Introduction to Cybersecurity CCY2001 Exam

Course Information

• Course: Introduction to Cybersecurity (CCY2001)
• Professors: Prof. Dr. Hatem Abdelkader and Dr. Mohamed Samir
• Course evaluation: 30% exam, 20% practical work, 10% project, 40% final exam
• Reference textbook: "Cybersecurity Fundamentals: A Real-World Perspective" by Kutub Thakur and Al-Sakib Khan Pathan
• Communication: Google Classroom (code: xjrx7kn) and email ([email protected])

Countermeasures for Cyberattacks

• Types of threats to computers and networks: traditional physical security threats and cybersecurity threats
• Firewall settings:
  • Checks and monitors traffic coming from certain sources and leaving for certain ports or destinations
  • Checks port numbers of traffic to ensure it originates from authorized sources and terminates at genuine ports
• Antivirus software:
  • Fundamental security tool for every computer
  • Important points to keep in mind:
    • Automatically starts with computer startup
    • Always "on" while computer is on
    • Download and install latest updates
    • Regularly run quick scans
    • Scan data transfer media before copying data
• Anti-spyware software:
  • Detects and removes spyware that steals user information
  • May be included in antivirus software
• Anti-spam software:
  • Filters out unsolicited emails and malware
  • Pubic email servers such as Google, Yahoo, and Hotmail track and identify spam emails
• Security updates:
  • Essential for security of computer, data, and network
  • Types of updates:
    • OS updates
    • Software application updates
    • Network software updates
• Secure browsing settings:
  • Browser vulnerabilities can be exploited by hackers
  • Important settings to consider:
    • Privacy settings
    • Security settings
    • Plugins and functions
• Scanning devices before data transfer:
  • Devices such as flash drives, CDs, DVDs, and external hard drives can spread malware
  • Scan devices before transferring data
• Social engineering attack precautions:
  • Be cautious of suspicious communication (emails, texts, calls) that ask for personal information
  • Verify authenticity of communication before responding

Password Management

• Threats to passwords:
  • Eavesdropping
  • Guessing
  • Cracking
  • Offline cracking of hashes
  • Password recovery/reset attacks
• Good password practices:
  • Use longer passwords (10-15 characters)
  • Use a combination of characters, symbols, and numbers
  • Avoid using personal information
  • Avoid reusing passwords
  • Change passwords regularly
• Bad password practices:
  • Using plain text passwords
  • Using short passwords
  • Reusing passwords
  • Using meaningful words or variations
• Effective password management tips:
  • Choose longer passwords
  • Don't share passwords
  • Change passwords regularly
  • Use a password manager
  • Consider using biometric passwords
• Creating and managing secure passwords:
  • Use strong passwords
  • Use biometrics
  • Use two-factor authentication

Miscellaneous Tips

• Avoid using free applications

• Always update applications

• Use the latest OS version

• Uninstall unused applications

• Be cautious of unknown emails and attachments

• Set browser settings to high security and privacy

• Create separate user accounts with minimum privileges

• Regularly check for security updates### Security Risks of Single Layer Authentication

• Single layer security is vulnerable to password compromise, allowing unauthorized access to resources.

• Two-factor authentication and multi-factor authentication are solutions to this problem.

Multi-Factor Authentication

• Multi-factor authentication provides improved security for resource access using three or more factors.
• The three main factors used are: what you know, what you are, and what you have.

Factors of Multi-Factor Authentication

• What you know:
  • Deals with information or factors that a user knows about (e.g., password, pin code, or security code).
  • Also known as knowledge factors in computer security.
• What you are:
  • Relates to personal information (e.g., facial recognition, biometrics, retina scan).
  • Also classified as inheritance factors in some books and technical writings.
• What you have:
  • Refers to possession factors (e.g., key fob, digital key, or mobile device with software application).
  • Extensively used in modern multi-factor authentication, especially in industrial and business security systems.

One-Time Password (OTP)

• Passwords can be classified into two categories: static passwords and dynamic passwords.
• Dynamic passwords are created, used, and discarded, and are not saved as valid information for re-login.
• One-time PIN or OPIN is a type of dynamic password, used in modern financial systems for online transactions.

Password Managers

• A password manager is a software application that creates strong passwords and manages them in encrypted format.
• Good password managers allow users to save encrypted passwords either in the cloud or on local drives.
• Examples of password manager tools include Dashlane, LastPass, ZOHO Vault, KeePass, and RoboForm.