Cybersecurity Fundamentals PDF

Summary

This document provides a general overview of cybersecurity, including personal data protection, organizational data protection, and government level security. It also covers sources of personal data such as medical records, education records, and employment and financial records, alongside types of identity theft, and cyberwarfare.

Full Transcript

MODULE 1: WHAT IS CYBERSECURITY?

CYBERSECURITY

is the ongoing effect to protect individuals, organizations and governments from digital attacks by
protecting networked systems and data from unauthorized use or harm.

LEVELS OF CYBERSECURITY

1. Personal

You need to safeguard your identity, your data, and your computing devices

2. Organizational

it is everyone's responsibility to protect the organization's reputation, data , and customers

3. Government

As more digital information is being gathered and shared, its protection becomes even more vital at the
government level, where national security, economic stability and the safety and wellbeing of citizens are
at stake.

Personal Data

Any information that can be used to identify you, and it can exist both offline and online
E.g. name, social security number, driver's license number, date and place of birth, your mother’s maiden
name, pictures, or messages exchanged with others
Offline Identity
- It is the real-life persona that you present on a daily basis at home, at school or at work
- It is important not to overlook the importance of securing your offline identity.
- Identity thieves can easily your data from right under your nose when you're not looking.
Online Identity
- It is who you are and how you present yourself to others online.
- It includes the username or alias you use for your online accounts as well as the social identity you
- establish and portray on online communities and websites
- You should take care to limit the amount of personal information you reveal through your online
identity.
 SOURCES OF PERSONAL DATA

1. Medical Records

Every time you visit the doctor, personal information regarding your physical and mental health and
wellbeing is added to your electronic health records (EHRs). Since most of these records are saved
online, you need to be aware of the medical information that you share. These records go beyond the
bounds of the doctor’s office.

2. Education Records

They contain information about your academic qualifications and achievements. They may also include
your contact information, attendance records, disciplinary reports, health and immunization records, as
well as any special education records including individualized education programs (IEPs).

3. Employment and Financial Records

Employment data: can be valuable to hackers if they can gather information on your past employment -
or even your current performance reviews.
Financial records: may include information about your income and expenditure. Your tax records may
include paychecks, credit card statements, your credit rating, and your bank account details.

TYPES OF IDENTITY THEFT

Medical theft

Rising medical costs have led to an increase in medical identity theft, with cybercriminals stealing
medical insurance to use the benefits for themselves.

Where this happens, any medical procedures carried out in your name will then be saved in your medical
records.

Banking

Stealing private data can help cybercriminals access bank accounts, credit cards, social profiles, and
other online accounts.

Armed with this information, an identity thief could file a fake tax return and collect the refund.

They could even take out loans in your name and ruin your credit rating (and your life as well).
 ENTITIES THAT ARE INTERESTED IN ONLINE IDENTITY

1. Your Internet Service Provider

Your ISP tracks your online activity, and in some countries, they can sell this data to advertisers for a
profit. In certain circumstances, ISPs may be legally required to share your information with
government surveillance agencies or authorities.

2. Advertisers

Targeted advertising is part of the internet experience. Advertisers monitor and track your online activities
such as shopping habits and personal preferences and send targeted ads your way.

3. Search engines and social media platforms

These platforms gather information about your gender, geolocation, phone number, and political and
religious ideologies based on your search histories and online identity. This information is then sold to
advertisers for a profit.

4. Websites you visit

Websites use cookies to track your activities to provide a more personalized experience. But this leaves a
data trail that is linked to your online identity that can often end up in the hands of advertisers!

TYPES OF ORGANIZATIONAL DATA

1. Traditional Data

Typically generated and maintained by all organizations, big and small.
Transactional data
o details relating to buying and selling, production activities, and basic organizational operations
such as any information used to make employment decisions.
Intellectual property
o patents, trademarks, and new product plans, allows an organization to gain economic advantage
over its competitors.
o often considered a trade secret and losing it could prove disastrous for the future of a company.
Financial data
o income statements, balance sheets, and cash flow statements, provide insight into the health of
a company.

