Erdo Deshiant Garnaby, profile picture
Uploaded byErdo Deshiant Garnaby
PDF, PPTX424 views

Unit+four+ +principles+of+cybersecurity

This document provides an overview of cybersecurity principles and threats. It discusses the goals of cybersecurity - confidentiality, integrity and availability. It describes common cybersecurity tools like encryption, access controls, backups and redundant systems that support these goals. The document also outlines various types of malware threats like viruses, worms, Trojan horses, botnets and keyloggers. Additionally, it covers social engineering techniques used in phishing and outlines best practices for strong password management to help protect against attacks.

Embed presentation

Download as PDF, PPTX
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT FOUR Principles of Cybersecurity
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Cybersecurity Goals and Tools
© Air Force Association • 3 Goals of information security: ‐ Maintain information confidentiality • Making sure only approved users have access to data ‐ Maintain information integrity • Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user • Source Integrity: assurance that the sender of the information is who it is supposed to be ‐ Maintain information availability • Ensuring data is accessible by approved users when needed The CIA Triad Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
© Air Force Association • Confidentiality ‐ Encryption • Passwords, encryption keys ‐ User access control • controlling which users have access to networks and what level of access each user has • Integrity ‐ Encryption ‐ User access control ‐ File permissions • Customizable settings that only allow certain users to view and edit files ‐ Version control systems/backups • Availability ‐ Offsite data storage/backups ‐ Redundant architecture (hardware and software) The CIA Triad: Tools of the Trade
© Air Force Association • Process of verifying the identity of a user • Used to control access to a resource • Methods: ‐ Passwords ‐ Physical “keys” (key chains, swipe cards) ‐ Biometrics (fingerprints, retina scanning) • Threats: ‐ Brute force cracking • Test every possible combination of letters, numbers, and characters until the password is found ‐ Dictionary cracking • Test words and combinations of words found in the dictionary or from a slightly shorter list of words known to be commonly used in passwords 4 Authentication/Encryption Password: * * * * * * * *
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Building Strong Passwords
© Air Force Association Building Strong Passwords NOT… 6 C L O U D S S U N Source: tamutimes.tamu.edu Remember…….
© Air Force Association 1234 7 Passwords NOT GOOD! This is Ronald Donald’s Password:
© Air Force Association • Passwords of 8 characters consisting of Numbers only: 100 million + Lower case: 2.8 trillion + Upper case: 210 trillion + Symbols: 7.2 quadrillion 8 Passwords - Complex Cracked in < one second Cracked in eleven minutes Cracked in fifteen hours Cracked in three weeks Ronald’s Old Password: 1234 New Password: Pa123! • Always use at least 3 of the following:  Numbers  Lower case letters  Upper case letters  Symbols (% # * & ! : { “ > |) Source: www.howsecureismypassword.net
© Air Force Association Six or fewer characters Seven characters Eight characters Nine characters Ten characters • Brute force attacks can run 4 billion calculations per second 9 Passwords - Lengthy Ronald’s Old Password: Pa123! New Password: Password123! Cracked in three minutes Cracked in five hours Cracked in three weeks Cracked in five years Cracked in 526 years • Always use at least 8 characters
© Air Force Association Do not Share Your Password with ANYONE 10 Passwords – Only Yours
© Air Force Association • Any of the top 10,000 passwords will be broken immediately • 91% of people have one of the 1,000 most popular passwords • Almost half of all people use one of the 100 most popular 11 Passwords - Unique Ronald’s Old Password: Password123! New Password: Ronald123! – letmein – dragon – 111111 – baseball – iloveyou – trustno1 – password – 123456 – 12345678 – abc123 – qwerty – monkey – 1234567 – sunshine – master – 123123 – welcome – shadow
© Air Force Association Example: [base password] [site] Gmail: [Ronald123!] [GMA] = Ronald123!GMA Facebook: [Ronald123!] [FAC] = Ronald123!FAC 12 Passwords - Different • Use different passwords for each login (e.g. Gmail and Facebook) – 73% of people do not Ronald’s Old Password: Ronald123! New Passwords: Ronald123!FAC and Ronald123!GMA
© Air Force Association • The longer you keep a password the longer attackers have to try and crack it • Changing your passwords regularly can help foil cracking attempts as they happen • It’s best to change your passwords at least every few months 13 Passwords – Short Term
© Air Force Association • Do not use dictionary words ‐ Fend off dictionary cracking attacks by using passphrases 14 Passwords NOT Simple Where’s the beef? Wh D@ B33f? WhD@B33f?
© Air Force Association • User ID is publicly available • Using it as a password = Giving it away 15 Passwords – NOT User ID
© Air Force Association • Do not use any personal info – can be easily found by other means ‐ Name ‐ Birthday ‐ Pet’s Name ‐ Mother’s Maiden Name ‐ Hometown 16 Passwords – NOT Name Old Gmail Password: Ronald123!GMA New Password: WhD@B33f?GMA Old Facebook Password: Ronald1234FAC New Password: WhD@B33f?FAC
© Air Force Association Building Strong Passwords NOT… 17 Source: tamutimes.tamu.edu Remember……. Complex Lengthy Only Yours Unique Different Short Term Simple User ID Name
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Cyber Threats 18
