Online Threats. This include human using them!

Similar documents
Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 6 Network and Internet Security and Privacy

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Securing Information Systems

Personal Cybersecurity

Securing Information Systems

A Review Paper on Network Security Attacks and Defences

e-commerce Study Guide Test 2. Security Chapter 10

Securing Information Systems

Frequently Asked Questions (FAQ)

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Introduction to Information Security Dr. Rick Jerz

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Online Security and Safety Protect Your Computer - and Yourself!

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom

Employee Security Awareness Training

Create strong passwords

Security Awareness. Presented by OSU Institute of Technology

Train employees to avoid inadvertent cyber security breaches

PRACTICING SAFE COMPUTING AT HOME

Security 08. Black Hat Search Engine Optimisation. SIFT Pty Ltd Australia. Paul Theriault

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Chapter 9 Security and Privacy

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Network Fundamentals. Chapter 7: Networking and Security 4. Network Fundamentals. Network Architecture

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

Course Outline (version 2)

Technology in Action

Securing Information Systems

Ethical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

Who We Are! Natalie Timpone

Evolution of Spear Phishing. White Paper

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Principles of ICT Systems and Data Security

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

ELECTRONIC BANKING & ONLINE AUTHENTICATION

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management


Webomania Solutions Pvt. Ltd. 2017

Newcomer Finances Toolkit. Fraud. Worksheets

How Cyber-Criminals Steal and Profit from your Data

Whitepaper on AuthShield Two Factor Authentication with SAP

Chapter 10: Security and Ethical Challenges of E-Business

3.5 SECURITY. How can you reduce the risk of getting a virus?

Compliance vs Competence: Cyber Security Management for Data Centers. Dr. Suku Nair University Distinguished Professor and Chair, SMU

Discovering Computers Living in a Digital World

INTERNET SAFETY IS IMPORTANT

Top Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES

BEST PRACTICES FOR PERSONAL Security

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

CIS 700/002 : Special Topics : Protection Mechanisms & Secure Design Principles

FAQ. Usually appear to be sent from official address

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Security Awareness. Chapter 2 Personal Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Chapter 4 Network and Internet Security

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Kaspersky Mobile Security 9. Reviewer s Guide

Cyber Security Risk Management and Identity Theft

MODULE NO.28: Password Cracking

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

Cyber Security Guide. For Politicians and Political Parties

Home Computer and Internet User Security

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

IS Today: Managing in a Digital World 9/17/12

June 2 nd, 2016 Security Awareness

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

mhealth SECURITY: STATS AND SOLUTIONS

About Lavasoft. Contact. Key Facts:

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

ECDL / ICDL IT Security. Syllabus Version 2.0

Define information security Define security as process, not point product.

Best Practical Response against Ransomware

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

Cybersecurity glossary. Please feel free to share this.

FAQ: Privacy, Security, and Data Protection at Libraries

NHS South Commissioning Support Unit

Governance Ideas Exchange

Quick Heal Total Security

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

CTS2134 Introduction to Networking. Module 08: Network Security

P2_L12 Web Security Page 1

Chapter 19 Security. Chapter 19 Security

To learn more about Stickley on Security visit You can contact Jim Stickley at

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

COMPUTER PASSWORDS POLICY

PROTECTING YOUR BUSINESS ASSETS

Octopus Online Service Safety Guide

Cyber Crime Seminar. No Victim Too Small Why Small Businesses Are Low Hanging Fruit

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

How To Remove Personal Antivirus Security Pro Virus Manually

Transcription:

Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are also vulnerable from attacks by hackers, those who seeks and exploits weaknesses in a computer system or computer network. This include human using them! https://www.youtube.com/watch?v=auynxgo_f3y

Malware Virus/Worm Self-replicating. Can spread through e-mail, malicious link, USB drive, etc Can reside in (sometime important) part of hard drives Trojan horse Imitate a legitimate program Malware can: Damage files Use up memory Display annoying popups Stealing data Create backdoor Gain control to your computer (creating zombie or bot ) Hold your data/computer hostage ( Ransomware )

Hackers Someone who seeks and exploits weaknesses in a computer system or computer network. Can be for good cause ( White Hat ): educational, or security concern Can alert weakness to owner of software/website for bounty https://www.facebook.com/whitehat Sometime illegally for personal gain ( Black Hat ): blackmail, data theft, entertainment, political or other causes ( Hacktivist ) And sometime both ( Grey Hat )

Example of Attacks Using computer systems with no authority to gain such access Other examples from the media Employees steal time on company computers to do personal business Intruders break into government Web sites and change information displayed Thieves steal credit card numbers and buy merchandise Hackers gain access by Using software weakness at the target ( exploit ) Trick people work at/for the target to give access ( Social Engineering )