2. Internet of Things (IoT) and Big Data

IoT is a large network of physical objects, such as sensors, software, and other equipment.
All of these ‘things’ are connected to the Internet, with the ability to collect and share data.
Data storage options are expanding through the cloud and virtualization.
The emergence of IoT has led to exponential growth in data, creating a new area of interest in technology
and business called 'Big Data.'
 THE CUBE

McCumber Cube

A model framework created by John McCumber in 1991 to help organizations establish and evaluate
information security initiatives by considering all related factors that impact them. It has three dimensions:

1. The foundational principles for protecting information systems

Confidentiality

▪ A set of rules that prevents sensitive information from being disclosed
to unauthorized people, resources, and processes.

▪ Methods to ensure it include data encryption, identity proofing, and two factor
authentication.

Integrity

▪ Ensures that system information or processes are protected from intentional
or accidental modification.

▪ One way to ensure it is to use a hash function or checksum.

Availability

▪ Authorized users are able to access systems and data when and
where needed and those that do not meet established conditions, are not.

▪ This can be achieved by maintaining equipment, performing hardware repairs,
keeping operating systems and software up to date, and creating backups.

2. The protection of information in each of its possible states

Processing

▪ Refers to data that is being used to perform an operation such as updating a
database record (data in process).

Storage

▪ Refers to data stored in memory or on a permanent storage device such as a hard
drive, solid-state drive, or USB drive (data at rest).

Transmission

▪ Refers to data traveling between information systems (data in transit).
3. The security measures used to protect data

Awareness, training and education

▪ The measures put in place by an organization to ensure that users are
knowledgeable about potential security threats and the actions they can take to
protect information systems.

Technology

▪ Refers to the software- and hardware-based solutions designed to protect
information systems such as firewalls, which continuously monitor your network
in search of possible malicious incidents.

Policy and procedure

▪ Refers to the administrative controls that provide a foundation for how an
organization implements information assurance, such as incident response plans
and best practice guidelines.
 PHISHING

In August 2020, elite gaming brand Razer experienced a data breach which exposed the personal
information of approximately 100,000 customers.

DATA SECURITY BREACH

Security breach

An incident that results in unauthorized access to data, applications, services or devices, exposing private
information that attackers can use for financial gain or other advantages.

Data Breach

Often involves an incident where sensitive personal data has been stolen.

A. The Persirai botnet

In 2017, an Internet of Things (IoT) botnet, Persirai, targeted over 1,000 different models of IP cameras,
accessing open ports to inject a command that forced the cameras to connect to a site which installed
malware on them.
Once the malware was downloaded and executed, it deleted itself and was therefore able to run in
memory to avoid detection.
Over 122,000 of these cameras from several different manufacturers were hijacked and used to carry
out DDoS attacks, without the knowledge of their owners.
A DDoS attack occurs when multiple devices infected with malware flood the resources of a targeted
system.

B. Equifax Inc.

In September 2017, Equifax, a consumer credit reporting agency in the US, publicly announced a data
breach event: attackers had been able to exploit a vulnerability in its web application software to gain
access to the sensitive personal data of millions of customers.
In response to this breach, Equifax established a dedicated website that allowed Equifax customers to
determine if their information was compromised.
However, instead of using a subdomain of equifax.com, the company set up a new domain name, which
allowed cybercriminals to create unauthorized websites with similar names.
These websites were used to try and trick customers into providing personal information.
Attackers could use this information to assume a customer’s identity.
In such cases, it would be very difficult for the customer to prove otherwise, given that the hacker is also
privy to their personal information.
 CONSEQUENCES OF A SECURITY BREACH

1. Reputational damage

A security breach can have a negative long-term impact on an organization’s reputation that has taken
years to build. Customers, particularly those who have been adversely affected by the breach, will need
to be notified and may seek compensation and/or turn to a reliable and secure competitor. Employees
may also choose to leave in light of a scandal. Depending on the severity of a breach, it can take a long
time to repair an organization’s reputation.