© Air Force Association • Dumpster Diving: Thieves sift through garbage for receipts with credit card information, medical forms with social security numbers, or other documents with PII • Shoulder Surfing: By looking over your shoulder as you type, thieves can glean your passwords, account information, and other sensitive information • Simple, but often overlooked threats 19 Physical Threats
© Air Force Association • Basic personal practices that keep computers and data safe ‐ Lock your computer when in public areas ‐ Shield your keyboard when you type passwords ‐ Do not let strangers use your computer ‐ Keep sensitive information in secure places 20 Cyber Hygiene
© Air Force Association Portable or handheld devices that have data or can connect to another device that has data 21 What are mobile devices?
© Air Force Association 22 Securing Mobile Devices Risk Fix 1. Easily stolen and lost 2. Often not encrypted 3. Targets of malware, tools for attackers 4. Can be compromised via wireless 5. Applications collect information 1. Guard your devices 2. Set a strong passcode 3. Use anti-malware and updates 4. Avoid using open networks 5. Customize security settings
© Air Force Association • Social Engineering: Manipulating people into giving up personal information 23 Online Threats Thrift Shopping Room M@ckelm0re Guests Ry@nLew1s | Send M@ckelm0re: Yo man I got the illest sweaters yesterday Ry@nLew1s: Really? What are we talkin? Wool? Pullover? Cardigan? Ry@nLew1s: I got a dope cardigan last week. Only 99 cents. M@ckelm0re: A couple of sick purple pullovers. Dont know if I need 2 tho….whats ur address? I will drop 1 in the mail for u.
© Air Force Association • Phishing: fraud attempts perpetrated by random attackers against a wide number of users • Spear-phishing: fraud attempts targeted at specific people based on their membership or affiliation with a the spoofed group ‐ e.g. fraudulent emails sent to Microsoft employees aiming to steal Microsoft secrets • Vishing: Attempts to manipulate people into giving up PII over the phone • Smishing: Attempts to manipulate people into giving up PII by text message (SMS) 24 Social Engineering Methods
© Air Force Association Sincerely, Customer Service Barclays *Phishing attempts are rarely this obvious, but these are useful errors to look for 25 How to Spot Phishing Emails Spoofed email address Spelling Errors/Typos ALL CAPS Asks for Personally Identifying Information Executable attachment or link to a Website Signed by a department, not an individual Source: www.Vanish.org
© Air Force Association • Report phishing attempts so other people aren’t victimized • Go to the legitimate website of the spoofed organization (not through a link in the email) • Follow the site’s procedure for reporting • Report the spoof to your email provider 26 Reporting Email Scams
© Air Force Association • Malicious Software = Malware • Software designed and written to: ‐ Steal information ‐ Spy on users ‐ Gain control of computers • Categorized by ‐ How it spreads ‐ What it does 27 Malware: What is it?
© Air Force Association • V • T • Z • K • B • L • S 28 Malware: What is it? iruses/Worms rojan Horses ombies and Botnets eyloggers ackdoors ogic/Time Bombs pyware
© Air Force Association • Viruses: Can infect and spread but need human assistance ‐ People download infected email attachments, shared files, spoof links, etc. ‐ Example: ILOVEYOU virus • Worms: Can infect and spread without human assistance ‐ Example: Sasser worm 29 Malware: Viruses/Worms
© Air Force Association • Trojan horse: Program with a hidden malicious function ‐ It looks like something you want ‐ It does something you do not want • Can cause computer crashes and be used by attackers to gain remote access to your system or steal information 30 Malware: Trojan Horses
© Air Force Association • Zombies (a.k.a bots): compromised computers under the control of an attacker ‐ Make it possible for someone else to control your computer from anywhere in the world • Botnet: a collection of compromised computers (zombies) under the control of an attacker ‐ Attackers pool the computing power of all of the zombie machines to launch huge spam attacks or to bring down websites through Distributed Denial of Service (DDoS) attacks ‐ DDoS attacks direct massive amounts of communication requests and traffic to websites in attempt to overwhelm their servers 31 Malware: Zombies and Botnets
© Air Force Association • Keylogger: Tracks users’ keystrokes, obtains passwords and other personal information • Especially dangerous, because they track everything a user does, not just what they do on an unprotected Internet browser 32 Malware: Keyloggers My Computer Password: * * * * * * Attacker’s Computer Password: Q W E R T Y Keylogger
© Air Force Association • Backdoor: An entry point into a program without all the normal, built- in security checks • Programmers sometimes install backdoors when they develop programs so that they can manipulate a program’s code more easily during troubleshooting and testing ‐ Sometimes they forget to close them • Attackers use malware like viruses, worms, and Trojan Horses to install backdoors on the computers they infect 33 Malware: Backdoors
© Air Force Association • Logic/time bomb: Malware designed to lie dormant until a specific logical condition is met ‐ A particular person logs in ‐ A specific date or time ‐ A message is received 34 Malware: Logic/Time Bombs 00:00:00
© Air Force Association • Spyware: Collects information about you, without your knowledge or consent ‐ Keyloggers are a type of Spyware Malware: Spyware 35
© Air Force Association Anti-malware Software 36 Quarantines and removes infected files Scans files for matches in databases of known malware Alerts you when a match is identified or a suspect program attempts to run Source: www.zdnet.com Source: www.pcworld.com Source: www.royalpccare.com Source: www.digital-defender.com

