physical security cyber security mbuso ngwenya

PHYSICAL SECURITY CYBER SECURITY - Mbuso Ngwenya http://physicalsecuritycybersecurity.blogspot.com/2016/10/physical-security-cyber-security-book.html

http://physicalsecuritycybersecurity.blogspot.com/2016/10/physical-security-cyber-security-book.html



PHYSICAL SECURITY

CYBER SECURITY

How to Protect Company Data from

the Risk Of Falling

To The Wrong Hands




Copyright © 2016 Mbuso Ngwenya All Rights Reserved No part of this publication may be reproduced or distributed, stored in a retrieval system, or transmitted in whole or in part, in any form or by any means, electronic, mechanical, photocopying, recording, without prior written permission from the Publisher. Exception: except a reviewer who may quote brief passages or paragraph in a review to be printed in Media which are newspaper or magazine or blog and media that are Radio or TV. Published by:

[email protected]

Disclaimer

The information herein is offered for informational purposes only. This

publication is designed to provide accurate and authoritative information in

regards to the subject matter and issue covered. It is sold with the

understanding that neither the author nor publisher is engaged in rendering

Legal, accounting, or other professional services. If Legal advice or other expert

assistance is required, the services of a competent professional person should

be sought. The author or the Publisher does not warranty or guarantee that

the information in this work will meet your requirements or its operation will

be uninterrupted or error free. Under no circumstances the author nor the

publisher, either directly or indirectly shall be liable to you for any inaccuracy,

error or omission, any legal responsibility, damages or monetary loss that

result from the use or inability to use the content of the info in this publication.

All Trade marks are trademarks of their respective owners or Companies. The

Trademarks are used to benefit their owners with no intention of infringement

of the Trademark. All trademarks and brands within this book are for



mailto:[email protected]


informational or clarifying purposes only, belong to their owners who are not

affiliated with this publication.

Content SECTION 1

Introduction

Security Mindset

Chapter 1 Physical security

SECTION 2

Chapter 2 Cyber security

Chapter 3 File Sharing

Chapter 4 Wireless Network Security

Chapter 5 Antivirus for Mac

Chapter 6 Bring Your Own Device

Chapter 7 Mobile Security

Chapter 8 Payments

Chapter 9 Anti Theft Technology

Chapter 10 Website Hacked

Chapter 11 Auto Responder Hacked




Chapter 12 Social Engineering

Conclusion

PHYSICAL SECURITY CYBER SECURITY

Section 1

PHYSICAL SECURITY

Introduction

Technology makes life easy, fun, and productive. We “People” are

acquiring New Technology Devices everyday; I mean every minute

because there is a Tech Device being made and bought every minute

somewhere in the world.

People buy these devices: Mobile Devices such as Smartphones and

Tablets, Notebook computers, PC, Wireless Network Access Points,

Routers, Servers, modems, Wi-Fi, etc. We use these devices in our

personal life, work life and Business life. We access, send and share




valuable Data – information such as our personal ID details, Business

Intellectual Property, Social Media Data…

Protecting our privacy and Business brands and reputation is very

important. We need to protect our Tech devices in order to protect

our privacy, Business Information and our Social Media life everyday.

With the 2010 Soccer World Cup coming to Africa for the first time,

under sea fast Internet Cables were laid on the east cost and west

coast, connecting the Host Nation (South Africa) to the rest of the

world. The 2010 World Cup did come with the great sporting and

social activities (entertainment) plus Business activity but it was also

followed with the rise in Cyber Threats from then on. Any country

hosting a major Sporting Event becomes a target of Cyber Criminals

during and after the event.

I use to work in a Building with Different High Level Investigation

Units. On each Unit floor, they had a Security Guard at the door.

Visitors had to sign in at the ground Floor as they enter the Building

and then sign in again at the floor they are visiting. When the

contract for the Security Company guarding the doors at each floor

ended and was not quickly renewed or replace and there were no

guards. A Mobile Device was stolen. Can you imagine the Contacts

and High level investigation Data that had to fall to the wrong hands.