2. Vandalism

A hacker or hacking group may vandalize an organization’s website by posting untrue information. They
might even just make a few minor edits to your organization’s phone number or address, which can be
trickier to detect. In either case, online vandalism can portray unprofessionalism and have a negative
impact on your organization’s reputation and credibility.

3. Theft

A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals
can make this information public or exploit it to steal an individual’s money and/or identity.

4. Loss of revenue

The financial impact of a security breach can be devastating. For example, hackers can take down an
organization’s website, preventing it from doing business online. A loss of customer information may
impede company growth and expansion. It may demand further investment in an organization’s security
infrastructure. And let’s not forget that organizations may face large fines or penalties if they do not
protect online data.

5. Damaged intellectual property

A security breach could also have a devastating impact on the competitiveness of an organization,
particularly if hackers are able to get their hands on confidential documents, trade secrets and
intellectual property.
 TYPES OF ATTACKERS

Cyber Attackers

Range from amateur to organized and will try anything to get their hands on personal information.
They are often categorized as white hat, gray hat, or black hat attackers.

1. Amateur Hackers

The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers who use
existing tools or instructions found on the Internet to launch attacks.
Some script kiddies are just curious, others are trying to demonstrate their skills and cause harm.
While these white hat attackers may use basic tools, their attacks can still have devastating
consequences.

2. Hackers

This group of attackers break into computer systems or networks to gain access.
Depending on the intent of their break-in, they can be classified as the following:
White hat attackers
o Break into networks or computer systems to identify any weaknesses so that the security of a
system or network can be improved.
o These break-ins are done with prior permission and any results are reported back to the owner.
Gray hat attackers
o May set out to find vulnerabilities in a system, but they will only report their findings to the owners
of a system if doing so coincides with their agenda.
o They might even publish details about the vulnerability on the Internet so that other attackers can
exploit it.
Black hat attackers
o Take advantage of any vulnerability for illegal personal, financial, or political gain.

3. Organized Hackers

These attackers include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored
hackers.
They are usually highly sophisticated and organized and may even provide cybercrime as a service to
other criminals.
Hacktivists
o Make political statements to create awareness about issues that are important to them.
State-sponsored attackers
o Gather intelligence or commit sabotage on behalf of their government.
o They are usually highly trained and well-funded, and their attacks are focused on specific goals
that are beneficial to their government.
o Example: Stuxnet malware that was designed not just to hijack targeted computers but to
actually cause physical damage to equipment controlled by computers!
 ORIGINS OF CYBER ATTACKS

Cyber Attacks

can originate from within an organization as well as from outside of it.
Internal
o Employees, contract staff, or trusted partners can accidentally or intentionally:
▪ mishandle confidential data
▪ facilitate outside attacks by connecting infected USB media into the organization’s
computer system
▪ invite malware onto the organization’s network by clicking on malicious emails or websites
▪ threaten the operations of internal servers or network infrastructure devices
External
o Amateurs or skilled attackers outside of the organization can:
▪ exploit vulnerabilities in the network
▪ gain unauthorized access to computing devices
▪ use social engineering to gain unauthorized access to organizational data

PURPOSE OF CYBERWARFARE

Main reason: To gain advantage over adversaries, whether they are nations or competitors.

Cyberwarfare is used in the following ways:

A. To gather compromised information and/or defense secrets
o A nation or international organization can engage in cyberwarfare to steal defense secrets and
gather information about technology that will help narrow the gaps in its industries and military
capabilities.
o Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel
within a foreign government.