More Related Content

PDF
Unit+two+ +cyber+ethics+and+online+safety
byErdo Deshiant Garnaby
 
PPT
Cyber Security For Kids by Shounak Ray Chaudhuri
byMoumita Chatterjee
 
PPTX
CYBER SECURITY ON SOCIAL MEDIA
bycharitha garimella
 
PPTX
Cyber terrorism
byRaheela Patel
 
PPTX
CYBER TERRORISM
byTejesh Dhaypule
 
PPTX
Cyber crime & security
byRonson Fernandes
 
PPTX
Cyber Crime & Security
byUday Bhaskarwar
 
PPTX
Cyber terrorism
byKaustubhPathak11
 
Unit+two+ +cyber+ethics+and+online+safety
byErdo Deshiant Garnaby
 
Cyber Security For Kids by Shounak Ray Chaudhuri
byMoumita Chatterjee
 
CYBER SECURITY ON SOCIAL MEDIA
bycharitha garimella
 
Cyber terrorism
byRaheela Patel
 
CYBER TERRORISM
byTejesh Dhaypule
 
Cyber crime & security
byRonson Fernandes
 
Cyber Crime & Security
byUday Bhaskarwar
 
Cyber terrorism
byKaustubhPathak11
 

What's hot

PDF
National Life IT Department's Cyber Security Awareness Presentation
byJamie Proctor-Brassard
 
PPTX
Cyber security
byDebaroy1995
 
PPTX
Cyber Crime And Security
byShaheda Afreen
 
PPTX
Preventing Cybercrime in Libraries
byMary Rayme
 
PPTX
Cyber crime ppt
byBushra22
 
PPT
Cyber Security and Cyber Awareness
byJay Nagar
 
PPSX
Cyber Crime and Ethical Hacking
byANKIT KUMAR
 
PPTX
CYBER ETHICS, CRIMES AND SAFTY
byFaMulan2
 
PPTX
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 
PPTX
Cyber Crime - What is Cyber Crime
byAdeel Rasheed
 
PPSX
Cyber security awareness for students
byAkhil Nadh PC
 
PPTX
Cyber Crime and Social Media Security
byHem Pokhrel
 
PPTX
Cyber crime ppt
byHimanshu Saini
 
PDF
Cybersecurity Awareness Posters - Set #2
byNetLockSmith
 
PPTX
Cyber crime and security
byarel shane
 
PPTX
"Cyber crime", or computer-oriented crime..!!
byamit_shanu
 
PPTX
cyber crime
byMosuud jilani lipon
 
PPTX
Presentation on cyber safety
byMOHAMMADZAINULABIDEE3
 
PDF
Nat'l Cyber Security Awareness Month (NCSAM) Posters
byNetLockSmith
 
PPTX
Cyber crime: A Quick Survey
byArindam Sarkar
 
National Life IT Department's Cyber Security Awareness Presentation
byJamie Proctor-Brassard
 
