user security awareness

7/30/2019 User Security Awareness

1/37

User Awareness and Practices


2/37

The internet allows an attacker to attack from anywhereon the planet.

Risks caused by poor security knowledge and practice:Identity Theft

Monetary TheftLegal Ramifications (for yourself and companies)Termination if company policies are not followed

According to www.SANS.org , the top vulnerabilitiesavailable for a cyber criminal are:

Web Browser IM ClientsWeb ApplicationsExcessive User Rights


3/37

Security: We mustprotect our computersand data in the sameway that we secure the

doors to our homes.

Safety: We must

behave in ways thatprotect us against risksand threats that comewith technology.


4/37


5/37

Cracker:Computer-savvyprogrammer createsattack software

Script Kiddies :Unsophisticatedcomputer userswho know how to

execute programs

Hacker Bulletin BoardSQL Injection

Buffer overflow

Password CrackersPassword Dictionaries

Successful attacks!Crazyman broke into CoolCat penetrated

Criminals:Create & sell bots -> spamSell credit card numbers,

System AdministratorsSome scripts are usefulto protect networks

Malware package=$1K-2K1 M Email addresses = $8

10,000 PCs = $1000


6/37

VirusWormTrojan Horse / Logic BombSocial EngineeringRootkits

Botnets / Zombies


7/37

A virus attaches itself to a program, file,or diskWhen the program executes, the virusactivates and replicates itself The virus may be benign or malignantwhen executing its payload (often uponcontact)

Viruses result in crashing computers andloss of data.

In order to recover/prevent virus/attacks: Avoid potentially unreliable websites/emailsSystem RestoreRe-install operating system

Anti-virus (e.g. Avira, AVG, Norton)

Program A

Extra Code

ProgramB

infects


8/37

Independent program which replicates itself and sends copies fromcomputer to computer across network connections. Upon arrival theworm may be activated to replicate.

To JoeTo AnnTo Bob

Email List:[email protected]

[email protected]

[email protected]


9/37

Logic Bomb: Legitimate program executes malwarelogic upon special conditions.

Software malfunctions if maintenance fee is not paidEmployee triggers a database erase when he is fired.

Trojan Horse: Masquerades as beneficial program whilequietly destroying data or damaging your system.

Download a game: Might email your password file without you

knowing.


10/37

Social engineering manipulates people into performing actions or divulgingconfidential information. Social engineering uses deception to gain information,commit fraud, or access computer systems.

Phone Call:This is John,the System

Admin. Whatis your

password?

Email: ABC Bank has

noticed aproblem with

your account

In Person:What ethnicityare you? Your

mothersmaiden name?

and havesome

softwarepatches

I have cometo repair

your machine


11/37

Phishing : atrustworthy entity

asks via e-mail for sensitiveinformation suchas SSN, creditcard numbers,login IDs or passwords.


12/37

The link provided in the e-mail leads to a fake webpagewhich collects important information and submits it to theowner.The fake web page looks like the real thing

Extracts account information


13/37

A botnet is a large number of compromised computers thatare used to create and send spam or viruses or flood anetwork with messages as a denial of service attack.The compromised computers are called zombies


14/37

An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or webserver, an attacker can mislead him to his computer, pretending tobe that access point or server.


15/37

Upon penetrating a computer, ahacker installs a collection of programs, called a rootkit .

May enable:Easy access for the hacker (andothers)Keystroke logger

Eliminates evidence of break-in

Modifies the operating system


16/37

Pattern Calculation Result Time to Guess(2.6x10 18/month)

Personal Info: interests, relatives 20 Manual 5 minutes

Social Engineering 1 Manual 2 minutes

American Dictionary 80,000 < 1 second

4 chars: lower case alpha 26 4 5x10 5

8 chars: lower case alpha 26 8 2x10 11

8 chars: alpha 52 8 5x10 13

8 chars: alphanumeric 62 8 2x10 14 3.4 min.

8 chars alphanumeric +10 72 8 7x10 14 12 min.8 chars: all keyboard 95 8 7x10 15 2 hours

12 chars: alphanumeric 62 12 3x10 21 96 years

12 chars: alphanumeric + 10 72 12 2x10 22 500 years

12 chars: all keyboard 95 12 5x10 23

16 chars: alphanumeric 62 16 5x10 28


17/37

Restricted data includes:Social Security Number Drivers license # or state ID # Financial account number (credit/debit) andaccess code/passwordDNA profile (Statute 939.74)

Biometric dataIn US, HIPAA protects:Health status, treatment, or payment


18/37

Symptoms: Antivirus software detects a problemPop-ups suddenly appear (may sell securitysoftware)Disk space disappearsFiles or transactions appear that should not bethereSystem slows down to a crawlStolen laptop (1 in 10 stolen in laptop lifetime)

Often not recognized


19/37

Spyware symptoms:Change to your browser homepage/start pageEnding up on a strange site when conducting asearch

System-based firewall is turned off automaticallyLots of network activity while not particularly activeExcessive pop-up windowsNew icons, programs, favorites which you did notaddFrequent firewall alerts about unknown programstrying to access the InternetBad/slow system performance


20/37

Virus symptoms Antivirus software often catches virusesUnusual messages or displays on your monitor Unusual sounds or music played at randomtimesYour system has less available memory than itshould

A disk or volume name has been changedPrograms or files are suddenly missingUnknown programs or files have been createdSome of your files become corrupted or suddenly don't work properly


21/37


22/37

Defense in depth uses multiple layers of defense to addresstechnical, personnel, and operational issues.