B. To impact another nation’s infrastructure

o Besides industrial and military espionage, a nation can continuously invade another nation’s
infrastructure to cause disruption and chaos.

o For example, a cyber-attack could shut down the power grid of a major city.

o Consider the consequences if this were to happen; roads would be congested, the exchange of
goods and services would be halted, patients would not be able to get the care they would need if
an emergency occurred, access to the internet would be interrupted.

o By shutting down a power grid, a cyber-attack could have a huge impact on the everyday life of
ordinary citizens.
 MODULE 2: ATTACKS CONCEPTS AND TECHNIQUES

Malware

Any code that can steal data, bypass access controls, or cause containing and removing them.
The use of any code to steal data, bypass access controls, or cause harm to or compromise a system.

TYPES OF MALWARES

1. Spyware

Monitors your online activity and can log every key you press on keyboard and capture any of your data,
including sensitive personal information such as your online banking details -It often bundles itself with
legitimate software or Trojan horses.

2. Adware

Installs with some software versions, and its design is to automatically deliver advertisement to a user,
most often on a web browser.
It is common for adware to come with spyware.

3. Backdoor

This malware gains unauthorized access by bypassing the normal authentication procedures to access a
system. As a result, hack er can access resources within an application and issue remote system
commands
It works in the background and is difficult to detect.

3. Ransomware

The design of this malware is to hold a computer system or the data it contains captive until makes a
payment.
Usually encrypts your information so you can't access it
Take advantage of specific system vulnerabilities to lock it down.
Often spread through phishing emails that encourage you to download malicious attachment or through a
software vulnerability.

4. Scareware

Uses 'Scare' tactics to trick you into taking a specific action.
Mainly consists of operating system-style windows that warn you that your system is at risk and need to
run a specific program to return to normal operation
If you execute the program, your system will become infected with malware.
5. Rootkit

is to modify the operating system to create a backdoor, which attackers can then use to access your
computer remotely.
use software vulnerabilities to access resources that shouldn’t be accessible (privilege escalation) and
modify system files.
can also modify system forensics and monitoring tools, making them very hard to detect.
If rootkit infected a computer, wipe the computer and reinstall any required software.

6. Viruses

A computer program that, when executed, replicates and attaches itself to other executable files, such as
a document, by inserting its code.
Most viruses require end-user interaction to initiate activation and can act on a specific date or time.
Viruses, such as those that display a funny image, can be relatively harmless. Or they can be destructive,
such as those that modify or delete data.
Viruses can also be programmed to mutate to avoid detection. USB drives, optical disks, network shares,
or email spreads most viruses.

7. Trojan Horse

This malware carries out malicious operations by masking its true intent. It appears legitimate but is very
dangerous. Trojans exploit your user privileges, and image files are where you find them, audio files or
games.
Unlike viruses, Trojans do not self-replicate but act as decoys to sneak malicious software past
unsuspecting users.

8. Worms

This type of malware replicates itself to spread from one computer to another. Unlike a virus, which
requires a host program, worms can run alone. Other than the initial infection of the host, they do not
require user participation and can spread very quickly over the network.
Worms share similar patterns: They exploit system vulnerabilities, have a way to propagate themselves,
and all contain malicious code (payload) to cause damage to computer systems or networks.
Worms are responsible for some of the most devastating attacks on the Internet. In 2001, the Code Red
worm infected over 300,000 servers in just 19 hours.
 SYMPTOMS OF MALWARE

❖ An increase in central processing unit (CPU) usage, which slows down your device
❖ Your computer freezing or crashing often
❖ A decrease in your web browsing speed
❖ Unexplainable problems with your network connections
❖ Modified or deleted files
❖ The presence of unknown files, programs, or desktop icons
❖ Unknown processes running
❖ Programs turning off or reconfiguring themselves
❖ Sending emails without your knowledge or consent.