Cyber security
byDebaroy1995
 
Cyber Crime And Security
byShaheda Afreen
 
Preventing Cybercrime in Libraries
byMary Rayme
 
Cyber crime ppt
byBushra22
 
Cyber Security and Cyber Awareness
byJay Nagar
 
Cyber Crime and Ethical Hacking
byANKIT KUMAR
 
CYBER ETHICS, CRIMES AND SAFTY
byFaMulan2
 
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 
Cyber Crime - What is Cyber Crime
byAdeel Rasheed
 
Cyber security awareness for students
byAkhil Nadh PC
 
Cyber Crime and Social Media Security
byHem Pokhrel
 
Cyber crime ppt
byHimanshu Saini
 
Cybersecurity Awareness Posters - Set #2
byNetLockSmith
 
Cyber crime and security
byarel shane
 
"Cyber crime", or computer-oriented crime..!!
byamit_shanu
 
cyber crime
byMosuud jilani lipon
 
Presentation on cyber safety
byMOHAMMADZAINULABIDEE3
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
byNetLockSmith
 
Cyber crime: A Quick Survey
byArindam Sarkar
 

Similar to Unit+four+ +principles+of+cybersecurity

PPT
Computer Security
bytonik
 
PPTX
Security in web based attacks and application.pptx
byumanggargcse
 
PPTX
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
PPTX
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
PPTX
Awareness Security 123.pptx
byRajuSingh730938
 
PPTX
USG_Security_Awareness_Primer.pptx
bysumita02
 
PDF
Getting users to care about security
byAlison Gianotto
 
PDF
Intro to information security
byViraj Ekanayake
 
PPTX
Computer / Internet Security WHPL
byWest Haven Public Library
 
PDF
Be Cyber Smart! (DLH 10/25/2019)
byDavid Herrington
 
PDF
Customer information security awareness training
byAbdalrhmanTHassan
 
PDF
Tech Talk: Keep-Personal Information (PI)-Safe Online
bytalk2debra
 
PPT
Computer security
byUniv of Salamanca
 
PPT
Security Training 2008
bybdill
 
PPTX
Security_Awareness_Primer.pptx
byFaith Shimba
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
PPT
Cyber Security Awareness Training by Win-Pro
byRonald Soh
 
PPTX
Personal Internet Security System
byMatthew Bricker
 
PDF
Drooger, jack cyber security
byHagerstown Chamber Business Expo
 
PDF
Threat and Mitigation
byNoel Waterman
 
Computer Security
bytonik
 
Security in web based attacks and application.pptx
byumanggargcse
 
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
Awareness Security 123.pptx
byRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
bysumita02
 
Getting users to care about security
byAlison Gianotto
 
Intro to information security
byViraj Ekanayake
 
Computer / Internet Security WHPL
byWest Haven Public Library
 
Be Cyber Smart! (DLH 10/25/2019)
byDavid Herrington
 
Customer information security awareness training
byAbdalrhmanTHassan
 
Tech Talk: Keep-Personal Information (PI)-Safe Online
bytalk2debra
 
Computer security
byUniv of Salamanca
 
Security Training 2008
bybdill
 
Security_Awareness_Primer.pptx
byFaith Shimba
 
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
Cyber Security Awareness Training by Win-Pro
byRonald Soh
 
Personal Internet Security System
byMatthew Bricker
 
Drooger, jack cyber security
byHagerstown Chamber Business Expo
 
Threat and Mitigation
byNoel Waterman
 

More from Erdo Deshiant Garnaby

PDF
Hasil-TSUI-jjjkkkkkkkkESUI-20l22-260123_22pm.pdf
byErdo Deshiant Garnaby
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PPT
Computer Security Hacking
byErdo Deshiant Garnaby
 
