Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 Personal Security

Published byAlexis Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4 Personal Security"— Presentation transcript:

1 Chapter 4 Personal Security
Security Awareness Chapter 4 Personal Security

2 Objectives After completing this chapter, you should be able to do the following: Describe attacks on personal security Explain the dangers of identity theft List the defenses against personal security attacks Define cryptography and explain how it can be used Security Awareness, 3rd Edition

3 Attacks on Personal Security
Include Spyware Password attacks Phishing Attacks on users of social networking sites Identity theft Security Awareness, 3rd Edition

4 What Is Spyware? Spyware Spyware creators are motivated by profit
Software that violates a user’s personal security Tracking software that is deployed without adequate notice, consent, or user control Spyware creators are motivated by profit Harmful spyware is not always easy to identify Very widespread Average computer has over 24 pieces of spyware Security Awareness, 3rd Edition

5 What Is Spyware? (cont’d.)
Table 4-1 Effects of spyware Course Technology/Cengage Learning Security Awareness, 3rd Edition

6 What Is Spyware? (cont’d.)
Keylogger Small hardware device or a program Monitors each keystroke a user types on the computer’s keyboard Transmits keystrokes to remote location Attacker searches for useful information in captured text Security Awareness, 3rd Edition

7 What Is Spyware? (cont’d.)
Figure 4-1 Hardware keylogger Course Technology/Cengage Learning Security Awareness, 3rd Edition

8 What Is Spyware? (cont’d.)
Browser hijacker Program that changes the Web browser’s home page and search engine to another site Add Internet shortcut links in the user’s Favorites folder without asking permission Security Awareness, 3rd Edition

9 Passwords Username Authentication Unique name for identification
Process of providing proof that the user is ‘‘genuine’’ or authentic Performed based on one of three entities What you have What you know What you are Security Awareness, 3rd Edition

10 Passwords (cont’d.) Password
Secret combination of letters, numbers, and/or symbols Validates or authenticates a user by what she knows Primary (and often exclusive) means of authenticating a user for access to a computer Not considered strong defense against attackers “Password paradox” Requires sufficient length and complexity that an attacker cannot easily determine But must be easy to remember Security Awareness, 3rd Edition

11 Passwords (cont’d.) Users have multiple accounts for computers that require passwords Weak passwords Common word used as a password Not changing passwords unless forced to do so Passwords that are short Personal information in a password Using the same password Writing the password down Predictable use of characters Security Awareness, 3rd Edition

12 Passwords (cont’d.) Table 4-2 Common password myths
Course Technology/Cengage Learning Security Awareness, 3rd Edition

13 Passwords (cont’d.) Attacks on passwords Frequent focus of attacks
Brute force attack Decrypt encrypted password Dictionary attack Rainbow tables Security Awareness, 3rd Edition

14 Passwords (cont’d.) Figure 4-4 Dictionary attack
Course Technology/Cengage Learning Security Awareness, 3rd Edition

15 Phishing Social engineering Phishing
Deceiving someone to obtain secure information Phishing Sending an or displaying a Web announcement that falsely claims to be from a legitimate enterprise Attempt to trick the user into surrendering private information Number of users that respond to phishing attacks is considered to be extremely high Security Awareness, 3rd Edition

16 Phishing (cont’d.) Figure 4-5 Phishing message
Course Technology/Cengage Learning Security Awareness, 3rd Edition

17 Social Networking Attacks
Grouping individuals and organizations into clusters or groups based on some sort of affiliation Social networking sites Web sites that facilitate linking individuals with common interests Increasingly becoming prime targets of attacks Provide a treasure trove of personal data Users are generally trusting Security Awareness, 3rd Edition

18 Identity Theft Using someone’s personal information to establish bank or credit card accounts Left unpaid Number of security breaches that have exposed users’ digital data to attackers continues to increase Security Awareness, 3rd Edition

19 Personal Security Defenses
Tools and techniques that should be implemented Installing antispyware software Using strong passwords Recognizing phishing attacks Setting social networking defenses Avoiding identity theft Using cryptography Security Awareness, 3rd Edition

20 Installing Antispyware Software
Helps prevent computers from becoming infected by different types of spyware Similar to AV software Update regularly Set to provide continuous real-monitoring Security Awareness, 3rd Edition

21 Using Strong Passwords
Strong passwords basic rules Optimally have at least 15 characters Random combination of letters, numbers, and special characters Replaced with new passwords at least every 60 days Not be reused for 12 months Same password should not be duplicated and used for multiple accounts Security Awareness, 3rd Edition

