o workshop on sec information security awareness...–we must not hide our identity and fool others....
TRANSCRIPT
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Workshop on
Information Security Awareness
ISEA TEAM
HYDERABAD
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
In today’s world, we depend on Internet at work place, in school and at home
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Best and Worst about of Internet and
World Wide Web (WWW)
Worst Thing about Internet –
Everything Connected and is a Global Network
Best Thing about Internet - Everything Connected and is a Global Network
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Spread of Worm
(Code Red Worm)
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Why Awareness is Important
Some News/Happenings around us
– Chinese hack into Indian embassies
– Gmail, Yahoo, AOL e-mails hijacked in phishing scheme
Symantec Security Response – Dated January 15th ,2010 Hydraq- Trojan is used to
exploit IE’s Vulnerabilities
– January 22nd ,2010
• Microsoft issued Patch To Prevent Attacks
• Microsoft patched “Google attack’’ Bug aimed to protect recent Google China hack
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Internet Features
• Geographic sharing
• Robust Architecture
• Universal Access
• Easy and cheaper communication
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Internet Features
• Freedom of speech
• Search capabilities
• Group communications
• Many more
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
What do you use the Internet for?
Education Current Affairs Communication
e-Mails
Chat / Instant Messaging
Blogs
Social Networking
Online Shopping Online Banking Fun/Entertainment
Games
Movies
Songs
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Internet Ethics
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Ethics
• What are Ethics?
– A set of moral principles that govern an individual or a
group.
• What are Computer Ethics?
– Computer ethics are set of moral principles that
governs the usage of computers.
• What are Internet Ethics?
– Internet ethics means an acceptable behavior for
using internet. We must be honest, respect the rights
and property of others on internet.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Ethical Values
• Internet is not a value-free zone
– As World Wide Web is not a waste wide web
it is a place where values are considered in a
broadest sense.
• Sensitivity
– It belongs to all, there is no barrier of national
and local cultures.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Ethical Values • Pretending
– We must not hide our identity and fool others.
• Language
– We must not use bad or rude language.
• Importance of copyrights
– We must give respect and importance while
downloading and we must not use the
copyrighted material.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Copyright • Copyright gives authors, artists and others the
right to exclude others from using their works.
• Copyright laws protect the rights of the owner.
• Obtain the copyright owner’s permission.
• Should always give the source from which you
copied.
• For ex: © Copyright 2009, Centre for
Development of Advance Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Online Security Vs Online Safety
• Security: We must secure our computers
with technology in the same way that we
secure the doors to our homes.
• Safety: We must act in ways that help
protect us against the risks that come with
Internet use
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Major Online Risks and Threats
To Families
• Cyberbullies
• File-sharing abuses
• Invasion of privacy
• Disturbing content
• Predators
To Personal
Information
• Online fraud and phishing
• Hoaxes
• Identity theft
• Spam
To Computers
• Viruses
• Worms
• Trojans
• Spyware
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Primary Online Risks for Children
Predators These people use the Internet to trick children into meeting with them in person.
File-share Abuse Unauthorized sharing of music, video, and other files may be illegal, and download malicious software.
Cyberbullies Both children and adults may use the Internet to harass or intimidate other people.
Invasion of Privacy If kids fill out online forms, they may share information you don’t want strangers to have about them or your family.
Disturbing Content If kids explore unsupervised, they could stumble upon images or information you may not want them exposed to.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Cyber Crimes
WHAT IS COMPUTER CRIME? All crimes performed or resorted to by abuse of
electronic media or otherwise, with the purpose
of influencing the functioning of computer or
computer system.
In Short
COMPUTER CRIME is any crime where
• Computer is a target.
• Computer is a tool of crime
• Computer is incidental to crime
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How do you access Internet?
• Web Browser
– It is a software application used to trace and
display the web pages.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Web Browsers Risks • ActiveX
– Used on Microsoft Windows systems. ActiveX allows applications or parts of applications to be utilized by the web browser.
• Cross-Site Scripting – Referred as XSS, is a vulnerability in a web site that permits an
attacker to leverage the trust relationship that you have with that site.