PPTX
Org Design
byErdo Deshiant Garnaby
 
PPTX
HOS Talent management presentation
byErdo Deshiant Garnaby
 
PPTX
Talent management
byErdo Deshiant Garnaby
 
PDF
Unit+nine+ +additional+topics+and+resources
byErdo Deshiant Garnaby
 
PDF
Unit+seven+ +introduction+to+linux+and+ubuntu
byErdo Deshiant Garnaby
 
PDF
Unit+eight+ +ubuntu+security
byErdo Deshiant Garnaby
 
PDF
Unit+six+ +windows+file+protections+and+monitoring
byErdo Deshiant Garnaby
 
PDF
microsoft+windows+security
byErdo Deshiant Garnaby
 
PDF
Unit+three+ +computer+basics+and+virtual+machines
byErdo Deshiant Garnaby
 
PDF
Unit+eight+ +ubuntu+security
byErdo Deshiant Garnaby
 
PDF
Unit+seven+ +introduction+to+linux+and+ubuntu
byErdo Deshiant Garnaby
 
PDF
introduction to cyber patriot and cyber security
byErdo Deshiant Garnaby
 
PDF
Cyber Ethics
byErdo Deshiant Garnaby
 
Hasil-TSUI-jjjkkkkkkkkESUI-20l22-260123_22pm.pdf
byErdo Deshiant Garnaby
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
Computer Security Hacking
byErdo Deshiant Garnaby
 
Org Design
byErdo Deshiant Garnaby
 
HOS Talent management presentation
byErdo Deshiant Garnaby
 
Talent management
byErdo Deshiant Garnaby
 
Unit+nine+ +additional+topics+and+resources
byErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
byErdo Deshiant Garnaby
 
Unit+eight+ +ubuntu+security
byErdo Deshiant Garnaby
 
Unit+six+ +windows+file+protections+and+monitoring
byErdo Deshiant Garnaby
 
microsoft+windows+security
byErdo Deshiant Garnaby
 
Unit+three+ +computer+basics+and+virtual+machines
byErdo Deshiant Garnaby
 
Unit+eight+ +ubuntu+security
byErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
byErdo Deshiant Garnaby
 
introduction to cyber patriot and cyber security
byErdo Deshiant Garnaby
 
Cyber Ethics
byErdo Deshiant Garnaby
 

Recently uploaded

PPTX
"vaccine components/ingredients. Powerpoint
byEhsanJan3
 
PPTX
Complement System of Immunology for MS.c.pptx
byDr. Ajay Mahant
 
PPTX
HIGH PERFORMANCE LIQUID CHROMATOGRAPHY (HPLC) PRESENTATION_024050.pptx
byaboyingastephen06
 
PPT
Lecture - Chapter 3 - Ecosystems and Energy.ppt
bynikhilshantiniketan
 
PPTX
male_reproductive_system_full_presentation.pptx
bykattelraju
 
PPTX
RNA World Hypothesis: Origin of Life, Self-Replicating Molecules, and Early E...
bySatyam Sharma
 
PDF
Indian Seed Vault (Chang La, Ladakh) | Conservation of Plant Genetic Resource...
bySatyam Sharma
 
PDF
Genetics – Its Complete History, Scope, and Development
bySatyam Sharma
 
PPTX
culture media preparation & cell harvesting methods..pptx
byDr Showkat Ahmad Wani
 
PPTX
autosomal and sex chromosomal inheritance pattern in humans.pptx
byRachanaTripathi6
 
PPTX
pharmacology ppt on cell viability assay
byPokeWarrior
 
PDF
High-velocity fragmentation and spall fracture of steel AF9628
byJavier García Molleja
 
PPTX
Heterospory and seed habit in Pteridophytes.pptx
byRashmiMG2
 
PPTX
Pharmaceutical engineering (sem-3) unit 5
bypayalpilaji
 
PPTX
PCR-variants & applications; RFLP, RAPD AFLP techniques.pptx
byDr Showkat Ahmad Wani
 
PPTX
Presentation on Drainage Engineering pptx
byssuser5c2912
 
PPTX
Core & Extension Air & Water II Air.pptx
byMeravealhelou1
 
PDF
BP504T UNIT 03 PART 01 PHARMACOGNOSY AND PHYTOCHEMSITRY
byAnubhav Gupta
 
PDF
Pasteurization | The Discovery That Made Food Safe | Explained by Louis Paste...
bySatyam Sharma
 
PDF
Spectroscopy ( स्पेक्ट्रोस्कोपी ) English and Hindi Medium Chemistry Notes PD...
byWorld of Wisdom
 
