Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safe Computing Cyber Security for Beginners James Wicks, CISSP.

Published byOphelia Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "Safe Computing Cyber Security for Beginners James Wicks, CISSP."— Presentation transcript:

1 Safe Computing Cyber Security for Beginners James Wicks, CISSP

2 Objectives What is Cyber Security What is Cyber Security The Security Six Pack The Security Six Pack Protecting Against the Latest Threats Protecting Against the Latest Threats Conclusions Conclusions

3 What is Cyber Security? Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cyber security. These site include traditional community sites such are interactive forums and blogs. In a computing context, the term security implies cyber security. These site include traditional community sites such are interactive forums and blogs. ~ http://whatis.techtarget.com/definition/cybersecurity ~ http://whatis.techtarget.com/definition/cybersecurity

4 Can I Make My Computer Hack Proof? If a computer is connected to a network like the Internet, it is subject to non-stop, automated attacks. If a computer is connected to a network like the Internet, it is subject to non-stop, automated attacks. According to the SANS Institute (www.sans.org), an unprotected PC can now expect 40 to 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated. According to the SANS Institute (www.sans.org), an unprotected PC can now expect 40 to 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated.www.sans.org ~ http://blog.gothamtg.com/2012/06/20/whats-your-internet-survival-time/ ~ http://blog.gothamtg.com/2012/06/20/whats-your-internet-survival-time/

5 Can I Make My Computer Hack Proof? There are new threats to computer security weeklyThere are new threats to computer security weekly Vulnerabilities discovered in existing systems. Vulnerabilities discovered in existing systems. New tools and techniques to defeat established security standards. New tools and techniques to defeat established security standards. Gaps in time between found vulnerabilities and patch deployment. Gaps in time between found vulnerabilities and patch deployment.

6 Well....Can I Make My Computer Hack Proof? If you want to use your computer on a network like the Internet, the the simple answer is...If you want to use your computer on a network like the Internet, the the simple answer is...

7 The Hard Target If you were a burglar, which house would you target first and why?If you were a burglar, which house would you target first and why?

8 Making Your Computer a Hard Target.... The Computer Security Six Pack

9 1. NEVER Use One Account! By default, the computer account on a new computer is an “administrator” account – an account that can make system-wide changes.By default, the computer account on a new computer is an “administrator” account – an account that can make system-wide changes. Just as you do not take all of your money and identification every time you leave the house, there is no need to use off of your administrator accounts powers every thime you use a computer.Just as you do not take all of your money and identification every time you leave the house, there is no need to use off of your administrator accounts powers every thime you use a computer.

10 1. NEVER Use One Account! Account #1: Your Daily Account This is the account that you use on a daily basis. This is the account that you use for online banking, surfing the web, purchasing online, playing games and pretty much every other activity that you normally perform on your computer.This is the account that you use on a daily basis. This is the account that you use for online banking, surfing the web, purchasing online, playing games and pretty much every other activity that you normally perform on your computer. This account does not have the power of an administrator, so it would be harder for malicious programs to install themselves if you happen across them or are tricked into trying to install them.This account does not have the power of an administrator, so it would be harder for malicious programs to install themselves if you happen across them or are tricked into trying to install them.

11 1. NEVER Use One Account! Account #2: Your Administrator Account This is the account that you use only for activities that require elevated privileges. The administrator account should be used to install new software, install updates for existing software and any other activities that require a higher level of access (ex. install operating system security patches).This is the account that you use only for activities that require elevated privileges. The administrator account should be used to install new software, install updates for existing software and any other activities that require a higher level of access (ex. install operating system security patches). If a user runs across a malicious virus, worm or Trojan, it can install itself using the account that the user is logged in as. To minimize this threat, limit use of the administrator account as much as possible.If a user runs across a malicious virus, worm or Trojan, it can install itself using the account that the user is logged in as. To minimize this threat, limit use of the administrator account as much as possible.