Investing in beefing up Physical Security & Cyber Security can help

protect us from Cyber Threats, Cyber Criminals and Thieves…

In this book you are going to learn “how to (you can) protect your

devices and data at home, at work and in Business.”




Security Mindset

1. Negative security mindset

Lack of information or ignorance - let people View Security as costs.

2. Positive mindset

Security mindset that you should develop

-Include : Security as part of the plan -View Security as investment

3. Current state of computer security internationally

At Home - XP, Vista end of life - When Operating Systems (Windows OS) reach End Of Life, a huge number of Home Computers are not upgrade to the new version of Windows. This lead to a high security risk of these computers being infected by Computer Malware such as viruses, spyware, Ransomware.etc and being taken over by hackers and used as spam mail senders and virus distribution computers.

USB sharing with friends – People share files by USB everyday. Files such as word documents, music, videos, etc. USB file sharing is one of the overlooked security risks. USBs carry infected file from one computer to the next. People often say my computer is not connected to the internet, so it safe or it does not get infected by Viruses but they share files with friends by USB…

My story : Friend’s PC Repair




My Friends Windows XP PC got infected by viruses while sharing Architect Files by USB. He requested me to fix it for him. I scanned his hard drive on my Windows XP Machine. That hard drive infected my PC with the same virus. And every other Hard drive that I connected on my Machine got infected… But when I connected and

scanned my friends hard Drive on a Windows Vista PC with Vista compatible Endpoint Security, the viruses were removed, my friends PC fixed and the Vista PC was not infected.

In business - XP, Vista

Business (both Big and small) also tend to keep Operating system (old windows version) when it has reached End Of Life(discontinued OS). This is because they view upgrading to new (OS) operating System (New version of Windows) as cost. Businesses (Companies) that view upgrading to new OS as an investment, understand the value and benefits of upgrading i.e. Improved Security, enhancing their competitiveness, improved Technology, Fast Boot up time, reducing repair cost of keeping old OS technology running, End User Friendly, improved network connection and keeping their data secured.

Story: Upgrading XP to Windows Vista

Vista : Windows Vista hated by Technical Guys because of the shortage of Vista drivers compatible with existing Devices at that time when Vista Came out. But I loved it. While I was at a Microsoft Partner, all the Tech guys were concerned with the shortage of Windows Vista compatible drives for devices such as Printers, Scanners and Wireless Network Cards. I had already find out on the field that the shortage of drivers mostly affected the USB connected devices because most of the Devices that were connected to the network or connected by Network cables were able to use Windows XP drives on Windows Vista and others had their divers available




online on Manufacturer websites. I shared this with the other Tech Guys. The shortage of Vista compatible drivers also lead Microsoft to give their Customers a chance to downgrade (go back) to Windows XP when they had bought a Windows Vista Machine. What I liked the most about Windows Vista was the Vista Virus Removal Tool that came build into Windows Vista. I upgraded a Law Firm’s PC from windows XP to Windows Vista as a proof of concept that it was time to Upgrade to Windows Vista and that Vista would work fine on their network. After installing Vista, I watched the Vista Virus Removal Tool as it clean and disinfect files(documents and system files) that were created while the PC was still running Windows XP. What I find interesting was that the anti-virus installed and compatible with XP, didn’t detect those viruses. But Vista Virus removal Tool did detect viruses and cleaned the file before I installed Endpoint Security compatible with Windows Vista.

Government Legacy software which are now the Weakest Link

Governments also tend to keep outdated technology for a long period of time. This is can be caused by the long period of time it take to approve budget for upgrading to new and improved Technology. This leads to government computer systems being vulnerable (exposed) to Malware and Hackers.

US Navy Story

The US Navy had to pay Microsoft 9 Million Dollars to keep updating and parching their Windows XP machines after Windows XP had reached End of Life.




Chapter 1

Physical security

Physical Security to Computers and Servers is very important to protect the company from loosing it’s investment in IT Infrastructure.

