KEMBAR78
Security in web based attacks and application.pptx
Uploaded byumanggargcse
PPTX, PDF48 views

Security in web based attacks and application.pptx

Security in web based attack

Download to read offline
Foundation of cyber security
Section 1 The CIA triad
The CIA Triad The 3 goals of information security are to maintain: • Information confidentiality Making sure only approved users have access to data. • Information integrity Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user. Source Integrity: assurance that the sender of the information is who it is supposed to be. • Information availability Ensuring data is accessible by approved users when needed
People, Processes, and Technology (PPT) • Protecting the CIA Triad is about more than just technology. • PPT is a holistic approach to securing an organisation’s information. People Training for end users and resources to help IT professionals stay aware of emerging threats and industry trends. Processes Policies, rules & procedures for maintaining security. Technology Security tools and system administration best practices.
The CIA Triad —Tech tools of the trade • Confidentiality ◦Encryption — passwords, encryption keys ◦User access control — controlling which users have access to networks and what level of access each user has. • Integrity ◦Encryption ◦User access control ◦File permissions — customisable settings that only allow certain users to view and edit files. ◦Version control systems/backups • Availability ◦Offsite data storage/backups ◦Redundant architecture (hardware and software)
Section 2 Threats and vulnerabilities
Important cyber security definitions • Threat An attacker or piece of malware that desires and/or is able to cause harm to a target. • Vulnerability Flaw in an environment that an attacker can use to harm the target. • Exploit The method by which an attacker can use a vulnerability. • Risk The potential that a threat will exploit a vulnerability.
Section 3 Cyber threats and countermeasures
Physical threats • Dumpster Diving Thieves sift through garbage for receipts with credit card information, medical forms with social security numbers, or other documents with PII. • Shoulder Surfing By looking over your shoulder as you type, thieves can glean passwords, account information, and other sensitive information. Simple, but often overlooked threats.
Basic personal practices that keep computers and data safe: • Lock your computer when in public areas. • Shield your keyboard when you type in passwords. • Do not let strangers use your computer. • Keep sensitive information in secure places. • Update regularly. Cyber hygiene
Mobile devices Portable or handheld devices that have data or can connect to another device which has data.
Mobile device threats Risk • Easily stolen and lost • Often not encrypted • Targets of malware, tools for attackers • Can be compromised via wireless • Applications collect information Fix • Guard your devices • Set a strong passcode • Use anti-malware and updates • Avoid using open networks • Customise security settings
Online threats • Social engineering Manipulating people into giving up personal information. • Phishing Fraud attempts perpetrated by random attackers against a wide number of users. Attempts to manipulate people into giving up PII via phone/SMS/email. • Spear-phishing Fraud attempts targeted at specific people based on their membership or affiliation with the target. E.g. Fraudulent emails sent to specific Accounts Payable employees with fake invoices from regularly used companies.
How to spot phishing emails • Spoofed email address • Poor quality logos or graphics • All caps or strange formatting • Spelling errors or typos • Asks for personally identifying information • Executable attachment or link to a website • Informal or unprofessional language • Signed by a department, not an individual • Doesn’t contain unsubscribe options or privacy statements
Malicious software = malware Software designed and written to: • Steal information • Spy on users • Gain control of computers Categorised by: • How it spreads • What it does Types: • Viruses/worms • Trojan horses • Zombies and botnets • Keyloggers • Backdoors • Logic/time bombs • Spyware Malware — what is it?
Viruses • Can infect and spread, but need human assistance People download infected email attachments, shared files, spoof links, etc. E.g. ILOVEYOU virus Worms • Can infect and spread without human assistance. E.g. Sasser worm Trojan horses • Program with a hidden malicious function. E.g. It looks like something you want but it does something you do not want. • Can cause computer crashes and be used by attackers to gain remote access to your system or steal information. Malware — what is it?
Zombies • Also known as bots • Compromised computers under the control of an attacker. • Make it possible for someone else to control your computer from anywhere in the world. Botnets • A collection of compromised computers (zombies) under the control of an attacker. • Attackers pool the computing power of all of the zombie machines to launch huge spam attacks or to bring down websites through Distributed Denial of Service (DDoS) attacks. • DDoS attacks direct massive amounts of communication requests and traffic to websites in attempt to overwhelm their servers. Keyloggers • Tracks users’ keystrokes, obtains passwords and other personal information. • Especially dangerous because they track everything a user does, not just what they do on an unprotected internet browser.
