Managing Cybersecurity .docx

Full Transcript

Most commonly used hacking techniques Social Engineering Phishing: Using a fake website that is highly resembled to an original website to lure victims Baiting : Also known as “bait and switch”, hackers use advertising spots on popular websites to launch seemingly legit ads to lure clicks. DDoS attacks Also known as distributed denial of service (DDoS), mainly used to bring down websites by crashing their servers Code injection attacks Injecting malicious codes into systems SQL injection Taking advantage of vulnerabilities in a website’s SQL to gain entry into libraries and databases. XSS attacks Also known as Cross-Site Scripting attacks, where hackers inject malicious code into a legit website. Exploiting plugin vulnerabilities Plugins are the most vulnerable parts of a website, leaving it easy for hackers to take control of a website or bring it down. Therefore, use plugins from trusted sources. Brute force Using multiple combinations of a password until one combination matches. DNS spoofing Forcing victims to land on a fake website, by changing the IP addresses stored in the DNS server to an address that leads to the attacker’s website. Cookie theft Cookies contain information like login credentials and passwords, making it a huge target for hackers to attack. Phishing: How to detect and prevent phishing attacks Be cautious when receiving emails; check the sender before clicking on anything else. Beware of hyperlinks Report suspicious emails to ServiceNow@NTU. Delete the email and do not forward to other people. When opening links, keep an eye out for the lock icon and ensure it starts with https. How to ensure you have a strong password Ensure you have 8 characters Make your password more complex by mixing symbols, numbers and upper/lower case letters. Use uncommon words Do not use personal information that people can guess Activate the Two-Factor Authentication. 4 Levels of data security Open Data that is distributed in public and published online Restricted Data that is only accessible to members of a community but not the public. E.g. internal meeting minutes, project reports, lesson materials, presentation files Confidential Data that is contractually or naturally defined as confidential. E.g. personal identification information, staff performance reports, audit reports Classified Data that is covered by official secrets act. Anything that pertains to national security. NTU cyber security team main objectives Confidentiality: Ensuring data or information cannot be read by unauthorized personnel. Integrity: Data or information held by NTU remains accurate and unmodified. Availability: Data or service remains usable with sufficient capability to deliver educational services NTU cyber security team 3 main functions Cyber security defense: 24/7 365 day operation to detect and respond to cyber attacks Cyber security governance: Responsible for development and maintenance of policies, standards and procedures Cyber security engineering: Responsible for exploring different technologies to enhance cyber security What is AIUP? AIUP stands for acceptable IT usage policy – it serves to protect university information and IT resources, helps to minimize risks and damages. The DO’s of AIUP Update your passwords regularly Always keep your password safe Use NTU email for all official communications Use BCC for mass emails Keep software updated with security patches Use multiple factor authentication The DON’T’s of AIUP Don’t share your password with anyone Don’t use your personal email to forward university documents or use nline storage that is not approved by the university. Don’t install software without appropriate licenses. Don’t turn off your anti-virus software Don’t share information on social media.