"vaccine components/ingredients. Powerpoint
byEhsanJan3
 
Complement System of Immunology for MS.c.pptx
byDr. Ajay Mahant
 
HIGH PERFORMANCE LIQUID CHROMATOGRAPHY (HPLC) PRESENTATION_024050.pptx
byaboyingastephen06
 
Lecture - Chapter 3 - Ecosystems and Energy.ppt
bynikhilshantiniketan
 
male_reproductive_system_full_presentation.pptx
bykattelraju
 
RNA World Hypothesis: Origin of Life, Self-Replicating Molecules, and Early E...
bySatyam Sharma
 
Indian Seed Vault (Chang La, Ladakh) | Conservation of Plant Genetic Resource...
bySatyam Sharma
 
Genetics – Its Complete History, Scope, and Development
bySatyam Sharma
 
culture media preparation & cell harvesting methods..pptx
byDr Showkat Ahmad Wani
 
autosomal and sex chromosomal inheritance pattern in humans.pptx
byRachanaTripathi6
 
pharmacology ppt on cell viability assay
byPokeWarrior
 
High-velocity fragmentation and spall fracture of steel AF9628
byJavier García Molleja
 
Heterospory and seed habit in Pteridophytes.pptx
byRashmiMG2
 
Pharmaceutical engineering (sem-3) unit 5
bypayalpilaji
 
PCR-variants & applications; RFLP, RAPD AFLP techniques.pptx
byDr Showkat Ahmad Wani
 
Presentation on Drainage Engineering pptx
byssuser5c2912
 
Core & Extension Air & Water II Air.pptx
byMeravealhelou1
 
BP504T UNIT 03 PART 01 PHARMACOGNOSY AND PHYTOCHEMSITRY
byAnubhav Gupta
 
Pasteurization | The Discovery That Made Food Safe | Explained by Louis Paste...
bySatyam Sharma
 
Spectroscopy ( स्पेक्ट्रोस्कोपी ) English and Hindi Medium Chemistry Notes PD...
byWorld of Wisdom
 