METHODS OF INFILTRATION

1. Social Engineering

Manipulating people into performing actions or divulging confidential information. Social engineers often
rely on people’s willingness to be helpful but also prey on their weaknesses.
For example, an attacker will call an authorized employee with an urgent problem that requires
immediate network access and appeal to the employee’s vanity or greed or invoke authority by using
name-dropping techniques to gain this access.
Pretexting
o This is when an attacker calls an individual and lies to them to gain access to confidential data.
o For example, pretending to need a person’s personal or financial data to confirm their identity.
Tailgating
o This is when an attacker quickly follows an authorized person into a secure, physical location.
Something for something (quid pro quo)
o This is when an attacker requests personal information from someone in exchange for something,
like a gift.

2. Denial-of-Service (DoS) Attack

A type of network attack that is relatively simple to carry out, even by an unskilled attacker. A DoS attack
results in some interruption of network service to users, devices, or applications.
Overwhelming quantity of traffic
o This is when a network, host, or application sends an enormous amount of data at a rate it cannot
handle. This causes a slow transmission or response or causes the device or service to crash.
Maliciously formatted packets
o A packet is a collection of data that flows between a source and a receiver computer or
application over a network, such as the Internet. When sending a maliciously formatted packet,
the receiver cannot handle it.
o For example, suppose an attacker forwards packets containing errors or improperly formatted
packets that an application cannot identify. In that case, this will cause the receiving device to run
very slowly or crash.
3. Distributed DoS (DDoS) Attack

Similar to a DoS attack but originates from multiple coordinated sources. For example:
o An attacker builds a network (botnet) of infected hosts called zombies, controlled by handler
systems.
o The zombie computers will constantly scan and infect more hosts, creating more and more
zombies.
o When ready, the hacker will instruct the handler systems to make the botnet of zombies carry out
a DDoS attack.

4. Botnet

A bot computer is typically infected by visiting an unsafe website or opening an infected email
attachment or media file. A botnet is a group of bots connected through the Internet that a malicious
individual or group can control. It can have tens of thousands, or even hundreds of thousands, of bots
which a command-and-control server typically controls.
Activating these bots distributes malware, launches DDoS attacks, distributes spam emails, or executes
brute-force password attacks. Cybercriminals will often rent out botnets to third parties for nefarious
purposes.
Many organizations, like Cisco, force network activities through botnet traffic filters to identify any botnet
locations.
Infected bots try to communicate with a command and control host on the Internet.
The Cisco Firewall botnet filter is a feature that detects traffic coming from devices infected with the
malicious botnet code.
The cloud-based Cisco Security Intelligence Operations (SIO) service pushes down updated filters to the
firewall that match traffic from new known botnets.
Alerts go out to Cisco’s internal security team to notify them about the infected devices generating
malicious traffic so that they can prevent, mitigate and remedy these.
5. On-Path Attacks

On-path attackers intercept or modify communications between two devices, such as a web browser
and a web server, to collect information from or impersonate one of the devices.
This type of attack refers to a man-in-the-middle or man-in-the-mobile attack.
Man-in-the-middle
o A MitM attack happens when a cybercriminal takes control of a device without the user’s
knowledge.
o With this level of access, an attacker can intercept and capture user information before it sends it
to its intended destination.
o Using these types of attacks often steals financial information.
o There are many types of malware that possess MitM attack capabilities.
Man-in-the-Mobile
o A variation of man-in-middle, MitMo is a type of attack used to take control over a user's mobile
device.
o When infected, the mobile device's instruction exfiltrates user-sensitive information and sends it
to the attackers.
o ZeuS is one example of a malware package with MitMo capabilities. It allows attackers to capture
two-step verification SMS messages sent to users quietly.

