Lecture Materials for the John Wiley - PowerPoint PPT Presentation

About This Presentation
Title:

Lecture Materials for the John Wiley

Description:

Chapter 10: Cybersecurity for End Users, Social Media, and Virtual Worlds Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks ... – PowerPoint PPT presentation

Number of Views:175
Avg rating:3.0/5.0
Slides: 16
Provided by: Keun9
Category:

less

Transcript and Presenter's Notes

Title: Lecture Materials for the John Wiley


1
Chapter 10 Cybersecurity for End Users, Social
Media, and Virtual Worlds
  • Lecture Materials for the John Wiley Sons book
  • Cyber Security Managing Networks, Conducting
    Tests, and Investigating Intrusions

2
Doing an Ego Search
  • An ego search reveals what is known about you on
    the Internet Everyone should try this
  • You are likely to be surprised by the information
    you find, such as
  • Your phone numbers
  • Your home address
  • Personal details, such as family members and
    hobbies, that could be used to guess your
    passwords
  • Even more details about are known in the deep
    Internet (databases) such as your browsing
    habits, your buying habits, your sales hot
    buttons
  • You can request that information be removed from
    website there are services that do that

3
Protecting Laptops, PCs and Mobile Devices
  • Physically securing and maintaining your systems
    and mobile devices is essential
  • Use a laptop cable lock Lock out the screen
    before you walk away (Microsoft Button L on
    Windows)
  • Always keep tablets and smart phones under your
    control Dont leave them unattended

4
Staying Current with Anti-Malware and Software
Updates
  • Internet threats are constantly changing,
    evolving, and innovating
  • Keep your defenses up by keeping your
    anti-malware updated as well as your operating
    system, plug-ins, and software applications
  • Configure your software to auto-update then
    verify that auto-update is working

5
Managing Passwords
  • Make your passwords less vulnerable, here are
    some methods
  • Use longer passwords (gt 8 characters)
  • Choose non-dictionary words
  • Avoid using anything that turns up in your ego
    search
  • Use upper and lower case text with numbers and
    special characters
  • Base your password on an easily remembered
    phrase, e.g. 91 of dogs are diagnosed with
    dental disease before age 3, which could be
    shortened to the passphrase 91DaDwDDltA3
  • If you write down passwords, lock them up
    securely

6
Guarding Against Drive-By-Malware
  • Drive-By-Malware is a rapidly emerging threat
  • Simply by visiting a web page, your system can be
    infected with malware
  • Drive-By-Malware can even appear on legitimate
    websites as malvertisements
  • Ad content is provided by third parties, web
    sites that sell add space are easily compromised
    by malicious organizations, this is especially
    prevalent late on Fridays when defenses relax for
    the weekend
  • Comments and discussion boards may contain
    malware posted by attackers

7
Guarding Against Drive-By-Malware (2)
  • There are many ways to defend against
    Drive-By-Malware, such as
  • Increase browser security level slider in browser
    properties
  • Disable pop-ups in browser properties
  • Use private browsing mode
  • Use a website filtering plug-in which comes with
    your anti-malware suite
  • Use black listing built into selected browsers
  • Do not type in URLs
  • Many malware sites are at slightly misspelled
    URLs
  • Instead use a search engine which filters out
    malicious sites
  • Use a script filtering plug-in such as NoScript
    to stop all unwanted scripts

8
Staying Safe with E-mail
  • E-mail attacks include
  • Malicious attached files which infect machines
    when they are opened
  • E-mails containing Drive-By-Malware URLs
  • HTML E-mails containing Drive-By-Malware scripts
  • Social engineering involves using a false pretext
    to
  • Encourage you to self-infect your machine
  • Coax you into divulging sensitive information,
    such as you bank account login
  • End user awareness of these forms of attacks is a
    critical key to network defense.

9
Staying Safe with E-mail (2)
  • Phishing (pronounced fishing) is a spam email
    attack the can deliver any form of E-mail attack
  • Spear Phishing is a personalized email attack
  • Based upon the attackers recognizance about you
    (like an ego search)
  • This form of attack is usually directed at
    persons of authority (executives, financial
    officers, privileged system administrators,
    security professionals)
  • The social engineering (false pretext) is very
    effective, even against sophisticated users

10
Securely Banking and Buying Online
  • Be especially careful when banking or buying
    online, this is when your identity and finances
    are at high risk.
  • At a minimum, use a separate Internet browser
    with no other tabs or windows open
  • Malicious websites running in other tabs can
    impersonate your identity and conduct financial
    transactions without your knowledge
  • The banking industry standard is to use a
    completely separate machine dedicated only to
    financial transactions that is ideal

11
Understanding Scareware and Ransomware
  • Scareware and ransomware are threats that can
    appear when Internet browsing, e-mailing, or
    using other Internet connections
  • Scareware often appears as a pop-up urging you to
    take an action that can infect your machine,
    often attackers are impersonating law enforcement
    (e.g. FBI) or an anti-malware vendor
  • Ransomware infects your machine then demands
    payment to release control, it is a form of
    blackmail

12
Is Your Machine p0wned?
  • When your machine is attacked and successfully
    penetrated, the attackers may install persistent
    malware, called a rootkit, which can conceal its
    presence from you and your anti-malware.
  • Once infected it is often necessary to completely
    re-image (wipe clean and re-build) your machine,
    losing all your data and installed applications
  • Even so there are a variety of tools to remove
    rootkits that work to varying degrees

13
Being Careful with Social Media
  • Social Media (e.g. Facebook) encourages you to
    share personal information that can be used
    against you by attackers
  • Social media broadcasts your vulnerabilities and
    multiplies ways that you can be attacked
  • Tidbits of information about you can be used by
    attackers to guess passwords or attack you with
    social engineering such as phishing and spear
    phishing.
  • Be very careful what you share with the whole
    world online and use appropriate security
    settings in the social media tool, restrict
    sharing to friends only

14
Staying Safe in Virtual Worlds
  • Virtual worlds allow us to travel virtually to
    real and imaginary places, as well as meet and
    interact with people from all over the world.
    Your virtual presence is an avatar.
  • Attackers, called griefers, will threaten your
    avatar from time to time, especially if you are
    in a public area with scripts enabled such as
    sandboxes.
  • Take care about how you configure your defenses
    such as blocking adware because adware is built
    into applications such as Second Lifes newest
    viewers.

15
REVIEW Chapter Summary
  • Cyber Security Managing Networks, Conducting
    Tests, and Investigating Intrusions
Write a Comment
User Comments (0)
About PowerShow.com