Servers store Company Data, Control the Network, Share Internet Connect to Computers, Connect All Office Resources, therefore servers require protection from thieves, un-trusted employees, competition. Servers require to be locked in a Server room or Server Cabinet. Small Businesses need to keep their servers and Switches in a Server Cabinet since they often have limited Space.

Tips

Notebook security - security cable Keep switches in secure cabinet

Why prevent theft and easy access and plugging Of infected

notebooks

To prevent unauthorised network access; network abuse. hacking - to prevent hacking of company information, company

secret information.




E.g. Pentagon Hacking story on CNBC

Interviewer: The Journalist asked “ what has been stolen?” Interviewee replied “the right question to ask is “what hasn't been stolen?””

keep away employees from other department or Factory from office computers to prevent theft and infection by USB viruses.

Stolen notebooks - have access to company Wireless Networks, can be used to hack the company. Stolen Notebooks consist company documents secret information.

Story 1 : Microsoft story

At a Microsoft Even, a Microsoft Employee presenting on Computer Security , introducing Bit Encryption Security tells a story, a true Story. He said “ It the staff that you see only in the movies but this time it real.” : - “ A man caches a Plane to a Conference half way around the world to another Country. Check in into a Hotel. And two other men follow him on the same aeroplane. Then they steal the man’s Notebook while he is out of his Hotel room, dining… It turns out that the man’s Notebook was stolen because of the new Technological Information that the man’s company had been working on.

Story 2 : car stories

Multinational Oil Company Man




A man working for a Multinational Oil Company parked a Luxurious Company which is considered to be hardest to steal and went into a Store. When he came back to the car the doors were open and a work Notebook was stolen. He did want that car any more and requested the Company to bring him another car on the spot.

The stolen Notebook had company Intellectual property Information…

B Tech Student

A student attending his B Tech classes every Wednesday, parked his mother’s car on the University Parking, get out and walked a few steps toward his Classroom then press the car mobilize to lock the car doors. The car indicators flashed to signal that the doors are locked. But the signal was jammed. A device that act like a Mobilizer was press at the same time as the Student was pressing the car Mobilizer, that why the Indicators flashed but the doors were not locked. When the Student came back to the car, his Notebook was stolen.

What was in the Student’s Notebook? – Student notes, Learning materials, games, Photos, Music, Videos, Movies…

Attorney at Law

An Attorney (Director /my former client) also parked his car out side the Store to buy snacks. Then returned to his car in two minutes, a notebook was stolen. He was the victim of the same device that was use to block the mobilizer like the Student above.




A lot of Legal Matters information was stolen with the notebook…

Cyber Threat Prevention

Switch cabinet can prevent physical access to all available,

unused ports in case (hackers) don't care about their presence being detected anymore. They can break the glass cover. It is good practice (best) to acquire managed switches and to lock all unused ports.

Solutions

Pairing a device’s Mac address and ports on the switch will help protect the network in case someone tries to connect an unauthorised device to the network - this reduce infection and prevent hacking easily.

Home Physical Security

1. Always have someone in the house, - Made / kids - teenagers - present by day while other people are at work or school. Get a big and well trained security dog, old dogs referable a police dog. Get a dog - i.e. Pit-bull, German shepherd, Rottweiler to guard your house while you are not around at home and even if you are present.




2. Install Burglar Guards on all windows and doors to deter thieves.

You won't be an easy Target. Criminals (thieves) will pass your home when they see you have installed Burglar Guards and look for an easy Target. Why? They don't want to get caught on the set of breaking a house. They want to get in easy steal devices off they go with no Witnesses seeing them. They take their time studying your home security and planning - how and when is the right time to strike and steal. - They check your schedule (they know when you are at home or not there). -They check security measures you have installed around your home. - They are always looking for the Weakest Link - They are always listening for Intel (info) that can give them easy

access into your home and what other devices you may have which

they can steal when they come for the one device (usually

notebooks) they know you have.

