Cybersecurity Fundamentals PDF
Document Details
Uploaded by ExceptionalSanDiego
De La Salle University – Dasmariñas
Tags
Summary
This document provides a general overview of cybersecurity, including personal data protection, organizational data protection, and government level security. It also covers sources of personal data such as medical records, education records, and employment and financial records, alongside types of identity theft, and cyberwarfare.
Full Transcript
MODULE 1: WHAT IS CYBERSECURITY? CYBERSECURITY is the ongoing effect to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. LEVELS OF CYBERSECURITY 1...
MODULE 1: WHAT IS CYBERSECURITY? CYBERSECURITY is the ongoing effect to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. LEVELS OF CYBERSECURITY 1. Personal You need to safeguard your identity, your data, and your computing devices 2. Organizational it is everyone's responsibility to protect the organization's reputation, data , and customers 3. Government As more digital information is being gathered and shared, its protection becomes even more vital at the government level, where national security, economic stability and the safety and wellbeing of citizens are at stake. Personal Data Any information that can be used to identify you, and it can exist both offline and online E.g. name, social security number, driver's license number, date and place of birth, your mother’s maiden name, pictures, or messages exchanged with others Offline Identity - It is the real-life persona that you present on a daily basis at home, at school or at work - It is important not to overlook the importance of securing your offline identity. - Identity thieves can easily your data from right under your nose when you're not looking. Online Identity - It is who you are and how you present yourself to others online. - It includes the username or alias you use for your online accounts as well as the social identity you - establish and portray on online communities and websites - You should take care to limit the amount of personal information you reveal through your online identity. SOURCES OF PERSONAL DATA 1. Medical Records Every time you visit the doctor, personal information regarding your physical and mental health and wellbeing is added to your electronic health records (EHRs). Since most of these records are saved online, you need to be aware of the medical information that you share. These records go beyond the bounds of the doctor’s office. 2. Education Records They contain information about your academic qualifications and achievements. They may also include your contact information, attendance records, disciplinary reports, health and immunization records, as well as any special education records including individualized education programs (IEPs). 3. Employment and Financial Records Employment data: can be valuable to hackers if they can gather information on your past employment - or even your current performance reviews. Financial records: may include information about your income and expenditure. Your tax records may include paychecks, credit card statements, your credit rating, and your bank account details. TYPES OF IDENTITY THEFT Medical theft Rising medical costs have led to an increase in medical identity theft, with cybercriminals stealing medical insurance to use the benefits for themselves. Where this happens, any medical procedures carried out in your name will then be saved in your medical records. Banking Stealing private data can help cybercriminals access bank accounts, credit cards, social profiles, and other online accounts. Armed with this information, an identity thief could file a fake tax return and collect the refund. They could even take out loans in your name and ruin your credit rating (and your life as well). ENTITIES THAT ARE INTERESTED IN ONLINE IDENTITY 1. Your Internet Service Provider Your ISP tracks your online activity, and in some countries, they can sell this data to advertisers for a profit. In certain circumstances, ISPs may be legally required to share your information with government surveillance agencies or authorities. 2. Advertisers Targeted advertising is part of the internet experience. Advertisers monitor and track your online activities such as shopping habits and personal preferences and send targeted ads your way. 3. Search engines and social media platforms These platforms gather information about your gender, geolocation, phone number, and political and religious ideologies based on your search histories and online identity. This information is then sold to advertisers for a profit. 4. Websites you visit Websites use cookies to track your activities to provide a more personalized experience. But this leaves a data trail that is linked to your online identity that can often end up in the hands of advertisers! TYPES OF ORGANIZATIONAL DATA 1. Traditional Data Typically generated and maintained by all organizations, big and small. Transactional data o details relating to buying and selling, production activities, and basic organizational operations such as any information used to make employment decisions. Intellectual property o patents, trademarks, and new product plans, allows an organization to gain economic advantage over its competitors. o often considered a trade secret and losing it could prove disastrous for the future of a company. Financial data o income statements, balance sheets, and cash flow statements, provide insight into the health of a company. 