Presentation on theme: "User Awareness and Practices"— Presentation transcript:
1User Awareness and Practices Information securityUser Awareness and Practices
2Importance of Security The internet allows an attacker to attack from anywhere on the planet.Risks caused by poor security knowledge and practice:Identity TheftMonetary TheftLegal Ramifications (for yourself and companies)Termination if company policies are not followedAccording to , the top vulnerabilities available for a cyber criminal are:Web BrowserIM ClientsWeb ApplicationsExcessive User Rights
3security VS SafetySecurity: We must protect our computers and data in the same way that we secure the doors to our homes.Safety: We must behave in ways that protect us against risks and threats that come with technology.Security: The technology we use to protect access to our computers and information. E.g. Anti-virus software, firewallSafety: The we behave while using the internet. E.g. Safe behavior, safe software downloading behaviorStress the difference and the importance of both together to provide a safe and secure computing environment.
4User awarenessUsers must be aware of the threats that exist in order to properly detect and prevent them.
5Password Dictionaries computer criminalsSystem AdministratorsSome scripts are usefulto protect networks…Cracker:Computer-savvyprogrammer createsattack softwareHacker Bulletin BoardSQL InjectionBuffer overflowPassword CrackersPassword DictionariesSuccessful attacks!Crazyman broke into …CoolCat penetrated…Script Kiddies:Unsophisticated computer users who know how toexecute programsCriminals: Create & sell bots -> spamSell credit card numbers,…Malware package=$1K-2K1 M addresses = $810,000 PCs = $1000
6Leading threats Virus Worm Trojan Horse / Logic Bomb Social EngineeringRootkitsBotnets / ZombiesEach of these will be covered thoroughly in the slides that follow.
7Virus A virus attaches itself to a program, file, or disk When the program executes, the virus activates and replicates itselfThe virus may be benign or malignant when executing its payload (often upon contact)Viruses result in crashing computers and loss of data.In order to recover/prevent virus/attacks:Avoid potentially unreliable websites/ sSystem RestoreRe-install operating systemAnti-virus (e.g. Avira, AVG, Norton)ProgramAExtra CodeBinfectsVirusesComputer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet.Computer viruses are often hidden in what appear to be useful or entertaining programs or attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in to friends and colleagues.
8WormIndependent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate.To JoeTo AnnTo BobList:WormsWorms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as .
9Logic bomb / trojan horse Logic Bomb: Legitimate program executes malware logic upon special conditions.Software malfunctions if maintenance fee is not paidEmployee triggers a database erase when he is fired.Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system.Download a game: Might your password file without you knowing.Logic BombMalware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database.Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination.Trojan HorsesA Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later.The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.
10Social Engineering Email: ABC Bank has noticed a problem with Social engineering manipulates people into performing actions or divulging confidential information. Social engineering uses deception to gain information, commit fraud, or access computer systems.Phone Call:This is John, the System Admin. What is your password?ABC Bank hasnoticed aproblem withyour account…I have come to repair your machine…In Person:What ethnicity are you? Your mother’s maiden name?and have some software patchesSocial Engineering can occur in-person, over the phone, in s or fake web pages.Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.The next two slides discuss two types of Social Engineering: phishing and pharming.
11Phishing = FakePhishing: a ‘trustworthy entity’ asks via for sensitive information such as SSN, credit card numbers, login IDs or passwords.Phishing: A type of Social Engineering. The use of s that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the and the web site looks like they are part of a bank the user is doing business with.
12Pharming = fake web pages Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.The link provided in the leads to a fake webpage which collects important information and submits it to the owner.The fake web page looks like the real thingExtracts account information
13BotnetA botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.The compromised computers are called zombiesWhen your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to eliminate.Zombie: a compromised computer which may host pornography, illegal music and/or moviesBotnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks.
14Man in the middle attack An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.An easy way to do this is to log into a wireless network that is unusually strong that day.
