Cybersecurity

Information Security Awareness

 Importance of Cybersecurity

 The internet allows an attacker to work from

anywhere on the planet.

 Risks caused by poor security knowledge and

practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your
organization)
Sanctions or termination if policies are not
followed 2
 According to the SANS Institute, the
top vectors for vulnerabilities available
to a cyber criminal are:
Web Browser
IM Clients
Web Applications
Excessive User Rights

3
 Cybersecurity is Safety

Security: We must protect our

computers and data in the same way that
we secure the doors to our homes.
Safety: We must behave in ways that
protect us against risks and threats that
come with technology.

4
 User Awareness
Cyber-Criminals System Administrators
Some scripts appear useful
to manage networks…
Cracker:
Computer-savvy Posts to
programmer creates Hacker Bulletin Board
attack software SQL Injection
Buffer overflow
lo a ds Password Crackers
Script Kiddies: wn
Do Password Dictionaries
Unsophisticated
computer users who
R ep
know how to o rt s
execute programs Successful attacks!
Crazyman broke into …
s to
P ost CoolCat penetrated…
Criminals: Create & sell bots
-> generate spam Malware package earns $1K-2K
Sell credit card numbers, 1 M Email addresses earn $8
etc… 10,000 PCs earn $1000
5
 Leading Threats

Viruses
Worms
Trojan Horses / Logic Bombs
Social Engineering
Rootkits
Botnets / Zombies

6
 Viruses
 A virus attaches itself to a program,
file, or disk. Program
 When the program is executed, the A
virus activates and replicates itself. Extra Code
 The virus may be benign or malignant
but executes its payload at some point
(often upon contact).
infects
 Viruses can cause computer crashes and
loss of data.
 In order to recover or prevent virus
attacks: Program
 Avoid potentially unreliable B
websites/emails.
 System Restore.
 Re-install operating system.
7
 Use and maintain anti-virus software.
 Worms
Independent program that replicates itself and sends copies from
computer to computer across network connections.
Upon arrival, the worm may be activated to replicate.

To Joe
To Ann
To Bob

Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@u.edu

8
 Logic Bombs and Trojan Horses

Logic Bomb: Malware logic executes upon certain

conditions. The program is often used for otherwise
legitimate reasons.
Examples:
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired.

Trojan Horse: Masquerades as a benign program while

quietly destroying data or damaging your system.
Download a game: It may be fun but contains hidden code that gathers personal
information without your knowledge.

9
 Social Engineering
Social engineering manipulates people into performing actions or divulging confidential
information. Similar to a confidence trick or simple fraud, the term applies to the use of
deception to gain information, commit fraud, or access computer systems.

Email:
Phone Call: ABC Bank has
This is John, the noticed a
System In Person:
problem with
Administrator. What ethnicity
your account…
What is your are you? Your I have come
password? mother’s maiden to repair your
name? machine…
and have
some lovely
software
patches!

10
 Phishing: Counterfeit Email

Phishing: A seemingly
trustworthy entity asks for
sensitive information such
as SSN, credit card
numbers, login IDs or
passwords via e-mail.

11
 Pharming: Counterfeit Web Pages

Wiping over,
but not
clicking the
link may
reveal a
different
Misspelled address.

With whom?
Copyright
date is old

The link provided in the e-mail leads to a counterfeit

webpage which collects important information and submits it
to the owner.
The counterfeit web page looks like the real thing
Extracts account information

12
 Botnet
 A botnet is a number of compromised computers used to create and
send spam or viruses or flood a network with messages as a denial of
service attack.
 The compromised computers are called zombies.

13
 Man In The Middle Attack

An attacker pretends to be your final destination on the network. When

a person tries to connect to a specific destination, an attacker can
mislead him to a different service and pretend to be that network
access point or server.

14
Rootkit

 Upon penetrating a
computer, a hacker may
install a collection of
programs, called a rootkit.
 May enable:
 Easy access for the hacker (and
others)into the enterprise
 Keystroke logger
 Eliminates evidence of Backdo
break-in. or
Keystro entry user
ke Logg den
 Modifies the operating er Hid
system.

15
 An unauthorized acquisition of electronic data
that compromises the security, confidentiality
or integrity of “personal information.”
 Personal Information
 Social Security Number.
 Driver’s license or state ID number.
 Information permitting access to personal
accounts.
 Account passwords or PIN numbers or access
codes.
 Any of the above in connection with a person’s
16
name if the information is sufficient to perform
 Identifying Security Compromises
 Symptoms:
 Antivirus software detects a problem.
 Disk space disappears unexpectedly.
 Pop-ups suddenly appear, sometimes selling security
software.
 Files or transactions appear that should not be there.
 The computer slows down to a crawl.
 Unusual messages, sounds, or displays on your monitor.
 Stolen laptop: 1 stolen every 53 seconds; 97% never
recovered.
 The mouse pointer moves by itself.
 The computer spontaneously shuts down or reboots.
 Often unrecognized or ignored problems.