2. Internet of Things (IoT) and Big Data IoT is a large network of physical objects, such as sensors, software, and other equipment. All of these ‘things’ are connected to the Internet, with the ability to collect and share data. Data storage options are expanding through the cloud and virtualization. The emergence of IoT has led to exponential growth in data, creating a new area of interest in technology and business called 'Big Data.' THE CUBE McCumber Cube A model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all related factors that impact them. It has three dimensions: 1. The foundational principles for protecting information systems Confidentiality ▪ A set of rules that prevents sensitive information from being disclosed to unauthorized people, resources, and processes. ▪ Methods to ensure it include data encryption, identity proofing, and two factor authentication. Integrity ▪ Ensures that system information or processes are protected from intentional or accidental modification. ▪ One way to ensure it is to use a hash function or checksum. Availability ▪ Authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. ▪ This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups. 2. The protection of information in each of its possible states Processing ▪ Refers to data that is being used to perform an operation such as updating a database record (data in process). Storage ▪ Refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive, or USB drive (data at rest). Transmission ▪ Refers to data traveling between information systems (data in transit). 3. The security measures used to protect data Awareness, training and education ▪ The measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems. Technology ▪ Refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents. Policy and procedure ▪ Refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines. PHISHING In August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers. DATA SECURITY BREACH Security breach An incident that results in unauthorized access to data, applications, services or devices, exposing private information that attackers can use for financial gain or other advantages. Data Breach Often involves an incident where sensitive personal data has been stolen. A. The Persirai botnet In 2017, an Internet of Things (IoT) botnet, Persirai, targeted over 1,000 different models of IP cameras, accessing open ports to inject a command that forced the cameras to connect to a site which installed malware on them. Once the malware was downloaded and executed, it deleted itself and was therefore able to run in memory to avoid detection. Over 122,000 of these cameras from several different manufacturers were hijacked and used to carry out DDoS attacks, without the knowledge of their owners. A DDoS attack occurs when multiple devices infected with malware flood the resources of a targeted system. B. Equifax Inc. In September 2017, Equifax, a consumer credit reporting agency in the US, publicly announced a data breach event: attackers had been able to exploit a vulnerability in its web application software to gain access to the sensitive personal data of millions of customers. In response to this breach, Equifax established a dedicated website that allowed Equifax customers to determine if their information was compromised. However, instead of using a subdomain of equifax.com, the company set up a new domain name, which allowed cybercriminals to create unauthorized websites with similar names. These websites were used to try and trick customers into providing personal information. Attackers could use this information to assume a customer’s identity. In such cases, it would be very difficult for the customer to prove otherwise, given that the hacker is also privy to their personal information. CONSEQUENCES OF A SECURITY BREACH 1. Reputational damage A security breach can have a negative long-term impact on an organization’s reputation that has taken years to build. Customers, particularly those who have been adversely affected by the breach, will need to be notified and may seek compensation and/or turn to a reliable and secure competitor. Employees may also choose to leave in light of a scandal. Depending on the severity of a breach, it can take a long time to repair an organization’s reputation. 2. Vandalism A hacker or hacking group may vandalize an organization’s website by posting untrue information. They might even just make a few minor edits to your organization’s phone number or address, which can be trickier to detect. In either case, online vandalism can portray unprofessionalism and have a negative impact on your organization’s reputation and credibility. 3. Theft A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can make this information public or exploit it to steal an individual’s money and/or identity. 4. Loss of revenue The financial impact of a security breach can be devastating. For example, hackers can take down an organization’s website, preventing it from doing business online. A loss of customer information may impede company growth and expansion. It may demand further investment in an organization’s security infrastructure. And let’s not forget that organizations may face large fines or penalties if they do not protect online data. 5. Damaged intellectual property A security breach could also have a devastating impact on the competitiveness of an organization, particularly if hackers are able to get their hands on confidential documents, trade secrets and intellectual property. TYPES OF ATTACKERS Cyber Attackers Range from amateur to organized and will try anything to get their hands on personal information. They are often categorized as white hat, gray hat, or black hat attackers. 