15RootkitUpon penetrating a computer, a hacker installs a collection of programs, called a rootkit.May enable:Easy access for the hacker (and others)Keystroke loggerEliminates evidence of break-inModifies the operating systemRootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.Keystroke Logger: A program which logs passwords, credit card numbers, etc., and forwards them to the attacker.Backdoor entryKeystroke LoggerHidden user
16Password Cracking: Dictionary Attack & Brute force PatternCalculationResultTime to Guess(2.6x1018/month)Personal Info: interests, relatives20Manual 5 minutesSocial Engineering1Manual 2 minutesAmerican Dictionary80,000< 1 second4 chars: lower case alpha2645x1058 chars: lower case alpha2682x10118 chars: alpha5285x10138 chars: alphanumeric6282x10143.4 min.8 chars alphanumeric +107287x101412 min.8 chars: all keyboard9587x10152 hours12 chars: alphanumeric62123x102196 years12 chars: alphanumeric + 1072122x1022500 years12 chars: all keyboard95125x102316 chars: alphanumeric62165x1028This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password.Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation.At this stage just discuss the attacks and comparisons to password lengths and patterns.Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
17Wisconsin 134.98 Data Breach notification law Restricted data includes:Social Security NumberDriver’s license # or state ID #Financial account number (credit/debit) and access code/passwordDNA profile (Statute )Biometric dataIn US, HIPAA protects:Health status, treatment, or paymentThis is what the Wisconsin Data Breach Notification Law covers. NIST recommends also covering criminal records, student grades, passport numbers, mortgage numbers, civil court numbers, date/place of birth, and more.
18Recognizing a break-in or compromise Symptoms:Antivirus software detects a problemPop-ups suddenly appear (may sell security software)Disk space disappearsFiles or transactions appear that should not be thereSystem slows down to a crawlStolen laptop (1 in 10 stolen in laptop lifetime)Often not recognized
19Malware detection Spyware symptoms: Change to your browser homepage/start pageEnding up on a strange site when conducting a searchSystem-based firewall is turned off automaticallyLots of network activity while not particularly activeExcessive pop-up windowsNew icons, programs, favorites which you did not addFrequent firewall alerts about unknown programs trying to access the InternetBad/slow system performance
20Malware detection Virus symptoms Antivirus software often catches virusesUnusual messages or displays on your monitorUnusual sounds or music played at random timesYour system has less available memory than it shouldA disk or volume name has been changedPrograms or files are suddenly missingUnknown programs or files have been createdSome of your files become corrupted or suddenly don't work properly
21Safe & Secure User practices What are the best practices to avoid all the threats we have been discussing?
22Security: Defense in depth Defense in depth uses multiple layers of defense to address technical, personnel, and operational issues.This approach was conceived by NSA to ensure information and electronic security.
23Anti-virus & anti-spyware Anti-virus software detects malware and can destroy it before any damage is doneInstall and maintain anti-virus and anti-spyware softwareBe sure to keep anti-virus software updatedMany free and pay options existAttackers are always creating new viruses, so it is important that anti-virus software stay updated.Anti-virus and anti-spyware software should be updated on a regular basis.Anti-virus should be set to auto update at 12 midnight and then do a scan at 12:30.Anti-spyware should be set to auto update at 2:30 am and then a full system scan should be done at 3:00 am, this procedure makes sure that only one activity is performed at a time.If the employees work from home, they should also have anti-virus and anti-spyware installed on their home computers.
24FirewallA firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer.Filters packets that enter or leave your computerWindows has a firewall built-in. Be sure to always have it on.It is necessary to have software firewalls on each computer even if you have a hardware firewall protecting your network. If your hardware firewall is compromised by a hacker or by malicious code of some kind, you don’t want the intruder or malicious program to have unlimited access to your computers and the information on those computers.Every computer in the network should have its own software firewall enabled.The Microsoft operating system has an built-in firewall, which can be easily located in the control panel. Ensure it is always turned on.For other commercial operating system, the operations manual should have instructions about the firewall options.For an added layer of security, commercial firewall software can be installed.
25Packet Filter Firewall Web ResponseIllegal Dest IP AddressResponseWeb RequestSSH Connect RequestDNS RequestWebResponsePing RequestA Packet Filter firewall looks at the incoming packets. Some of them may be requests for connections, or responses to our connections. Normally PCs only initiate connections, such as web or . Therefore, web and requests we would expect to travel in the other direction (from PC to Internet). Most of these requests are illegal. Most likely a cracker is attempting to break into a server, or a PC which is willing to act as one.Other attacks include uses of invalid IP addresses, such as an IP address representing the internal network (pretending to originate from the inside of the network).In this case, the only packets that should make it through are replies to our web requests and requests to a mail server.Illegal Source IP AddressResponseFTP requestMicrosoft NetBIOS Name ServiceConnect RequestTelnet Request
26Protect Your Operating System Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.Windows Update can be set to automatically download / install updates.Avoid logging in as administratorWindows has automatic update features that should be turned on.Operating system should be regularly updated with the latest patches and updates provided by the vendors.Major software applications like Microsoft Office should also be regularly updated.Other installed business applications should also be updated on a regular basis.Never use an admin account to surf the web, since in case of a compromise the malicious code would have admin rights.
