luís filipe roque · how to protect equipment and information against users who do not have...

February 19th , 2019

Luís Filipe Roque

2

@Luís Roque

• ICT Teacher

• ICT Coordinator

responsible for entire school group

• Teachers Trainer

4

Concerns as Citizens

5

Concerns as Teachers

How to make a PC safe?

A German security specialist presented its already famous "2 rules" of total security

The 2 rules of Herbert

Rule number 1Don´t buy a computer!

Rule number 2If you purchased a computer, do not turn it on!

The 2 rules of Herbert

9

Norbert Wiener, an

American mathematician,

was the first, in 1948, to

speak about Cyberspace.

What is CyberSpace?

10

Complex environment, values and interests materializing an area

of collective responsibility, which

results from the interaction between people, information, information systems,

technological equipment and digital networks, including the internet

What is CyberSpace?

11

Set of measures and actions of prevention, monitoring, detection, reaction, analysis and correction

which aim to maintain the desired security state and guarantee the

confidentiality, integrity and availability of information, digital

networks and information systems in cyberspace

What is CyberSecurity?

12

• Physical Security

• Logical Security

• Best Practices

Dimensions of Safety

How to protect equipment and information against users who do not have authorization to access them.

13

Physical security

A set of resources run to protect the system, data and programs against attempts by unknown people or programs.

14

Logic Security

15

I have nothing to hide

• Automatic access to websites (e.g. Bank

accounts )

• Miscellaneous Documents

• Conversations with family and friends

• Photos

• Videos

• Lists of passwords

…

16

17

Malware Phishing Password

Attacks

DDoS

Man in the

middle

Drive-by

Download

Malvertising

Rogue

Software

Main Types of CyberAttacks

18

Malware

Malicious software is any part of software that has been written to cause damage to data, devices, or persons

19

Phishing

Attacks usually carried out by e-mails apparently from trusted entities where people are invited to enter sensitive data

20

Passwords Attacks

An attempt to obtain or decrypta user’s password for ilegal use. Hackers can use crackingprograms, dictionary attacks, and password sniffers in password attacks.

21

DDoS

Distributed denial of services(DDoS) attacks are a subclasse ofdenial of services (DoS) attacks. A DDoS attack envolves multipleconnected online devices, collectively know as a botnet, wich are used to overwhelm a target website with fake traffic.

22

Man in the middle

Form of attack in which the data exchanged between two parties (e.g. you and your bank) are somehow intercepted, recorded and possibly altered by the attacker without the victims noticing

23

Drive-by download

Occur when vulnerablecomputers get infected by justvisiting a website. Findings fromlatest Microsoft SecurityIntelligence Report and many ofits previous volumes reveal thatDrive-by Exploits have becomethe top web security threat to worry about.

24

Malvertising

Criminally-controlled advertswhich intentionally infect peopleand businesses. These can beany ad on any site – often oneswhich you use as part of youreveryday Internet usage.

25

Rogue Software

Also called smitfraud orscareware, this type of software is defined as malware. It isdesigned specifically to damageor disrupt a computer system. In this case, not only is thesoftware going to disrupt yoursystem, it´s going to try and trickyou into making a purchaseusing your credit card.

26

27

Do Backup

The loss of personal information can cause even more problems than the loss of the device itself. So, make sure that all your important information is well stored in various places.

28

Stay up to date

Make sure your device's operating systems and

applications have up-to-date security updates. This prevents software

with known vulnerabilities from

being abused by cybercriminals.

29

Use Robust Passwords

With 10 or more characters

Character combination

Words with purposefulerrors

They do not derive from the name of the user or any close relative

Not derived from personal information

30

Passwords Fails

@2013, SplashData

31

Block intruders

Regardless of the devices, make sure that your screen is protected with a strong and unique password or PIN code, or one of the biometric authentication methods available, such as fingerprint reader or facial recognition.

32

Reduce Digital Footprint

Consider becoming a digital minimalist for a while and leave most of your devices at home. In this way, not only will you have less equipment than you can afford to lose as you are giving less opportunities for personal information being stolen by cybercriminals.

33

Moderate in Social Networks

Resist the temptation to share on social networks, for example, that you and your family will be away from home in a certain period of time. Doing so may expose you to a physical intrusion of your home.

34

Browse incognito

35

Use a secure email

36

Beware of Wi-Fi free zones

Carefully choose the network

Disable file sharing and mark the Wi-Fi connection as a public network

Never make updates or install applications using these networks

Use two-factor authentication Make sure to log off after

accessing any service you have accessed

Forget the network after using it

37

Beware of card cloning

Card cloning happens when all information about a particular

card (your PIN - Personal Identification Number and its

number) is copied

When making payments at establishmentsnever lose sight of your card

When entering the PIN code, be discreet and try to

make sure no one is trying to watch you

Avoid choosing a PIN code that is too obvious

Do not provide data about your cards over the phone, even if the person asking you to identify yourself as an employee of your bank

Avoid carrying out ATM operations in low-traffic areas

Do not shop online in computers with access to public Wi-Fi networks and prefer sites with "https: //" in the URL

38

Beware of Card Payments

39

Be careful: leaving the e-mail open

40

Be Careful: Passwords saved in browsers

41

Be careful: Students knowing passwords

42

Be careful: Accessing Insecure Sites

43

Be Careful: Computer Maintenance Companies

Thank you

44