1. Amateur Hackers The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks. Some script kiddies are just curious, others are trying to demonstrate their skills and cause harm. While these white hat attackers may use basic tools, their attacks can still have devastating consequences. 2. Hackers This group of attackers break into computer systems or networks to gain access. Depending on the intent of their break-in, they can be classified as the following: White hat attackers o Break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. o These break-ins are done with prior permission and any results are reported back to the owner. Gray hat attackers o May set out to find vulnerabilities in a system, but they will only report their findings to the owners of a system if doing so coincides with their agenda. o They might even publish details about the vulnerability on the Internet so that other attackers can exploit it. Black hat attackers o Take advantage of any vulnerability for illegal personal, financial, or political gain. 3. Organized Hackers These attackers include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers. They are usually highly sophisticated and organized and may even provide cybercrime as a service to other criminals. Hacktivists o Make political statements to create awareness about issues that are important to them. State-sponsored attackers o Gather intelligence or commit sabotage on behalf of their government. o They are usually highly trained and well-funded, and their attacks are focused on specific goals that are beneficial to their government. o Example: Stuxnet malware that was designed not just to hijack targeted computers but to actually cause physical damage to equipment controlled by computers! ORIGINS OF CYBER ATTACKS Cyber Attacks can originate from within an organization as well as from outside of it. Internal o Employees, contract staff, or trusted partners can accidentally or intentionally: ▪ mishandle confidential data ▪ facilitate outside attacks by connecting infected USB media into the organization’s computer system ▪ invite malware onto the organization’s network by clicking on malicious emails or websites ▪ threaten the operations of internal servers or network infrastructure devices External o Amateurs or skilled attackers outside of the organization can: ▪ exploit vulnerabilities in the network ▪ gain unauthorized access to computing devices ▪ use social engineering to gain unauthorized access to organizational data PURPOSE OF CYBERWARFARE Main reason: To gain advantage over adversaries, whether they are nations or competitors. Cyberwarfare is used in the following ways: A. To gather compromised information and/or defense secrets o A nation or international organization can engage in cyberwarfare to steal defense secrets and gather information about technology that will help narrow the gaps in its industries and military capabilities. o Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel within a foreign government. B. To impact another nation’s infrastructure o Besides industrial and military espionage, a nation can continuously invade another nation’s infrastructure to cause disruption and chaos. o For example, a cyber-attack could shut down the power grid of a major city. o Consider the consequences if this were to happen; roads would be congested, the exchange of goods and services would be halted, patients would not be able to get the care they would need if an emergency occurred, access to the internet would be interrupted. o By shutting down a power grid, a cyber-attack could have a huge impact on the everyday life of ordinary citizens. MODULE 2: ATTACKS CONCEPTS AND TECHNIQUES Malware Any code that can steal data, bypass access controls, or cause containing and removing them. The use of any code to steal data, bypass access controls, or cause harm to or compromise a system. TYPES OF MALWARES 1. Spyware Monitors your online activity and can log every key you press on keyboard and capture any of your data, including sensitive personal information such as your online banking details -It often bundles itself with legitimate software or Trojan horses. 2. Adware Installs with some software versions, and its design is to automatically deliver advertisement to a user, most often on a web browser. It is common for adware to come with spyware. 3. Backdoor This malware gains unauthorized access by bypassing the normal authentication procedures to access a system. As a result, hack er can access resources within an application and issue remote system commands It works in the background and is difficult to detect. 3. Ransomware The design of this malware is to hold a computer system or the data it contains captive until makes a payment. Usually encrypts your information so you can't access it Take advantage of specific system vulnerabilities to lock it down. Often spread through phishing emails that encourage you to download malicious attachment or through a software vulnerability. 4. Scareware Uses 'Scare' tactics to trick you into taking a specific action. Mainly consists of operating system-style windows that warn you that your system is at risk and need to run a specific program to return to normal operation If you execute the program, your system will become infected with malware. 