27Creating a good password Merry ChristmasBadPassword(Lengthen)Merry XmasMerryChrisToYou(Synonym)(IntertwineLetters)MerryJul(convert vowelsto numeric)(Abbreviate)MaryJulBad passwords on top, good passwords on bottom.Start with a word(s) and do some changes such as: abbreviating, keypad shift, intertwine letters, synonyms, etc.MerChr2You(Keypad shiftRight …. Up)MXemrarsyGlad*Jes*BirthM5rryXm1sMary*JulGoodPassword,rttuc,sdJ3446sjqwmErcHr2yOu
28Creating a good password Combine 2 unrelated wordsMail + phone =Abbreviate a phraseMy favorite color is blue=MfciblueMusic lyricHappy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you.hb2uhb2uhbdJhb2uOther password creation techniques:Combining words using symbols and numbersAbbreviating a phraseUsing music lyrics, poems or quotes
29Password recommendations Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the adminA good password is:private: it is used and known by one person onlysecret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminaleasily remembered: so there is no need to write it downat least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuationnot guessable by any program in a reasonable time, for instance less than one week.changed regularly: a good change policy is every 3 monthsBeware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log filesGood password techniques:Private: tell no one your passwordSecret: never write your password downEasily remembered: use something you know well, then change slightly as mentioned previouslySecure combination of letters, numbers and symbolsChange your password at least every three monthsWatch for shoulder surfers or other physical techniques to gain password
30avoid social engineering & malicious software Do not open attachments unless you are expecting the with the attachment and you trust the sender.Do not click on links in s unless you are absolutely sure of their validity.Only visit and/or download software from web pages you trust.AttachmentsAttachments should be opened only from trusted senders.If you are not expecting an attachment from the sender, it’s a good idea to call and confirm, before opening the attachment.Spam often asks for sensitive information.Links in sNever click on link in attachment, except only when you are expecting it.If you are not expecting an link from the sender, it’s a good idea to call and confirm, before clicking the link.If you hover the cursor over an ’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match.Trustworthy Web PagesSoftware download should be done only from trusted websites like Microsoft for Windows updates and Office application updates.Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.
31Other hacker tricks to avoid Be sure to have a pop-up blocker installedPop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.Never click “yes,” “accept” or even “cancel”Infected USB drives are often left unattended by hackers in public places.A pop-up blocker should be installed (many browsers have them as add-ons), but they do not always block all pop-upsDo not respond to pop ups while working online. For example, a malicious pop up message may say that you have a virus on the system. Close it by clicking on X in the upper right corner. If you click OK, it might install spyware or other malicious code.’Infected USB drives are often left unattended by hackers in public places. They intend for unsuspecting people to take the USB home or to the office and unknowingly install the worm or malicious code.
32Secure online banking & business Always use secure browser to do online activities.Frequently delete temp files, cookies, history, saved passwords etc.https://Symbol showing enhanced securityAlways use secure browser to do online activities.Frequently delete temp files, cookies, history, saved passwords etc.Look for https and/or lock or secure symbol
33Back-up important information No security measure is 100%What information is important to you?Is your back-up:Recent?Off-site & Secure?Process Documented?Tested?Encrypted?Backup should be done (at least)once a week. If possible, store to a removable media.The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB).Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month.Backup data should be tested periodically to ensure reliability.
34The Fraud ProblemOrganizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)Average scheme lasts 18 months, costs $159,00025% costs exceed $1MSmaller companies suffer greater average $ losses than large companiesEssentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons
35How is fraud Discovered? Tips on fraud are most frequent method of discovering it.The percentages given for where the tips come from are percentages of total tips, not total fraud discoveries.Tips are most common way fraud is discovered.Tips come from:Employee/Coworkers 64%,Anonymous 18%,Customer 11%,Vendor 7%If you notice possible fraud, CONTACT: ??????????Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons
36Additional Slides to insert How is information security confidentiality to be handled? Show table of how information confidentiality is categorized and treated.Is there specific legal actions all employees should be concerned with?Physical security – how are the rooms laid out and how is security handled?Handling information at home on home computer – any special restrictions?On fraud slide, specify contact if fraud is suspected.
37Put this knowledge to work! These are best practices involving Information Security.Most of these practices are from the National Institute of Standards and Technology.Use these practices at home and at work to keep safe and secure.Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.