6. Search Engine Optimization (SEO) Poisoning

You’ve probably heard of search engine optimization or SEO, which is about improving an organization’s
website to gain greater visibility in search engine results.
Search engines such as Google work by presenting a list of web pages to users based on their search
queries. These web pages rank according to the relevancy of their content.
While many legitimate companies specialize in optimizing websites to better position them, attackers
take advantage of popular search terms and use SEO to push malicious sites higher up the search
results. This technique is called SEO poisoning.
Most common goal: To increase traffic to malicious sites that may host malware or attempt social
engineering.
7. Password Attacks

Entering a username and password is one of the most popular forms of authenticating to a website.
Therefore, uncovering your password is an easy way for cybercriminals to gain access to your most
valuable information.
Password Spraying
o This technique attempts to gain access to a system by 'spraying' a few commonly used
passwords across many accounts. For example, a cybercriminal uses 'Password123' with many
usernames before trying again with a second commonly-used password, such as 'qwerty.'
o This technique allows the perpetrator to remain undetected and avoid frequent account lockouts.
Dictionary Attacks
o A hacker systematically tries every word in a dictionary or a list of commonly used words as a
password to break into a password-protected account.
Brute-force Attacks
o The simplest and most commonly used way of gaining access to a password-protected site,
brute-force attacks see an attacker using all possible combinations of letters, numbers, and
symbols in the password space until they get it right.
Rainbow Attacks
o Passwords in a computer system do not store as plain text but as hashed values (numerical
values that uniquely identify data). A rainbow table functions as an extensive dictionary of
precomputed hashes and passwords.
o Unlike a brute-force attack that has to calculate each hash, a rainbow attack compares the hash
of a password with those stored in the rainbow table. When an attacker finds a match, they
identify the password used to create the hash.
Traffic Interception
o By intercepting communications, other humans and machines can easily read plain text or
unencrypted passwords.
o If you store a password in clear, readable text, anyone who has access to your account or device,
whether authorized or unauthorized, can read it.
 SECURITY VULNERABILITY AND EXPLOITS

Hardware Vulnerabilities

Most often the result of hardware design flaws.
For example, the type of memory called RAM consists of lots of capacitors (a component that can hold
an electrical charge) installed very close to one another.
However, due to their proximity, changes applied to one of these capacitors could influence neighbor
capacitors.
This design flaw creates an exploit called Rowhammer. By repeatedly accessing (hammering) a row of
memory, the Rowhammer exploit triggers electrical interferences that eventually corrupt the data stored
inside the RAM.
Meltdown and Spectre
o Google security researchers discovered Meltdown and Spectre, two hardware vulnerabilities that
affect almost all central processing units (CPUs) released since 1995 within desktops, laptops,
servers, smartphones, smart devices, and cloud services.
o Attackers exploiting these vulnerabilities can read all memory from a given system (Meltdown)
and data handled by other applications (Spectre). The Meltdown and Spectre vulnerability
exploitations refer to side-channel attacks (the implementation of a computer system gains
information). They can compromise large amounts of memory data because of the numerous
times the attacks run on a system with minimal possibility of a crash or other error.

Software Vulnerabilities

Errors in the operating system or application code
The SYNful Knock vulnerability allowed attackers to gain control of enterprise-grade routers, such as
the legacy Cisco ISR routers, from which they could monitor all network communication and infect other
network devices.
When an altered IOS version installs on the routers, this vulnerability introduces into the system. To avoid
this, you should always verify the integrity of the downloaded IOS image and limit the physical access of
such equipment to authorized personnel only.
I. Buffer Overflow:
a. Buffers are memory areas allocated to an application. When writing data beyond the limits of a
buffer, a vulnerability occurs. By changing data beyond the boundaries of a buffer, the application
can access memory allocated to other processes. This can lead to a system crash, data
compromise, or provide escalation of privileges.
II. Non-validated input:
a. Programs often require input, but this incoming data could have malicious content that
unintentionally forces the program to behave.
b. For example, consider a program that receives an image for processing. A malicious user could
craft an image file with invalid image dimensions. The maliciously crafted dimensions could force
the program to allocate buffers of incorrect and unexpected sizes.
III. Race conditions:
a. This vulnerability describes a situation where the output of an event depends on ordered or timed
outputs. A race condition became a source of exposure when the required ordered or timed
events did not occur in the correct order or at the proper time.
IV. Weaknesses in security practices:
a. Authentication, authorization, and encryption protect systems and sensitive data. Developers
should use security techniques and libraries that have already been created, tested, and verified
and should not attempt to create their security algorithms. These will only likely introduce new
vulnerabilities.
V. Access Control problems:
a. Access control is the process of controlling who does what and ranges from managing physical
access to equipment to dictating who has access to a resource, such as a file, and what they can
do with it, such as read or change the file. The improper use of access controls creates many
security vulnerabilities.
b. Nearly all access controls and security practices can be overcome if an attacker has physical
access to target equipment. For example, no matter the permission settings on a file, a hacker can
bypass the operating system and read the data directly off the disk.