Backdoors • An entry point into a program without all the normal, built-in security checks. • Programmers sometimes install backdoors when they develop programs so that they can manipulate a program’s code more easily during troubleshooting and testing. • Sometimes they forget to close them. • Attackers use malware like viruses, worms, and Trojan horses to install backdoors on the computers they infect. Logic/time bombs • Malware designed to lie dormant until a specific logical condition is met. E.g. A particular person logs in A specific date or time A message is received Spyware • Collects information about you, without your knowledge or consent. Keyloggers are a type of
• This type of anti-malware software (using database scanning) does not protect against new, unknown and bespoke malware. • New protection software which utilises Artificial Intelligence to detect unusual activity and alert the user is now becoming more popular. Anti-malware software (traditional) Scans files for matches in databases of known malware. Alerts you when a match is identified or a suspect program attempts to run. Quarantines and removes infected files.
Section 4 Basic cyber security techniques
• Identification Providing user identity to a system. • Authentication Verifying the user identity. • Authorisation Determining whether a user is allowed to access certain resources. • Accountability Holding users responsible for their actions on a system. Basic cyber security techniques
Uses encryption to ensure that a user is who they say they are. Methods • Passwords • Physical ‘keys’ E.g. Key chains, swipe cards. • Biometrics E.g. Fingerprints, retina scanning. Threats • Brute force cracking Test every possible combination of letters, numbers, and characters until the password is found. • Dictionary cracking Test words and combinations of words found in the dictionary or from a slightly shorter list of words known to be commonly used in passwords. Identification and authentication
Uses tools to control access to a resource. Methods • File permissions • Account management • Sharing settings Threats • Insider threats Disgruntled or inexperienced employees that have high-level access may cause intentional or accidental harm to a system. • Elevation of privilege Attacker is able to enter the system as a low-level user, but is able to attain high-level access. Methods covered in detail in later modules. Authorisation
Holds users responsible for their actions on a system. Methods • System monitoring • Audit logs Threats • Denial of Service Attack overwhelms audit logs with excessive or very large log entries, causing the system to run slowly or not at all. • Disclosure of confidential information Attacker is able to gather confidential or personally identifiable information from log files. Methods covered in detail in later modules. Accountability
Section 5 Passwords
1234 is NOT a good password. Let’s look at ways to improve this: CLOUDS Complex • Lengthy • Only yours • Unique • Different • Short term Complex Total combinations of passwords consisting of 8 characters: • Numbers only: 100 million • + Lower case: 2.8 trillion • + Upper case: 210 trillion • + Symbols: 7.2 quadrillion Always use a combination of the following: • Numbers • Upper and lower case letters • Symbols (% # * & ! : { “ > |) Old password: 1234 New password: Pa123! Passwords
Lengthy Brute force attacks can run 4 billion calculations per second or more. • <6 characters • 7 characters • 8 characters • 9 characters • 10 characters Cracked within 3 minutes Cracked within 5 hours Cracked within 3 weeks Cracked within 5 years Cracked within 526 years Passwords Old password: Pa123! New password: Password123! Aim for a lengthy password (10 or more characters). Only yours Do not share your password with ANYONE. Unique Where’s Wh the D@ beef? B33f? Do not use words found in the dictionary. Fend off dictionary cracking attacks by using passphrases. becomes WhD@B33f?
Different Use different passwords for each login. E.g. Gmail and Facebook 73 per cent of people do not. This means if one of your passwords is discovered, all of your passwords are discovered. Example 1 Base password: Ronald123! Site: Gmail Site password: GMA Base password + site password = Ronald123! GMA Example 2 Base password: Ronald123! Site: Facebook Site password: FAC Base password + site Passwords Old password: Password123! New passwords: Ronald123!GMA Ronald123!FAC
Short Term The longer you keep a password the longer attackers have to try and crack it. Changing your passwords regularly can help foil cracking attempts as they happen. It’s best to change your passwords at least every few months. Passwords
NOT names Do not use any personal information in your password. This can be easily found out by other means. Name Birthday Pet’s name Mother’s maiden name Hometown Old passwords: Ronald123!GMA Ronald123!FAC New passwords: WhD@B33f?GMA WhD@B33f?FAC Building strong passwords Remember CLOUDS Complex Lengthy Only yours Unique Different Short term Not SUN Simple User ID Names
Gold standard Consider using a password manager. Risks • All passwords in one place. • If master password is compromised, all compromised. Benefits • No need to remember 30+ different passwords. • Can auto-generate very strong passwords. When considering a password manager: • Make master password is VERY strong (CLOUDS, aim for 18+ characters). • Enable Two-Factor Authentication. • Research history of the password manager. Independent security audits? Any previous breaches? Old passwords: WhD@B33f?GMA WhD@B33f?FAC New passwords: S&hcBBJ9&^b2vucw02n NAKC8e92^@hn&bsk))_