- They befriend your Family member, and then come to your home pretending to be looking for him or her, but their main intention is to check out your security measures (Who is at home at the time). -They also use Youngsters as their foot soldiers and intelligence officers (information gatherers). Here's the thing , teenage boy has good friends right , right :His friends come visit your home more often and use your home computer(s) and learn that you have this amazing devices (notebooks, Smartphone & tablets) that you either get from work and or you bought or purchased recently. And at the street corner or local shop where boys like to hang around from time to time, they are never alone. They are also joined by the criminal element (foot soldiers). Your son's friend may be honestly boasting about how many cool devices his friend’s mother or dad or uncle or aunty has. But what he doesn't realise is how much intelligent he has given about you and your devices to the




wrong people. Devices such as remote control DStv - pay TV, DVD player, Computers, Tablets Smartphones, Flat screen TV, etc

3. Solution

Get to know you teens (remember not to intrude) and you will understand his friends and the kind of people he hang (spend time) with. Getting to know your teens will help you find out what they use your home computer for, together with their friends i.e. games movies music school projects online searches. This will help you guide your teens when it comes to computer physical security and cyber security which we will talk about on the next section.

(4) Install security cameras - to deter criminal element

Story: 911 - Women with home security cameras. A woman decide to check security cameras (over the internet) while she was at work, working night shift. She saw two men who had just broken into her home. The two men were busy stealing her belongings. She called 911 and the police arrested the two men on the scene.

(5)Fence or designer brick wall around your home.

It will make your house seem Secured.

Your designer wall should not just be a pretty wall, but it must also be practical to prevent the criminal element from easily climbing over it. You can add security measures such as electric fence at the top or barb wire.




Business Physical security

Business physical security should be a combination of two or three security measures at any time. Door lock with a key, security cameras or security personnel or alarm system. If you are renting an office space and your front door is locked with the electric magnet near the door handle where by staff members have to punch in Key (codes) numbers or use an Electric Tag to open the door. Bad news for you, sorry you (will) have to take this with a pinch of salt: Your office door is never locked, even when you think or consider it to be locked. Think and think again and again. It takes two seconds (2 seconds) to open an electric magnetic locked door without any key code or tag. The first second is for checking out if no one is looking. The 2nd second is for kicking the door at the bottom and the magnet let the door Wide Open.

(A) Now thieves can steal any device they want (came to Steal) hard drives motherboards, DVD ROMs, notebooks, switches, wireless access points devices, RAM, etcetera.

(B) They can Steal your company intellectual property; copy or clone your server / PC hard drive in minutes. By the time you come in, in the morning or Monday everything may seem normal but all of your data (information about - New Research, Target Market, New Discovery) has fallen to the wrong hands.

(C) Hackers




Hackers can now install remote access software or spyware so they can keep accessing your Data(Tender Document Application and copy it, Next Five year Plan for your business, Product you are developing – not yet file for Patent… Court Preparation Documents, Financial Documents, Marketing Plans, etc)

Solution

For better security to keep your doors locked by electric magnet, Install three electric magnet. One at the top, second one in the middle next to the door handler and third magnet at the bottom.

The best way to secure your doors with electric magnet will be to install 5 or 6 electric magnet by adding other magnet on the opposite side where there are door hinges. And install a backup battery so your door will be locked even during load shedding or criminals switching off the main power for the entire office floor. Install security cameras to record everyone's face as they open the door or even better include facial recognition software.

READ THE WHOLE BOOK NOW

How to get more IT Solutions, Tips, Tricks and Resources to your Business and Home;

Family ; Kids. Click this link below.

https://www.amazon.com/PHYSICAL-SECURITY-CYBER-Protect-Company-

ebook/dp/B01LDIXBSU/ref=pd_rhf_gw_p_img_1?ie=UTF8&psc=1&refRID=VJF6GV30RJ24RRM

2Q2YQ



https://www.amazon.com/PHYSICAL-SECURITY-CYBER-Protect-Company-ebook/dp/B01LDIXBSU/ref=pd_rhf_gw_p_img_1?ie=UTF8&psc=1&refRID=VJF6GV30RJ24RRM2Q2YQ




SECTION 2

CYBER SECURITY

Chapter 2

Cyber security