17
 Malware detection
• Spyware symptoms:
• Changes to your browser homepage/start page.
• Ending up on a strange site when conducting a search.
• System-based firewall is turned off automatically.
• Lots of network activity while not particularly active.
• Excessive pop-up windows.
• New icons, programs, favorites which you did not add.
• Frequent firewall alerts about unknown programs when trying
to access the Internet.
• Poor system performance.

18
 Best Practices to avoid these threats

Defense in depth uses multiple layers of defense to

address technical, personnel and operational issues.

User Account Controls

19
Anti-virus and Anti-spyware Software

• Anti-virus software detects certain types of malware and can

destroy it before any damage is done.
• Install and maintain anti-virus and anti-spyware software.
• Be sure to keep anti-virus software updated.
• Many free and commercial options exist.
• Contact your Technology Support Professional for assistance.

20
Host-based Firewalls
• A firewall acts as a barrier between your computer/private
network and the internet. Hackers may use the internet to find,
use, and install applications on your computer. A firewall
prevents many hacker connections to your computer.
• Firewalls filter network packets that enter or leave your computer

21
 Protect your Operating System
 Microsoft regularly issues patches or updates to solve security problems in their
software. If these are not applied, it leaves your computer vulnerable to hackers.
 The Windows Update feature built into Windows can be set up to automatically
download and install updates.
 Avoid logging in as administrator
 Apple provides regular updates to its operating system and software applications.
 Apply Apple updates using the App Store application.

22
 Creating Strong Passwords
• A familiar quote can be a good start:
“LOVE IS A SMOKE MADE WITH THE FUME OF
SIGHS”
William Shakespeare

• Using the organization standard as a

guide, choose the first character of
each word:
• LIASMWTFOS
• Now add complexity the standard
requires: 23
• L1A$mwTF0S (10 characters, 2 numerals, 1
 Password Guidelines
• Never use admin, root, administrator, or a default account or
password for administrative access.
• A good password is:
– Private: Used by only one person.
– Secret: It is not stored in clear text anywhere,
including on Post-It® notes!
– Easily Remembered: No need to write it down.
– Contains the complexity required by your organization.
– Not easy to guess by a person or a program in a reasonable time,
such as several weeks.
– Changed regularly: Follow organization standards.
• Avoid shoulder surfers and enter your credentials carefully! If
a password is entered in the username field, those attempts
usually appear in system logs.

24
 Avoid Social Engineering
and Malicious Software
• Do not open email attachments unless
you are expecting the email with the
attachment and you trust the sender.
• Do not click on links in emails unless
you are absolutely sure of their validity.
• Only visit and/or download software
from web pages you trust.

25
 Avoid Stupid Hacker Tricks
 Be sure to have a good firewall or pop-up blocker
installed.
 Pop-up blockers do not always block ALL pop-ups so
always close a pop-up window using the ‘X’ in the
upper corner.
 Never click “yes,” “accept” or even “cancel.”

 Infected USB drives are often left unattended by

hackers in public places.

26
 Secure Business Transactions

 Always use secure browser to do online activities.

 Frequently delete temp files, cookies, history, saved passwords etc.

https://

Symbol indicating
enhanced security

27
Backup Important Information

 No security measure is 100% reliable.

 Even the best hardware fails.
 What information is important to you?
 Is your backup:
Recent?
Off-site & Secure?
Process Documented?
Encrypted?
Tested?

28
 Fraud

 Organizations lose 5-6% of

Internal Fraud Recovery
revenue annually due to
internal fraud = $652 Billion
in U.S. (2006)
 Average scheme lasts 18
months, costs $159,000
 25% costs exceed $1M
 Smaller companies suffer $0 Recovered
greater average dollar Recovery<=25%
Substantial Recovery
losses than large companies

Essentials of Corporate Fraud, T L 29

Coenen, 2008, John Wiley & Sons
 Fraud Discovery
How Fraud is Discovered

40
35
30
25
20
%

15
10
5
0
Tip By Accident Internal Audit Internal Controls External Audit Notified by
Police

Tips are the most common way fraud is discovered.

Tips come from:
Employee/Coworkers 64%,
Anonymous 18%,
Customer 11%,
Vendor 7%

30