More Related Content

PPTX
Awareness Security 123.pptx
byRajuSingh730938
 
PPTX
USG_Security_Awareness_Primer.pptx
bysumita02
 
PPTX
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
PPTX
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
PPTX
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
PDF
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
byExcellence Foundation for South Sudan
 
PPTX
Computer-Security.pptx
byJoselitoJMebolos
 
PPTX
Security_Awareness_Primer.pptx
byFaith Shimba
 
Awareness Security 123.pptx
byRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
bysumita02
 
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
byExcellence Foundation for South Sudan
 
Computer-Security.pptx
byJoselitoJMebolos
 
Security_Awareness_Primer.pptx
byFaith Shimba
 

Similar to Security in web based attacks and application.pptx

PPT
UserSecurityAwarenessUniversityTemplate.ppt
byDiveshK4
 
PPT
End User Security Awareness - Information Security
byWorldTrade3
 
PPTX
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
PPT
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
PPTX
BCE L-3omputer security Basics.pptx
byKirti Verma
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
PPT
Ethical Hacking - Introduction to Computer Security
byVibrant Technologies & Computers
 
PPT
Introduction To Computer Security
byVibrant Event
 
PPT
Ethical Hacking - Introduction to Computer Security
byVibrant Event
 
PPTX
Cyber security
byNimesh Gajjar
 
PPT
UserSecurityAwareness.ppt awareness of security
bynicealipk
 
PDF
“In 2024 Guide to Cyber Security: Protect Your Data Today”
bytunzida045
 
PDF
“In 2024 Guide to Cyber Security: Protect Your Data Today”
bytunzida045
 
PPT
Information security awareness
byCAS
 
PPTX
Computer security
bysruthiKrishnaG
 
PPTX
Cybersecurity Training
byWindstoneHealth
 
PDF
E Commerce security
byMayank Kashyap
 
PPTX
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
byolisahchristopher
 
PDF
Information &amp; cyber security, Winter training ,bsnl. online
bySumanPramanik7
 
PDF
Information cyber security
bySumanPramanik7
 
UserSecurityAwarenessUniversityTemplate.ppt
byDiveshK4
 
End User Security Awareness - Information Security
byWorldTrade3
 
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
BCE L-3omputer security Basics.pptx
byKirti Verma
 
Cyber Security and Data Privacy in Information Systems.pptx
byRoshni814224
 
Ethical Hacking - Introduction to Computer Security
byVibrant Technologies & Computers
 
Introduction To Computer Security
byVibrant Event
 
Ethical Hacking - Introduction to Computer Security
byVibrant Event
 
Cyber security
byNimesh Gajjar
 
UserSecurityAwareness.ppt awareness of security
bynicealipk
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
bytunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
bytunzida045
 
Information security awareness
byCAS
 
Computer security
bysruthiKrishnaG
 
Cybersecurity Training
byWindstoneHealth
 
E Commerce security
byMayank Kashyap
 
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
byolisahchristopher
 
Information &amp; cyber security, Winter training ,bsnl. online
bySumanPramanik7
 
Information cyber security
bySumanPramanik7
 

Recently uploaded

PDF
History of Department of AIHC and Archaeology_BHU
byBanaras Hindu University
 
PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PDF
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
PDF
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
PPTX
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
PPTX
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
PPTX
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
PPTX
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PDF
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
PPTX
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
PPTX
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
PPTX
GAS chromatography ppt (Presentation) by Jatin Chauhan
byjatinchauhan1618
 
PPTX
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
PDF
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
PDF
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
History of Department of AIHC and Archaeology_BHU
byBanaras Hindu University
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
How to Create a Manifest File in Odoo 18
byCeline George
 
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
GAS chromatography ppt (Presentation) by Jatin Chauhan
byjatinchauhan1618
 