Unit+four+ +principles+of+cybersecurity

  • 1.
    AIR FORCE ASSOCIATION’S NATIONALYOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT FOUR Principles of Cybersecurity
  • 2.
    AIR FORCE ASSOCIATION’S NATIONALYOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Cybersecurity Goals and Tools
  • 3.
    © Air ForceAssociation • 3 Goals of information security: ‐ Maintain information confidentiality • Making sure only approved users have access to data ‐ Maintain information integrity • Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user • Source Integrity: assurance that the sender of the information is who it is supposed to be ‐ Maintain information availability • Ensuring data is accessible by approved users when needed The CIA Triad Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
  • 4.
    © Air ForceAssociation • Confidentiality ‐ Encryption • Passwords, encryption keys ‐ User access control • controlling which users have access to networks and what level of access each user has • Integrity ‐ Encryption ‐ User access control ‐ File permissions • Customizable settings that only allow certain users to view and edit files ‐ Version control systems/backups • Availability ‐ Offsite data storage/backups ‐ Redundant architecture (hardware and software) The CIA Triad: Tools of the Trade
  • 5.
    © Air ForceAssociation • Process of verifying the identity of a user • Used to control access to a resource • Methods: ‐ Passwords ‐ Physical “keys” (key chains, swipe cards) ‐ Biometrics (fingerprints, retina scanning) • Threats: ‐ Brute force cracking • Test every possible combination of letters, numbers, and characters until the password is found ‐ Dictionary cracking • Test words and combinations of words found in the dictionary or from a slightly shorter list of words known to be commonly used in passwords 4 Authentication/Encryption Password: * * * * * * * *
  • 6.
    AIR FORCE ASSOCIATION’S NATIONALYOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Building Strong Passwords
  • 7.
    © Air ForceAssociation Building Strong Passwords NOT… 6 C L O U D S S U N Source: tamutimes.tamu.edu Remember…….
  • 8.
    © Air ForceAssociation 1234 7 Passwords NOT GOOD! This is Ronald Donald’s Password:
  • 9.
    © Air ForceAssociation • Passwords of 8 characters consisting of Numbers only: 100 million + Lower case: 2.8 trillion + Upper case: 210 trillion + Symbols: 7.2 quadrillion 8 Passwords - Complex Cracked in < one second Cracked in eleven minutes Cracked in fifteen hours Cracked in three weeks Ronald’s Old Password: 1234 New Password: Pa123! • Always use at least 3 of the following:  Numbers  Lower case letters  Upper case letters  Symbols (% # * & ! : { “ > |) Source: www.howsecureismypassword.net
  • 10.
    © Air ForceAssociation Six or fewer characters Seven characters Eight characters Nine characters Ten characters • Brute force attacks can run 4 billion calculations per second 9 Passwords - Lengthy Ronald’s Old Password: Pa123! New Password: Password123! Cracked in three minutes Cracked in five hours Cracked in three weeks Cracked in five years Cracked in 526 years • Always use at least 8 characters
  • 11.
    © Air ForceAssociation Do not Share Your Password with ANYONE 10 Passwords – Only Yours
  • 12.
    © Air ForceAssociation • Any of the top 10,000 passwords will be broken immediately • 91% of people have one of the 1,000 most popular passwords • Almost half of all people use one of the 100 most popular 11 Passwords - Unique Ronald’s Old Password: Password123! New Password: Ronald123! – letmein – dragon – 111111 – baseball – iloveyou – trustno1 – password – 123456 – 12345678 – abc123 – qwerty – monkey – 1234567 – sunshine – master – 123123 – welcome – shadow
  • 13.
    © Air ForceAssociation Example: [base password] [site] Gmail: [Ronald123!] [GMA] = Ronald123!GMA Facebook: [Ronald123!] [FAC] = Ronald123!FAC 12 Passwords - Different • Use different passwords for each login (e.g. Gmail and Facebook) – 73% of people do not Ronald’s Old Password: Ronald123! New Passwords: Ronald123!FAC and Ronald123!GMA
  • 14.
    © Air ForceAssociation • The longer you keep a password the longer attackers have to try and crack it • Changing your passwords regularly can help foil cracking attempts as they happen • It’s best to change your passwords at least every few months 13 Passwords – Short Term
  • 15.
    © Air ForceAssociation • Do not use dictionary words ‐ Fend off dictionary cracking attacks by using passphrases 14 Passwords NOT Simple Where’s the beef? Wh D@ B33f? WhD@B33f?
  • 16.
    © Air ForceAssociation • User ID is publicly available • Using it as a password = Giving it away 15 Passwords – NOT User ID
  • 17.
    © Air ForceAssociation • Do not use any personal info – can be easily found by other means ‐ Name ‐ Birthday ‐ Pet’s Name ‐ Mother’s Maiden Name ‐ Hometown 16 Passwords – NOT Name Old Gmail Password: Ronald123!GMA New Password: WhD@B33f?GMA Old Facebook Password: Ronald1234FAC New Password: WhD@B33f?FAC
  • 18.
    © Air ForceAssociation Building Strong Passwords NOT… 17 Source: tamutimes.tamu.edu Remember……. Complex Lengthy Only Yours Unique Different Short Term Simple User ID Name
  • 19.
    AIR FORCE ASSOCIATION’S NATIONALYOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Cyber Threats 18
  • 20.
    © Air ForceAssociation • Dumpster Diving: Thieves sift through garbage for receipts with credit card information, medical forms with social security numbers, or other documents with PII • Shoulder Surfing: By looking over your shoulder as you type, thieves can glean your passwords, account information, and other sensitive information • Simple, but often overlooked threats 19 Physical Threats