5. Rootkit is to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. use software vulnerabilities to access resources that shouldn’t be accessible (privilege escalation) and modify system files. can also modify system forensics and monitoring tools, making them very hard to detect. If rootkit infected a computer, wipe the computer and reinstall any required software. 6. Viruses A computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its code. Most viruses require end-user interaction to initiate activation and can act on a specific date or time. Viruses, such as those that display a funny image, can be relatively harmless. Or they can be destructive, such as those that modify or delete data. Viruses can also be programmed to mutate to avoid detection. USB drives, optical disks, network shares, or email spreads most viruses. 7. Trojan Horse This malware carries out malicious operations by masking its true intent. It appears legitimate but is very dangerous. Trojans exploit your user privileges, and image files are where you find them, audio files or games. Unlike viruses, Trojans do not self-replicate but act as decoys to sneak malicious software past unsuspecting users. 8. Worms This type of malware replicates itself to spread from one computer to another. Unlike a virus, which requires a host program, worms can run alone. Other than the initial infection of the host, they do not require user participation and can spread very quickly over the network. Worms share similar patterns: They exploit system vulnerabilities, have a way to propagate themselves, and all contain malicious code (payload) to cause damage to computer systems or networks. Worms are responsible for some of the most devastating attacks on the Internet. In 2001, the Code Red worm infected over 300,000 servers in just 19 hours. SYMPTOMS OF MALWARE ❖ An increase in central processing unit (CPU) usage, which slows down your device ❖ Your computer freezing or crashing often ❖ A decrease in your web browsing speed ❖ Unexplainable problems with your network connections ❖ Modified or deleted files ❖ The presence of unknown files, programs, or desktop icons ❖ Unknown processes running ❖ Programs turning off or reconfiguring themselves ❖ Sending emails without your knowledge or consent. METHODS OF INFILTRATION 1. Social Engineering Manipulating people into performing actions or divulging confidential information. Social engineers often rely on people’s willingness to be helpful but also prey on their weaknesses. For example, an attacker will call an authorized employee with an urgent problem that requires immediate network access and appeal to the employee’s vanity or greed or invoke authority by using name-dropping techniques to gain this access. Pretexting o This is when an attacker calls an individual and lies to them to gain access to confidential data. o For example, pretending to need a person’s personal or financial data to confirm their identity. Tailgating o This is when an attacker quickly follows an authorized person into a secure, physical location. Something for something (quid pro quo) o This is when an attacker requests personal information from someone in exchange for something, like a gift. 2. Denial-of-Service (DoS) Attack A type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack results in some interruption of network service to users, devices, or applications. Overwhelming quantity of traffic o This is when a network, host, or application sends an enormous amount of data at a rate it cannot handle. This causes a slow transmission or response or causes the device or service to crash. Maliciously formatted packets o A packet is a collection of data that flows between a source and a receiver computer or application over a network, such as the Internet. When sending a maliciously formatted packet, the receiver cannot handle it. o For example, suppose an attacker forwards packets containing errors or improperly formatted packets that an application cannot identify. In that case, this will cause the receiving device to run very slowly or crash. 3. Distributed DoS (DDoS) Attack Similar to a DoS attack but originates from multiple coordinated sources. For example: o An attacker builds a network (botnet) of infected hosts called zombies, controlled by handler systems. o The zombie computers will constantly scan and infect more hosts, creating more and more zombies. o When ready, the hacker will instruct the handler systems to make the botnet of zombies carry out a DDoS attack. 4. Botnet A bot computer is typically infected by visiting an unsafe website or opening an infected email attachment or media file. A botnet is a group of bots connected through the Internet that a malicious individual or group can control. It can have tens of thousands, or even hundreds of thousands, of bots which a command-and-control server typically controls. Activating these bots distributes malware, launches DDoS attacks, distributes spam emails, or executes brute-force password attacks. Cybercriminals will often rent out botnets to third parties for nefarious purposes. Many organizations, like Cisco, force network activities through botnet traffic filters to identify any botnet locations. Infected bots try to communicate with a command and control host on the Internet. The Cisco Firewall botnet filter is a feature that detects traffic coming from devices infected with the malicious botnet code. The cloud-based Cisco Security Intelligence Operations (SIO) service pushes down updated filters to the firewall that match traffic from new known botnets. Alerts go out to Cisco’s internal security team to notify them about the infected devices generating malicious traffic so that they can prevent, mitigate and remedy these. 