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 

Security in web based attacks and application.pptx

  • 1.
  • 2.
  • 3.
    The CIA Triad The3 goals of information security are to maintain: • Information confidentiality Making sure only approved users have access to data. • Information integrity Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user. Source Integrity: assurance that the sender of the information is who it is supposed to be. • Information availability Ensuring data is accessible by approved users when needed
  • 4.
    People, Processes, andTechnology (PPT) • Protecting the CIA Triad is about more than just technology. • PPT is a holistic approach to securing an organisation’s information. People Training for end users and resources to help IT professionals stay aware of emerging threats and industry trends. Processes Policies, rules & procedures for maintaining security. Technology Security tools and system administration best practices.
  • 5.
    The CIA Triad—Tech tools of the trade • Confidentiality ◦Encryption — passwords, encryption keys ◦User access control — controlling which users have access to networks and what level of access each user has. • Integrity ◦Encryption ◦User access control ◦File permissions — customisable settings that only allow certain users to view and edit files. ◦Version control systems/backups • Availability ◦Offsite data storage/backups ◦Redundant architecture (hardware and software)
  • 6.
    Section 2 Threats andvulnerabilities
  • 7.
    Important cyber securitydefinitions • Threat An attacker or piece of malware that desires and/or is able to cause harm to a target. • Vulnerability Flaw in an environment that an attacker can use to harm the target. • Exploit The method by which an attacker can use a vulnerability. • Risk The potential that a threat will exploit a vulnerability.
  • 8.
    Section 3 Cyber threatsand countermeasures
  • 9.
    Physical threats • DumpsterDiving Thieves sift through garbage for receipts with credit card information, medical forms with social security numbers, or other documents with PII. • Shoulder Surfing By looking over your shoulder as you type, thieves can glean passwords, account information, and other sensitive information. Simple, but often overlooked threats.
  • 10.
    Basic personal practicesthat keep computers and data safe: • Lock your computer when in public areas. • Shield your keyboard when you type in passwords. • Do not let strangers use your computer. • Keep sensitive information in secure places. • Update regularly. Cyber hygiene
  • 11.
    Mobile devices Portable orhandheld devices that have data or can connect to another device which has data.
  • 12.
    Mobile device threats Risk •Easily stolen and lost • Often not encrypted • Targets of malware, tools for attackers • Can be compromised via wireless • Applications collect information Fix • Guard your devices • Set a strong passcode • Use anti-malware and updates • Avoid using open networks • Customise security settings
  • 13.
    Online threats • Socialengineering Manipulating people into giving up personal information. • Phishing Fraud attempts perpetrated by random attackers against a wide number of users. Attempts to manipulate people into giving up PII via phone/SMS/email. • Spear-phishing Fraud attempts targeted at specific people based on their membership or affiliation with the target. E.g. Fraudulent emails sent to specific Accounts Payable employees with fake invoices from regularly used companies.
  • 14.
    How to spotphishing emails • Spoofed email address • Poor quality logos or graphics • All caps or strange formatting • Spelling errors or typos • Asks for personally identifying information • Executable attachment or link to a website • Informal or unprofessional language • Signed by a department, not an individual • Doesn’t contain unsubscribe options or privacy statements
  • 15.
    Malicious software =malware Software designed and written to: • Steal information • Spy on users • Gain control of computers Categorised by: • How it spreads • What it does Types: • Viruses/worms • Trojan horses • Zombies and botnets • Keyloggers • Backdoors • Logic/time bombs • Spyware Malware — what is it?
  • 16.
    Viruses • Can infectand spread, but need human assistance People download infected email attachments, shared files, spoof links, etc. E.g. ILOVEYOU virus Worms • Can infect and spread without human assistance. E.g. Sasser worm Trojan horses • Program with a hidden malicious function. E.g. It looks like something you want but it does something you do not want. • Can cause computer crashes and be used by attackers to gain remote access to your system or steal information. Malware — what is it?
  • 17.
    Zombies • Also knownas bots • Compromised computers under the control of an attacker. • Make it possible for someone else to control your computer from anywhere in the world. Botnets • A collection of compromised computers (zombies) under the control of an attacker. • Attackers pool the computing power of all of the zombie machines to launch huge spam attacks or to bring down websites through Distributed Denial of Service (DDoS) attacks. • DDoS attacks direct massive amounts of communication requests and traffic to websites in attempt to overwhelm their servers. Keyloggers • Tracks users’ keystrokes, obtains passwords and other personal information. • Especially dangerous because they track everything a user does, not just what they do on an unprotected internet browser.
  • 18.
    Backdoors • An entrypoint into a program without all the normal, built-in security checks. • Programmers sometimes install backdoors when they develop programs so that they can manipulate a program’s code more easily during troubleshooting and testing. • Sometimes they forget to close them. • Attackers use malware like viruses, worms, and Trojan horses to install backdoors on the computers they infect. Logic/time bombs • Malware designed to lie dormant until a specific logical condition is met. E.g. A particular person logs in A specific date or time A message is received Spyware • Collects information about you, without your knowledge or consent. Keyloggers are a type of
  • 19.
    • This typeof anti-malware software (using database scanning) does not protect against new, unknown and bespoke malware. • New protection software which utilises Artificial Intelligence to detect unusual activity and alert the user is now becoming more popular. Anti-malware software (traditional) Scans files for matches in databases of known malware. Alerts you when a match is identified or a suspect program attempts to run. Quarantines and removes infected files.
  • 20.
  • 21.
    • Identification Providing useridentity to a system. • Authentication Verifying the user identity. • Authorisation Determining whether a user is allowed to access certain resources. • Accountability Holding users responsible for their actions on a system. Basic cyber security techniques
  • 22.
    Uses encryption toensure that a user is who they say they are. Methods • Passwords • Physical ‘keys’ E.g. Key chains, swipe cards. • Biometrics E.g. Fingerprints, retina scanning. Threats • Brute force cracking Test every possible combination of letters, numbers, and characters until the password is found. • Dictionary cracking Test words and combinations of words found in the dictionary or from a slightly shorter list of words known to be commonly used in passwords. Identification and authentication
  • 23.
    Uses tools tocontrol access to a resource. Methods • File permissions • Account management • Sharing settings Threats • Insider threats Disgruntled or inexperienced employees that have high-level access may cause intentional or accidental harm to a system. • Elevation of privilege Attacker is able to enter the system as a low-level user, but is able to attain high-level access. Methods covered in detail in later modules. Authorisation
  • 24.
    Holds users responsiblefor their actions on a system. Methods • System monitoring • Audit logs Threats • Denial of Service Attack overwhelms audit logs with excessive or very large log entries, causing the system to run slowly or not at all. • Disclosure of confidential information Attacker is able to gather confidential or personally identifiable information from log files. Methods covered in detail in later modules. Accountability
  • 25.
  • 26.
    1234 is NOTa good password. Let’s look at ways to improve this: CLOUDS Complex • Lengthy • Only yours • Unique • Different • Short term Complex Total combinations of passwords consisting of 8 characters: • Numbers only: 100 million • + Lower case: 2.8 trillion • + Upper case: 210 trillion • + Symbols: 7.2 quadrillion Always use a combination of the following: • Numbers • Upper and lower case letters • Symbols (% # * & ! : { “ > |) Old password: 1234 New password: Pa123! Passwords
  • 27.
    Lengthy Brute force attackscan run 4 billion calculations per second or more. • <6 characters • 7 characters • 8 characters • 9 characters • 10 characters Cracked within 3 minutes Cracked within 5 hours Cracked within 3 weeks Cracked within 5 years Cracked within 526 years Passwords Old password: Pa123! New password: Password123! Aim for a lengthy password (10 or more characters). Only yours Do not share your password with ANYONE. Unique Where’s Wh the D@ beef? B33f? Do not use words found in the dictionary. Fend off dictionary cracking attacks by using passphrases. becomes WhD@B33f?
  • 28.
    Different Use different passwordsfor each login. E.g. Gmail and Facebook 73 per cent of people do not. This means if one of your passwords is discovered, all of your passwords are discovered. Example 1 Base password: Ronald123! Site: Gmail Site password: GMA Base password + site password = Ronald123! GMA Example 2 Base password: Ronald123! Site: Facebook Site password: FAC Base password + site Passwords Old password: Password123! New passwords: Ronald123!GMA Ronald123!FAC
  • 29.
    Short Term The longeryou keep a password the longer attackers have to try and crack it. Changing your passwords regularly can help foil cracking attempts as they happen. It’s best to change your passwords at least every few months. Passwords
  • 30.
    NOT names Do notuse any personal information in your password. This can be easily found out by other means. Name Birthday Pet’s name Mother’s maiden name Hometown Old passwords: Ronald123!GMA Ronald123!FAC New passwords: WhD@B33f?GMA WhD@B33f?FAC Building strong passwords Remember CLOUDS Complex Lengthy Only yours Unique Different Short term Not SUN Simple User ID Names
  • 31.
    Gold standard Consider usinga password manager. Risks • All passwords in one place. • If master password is compromised, all compromised. Benefits • No need to remember 30+ different passwords. • Can auto-generate very strong passwords. When considering a password manager: • Make master password is VERY strong (CLOUDS, aim for 18+ characters). • Enable Two-Factor Authentication. • Research history of the password manager. Independent security audits? Any previous breaches? Old passwords: WhD@B33f?GMA WhD@B33f?FAC New passwords: S&hcBBJ9&^b2vucw02n NAKC8e92^@hn&bsk))_