22 Using Strong Passwords (cont’d.)
Techniques for preventing “password paradox” Use a phrase or expression instead of a single word Replace the spaces between the words with a special character Use password storage program Enter account information such as username and password, along with other account details Protect with single strong password Security Awareness, 3rd Edition

23 Using Strong Passwords (cont’d.)
Figure 4-6 Password storage program Course Technology/Cengage Learning Security Awareness, 3rd Edition

24 Recognizing Phishing Attacks
Recognize phishing attacks Deceptive Web links s that look like Web sites Fake sender’s address Generic greeting Popup boxes and attachments Urgent request Treat like a postcard Security Awareness, 3rd Edition

25 Setting Social Networking Defenses
Be cautious regarding placing personal information on social networking sites General security tips Consider carefully who is accepted as a friend Show ‘‘limited friends’’ a reduced version of your profile Disable options and then reopen them only as necessary Security Awareness, 3rd Edition

26 Setting Social Networking Defenses (cont’d.)
Table 4-3 Recommended Facebook profile settings Course Technology/Cengage Learning Security Awareness, 3rd Edition

27 Setting Social Networking Defenses (cont’d.)
Table 4-4 Recommended Facebook contact information settings Course Technology/Cengage Learning Security Awareness, 3rd Edition

28 Avoiding Identity Theft
Help safeguard information Shred financial documents and paperwork Do not carry a Social Security number in a wallet Do not provide personal information either over the phone or through an message Keep personal information in a secure location Monitor financial statements and accounts Be alert to signs that may indicate unusual activity Follow up on calls regarding purchases that were not made Review financial and billing statements each month Security Awareness, 3rd Edition

29 Avoiding Identity Theft (cont’d.)
Fair and Accurate Credit Transactions Act (FACTA) of 2003 Right to request one free credit report from each of the three national credit-reporting firms every 12 months If a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency Security Awareness, 3rd Edition

30 Using Cryptography Safeguard sensitive data by ‘‘scrambling’’ it through encryption Cryptography Science of transforming information into a secure form while it is being transmitted or stored Encryption/decryption Cleartext Data in unencrypted form Plaintext Cleartext data to be encrypted Security Awareness, 3rd Edition

31 Using Cryptography (cont’d.)
Algorithm Procedure based on a mathematical formula used to encrypt the data Key Mathematical value entered into the algorithm to produce ciphertext Symmetric cryptography Uses the same key to encrypt and decrypt a message Private key cryptography Security Awareness, 3rd Edition

32 Using Cryptography (cont’d.)
Asymmetric cryptography Public key cryptography Uses two keys instead of one One to encrypt the message and one to decrypt it Public key Private key Security Awareness, 3rd Edition

33 Using Cryptography (cont’d.)
Figure 4-7 Cryptography process Course Technology/Cengage Learning Security Awareness, 3rd Edition

34 Using Cryptography (cont’d.)
Figure 4-8 Symmetric cryptography Course Technology/Cengage Learning Security Awareness, 3rd Edition

35 Using Cryptography (cont’d.)
Figure 4-9 Asymmetric cryptography Course Technology/Cengage Learning Security Awareness, 3rd Edition

36 Using Cryptography (cont’d.)
Encrypting files and disks Cumbersome to encrypt and decrypt individual document Protecting groups of files Microsoft Windows Encrypting File System (EFS) Whole disk encryption Microsoft Windows BitLocker Trusted Platform Module (TPM) Security Awareness, 3rd Edition

37 Using Cryptography (cont’d.)
Digital certificates User’s public key that has been ‘‘digitally signed’’ by a reputable source entrusted to sign it Server digital certificates Ensure the authenticity of the Web server Ensure the authenticity of the cryptographic connection to the Web server Security Awareness, 3rd Edition

38 Using Cryptography (cont’d.)
Figure 4-10 Web Server digital certificate Course Technology/Cengage Learning Security Awareness, 3rd Edition

39 Using Cryptography (cont’d.)
Extended Validation Secure Sockets Layer Certificate (EV SSL) Enhanced server digital certificate Security Awareness, 3rd Edition

40 Summary Spyware Authentication Social engineering Defenses
Keylogger or browser hijacker Authentication Passwords provide weak security Social engineering Phishing Defenses Strong passwords Caution on social networking sites Encryption Security Awareness, 3rd Edition

Download ppt "Chapter 4 Personal Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Ethics and Safety Management. Health Safety When using a computer for long periods of time, you can cause health risks ranging from minor to major. Ex.

Ethics and Safety Management. Health Safety When using a computer for long periods of time, you can cause health risks ranging from minor to major. Ex.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 4 Personal Security

Chapter 4 Personal Security
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Similar presentations

Ads by Google