12 2. Keep Operating Systems and Applications Patched! Computers operating systems are created by humans – and since humans are not perfect, neither are computer operating systems. Fortunately both Apple Mac OS X and Microsoft Windows operating systems have a built in way of keeping their operating systems up to date.

13 2. Keep Operating Systems and Applications Patched! Microsoft releases their patches on the second Tuesday of every month (affectionately called ‘Patch Tuesday’). Apple does not patch on a regular monthly schedule, but will release patches as threats appear or in conjunction with scheduled updates to the operating systems. Both approaches have good points and bad points, but the important thing is that whatever operating system you use - You need keep it patched.Microsoft releases their patches on the second Tuesday of every month (affectionately called ‘Patch Tuesday’). Apple does not patch on a regular monthly schedule, but will release patches as threats appear or in conjunction with scheduled updates to the operating systems. Both approaches have good points and bad points, but the important thing is that whatever operating system you use - You need keep it patched. Since there are so many applications available on Microsoft and Apple computer systems, it will be impossible to provide instructions on how to update them all. Your best bet is to click on the “Help” button at the top of the application’s menu. If there is no “Check for Updates” option in the sub-menu, use the Help Menu’s index or search function to find out how to update the application.Since there are so many applications available on Microsoft and Apple computer systems, it will be impossible to provide instructions on how to update them all. Your best bet is to click on the “Help” button at the top of the application’s menu. If there is no “Check for Updates” option in the sub-menu, use the Help Menu’s index or search function to find out how to update the application.

14 3. Install and Maintain a Third- Party Internet Security Program When talking about third-party Internet security programs, select a protection suite that includes the following components: Anti-virus software that protects against all forms of malware including rootkits, worms, trojans, spyware and botnet software.Anti-virus software that protects against all forms of malware including rootkits, worms, trojans, spyware and botnet software. A firewall that monitors and protects against both incoming and outgoing malicious Internet/network traffic.A firewall that monitors and protects against both incoming and outgoing malicious Internet/network traffic. Host-based Intrusion Detection (HIDS).Host-based Intrusion Detection (HIDS). Anti-phishing and anti-SPAM components.Anti-phishing and anti-SPAM components. Identity protection and browser protection components are not available in all products, but are welcome additions to any protection suite.Identity protection and browser protection components are not available in all products, but are welcome additions to any protection suite.

15 4. Don’t Use Passwords – Use Passphrases! There are several effective (and free) tools available to assist a malicious hacking trying to crack passwords. In order to minimize your risk of exploitation, make sure that you use strong passphrases to secure your accounts. A passphrase is a phrase that is easy to remember but complicated enough to make cracking it very difficult. For example, how hard do you think that it would be to remember this passphrase: Ip@ttf0TU$0@ Does it look complicated? Really? You don’t recognize the first line of the Pledge of Allegiance? Just take the first letter from each word in the sentence, substitute the letter ‘A’ with the ‘@’ symbol, substitute the letter ‘S’ with the ‘$’ sign, substitute the letter ‘O’ with zeros, throw in a few capital letters and you have a really effective passphrase.

16 4. Don’t Use Passwords – Use Passphrases! You can use anything to create a passphrase like a favorite song or a memorable poem. Make sure that you use a combination of upper and lowercase letters, numbers and special characters. Change your passphrases often and don’t use the same password for all of your accounts. Use a strong base passphrase and add characters to the beginning or end that matches the site that you are on. For instance: FaceBook Passphrase: Ip@ttf0TU$0@FB FaceBook Passphrase: Ip@ttf0TU$0@FB AOL Passphrase: A0LIp@ttf0TU$0@ AOL Passphrase: A0LIp@ttf0TU$0@ Bank of America Passphrase: Ip@ttf0TU$0@BoA Bank of America Passphrase: Ip@ttf0TU$0@BoA Easy for you to remember and hard for a hacker to crack. Even if one of the passphase were to be compromised, it could not be used to access any of your other accounts.