This approach was conceived by NSA to ensure informationand electronic security.


23/37

Anti-virus software detects malware and candestroy it before any damage is doneInstall and maintain anti-virus and anti-spyware softwareBe sure to keep anti-virus software updatedMany free and pay options exist


24/37

A firewall acts as a wall between your computer/private network andthe internet. Hackers may use the internet to find, use, and installapplications on your computer. A firewall prevents hacker connections from entering your computer.Filters packets that enter or leave your computer


25/37

Packet Filter Firewall

Web Request

Ping Request

FTP request

Email Connect Request

Web Response

Telnet Request

Email Response

SSH Connect RequestDNS Request

EmailResponse

WebResponse

Illegal Source IP Address

Illegal Dest IP Address

Microsoft NetBIOS Name Service


26/37

Microsoft regularly issues patches or updates to solve securityproblems in their software. If these are not applied, it leaves your computer vulnerable to hackers.

Windows Update can be set to automatically download / install updates.

Avoid logging in as administrator


27/37

Merry ChristmasBadPassword

GoodPassword

Merry Xmas

mErcHr2yOu

MerryChrisToYou

MerChr2You

MerryJul

MaryJul

Mary*Jul

,rttuc,sd J3446sjqw

(Keypad shiftRight . Up)

(Abbreviate)

(Lengthen)

(convert vowelsto numeric)

M5rryXm1s

MXemrarsy

(IntertwineLetters)

Glad*Jes*Birth

(Synonym)


28/37

Combine 2 unrelatedwords

Mail + phone = m@!lf0n3

Abbreviate a phrase My favorite color is blue=

MfciblueMusic lyric Happy birthday to you,

happy birthday to you,happy birthday dear John,happy birthday to you.

hb2uhb2uhbdJhb2u


29/37

Never use admin or root or administrator as a login for the admin

A good password is:private : it is used and known by one person only

secret : it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal

easily remembered : so there is no need to write it down

at least 8 characters, complex : a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation

not guessable by any program in a reasonable time, for instance less than oneweek.

changed regularly : a good change policy is every 3 months

Beware that someone may see you typing it. If you accidentally typeyour password instead of your login name, it may appear in system logfiles


30/37

Do not open email attachments unlessyou are expecting the email with theattachment and you trust the sender.

Do not click on links in emails unlessyou are absolutely sure of their validity.

Only visit and/or download softwarefrom web pages you trust.


31/37

Be sure to have a pop-up blocker installedPop-up blockers do not always block ALL pop-ups soalways close a pop- up window using the X in theupper corner.

Never click yes, accept or even cancel

Infected USB drives are often left unattended byhackers in public places.


32/37

Always use secure browser to do online activities.Frequently delete temp files, cookies, history, saved passwords etc.

https://

Symbol showingenhanced security


33/37

No security measure is 100%What information is important to you?Is your back-up:

Recent?Off-site & Secure?

Process Documented?Tested?Encrypted?


34/37

Organizations lose 5-6%of revenue annually dueto internal fraud = $652Billion in U.S. (2006)

Average scheme lasts 18months, costs $159,000

25% costs exceed $1M

Smaller companies suffer greater average $ lossesthan large companies

Internal Fraud Recovery

$0 RecoveredRecovery


35/37

Tips are most common way fraud is discovered.Tips come from:

Employee/Coworkers 64%, Anonymous 18%,Customer 11%,Vendor 7%

If you notice possible fraud, CONTACT: ??????????

05

10152025303540

Tip By Accident Internal Audit Internal Controls External Audit Notified byPolice

%

How Fraud is Discovered

Essentials of Corporate Fraud, T LCoenen, 2008, John Wiley & Sons


36/37

Additional Slides to insert

How is information security confidentiality tobe handled? Show table of how informationconfidentiality is categorized and treated.Is there specific legal actions all employeesshould be concerned with?Physical security how are the rooms laid outand how is security handled?Handling information at home on homecomputer any special restrictions?On fraud slide, specify contact if fraud issuspected.


37/37

These are best practices involving InformationSecurity.

Most of these practices are from the National Institute of Standards and Technology.

Use these practices at home and at work to keepsafe and secure.

Employers have policies and procedures regardingsecure practices. Be sure to understand them andadhere to them. It will protect you, your employer and your customers.

user security awareness

Documents