• Cookies – Contains the information about the sites you visited.
• Pop-up – It is a form of online advertisements when a web site is open by
web browser.
• Unsecured sites – Not all the sites are legitimate sites
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How to Disable ActiveX in IE 8
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
SmartScreen Filter in IE 8
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Web Browser Threats
• Web Browser Hijack
• Malicious Website
• Spyware
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Web Browser Hijack What is browser hijacking?
Browser hijacking" is a type of online fraud. Scammers use malicious software to take control of your computer's Internet browser and change how and what it displays when you're surfing the Web.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How to avoid? • Keep your computer updated with the
latest security software and use updated web browser
• Practice safe Internet browsing
• If you are doing all these then you already doing a lot to keep the hijackers away.
• But if your browser has already been "hijacked” !!!!!!!!!!!!!!!
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How do I know if my browser has been
hijacked ?
• Home page or other settings change on your computer.
• Links are added that point to Web sites that you'd usually avoid.
• You can't navigate to certain Web pages, such as antispyware and other security software sites.
• A seemingly endless barrage of ads pops up on your screen.
• New toolbars or Favorites are installed that give you icons and links to Web pages that you don't want.
• Your computer runs sluggishly. Malicious software can slow down your computer.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Search Engines
• Search engines provide information with
fast, easy access to any kind of material
on the internet.
– Yahoo
– Bing
– Many more
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risk by Search Engine
• It can be easy to access the inappropriate
material on the internet.
• Accidentally you may be redirected to
unsecured sites.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risk by Web Searches
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How to avoid ?
• Safe search filtering
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Safe Search in Yahoo
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Safe search in Yahoo
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Remember
• Non of these filtering are 100% accurate –
sometimes unsuitable content may still slip
through.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Primary Threats to Computer
Security
Viruses/Worms Software programs designed to invade your computer, and copy, damage, or delete your data.
Trojans Viruses that pretend to be helpful programs while destroying your data, damaging your computer, and stealing your personal information.
Spyware Software that tracks your online activities or displays endless ads.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Don't let your computer become
a zombie Botnets are highly valued by online criminals, and have
become a serious problem on the Internet
• Online criminals can use a virus to take
control of large numbers of computers at a
time, and turn them into "zombies" that can
work together as a powerful "botnet" to
perform malicious tasks
• Botnets, which can include as many as
100,000 individual "zombie" computers, can
distribute spam e-mail, spread viruses, attack
other computers and servers, and commit
other kinds of crime and fraud It could be you
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Computer virus symptoms • Computer runs more slowly than normal
• Computer stops responding or locks up often
• Computer crashes and restarts every few minutes
• computer restarts on its own and then fails to run
normally
• Applications on your computer don't work correctly
• Disks or disk drives are inaccessible
• You can't print correctly
• You see unusual error messages
• You see distorted menus and dialog boxes
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Steps You Can Take
Your computer
1. Turn on Windows Internet firewall.
2. Use Microsoft Update to keep Windows up-to-date automatically.
3. Install and maintain antivirus software.
4. Install and maintain antispyware software.
Yourself
1. Practice Internet behavior that lowers your risk.
2. Manage your personal information carefully.
3. Use anti-phishing and anti-spam technology built into Windows Vista, Windows XP SP2, Windows Live, and Microsoft Outlook.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Turn on Windows Internet
Firewall
An Internet firewall
helps create a
protective barrier
between your
computer and
the Internet
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Use Automatic Updates to
Keep Software Up-to-date
• Install all updates
as soon as they
are available
• Automatic updates
provide the best
protection
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Install and Maintain Antivirus
Software • Antivirus software
helps to detect and
remove computer
viruses before they
can cause damage.
• For antivirus
software to be
effective, you must
keep it up-to-date. Don’t let it expire
Use Malicious Software Removal Tool regularly for scanning . Get Free PC Safety scan
http://onecare.live.com
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Anti-virus Software
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Download
• The process of transferring data from the Internet to your local computer.