17 5. Encrypt Sensitive Data To limit the exposure of your personal data to unauthorized eyes when your computer is lost or stolen, you should encrypt data whenever possible. The Mac OS X operating systems offers a system called FileVault, which can easily encrypt data stored in the user’s home directory on the computer. Windows offer a system called BitLocker, which can provide full disk encryption to the user if desired. There are also third-party applications that provide full and partial disk encryption. While the benefits of encryption far outweigh the risks, special care should be taken when using encryption technologies. Improper application of the technologies or lost/damaged encryption keys can lead to permanent data loss. Make sure that you fully understand your chosen encryption solution before deploying it.

18 6. Security is a Process, not a Product! There is no magic application that you can but to make your computer more secure, but by following a few basic steps, you can harden your computer against attack. There are more ways to secure your including: Disable automatic logons Strong wireless security practices Disable automatic logons Strong wireless security practices Apply strong security templates Disable guest accounts Apply strong security templates Disable guest accounts Auditing of account access and use Secure screen saver settings Auditing of account access and use Secure screen saver settings Use of multiple email addresses Never share accounts, create new ones Use of multiple email addresses Never share accounts, create new ones Maintaining a strong security posture will not only lower the likelihood of exploitation, but it can also increase the enjoyment and utility of the Internet. The process of protecting and maintaining a secure computing environment might be a little challenging at first. Compared to recovering from identity theft, securing a computer is a walk in the park.

19 Protecting Against the Latest Threats JavaJava Disable Java in all web browsers Disable Java in all web browsers Update Java application or remove from the computer Update Java application or remove from the computer Adobe Reader and Adobe FlashAdobe Reader and Adobe Flash Update Adobe Reader at https://www.adobe.com/downloads/updates/ Update Adobe Reader at https://www.adobe.com/downloads/updates/ https://www.adobe.com/downloads/updates/ Update Adobe Flash at http://get.adobe.com/flashplayer Update Adobe Flash at http://get.adobe.com/flashplayerhttp://get.adobe.com/flashplayer

20 Protecting Against the Latest Threats Safe Web SurfingSafe Web Surfing Use a browser with bare-minimum plug-ins when surfing unknown sites or sites that are known to be dangerous (adult content, illegal music download sites, etc.) Use a browser with bare-minimum plug-ins when surfing unknown sites or sites that are known to be dangerous (adult content, illegal music download sites, etc.) Anonymous Web SurfingAnonymous Web Surfing Chrome – “New Incognito Window.” Chrome – “New Incognito Window.” Firefox – “Start Private Browsing.” Firefox – “Start Private Browsing.” Internet Explorer –“InPrivate Browsing.” Internet Explorer –“InPrivate Browsing.” Safari – “Private Browsing.” Safari – “Private Browsing.”

21 Protecting Against the Latest Threats Anonymous Web Surfing Using an online web proxy (middle man) service like “Anonymouse.org” or “HideMyAss.com” allows you to keep your IP address stays hidden from the sites that you visit on the Internet. Using an online web proxy (middle man) service like “Anonymouse.org” or “HideMyAss.com” allows you to keep your IP address stays hidden from the sites that you visit on the Internet. Understand that the proxy service itself knows your IP address, so you are not as “invisible” as you may feel. Understand that the proxy service itself knows your IP address, so you are not as “invisible” as you may feel.

22 In Conclusion Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. You cannot make your computer hacker-proof, but you can make your computer the hard target on the Internet. You cannot make your computer hacker-proof, but you can make your computer the hard target on the Internet. Implementing the Computer Security Six Pack can help make your computer the hard target. Implementing the Computer Security Six Pack can help make your computer the hard target. Stay current on computer threats and be ready to improve your security as needed. Stay current on computer threats and be ready to improve your security as needed.

23 Questions?

Download ppt "Safe Computing Cyber Security for Beginners James Wicks, CISSP."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk

Similar presentations

Ads by Google