Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES.

Published byAthena Body Modified over 9 years ago

Similar presentations

Presentation on theme: "SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES."— Presentation transcript:

1 SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES

2 Social engineering Who Are We? Graduate students at UNM Anderson School of Management, both studying toward graduate degree in Information Assurance Full time employees at Sandia National Laboratories, working in an IT department INTRODUCTION

3 Social engineering Why Are We Here? We all need to learn to defend our information from unauthorized access and use Survey given 3/10/2013 discloses some areas in which you can protect yourselves better Major Topics Online Privacy/Protection Social Engineering Password Strength/Password Management INTRODUCTION

4 Here are some of the more interesting results from the survey… SURVEY RESULTS Do you reuse the same password across your online accounts? Do you regularly clear your browser cache? Do you use strong passwords for your online accounts? How familiar are you with social media privacy settings?

5 Social engineering You may have heard recently that many celebrities email accounts were being hacked So much information about celebrities on the internet Countless followers via Twitter, Facebook, and other social media ONLINE PRIVACY/PROTECTION

6 Social engineering One of the biggest threats to your personal privacy protection is social media Over-sharing “Checking in” Embarrassing pictures/posts/likes Lack of controlling who can see what Anonymous information gathering ONLINE PRIVACY/PROTECTION

7 Social engineering Browser Safety Cleaning cache Tracking and Cookies Double checking URLs Email Safety Spam filtering Attachments EMAIL / BROWSER SAFETY

8 Social engineering Due to social media use today, we are all “celebrities” Just as people have been able to hack real celebrity accounts using information from the internet, the same can be done for anyone sharing via social media All this public information makes an individual vulnerable to social engineering attacks SOCIAL ENGINEERING

9 Social engineering “the art of manipulating people into performing actions or divulging confidential information” Tricking the victim in to divulging information Only a few of you responded that you had previously given personal information over the internet Can involve pretexting, or creating a target specific scenario, to help give the victim the sense of legitimacy SOCIAL ENGINEERING

10 Pretexting “the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.” Attackers will research their targets so that they can create a more believable lie Phishing email from your bank asking to confirm your username and password Use of other information such as work or school gained via social networking sites. PRETEXTING

11 Social engineering 1. Clear out your ________ ________ regularly to keep sites from tracking your internet activity. MIDTERM EXAM Browser Cache 2. The act of creating a scenario to engage a targeted victim to divulge information is known as what? Pretexting 3. True or False. “Checking In” on Facebook on a regular basis is a safe practice. False 4. The art of manipulating people to divulge confidential information is known as what? Social Engineering 5. One of the greatest threats to our personal online privacy is how we use ________ ________. Social Media

12 Password best practices Password Strength Most of you say you use strong passwords What makes a strong password? At least 8 characters – more is better Avoid any dictionary words Mix of letters (upper and lower), numbers, and other characters (like punctuation) Some examples r3t7A#EM Tad3cha5$uh#q PASSWORD STRENGTH

13 WHY A COMPLEX PASSWORD? There are several methods of acquiring a password –Guessing* – use of personal information available –Dictionary-based attacks* –“Brute Force” attacks* – Programs that can guess every possible combination of characters. –Phishing** –Shoulder surfing** * These attacks are best mitigated through the use of a strong password. The stronger the password, the harder it is to guess by either people or programs. ** These attacks are best mitigated through personal security (preventing social engineering) Password strength criteria: –http://www.microsoft.com/security/online-privacy/passwords- create.aspxhttp://www.microsoft.com/security/online-privacy/passwords- create.aspx Password strength checker: –https://www.microsoft.com/security/pc-security/password- checker.aspxhttps://www.microsoft.com/security/pc-security/password- checker.aspx Password generator: –https://secure.pctools.com/guides/passwordhttps://secure.pctools.com/guides/password Importance of a strong password: –http://www.utexas.edu/its/secure/articles/importance_strong _passwords.phphttp://www.utexas.edu/its/secure/articles/importance_strong _passwords.php PASSWORD STRENGTH

14 HOW STRONG IS MY PASSWORD? 5 volunteers! Password Strength Checker How long would it take a Desktop PC to crack a password http://howsecureismypassword.net/ Do NOT put your REAL password into this site – it is for relative strength checking only! PASSWORD STRENGTH DEMONSTRATION

15 Password best practices Password Reuse While most of you said you use strong passwords, most of you also said you reuse passwords DON’T USE SAME PASSWORD ACROSS ALL ACCOUNTS! Sites are hacked regularly and passwords are retrieved SERIOUSLY??? Did you see those password examples????? PASSWORD REUSE

16 Password best practices Password Management Various tools to manage passwords Allows unique passwords to be used for each account Convenient features for ease of use Categorization Auto-type/Auto-fill Online/Cloud based and client based Each solution has its Pros and Cons PASSWORD MANAGEMENT

17 Password best practices Pros/Cons Cloud-based – less secure, passwords stored somewhere on the internet Client-based – more secure, less convenient as only available when installed Solution: KeePass with Dropbox Power of client-based, encrypted database with availability provided by online storage PASSWORD MANAGEMENT

18 Password best practices Dropbox Online storage Web browser interface Desktop sync iPhone/iPad/Android sync FREE! (2GB – more than enough for a KeePass database file) PASSWORD MANAGEMENT KeePass Encrypted password database Categorize by folder Lightweight install Password generator/strength indicator Secure notes Auto-type iPhone/iPad/Android app support FREE! Result: encrypted database of passwords synced across all devices – only have to remember one really strong password! For FREE!

19 Password best practices PASSWORD MANAGEMENT DEMONSTRATION KeePass & Dropbox Demo

20 Password best practices Best Practices Use spam filters Don’t open unusual/unknown attachments Double-check URLs before clicking Lock-down public information on social media sites Be absolutely sure you know who you are divulging information to Use strong passwords Use a password management tool to enable unique passwords across the internet REVIEW

21 Password best practices QUESTIONS??? QUESTIONS

Download ppt "SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON

Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
Johnson Logistics Solutions Office of Systems and Information Technology.

Johnson Logistics Solutions Office of Systems and Information Technology.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Information Assurance Outreach. Overview Survey Results Password Security E-mail Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.

Information Assurance Outreach. Overview Survey Results Password Security Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Technology Awareness & Information Security. Survey Results 50% class has smart phones 64% class has shared personal info over the internet 71% class.

Technology Awareness & Information Security. Survey Results 50% class has smart phones 64% class has shared personal info over the internet 71% class.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Reliability & Desirability of Data

Reliability & Desirability of Data

Similar presentations

Ads by Google