING SYSTEM Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. The Windows Update feature built into Windows can be set up to automatically download and install updates.

Avoid logging in as administrator CREATING A GOOD PASSWORD Merry Christmas Bad Password (Lengthen) Merry Xmas MerryChrisToYou (Synonym) (Intertwine Letters) (convert vowels

to numeric) MerryJul (Abbreviate) MaryJul MXemrays Good Password MerChr2You (Keypad shift Right . Up) Glad*Jes*Birth ,stuzc,sd M5rryXm1s Jq46Sjqw

Mary*Jul mErcHr2yOu CREATING A GOOD PASSWORD Combine 2 unrelated Mail + phone = [email protected]!lf0n3 words Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u PASSWORD

RECOMMENDATIONS Never use admin or root or administrator as a login for the admin A good password is: private: it is used and known by one person only secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal easily remembered: so there is no need to write it down at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, numbers and symbols not guessable by any program in a reasonable time, for instance less than one week changed regularly: a good change policy is every 3 months

AVOID SOCIAL ENGINEERING & MALICIOUS SOFTWARE Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust. OTHER HACKER TRICKS TO AVOID

Be sure to have a good firewall or pop-up blocker installed Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the X in the upper corner. Never click yes, accept or even cancel Infected USB drives are often left unattended by hackers in public places. SECURE ONLINE BANKING & BUSINESS

Always use secure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security BACK-UP IMPORTANT INFORMATION No security measure is 100% What information is important to you? Is your back-up: Recent? Off-site & Secure?

Process Documented? Tested? Encrypted? HOW IS FRAUD DISCOVERED? % How Fraud is Discovered 40 35 30 25 20 15 10 5 0 Tip By Accident

Internal Audit Internal Controls External Audit Notified by Police Tips are most common way fraud is discovered. Tips come from: Employee/Coworkers 64%, Anonymous 18%, Customer 11%, Vendor 7% If you notice possible fraud, CONTACT: ?????????? Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons

PUT THIS KNOWLEDGE TO WORK! These are best practices involving Information Security. Most of these practices are from the National Institute of Standards and Technology. Use these practices at home and at work to keep safe and secure. Districts have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your district and your students.


Recently Viewed Presentations

  • CS152: Computer Architecture and Engineering

    CS152: Computer Architecture and Engineering

    Computer Architecture Lecture 1 Ann Gordon-Ross ... that it can be simulated within a VHDL-based hardware development framework Starting with the major components of a MIPS datapath Integrate the components and control logic into a processor implementing a subset of...
  • FACET Workshop Presentation  January 2014 UMKC Who We

    FACET Workshop Presentation January 2014 UMKC Who We

    FACET Workshop Presentation - January 2014 UMKC. Who We Are. We are a metropolitan collaborative . working together for systemic change . by advocating for a more equitable region through education, organizing, and public policy change. Mission.
  • 1.2 Unifying Themes of Biology LEQ: What is

    1.2 Unifying Themes of Biology LEQ: What is

    In summary, a tree is a form - not a type of organism per se. A butterfly has spots, but you would never confuse it with a Cheetah, correct? A bird has wings, but not like an insect's wings…and so...
  • DNA Fingerprinting &amp; Gel Electrophoresis

    DNA Fingerprinting & Gel Electrophoresis

    A DNA fingerprint is like a unique barcode for every organism on Earth. DNA fingerprinting can be used to solve crimes and determine who an individual's genetic parents are. DNA fingerprinting uses gel electrophoresis to separate different size pieces of...
  • MACRO-ECONOMICS The Business Cycle

    MACRO-ECONOMICS The Business Cycle

    The phases of the business cycle are known as: Peak (Boom) Recession. Trough. ... BUSINESS CYCLE Recovery Phase. In the recovery phase, there is increased aggregate demand and an economic expansion. Consumption and investment rise, resulting in higher levels of...
  • 26/01/20 nrt In an atom, the electrons are

    26/01/20 nrt In an atom, the electrons are

    SSER Ltd. Other titles: Times New Roman Default Design Slide 1 Slide 2 Slide 3 Slide 4 Slide 5 Slide 6 Slide 7 Slide 8 Slide 9 Slide 10 Slide 11 Slide 12 Slide 13 Slide 14 Slide 15 Slide...


    A Roman soldier wore armour made from strips of iron and leather .A Roman soldier wore on his head a metal helmet .Every soldiers carried a rectangular shield, curved .The soldier's main weapons were a short sword and a long...
  • Chapter 0: Getting Started - Faculty Server Contact

    Chapter 0: Getting Started - Faculty Server Contact

    Many of the basic methods of inference are designed for Normal populations. Fortunately, this condition is less essential than where the data come from. Any inference procedure based on sample statistics (like the sample mean, ?) that are not resistant...