Welcome

HOW SECURE ARE YOUR PASSWORDS?

Dian K. Alphonso4/27/13

• Understand What is “Social Engineering”1

• Understand How Hackers use S.E to get access2

• Understand How to “Protect Your Castle3

• Know the importance of A Strong Password4

• Understand How to Secure Your Password5

• Know How to Securely Access WI-FI6• The Dangers of Using Old Browsers7

Today’s Overview

Are You READY!!!• Let’s• Get• Started

“Social Engineering”

What is Social Engineering?

• Social engineering is an approach to acquiring information by deceit that has really taken off in the last few years.

• It can come in a number of different approaches, however they all have one thing in common; getting you to give up information that you normally would not through threats, incentives or patronizing remarks.

Hackers…Are They For You?

How Hackers Use S.E.

• A person calling you pretending to be from the helpdesk and asking for passwords or login details so they can look into a problem.

• Someone pretending to be a senior member of staff or their assistant calling you to ask for urgent copies of confidential documents that their manager needs for a board presentation.

• An external sales person mailing CDROMs or USB stick which has a program on them that pretends to provide product information but also installs a virus. The salesperson may then call you up and encourage you to install the unauthorized program on your PC.

• All these scenarios have been used to get information without authorization by fraudsters and there are many variations on the theme.

“Protect Your Castle”

How to Protect Your Castle

Step 1:Are they who they say they are?

• Do you have any evidence that the person you are talking to or communicating with is who they say they are?

• Can you confirm their identity and contact details independently of the information they have provided.

• If you don't know them and can't confirm their identity don't assume they are who they claim to be.

How to Protect Your Castle

Step 2:Is the request appropriate?

• Is the request reasonable from the person that you are communicating with?

• Even a colleague within your own organization asking about the information you are working with may not be appropriate.

• As a rule, anyone asking for personal or sensitive company information should trigger your warning beacon.

How to Protect Your CastleStep 3:

Is the requester following established process or procedure?

• Is the requester trying to deliberately subvert or bypass process, for instance by requesting information from individuals other than the established points of contact in the organization? You may be less familiar with any authorization procedures or other restrictions than the correct individual or team.

• Most individuals attempting to perform social engineering will be assertive and at times even charming, making it difficult for you to determine whether the individual is authorized for the information that they are requesting.

• Using the simple questions above as guidelines and being prepared to politely challenge someone to request further identification or clarification should help prevent a successful social engineering attack against either yourself or the company.

Strong Passwords Importance

Strong Passwords Importance

Your Passwords are the keys that unlock your data, so it is essential that they are secure and difficult for people to discover, and yet easy enough for you to remember so that you do not need to write them down. Passwords should also be difficult for a computer to guess. A Brute Force Attack, where computers guess the letters, numbers or special characters that could be in your in your password could crack a weak or short one in short order.

Securing Your Passwords

Setting Secure Passwords

Personal Information

• You should NEVER use information that others might already know about you – pet’s name, names of family members, favorite film, phone number, as these are easy to guess or find out. .

Password Length

• The length of a password will make it more difficult for a computer to guess. For instance rabbits - a password all in lower case of 7 characters could take only 13 minutes to crack on a standard desktop computer. On the other hand, humptydumpty - a 12 character password could take 302 years to crack.

Setting Secure Passwords Cont’d

Characters and Substitution

• Using additional characters to increase the complexity of your password will make it even more difficult to guess or discover using a brute force method.

• You should use upper and lower case letters, numbers and symbols. Pupp1e$ - a 7 character password could take 87 days or more to crack by adding additional characters.

• Substituting special characters or symbols for alphabetic ones will also make your password stronger because it increases the character set used.

• Dian recommends at least one upper case and number or special character in your standard passwords.

Setting Secure Passwords Cont’d

Phraseology aka Combined Approach

• One of the best ways to pick a good password is to use the first letters of the words in a phrase – for instance “humpty dumpty sat on a wall, humpty dumpty had a great fall” would become hdsoawhdhagf.

• You could then use a bit of character substitution and add some symbols and you would end up with <HD$0awHDh4gf>

Securely Access WI-FI

How Do I Use WI-FI Securely?• More time these days is spent working from

locations which are public such as coffee shops. Many of these locations provide shared wireless networks in order to access the Internet.

• There are several risks from such environments that need to be considered but can be safely overcome.

• The networks are shared and may well be insecure allowing others to see any traffic that passes over the network.The other risk is the physical risk from working in a shared environment.

• Care needs to be taken to ensure that people can not read your laptop screen when you are working on confidential materials and that you ensure papers, phones, electronic media and your laptop are not liable to be stolen.

• By taking a little care and considering the risks, working from public locations can be made secure.

Bonus:The Dangers of using Old Browsers

Do Not USE OLD Browsers!!!

Security Crossword Enjoy!

Who’s Who

Lead Contact informationDian Alphonso Dalphonso@alphonsoentllc.com

www.alphonsoentllc.com404-382-4801

Family of God Church

support@famofgod.orgwww.famofgod.org678-368-4469

QUESTIONS?