  • 21.
    © Air ForceAssociation • Basic personal practices that keep computers and data safe ‐ Lock your computer when in public areas ‐ Shield your keyboard when you type passwords ‐ Do not let strangers use your computer ‐ Keep sensitive information in secure places 20 Cyber Hygiene
  • 22.
    © Air ForceAssociation Portable or handheld devices that have data or can connect to another device that has data 21 What are mobile devices?
  • 23.
    © Air ForceAssociation 22 Securing Mobile Devices Risk Fix 1. Easily stolen and lost 2. Often not encrypted 3. Targets of malware, tools for attackers 4. Can be compromised via wireless 5. Applications collect information 1. Guard your devices 2. Set a strong passcode 3. Use anti-malware and updates 4. Avoid using open networks 5. Customize security settings
  • 24.
    © Air ForceAssociation • Social Engineering: Manipulating people into giving up personal information 23 Online Threats Thrift Shopping Room M@ckelm0re Guests Ry@nLew1s | Send M@ckelm0re: Yo man I got the illest sweaters yesterday Ry@nLew1s: Really? What are we talkin? Wool? Pullover? Cardigan? Ry@nLew1s: I got a dope cardigan last week. Only 99 cents. M@ckelm0re: A couple of sick purple pullovers. Dont know if I need 2 tho….whats ur address? I will drop 1 in the mail for u.
  • 25.
    © Air ForceAssociation • Phishing: fraud attempts perpetrated by random attackers against a wide number of users • Spear-phishing: fraud attempts targeted at specific people based on their membership or affiliation with a the spoofed group ‐ e.g. fraudulent emails sent to Microsoft employees aiming to steal Microsoft secrets • Vishing: Attempts to manipulate people into giving up PII over the phone • Smishing: Attempts to manipulate people into giving up PII by text message (SMS) 24 Social Engineering Methods
  • 26.
    © Air ForceAssociation Sincerely, Customer Service Barclays *Phishing attempts are rarely this obvious, but these are useful errors to look for 25 How to Spot Phishing Emails Spoofed email address Spelling Errors/Typos ALL CAPS Asks for Personally Identifying Information Executable attachment or link to a Website Signed by a department, not an individual Source: www.Vanish.org
  • 27.
    © Air ForceAssociation • Report phishing attempts so other people aren’t victimized • Go to the legitimate website of the spoofed organization (not through a link in the email) • Follow the site’s procedure for reporting • Report the spoof to your email provider 26 Reporting Email Scams
  • 28.
    © Air ForceAssociation • Malicious Software = Malware • Software designed and written to: ‐ Steal information ‐ Spy on users ‐ Gain control of computers • Categorized by ‐ How it spreads ‐ What it does 27 Malware: What is it?
  • 29.
    © Air ForceAssociation • V • T • Z • K • B • L • S 28 Malware: What is it? iruses/Worms rojan Horses ombies and Botnets eyloggers ackdoors ogic/Time Bombs pyware
  • 30.
    © Air ForceAssociation • Viruses: Can infect and spread but need human assistance ‐ People download infected email attachments, shared files, spoof links, etc. ‐ Example: ILOVEYOU virus • Worms: Can infect and spread without human assistance ‐ Example: Sasser worm 29 Malware: Viruses/Worms
  • 31.
    © Air ForceAssociation • Trojan horse: Program with a hidden malicious function ‐ It looks like something you want ‐ It does something you do not want • Can cause computer crashes and be used by attackers to gain remote access to your system or steal information 30 Malware: Trojan Horses
  • 32.
    © Air ForceAssociation • Zombies (a.k.a bots): compromised computers under the control of an attacker ‐ Make it possible for someone else to control your computer from anywhere in the world • Botnet: a collection of compromised computers (zombies) under the control of an attacker ‐ Attackers pool the computing power of all of the zombie machines to launch huge spam attacks or to bring down websites through Distributed Denial of Service (DDoS) attacks ‐ DDoS attacks direct massive amounts of communication requests and traffic to websites in attempt to overwhelm their servers 31 Malware: Zombies and Botnets
  • 33.
    © Air ForceAssociation • Keylogger: Tracks users’ keystrokes, obtains passwords and other personal information • Especially dangerous, because they track everything a user does, not just what they do on an unprotected Internet browser 32 Malware: Keyloggers My Computer Password: * * * * * * Attacker’s Computer Password: Q W E R T Y Keylogger
  • 34.
    © Air ForceAssociation • Backdoor: An entry point into a program without all the normal, built- in security checks • Programmers sometimes install backdoors when they develop programs so that they can manipulate a program’s code more easily during troubleshooting and testing ‐ Sometimes they forget to close them • Attackers use malware like viruses, worms, and Trojan Horses to install backdoors on the computers they infect 33 Malware: Backdoors
  • 35.
    © Air ForceAssociation • Logic/time bomb: Malware designed to lie dormant until a specific logical condition is met ‐ A particular person logs in ‐ A specific date or time ‐ A message is received 34 Malware: Logic/Time Bombs 00:00:00
  • 36.
    © Air ForceAssociation • Spyware: Collects information about you, without your knowledge or consent ‐ Keyloggers are a type of Spyware Malware: Spyware 35
  • 37.
    © Air ForceAssociation Anti-malware Software 36 Quarantines and removes infected files Scans files for matches in databases of known malware Alerts you when a match is identified or a suspect program attempts to run Source: www.zdnet.com Source: www.pcworld.com Source: www.royalpccare.com Source: www.digital-defender.com