– Files
– Software
– Games
– Pictures
– Music
– Movies, Etc
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Keyloggers
• Software
• Hardware
• Prevent your self from keyloggers ,Use
Virtual key Board
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Hardware Keylogger
• Hardware keylogger attached to CPU
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Safety tips for using a public computer
• Don't save your logon information
• Don't leave the computer unattended
with sensitive information on the screen
• Disable the feature that stores passwords
• Erase your tracks
• Don't enter sensitive information into a public
computer
• Force Cyber Cafe Owner to allocate you a
computer loaded with updated antivirus software
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Password attacks
Shoulder Surfing
Bruteforce attack
Dictionary attack
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
How does it happens ?
Using weak Passwords or blank passwords
Sharing your passwords with others (strangers)
Sending your password information through network (Sniffing data)
Writing your passwords on the papers or storing it on hard disk
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Never give your passwords to unknown persons
Do not write the password any where, try to memorize it
Guidelines
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Things to Remember • Use at least 8 characters
• Use special characters
• Avoid using the words from dictionary
• It must be easy to remember difficult to guess
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risks with e-Mails
• Identity Theft
• Spam e-mails
• Links in e-mails
• Attachments
• Phishing e-mails
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Guidelines Never respond to e-
mails from unknown/ untrusted people
If any thing feels
uncomfortable over
internet Inform to your
parents
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Do not click on the links which are attached to e-mails
Never download the files
from e-mails sent by unknown
persons
Scan the attached files with
latest and updated anti virus
software
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Instant Service Providers
• There are many
such service
providers, to name
a few – AOL,
Yahoo Messenger,
Gtalk.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Disadvantages • Your friends can see when you are online and
jump into chat with you no matter how busy you are
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Disadvantages
• The voice can be trapped by others
• Once message is posted cannot be
deleted
• Chatting may also weaken your language because of extensive use of short forms.
eg: because – bcoz/coz/cos/bcos
Why – y
You – u
Please – plz
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Cont…
• Sometimes accepting files from strangers
or from your friends whose files contain
viruses can infect your system with
malicious software.
• Too much of chatting kills students time
and concentration.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
TIPS
• Take your time and make sure that you are sending it to right address.
• Cross check if you are chatting with the right person who is responsible enough to access those details.
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risks: Online predators try to trap children by making
friends online and then insist to meet in person.
They may also offer free gifts in which malicious information
is contained
Tips: Children should be aware that they should not give out
information about themselves on net.
Never open, accept or download a file in IM from strangers.
Online Predator
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Cont… • In a public chat rooms you never know with
whom you are chatting with and sharing of
personal information may lead to complications.
• Sometimes personal information may sent to wrong address.
• Spim (spam on IM) maybe posted every now
and then by the strangers which contain
advertisements or web links
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Social Networking
• Grouping individuals
into small
communities
• Used for
– Sharing interests or
activities through
Website
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risks
• Privacy
• Adding unknown members to group
• Regional and country level Hatred
messages
• Targeting a person in group
• Morph Photos
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Attacks on Social Networking Sites
• Denial of service
• Phishing attacks
• Malware attacks
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
E-Mails with Attachments
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Users Received e-Mails as
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Updatetool.exe
• By running this tool Trojan will install in PC
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Risks Involved • Posting your personal
information may cause
– Identity theft
• Posting your photos may cause
– Morphs your Photos
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Tips for Social Networking Sites
• Always enable security and privacy
features that are available
• Limit posting personal information
• Change your password frequently
• Avoid clicking links
• Always hide your personal information and
photographs from strangers
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
I Promise that • I will not fill out any forms that asks for any personal
information without my parents permission
• I will not get into arguments or fights online
• I wont keep online secrets from my parents
• If anyone sends me any bad pictures I will inform to my parents
• If anyone asks me to do something which I am not supposed to do, I will inform to my parents
• I will not meet in person anyone whom I met online
• I wont use bad or rude language online
• I will not give my personal information like name, school, parent’s name, address, telephone numbers to anyone whom I meet online
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad
Conclusion
• Internet helps us in accessing the required information within no time.
• It is a great tool to gather information and must be used securely and wisely
ww
w.in
fose
caware
ne
ss.in
Centre for Development of Advanced Computing, Hyderabad