5. On-Path Attacks On-path attackers intercept or modify communications between two devices, such as a web browser and a web server, to collect information from or impersonate one of the devices. This type of attack refers to a man-in-the-middle or man-in-the-mobile attack. Man-in-the-middle o A MitM attack happens when a cybercriminal takes control of a device without the user’s knowledge. o With this level of access, an attacker can intercept and capture user information before it sends it to its intended destination. o Using these types of attacks often steals financial information. o There are many types of malware that possess MitM attack capabilities. Man-in-the-Mobile o A variation of man-in-middle, MitMo is a type of attack used to take control over a user's mobile device. o When infected, the mobile device's instruction exfiltrates user-sensitive information and sends it to the attackers. o ZeuS is one example of a malware package with MitMo capabilities. It allows attackers to capture two-step verification SMS messages sent to users quietly. 6. Search Engine Optimization (SEO) Poisoning You’ve probably heard of search engine optimization or SEO, which is about improving an organization’s website to gain greater visibility in search engine results. Search engines such as Google work by presenting a list of web pages to users based on their search queries. These web pages rank according to the relevancy of their content. While many legitimate companies specialize in optimizing websites to better position them, attackers take advantage of popular search terms and use SEO to push malicious sites higher up the search results. This technique is called SEO poisoning. Most common goal: To increase traffic to malicious sites that may host malware or attempt social engineering. 7. Password Attacks Entering a username and password is one of the most popular forms of authenticating to a website. Therefore, uncovering your password is an easy way for cybercriminals to gain access to your most valuable information. Password Spraying o This technique attempts to gain access to a system by 'spraying' a few commonly used passwords across many accounts. For example, a cybercriminal uses 'Password123' with many usernames before trying again with a second commonly-used password, such as 'qwerty.' o This technique allows the perpetrator to remain undetected and avoid frequent account lockouts. Dictionary Attacks o A hacker systematically tries every word in a dictionary or a list of commonly used words as a password to break into a password-protected account. Brute-force Attacks o The simplest and most commonly used way of gaining access to a password-protected site, brute-force attacks see an attacker using all possible combinations of letters, numbers, and symbols in the password space until they get it right. Rainbow Attacks o Passwords in a computer system do not store as plain text but as hashed values (numerical values that uniquely identify data). A rainbow table functions as an extensive dictionary of precomputed hashes and passwords. o Unlike a brute-force attack that has to calculate each hash, a rainbow attack compares the hash of a password with those stored in the rainbow table. When an attacker finds a match, they identify the password used to create the hash. Traffic Interception o By intercepting communications, other humans and machines can easily read plain text or unencrypted passwords. o If you store a password in clear, readable text, anyone who has access to your account or device, whether authorized or unauthorized, can read it. SECURITY VULNERABILITY AND EXPLOITS Hardware Vulnerabilities Most often the result of hardware design flaws. For example, the type of memory called RAM consists of lots of capacitors (a component that can hold an electrical charge) installed very close to one another. However, due to their proximity, changes applied to one of these capacitors could influence neighbor capacitors. This design flaw creates an exploit called Rowhammer. By repeatedly accessing (hammering) a row of memory, the Rowhammer exploit triggers electrical interferences that eventually corrupt the data stored inside the RAM. Meltdown and Spectre o Google security researchers discovered Meltdown and Spectre, two hardware vulnerabilities that affect almost all central processing units (CPUs) released since 1995 within desktops, laptops, servers, smartphones, smart devices, and cloud services. o Attackers exploiting these vulnerabilities can read all memory from a given system (Meltdown) and data handled by other applications (Spectre). The Meltdown and Spectre vulnerability exploitations refer to side-channel attacks (the implementation of a computer system gains information). They can compromise large amounts of memory data because of the numerous times the attacks run on a system with minimal possibility of a crash or other error. Software Vulnerabilities Errors in the operating system or application code The SYNful Knock vulnerability allowed attackers to gain control of enterprise-grade routers, such as the legacy Cisco ISR routers, from which they could monitor all network communication and infect other network devices. When an altered IOS version installs on the routers, this vulnerability introduces into the system. To avoid this, you should always verify the integrity of the downloaded IOS image and limit the physical access of such equipment to authorized personnel only. I. Buffer Overflow: a. Buffers are memory areas allocated to an application. When writing data beyond the limits of a buffer, a vulnerability occurs. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges. II. Non-validated input: a. Programs often require input, but this incoming data could have malicious content that unintentionally forces the program to behave. b. For example, consider a program that receives an image for processing. A malicious user could craft an image file with invalid image dimensions. The maliciously crafted dimensions could force the program to allocate buffers of incorrect and unexpected sizes. III. Race conditions: a. This vulnerability describes a situation where the output of an event depends on ordered or timed outputs. A race condition became a source of exposure when the required ordered or timed events did not occur in the correct order or at the proper time. IV. Weaknesses in security practices: a. Authentication, authorization, and encryption protect systems and sensitive data. Developers should use security techniques and libraries that have already been created, tested, and verified and should not attempt to create their security algorithms. These will only likely introduce new vulnerabilities. V. Access Control problems: a. Access control is the process of controlling who does what and ranges from managing physical access to equipment to dictating who has access to a resource, such as a file, and what they can do with it, such as read or change the file. The improper use of access controls creates many security vulnerabilities. b. Nearly all access controls and security practices can be overcome if an attacker has physical access to target equipment. For example, no matter the permission settings on a file, a hacker can bypass the operating system and read the data directly off the disk. SOFTWARE UPDATES Its goal is to stay current and avoid exploiting vulnerabilities. Microsoft, Apple, and other operating system producers release patches and updates daily. The companies or organizations responsible for them update applications such as web browsers, mobile apps, and web servers. Even though organizations put a lot of effort into finding and patching software vulnerabilities, they discover new vulnerabilities regularly. That’s why some organizations use third-party security researchers who specialize in finding vulnerabilities in software or invest in their penetration testing teams dedicated to searching, finding, and patching software vulnerabilities before they can get exploited. Google’s Project Zero is an excellent example of this practice. After discovering several vulnerabilities in various software used by end users, Google formed a permanent team dedicated to finding software vulnerabilities. You can find out more about Google’s security research here. CRYPTOCURRENCY Cryptocurrency Digital money used to buy goods and services, using strong encryption techniques to secure online transactions. Banks, governments, and even companies like Microsoft and AT&T are very aware of its importance and are jumping on the cryptocurrency bandwagon! Cryptocurrency Owners o Keep their money in encrypted, virtual ‘wallets.’ When a transaction occurs between the owners of two digital wallets, the recording of the details in a decentralized, electronic ledger or blockchain system takes place. This means it is carried out anonymously and is self-managed, with no interference from third parties such as central banks or government entities. Special computers collect data about the latest cryptocurrency transactions every ten minutes, turning them into mathematical puzzles to maintain confidentiality. Verification of these transactions goes through a technical and highly complex process known as ‘mining.’ This step typically involves an army of ‘miners’ working on high-end PCs to solve mathematical puzzles and authenticate transactions. Once verified, the ledger is updated, electronically copied, and disseminated worldwide to anyone within the blockchain network, effectively completing a transaction. Cryptojacking o An emerging threat that hides on a user's computer, mobile phone, tablet, laptop, or server, using that machine's resources to 'mine' cryptocurrencies without the user's consent or knowledge. o Many victims of cryptojacking didn't even know they'd been hacked until it was too late! MODULE 3: PROTECTING YOUR DATA AND PRIVACY TIPS ON HOW TO PROTECT THE SECURITY OF YOUR DEVICES 1. Turn the firewall on Firewall o It should be turned on and constantly updated to prevent hackers from accessing your personal or organizational data. You should use at least one type of firewall (either a software firewall or a hardware firewall on a router) to protect your device from unauthorized access. 2. Install antivirus and antispyware Malicious software o It is designed to gain unauthorized access to your computer and data, such as viruses and spyware. Once installed, viruses can destroy your data and slow down your computer. They can even take over your computer and broadcast spam emails using your account. Spyware can monitor your online activities, collect your personal information or produce unwanted pop-up ads on your web browser while you are online. To prevent this, you should only ever download software from trusted websites. However, it would help if you always used antivirus software to provide another layer of protection. This software, which often includes antispyware, is designed to scan your computer and incoming email for viruses and delete them. 3. Manage your operating system and browser Hackers o Always tries to take advantage of your operating system or web browser vulnerabilities. Therefore, to protect your computer and your data, you should set the security settings on your computer and browser to a medium level or higher. You should also regularly update your computer’s operating system, including your web browser, and download and install the latest software patches and security updates from the vendors. 