Example of Attacks (cont.) Denial-of-service (DOS) or Distributed DOS (DDOS) Attempt to make a machine or network resource unavailable to its intended users. Usually by repeatedly trying to connect/ request service to the target, disrupting it. DDoS will consist of many computers under attackers control ( bot/zombie farm )

Example of Attacks (cont.) Cyber Stalking Use of computer/network technologies to stalk or harass one or more persons Activities Defamation Gathering information Identity theft Monitoring (esp. on Social Network) Threats

Example of Attacks (cont.) Identity Theft: Pretending to be someone else, for malicious purpose Criminal Identity Theft Pretend to be someone else when arrested Financial Identity Theft Credit card, loans, etc Identity cloning Living as someone else Medical Identity Theft Using other s ID to obtain drug Child Identity Theft Using Child s ID Use information gather (partially) from the web

Example of Attacks (cont.) Phishing Attempt to obtain sensitive information, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Information can be: username/password, credit card details, ID, bank account, etc. Usually comes in the form of e-mail pretending to be from back/government agency/school/etc. Ask you to log in / provide personal information on the website with the URL provided in the e-mail. Website is fake, created to collect your personal information

Internet Security Internet Security is the protection of messages communicating within the Internet from theft and forgery There are two categories of protection Authentication: Identify the sender/receiver Authorization: Limit accessibility for individual entities

Authentication Authentication is an identification process that verifies that a person who wishes to access the data is the real user There are 3 techniques used in authentication Possession Memorization Physicality Also, the more secure way of authentication is to required Two-factor Authentication, performing two different authentications at once.

Possession Use manmade objects to verify the identity such as ID Card / Credit Card Authenticator that generates random number with pre-determined seed

Memorization Use password

Physicality Use human physical appearance (dictated by DNA) such as face, eye, fingerprint, palm, voice or a combination of those

Limitation Limitation of Possession Theft / Renewable Forgery / Duplicable Limitation of Memorization Easily guessed weak password / Hard-to-memorize strong password Risk of scamming from public use Limitation of Physicality Need special equipment / can be forged (but take effort)

Authorization Authorization assigns different access permission to different individuals based on their rank or importance Users of the same rank cannot access each other data Users with higher rank may be able to see lower rank data but should not be able to modify it without consent from lower rank user Should Mark Zuckerberg be able to see our relationship status on Facebook while our friends cannot?

Encryption and Decryption There is no guarantee that our message sent to the Internet cannot be bugged so we need a way to hide our message and make sure that only our friends can reveal it We use the method called Public Key Cryptography to encrypt our message https://www.youtube.com/watch?v=zghmpwgxexs

Key and Lock analogy Let s say that we put our message into a chest We lock the chest using a KEY We send the chest to your friend How would your friend open it? Message

Twin keys In real world, we use the same key that locks the chest to open the chest In the Internet, we can create what is called twin keys One key can open the chest only if its twin locks the chest That means that if we lock the chest with one key, that key cannot open the chest

Encryption with twin keys Alice wants to send a message to Bob Bob creates twin keys, say gold key and silver key Bob distributes silver key to everyone

Encryption with twin keys (2) Alice uses silver key to lock the chest containing her message Alice sends the locked chest to Bob Bob opens the lock with gold key and retrieves the message

Why is it safe? Let s have our villain named Mallory Mallory steals the locked chest from Alice Can Mallory open the chest?

Twin keys creation and their security Do twin keys really exist? If so, how do one create them? Twin keys uses concept of Mathematics, specifically number theory Basically twin keys are two magic numbers that related in some way Knowing one number cannot help deducing another number The time to guess gold key using silver key is beyond the age of the universe!!!

Dark Side of Encryption: Cryptowall/Ransomware Malware that uses encryption to lock you out of your system/data Usually disguised as harmless attachments on e-mails, tricking you to open them. Once activated, the cryptowall encrypts files on your computers (and sometime those in the same network) Usually, cryptowall works as ransomware: a ransom note if left on your computer, detailing how to pay the ransom to get your files decrypted.

Stay safe online 1. Take cautions before clicking any attachment/ link 2. Take EXTRA cautions before sharing any personal information (or anything else) 3. Set privacy setting on social network properly 4. Install (trustworthy) security programs Antivirus/ Antispyware/ Backup/ Firewall 5. Practice Password Discipline 6. Logout from Facebook/Google/etc. after you re done using public computer 7. Set password for lockout screen for your PC/Phone/Tablet https://www.youtube.com/watch?v=gcwbf7wkyya

Password Security NEVER SHARE PASSWORD Change password often Use different password for different sites In case one got hacked Use strong password Hard to guess, even if the attacker know your personal information (Should not be so hard that you can t remember it) Avoid: 123456, password, admin, pet s name Secret Question Option to recover your account Should you use correct answer?

source:xkcd.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback