Uploaded byK. A. M Lutfullah
User security awareness
User awareness and security practices are important for protecting against cyber threats. It is not possible to ensure 100% security through technology alone. Individual responsibility and following best practices are key to a successful security program. The document outlines various cyber threats like viruses, social engineering, and password cracking. It emphasizes the importance of security awareness, strong passwords, keeping systems updated, anti-virus software, and careful handling of personal information. Multiple layers of security through practices like firewalls, access control, and backups can help bolster defenses.
More Related Content
![Employee Security Training[1]@](https://cdn.slidesharecdn.com/ss_thumbnails/EmployeeSecurityTraining1-122974944243-phpapp01-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to User security awareness
User security awareness
- 1. User Awareness andPractices K. A. M Lutfullah
- 2. Process People Technology Systems must be builtto technically adhere to policy People must understand their responsibilities regarding policy Policies should be communicated, maintained and enforced Processes must developed to show how policies will be followed
- 3. Security awareness isnothing but a knowledge of potential threats. Its an advantage of knowing what types of threats / security issues and # of incidents, our organization may face in day-to-day operation. It’s not possible ensure 100% security through technology, unless provide adequate information security awareness. Personal responsibility are the key of success of any information security program.
- 5. Internet allowsan attacker to attack from anywhere in the planet. Risks caused by weak security practice and knowledge: Identity Theft Monetary Theft Legal Ramifications (for people and organization) Could result termination if company policies are not followed According to www.SANS.org , the top vulnerabilities for cyber criminal medias are: Web Browser IM Clients Web Applications Excessive User Rights
- 6. Security: We must protectour computers as well as data in the same way that we secure the doors of our home. Safety: We must improve our habit and the way of behavior, that protect us against risks and threats that comes through technology.
- 7. “In absence ofwork delegation, people share their password with others which they forgot to change after the crisis” “It’s a frightening fact, but nine out of ten end- users would unwillingly open or execute a dangerous virus-carrying email attachment” “Nine out of ten end-users revealed their password on request in exchange for a free pen” These things don’t happen as a result of malicious intent, but rather a lack of awareness of security risks.
- 8. 1. Passwords onPost-it Notes 2. Leaving computer open, unprotected & unattended 3. Opening e-mail attachments from strangers 4. Weak password etiquette 5. In case of lost / theft of laptop 6. Blabber mouths 7. Plug and play device installation without protection 8. Not reporting of security violations 9. Always behind the times (the patch procrastinator) 10. Unaware of internal threats
- 10. Cracker: Computer-savvy programmer creates attack software ScriptKiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Spammer: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks… Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000
- 11. Virus Worm Trojan Horse / Logic Bomb Social Engineering Rootkits Botnets / Zombies
- 12. A virusattaches itself to a program, file, or disk When the program is executed, the virus activates and replicates itself The virus may be benign or malignant but executes its payload at some point (often upon contact) Viruses result in crashing of computers and loss of data. In order to recover/prevent virus/attacks: Avoid potentially unreliable websites/emails System Restore Re-install operating system Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code Program B infects
- 13. Independent programwhich replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
- 14. Logic Bomb:Malware logic executes upon certain conditions. Program is often used for legitimate reasons. Software which malfunctions if maintenance fee is not paid Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system. Download a game: Might be fun but has hidden part that emails your password file without you knowing.
- 15. Social engineeringmanipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
- 16. Phishing: a ‘trustworthyentity’ asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords.
- 17. The linkprovided in the e-mail leads to a fake webpage which collects important information and submits it to the owner. The fake web page looks like the real thing Extracts account information
- 18. A botnetis a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. The compromised computers are called zombies
- 19. An attackerpretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.
- 20. Upon penetratinga computer, a hacker installs a collection of programs, called a rootkit. May enable: Easy access for the hacker (and others) Keystroke logger Eliminates evidence of break-in Modifies the operating system
- 21. Pattern Calculation ResultTime to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
- 22. Restricted dataincludes: Social Security Number Driver’s license # or state ID # Financial account number (credit/debit) and access code/password DNA profile (Statute 939.74) Biometric data In US, HIPAA protects: Health status, treatment, or payment
- 23. Symptoms: Antivirussoftware detects a problem Pop-ups suddenly appear (may sell security software) Disk space disappears Files or transactions appear that should not be there System slows down to a crawl Unusual messages, sounds, or displays on your monitor Stolen laptop (1 in 10 stolen in laptop lifetime) Your mouse moves by itself Your computer shuts down and powers off by itself Often not recognized
- 24. Spyware symptoms: Change to your browser homepage/start page Ending up on a strange site when conducting a search System-based firewall is turned off automatically Lots of network activity while not particularly active Excessive pop-up windows New icons, programs, favorites which you did not add Frequent firewall alerts about unknown programs trying to access the Internet Bad/slow system performance
- 26. Defense in depthuses multiple layers of defense to address technical, personnel and operational issues.
- 27. Anti-virus softwaredetects malware and can destroy it before any damage is done Install and maintain anti-virus and anti- spyware software Be sure to keep anti-virus software updated Many free and pay options exist
- 28. A firewallacts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer. Filters packets that enter or leave your computer
- 29. Microsoft regularlyissues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. The Windows Update feature built into Windows can be set up to automatically download and install updates. Avoid logging in as administrator
- 30. Merry Christmas Bad Password Good Password Merry Xmas mErcHr2yOu MerryChrisToYou MerChr2You MerryJul MaryJul Mary*Jul ,stuzc,sdJq46Sjqw (Keypad shift Right …. Up) (Abbreviate) (Lengthen) (convert vowels to numeric) M5rryXm1s MXemrays (Intertwine Letters) Glad*Jes*Birth (Synonym)
- 31. Combine 2 unrelated words Mail+ phone = m@!lf0n3 Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u
- 32. Never use‘admin’ or ‘root’ or ‘administrator’ as a login for the admin A good password is: private: it is used and known by one person only secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal easily remembered: so there is no need to write it down at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation not guessable by any program in a reasonable time, for instance less than one week. changed regularly: a good change policy is every 3 months Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
- 33. Do notopen email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust.
- 34. Be sureto have a good firewall or pop-up blocker installed Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner. Never click “yes,” “accept” or even “cancel” Infected USB drives are often left unattended by hackers in public places.
- 35. Always usesecure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security
- 36. No securitymeasure is 100% What information is important to you? Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?
- 37. These arebest practices involving Information Security. Most of these practices are the Standards. Use these practices at home and at work to keep safe and secure. Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.