4. Set up password protection All your computing devices should be password protected to prevent unauthorized access. Any stored information, especially sensitive or confidential data, should be encrypted. You should only store necessary information on your mobile device in case it is stolen or lost. Remember, if any of your devices is compromised, the criminals may be able to access all data through your cloud storage service provider, such as iCloud or Google Drive. WIRELESS NETWORK SECURITY AT HOME Wireless Networks Allow Wi-Fi-enabled devices to connect to the network by way of an SSID. Wireless Router o Can be configured not to broadcast the SSID, but there needs to be an adequate security for a wireless network. Hackers will be aware of the preset SSID and default password, so to prevent intruders from entering your home wireless network you should change these details. Furthermore, you can encrypt wireless communication by enabling wireless security and the WPA2 encryption feature on your wireless router. But be aware even with WPA2 encryption enabled, a wireless network can still be vulnerable. DISCOVERY OF A SECURITY FLAW IN THE WPA2 PROTOCOL IN 2017 ❖ Key reinstallation attacks (KRACKs) by intruders that break the encryption between a wireless router and a wireless device, giving them access to network data can exploit this vulnerability. ❖ This flaw affects all modern, protected Wi-Fi networks, and to mitigate this situation, you should: ❖ Update all wireless capable devices as soon as security updates become available ❖ Use a wired connection for any devices with a wired NIC ❖ Use a trusted VPN service when accessing a wireless network. PUBLIC WI-FI RISKS ❖ When you are away from home, you can access your online information and surf the Internet via public wireless networks or Wi-Fi hotspots. ❖ However, some risks are involved, meaning it is best not to access or send personal information using public Wi-Fi. ❖ It would help if you continuously verified that your device does not configure with file and media sharing and requires user authentication with encryption. ❖ Encrypted VPN service o Used to prevent others from intercepting your information (known as ‘eavesdropping’) over a public wireless network. o This service gives you secure access to the Internet by encrypting the connection between your device and the VPN server. ❖ Even if hackers intercept a data transmission in an encrypted VPN tunnel, they cannot decipher it. TIPS ON CHOOSING A STRONG PASSWORD ❖ Do not use dictionary words or names in any languages. ❖ Do not use common misspellings of dictionary words. ❖ If possible, use special characters such as ! @ # $ % ^ & “ ( ). ❖ Do not use computer names or account names. ❖ Use a password with more than ten characters. USING A PASSPHRASE ❖ It would help if you considered using passphrases instead of passwords to prevent unauthorized access to your devices. ❖ A passphrase generally takes the form of a sentence (‘Acat th@tlov3sd0gs.’), making it easier for you to remember. ❖ And because it’s longer than a typical password, it’s less vulnerable to dictionary or brute-force attacks. ❖ Here are a few tips for creating a good passphrase: o Choose a statement that is meaningful to you. o Add special characters such as ! @ # $ % ^ & “ ( ). o The longer, the better. o Avoid common or famous statements, for example, lyrics from a popular song. PASSWORD GUIDELINES ❖ United States National Institute of Standards and Technology (NIST) o Published improved password requirements. o Its standards are intended for government applications but can also serve as a standard for other sectors. ❖ These guidelines aim to place responsibility for user verification on service providers and ensure a better experience for users overall. ❖ They state: o Passwords should be at least eight characters but no more than 64 characters. o Common, easily guessed passwords, such as ‘password’ or ‘abc123’, should not be used. o No composition rules should exist, including lower and uppercase letters and numbers. o Users should be able to see the password when typing to help improve accuracy. o All printing characters and spaces should be allowed. o There should be no password hints. o There should be no password expiration period. o There should be no knowledge-based authentication, such as providing answers to secret questions or verifying transaction history. DATA MAINTENANCE Encryption The process of converting information into a form in which unauthorized parties cannot read it. Only a trusted, authorized person with a secret key or password can decrypt the data and access it in its original form. Note the encryption itself does not prevent someone from intercepting the data. It can only prevent an unauthorized person from viewing or accessing the content. Some criminals may encrypt your data and make it unusable until you pay a ransom. How Do You Encrypt Your Data? ❖ The use of software programs is to encrypt files, folders, and even entire drives. ❖ EFS o A Windows feature that can encrypt data. It directly links to a specific user account, and only the user who encrypts the data can access it after encryption using EFS. ❖ How to encrypt data using EFS in all Windows versions: o Select one or more files or folders. o Right click the selected data and go to ‘Properties.’ o Find and click ‘Advanced.’ o Select the ‘Encrypt contents to secure data’ check box. o Files and folders that have been encrypted with EFS are displayed in green. Back Up Your Data ❖ Having a backup may prevent the loss of irreplaceable data. ❖ To back up data correctly, you will need an additional storage location and must copy the data to that location regularly. ADDITIONAL STORAGE LOCATIONS 1. Home network Locally storing your data means that you have total control of it. 2. Secondary location You could copy all your data to a NAS, a simple external hard drive, or maybe even back up important folders on thumb drives, CDs, DVDs, or tapes. In this scenario, you are the data owner, and you are responsible for the cost and maintenance of the storage device equipment. 3. The cloud You could subscribe to a cloud storage service, like AWS. The cost of this service will depend on the storage space you need, so you may need to be more selective about what data you back up. You will have access to your backup data as long as you have access to your account. One of the benefits of using a cloud storage service is that your data is safe in the event of a storage device failure or if you experience an extreme situation such as a fire or theft. How Do You Delete Your Data Permanently? ❖ Have you ever had to delete data or get rid of a hard drive? ❖ If so, did you take any precautions to safeguard the data to keep it from falling into the wrong hands? ❖ What should you do to ensure you delete your files securely and permanently? o To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes multiple times, using tools specifically designed to do just that. o SDelete from Microsoft ▪ Claims to have the ability to remove sensitive files altogether. o Shred for Linux and Secure Empty Trash for Mac OS X claim to provide a similar service. o The only way to ensure that data or files are not recoverable is to destroy the hard drive or storage device physically. o Many criminals have taken advantage of files thought to be impenetrable or irrecoverable! TERMS OF SERVICE Understand the Terms ❖ Terms of Service o Include some sections, from user rights and responsibilities to disclaimers and account modification terms. ❖ Data use policy o Outlines how the service provider will collect, use and share your data. ❖ Privacy settings o Allow you to control who sees information about you and who can access your profile or account data. ❖ Security policy o Outlines what the company is doing to secure the data it obtains from you. Before You Sign Up ❖ What factors should you consider before you sign up for an online service? ❖ Have you read the Terms of Service? ❖ What are your rights regarding your data? ❖ Can you request a copy of your data? ❖ What can the provider do with the data you upload? ❖ What happens to your information when you close your account? SAFEGUARDING YOUR ONLINE PRIVACY TWO FACTOR AUTHENTICATION ❖ Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple, and Microsoft, use two- factor authentication to add an extra layer of security for account logins. ❖ Besides your username and password or personal identification number (PIN), two-factor authentication requires a second token to verify your identity. ❖ This may be: o A physical object such as a credit card, mobile phone, or fob o A biometric scan such as a fingerprint or facial and voice recognition o Verification code sent via SMS or email. OPEN AUTHORIZATION (OAuth) ❖ An open standard protocol that allows you to use your credentials to access third-party applications without exposing your password. ❖ What does this mean in practice? o You are looking forward to registering for Cisco’s ‘Cybersecurity Essentials,’ the next course in this series, to help you develop your career. But you must be logged into the eLearning portal to do so. o You can’t remember your login details, but that’s OK. The portal allows you to log in using your credentials from a social media website such as Facebook or via another account such as Google. o So instead of having to reset your login details, you easily log into the eLearning portal using your existing social media accounts and register for your next course. You can’t wait to get started! EMAIL AND WEB BROWSER PRIVACY ❖ These problems can be minimized by enabling the in-private browsing mode on your web browser. ❖ Many of the most used web browsers have their name for private browser mode: o Microsoft Internet Explorer: InPrivate o Google Chrome: Incognito o Mozilla Firefox: Private tab or private window o Safari: Private browsing ❖ How does the private mode work? o When private mode is enabled, cookies — files saved to your device to indicate your visited websites — are disabled. o Therefore, remove any temporary internet files, and delete your browsing history when you close the window or program. o This may help prevent others from gathering information about your online activities and enticing you to buy something with targeted ads. o Even with private browsing enabled and cookies disabled, companies are constantly developing new ways of fingerprinting users to track their online behavior.