SOFTWARE UPDATES

Its goal is to stay current and avoid exploiting vulnerabilities. Microsoft, Apple, and other operating system
producers release patches and updates daily. The companies or organizations responsible for them
update applications such as web browsers, mobile apps, and web servers.
Even though organizations put a lot of effort into finding and patching software vulnerabilities, they
discover new vulnerabilities regularly. That’s why some organizations use third-party security researchers
who specialize in finding vulnerabilities in software or invest in their penetration testing teams dedicated
to searching, finding, and patching software vulnerabilities before they can get exploited.
Google’s Project Zero is an excellent example of this practice. After discovering several vulnerabilities in
various software used by end users, Google formed a permanent team dedicated to finding software
vulnerabilities. You can find out more about Google’s security research here.
 CRYPTOCURRENCY

Cryptocurrency

Digital money used to buy goods and services, using strong encryption techniques to secure online
transactions. Banks, governments, and even companies like Microsoft and AT&T are very aware of its
importance and are jumping on the cryptocurrency bandwagon!
Cryptocurrency Owners
o Keep their money in encrypted, virtual ‘wallets.’ When a transaction occurs between the owners
of two digital wallets, the recording of the details in a decentralized, electronic ledger or
blockchain system takes place. This means it is carried out anonymously and is self-managed,
with no interference from third parties such as central banks or government entities.
Special computers collect data about the latest cryptocurrency transactions every ten minutes, turning
them into mathematical puzzles to maintain confidentiality.
Verification of these transactions goes through a technical and highly complex process known as ‘mining.’
This step typically involves an army of ‘miners’ working on high-end PCs to solve mathematical puzzles
and authenticate transactions.
Once verified, the ledger is updated, electronically copied, and disseminated worldwide to anyone within
the blockchain network, effectively completing a transaction.
Cryptojacking
o An emerging threat that hides on a user's computer, mobile phone, tablet, laptop, or server, using
that machine's resources to 'mine' cryptocurrencies without the user's consent or knowledge.
o Many victims of cryptojacking didn't even know they'd been hacked until it was too late!
 MODULE 3: PROTECTING YOUR DATA AND PRIVACY

TIPS ON HOW TO PROTECT THE SECURITY OF YOUR DEVICES

1. Turn the firewall on

Firewall
o It should be turned on and constantly updated to prevent hackers from accessing your personal or
organizational data.
You should use at least one type of firewall (either a software firewall or a hardware firewall on a router) to
protect your device from unauthorized access.

2. Install antivirus and antispyware

Malicious software
o It is designed to gain unauthorized access to your computer and data, such as viruses and spyware.
Once installed, viruses can destroy your data and slow down your computer. They can even take over your
computer and broadcast spam emails using your account. Spyware can monitor your online activities,
collect your personal information or produce unwanted pop-up ads on your web browser while you are
online. To prevent this, you should only ever download software from trusted websites. However, it would
help if you always used antivirus software to provide another layer of protection. This software, which often
includes antispyware, is designed to scan your computer and incoming email for viruses and delete them.

3. Manage your operating system and browser

Hackers
o Always tries to take advantage of your operating system or web browser vulnerabilities.
Therefore, to protect your computer and your data, you should set the security settings on your computer
and browser to a medium level or higher. You should also regularly update your computer’s operating
system, including your web browser, and download and install the latest software patches and security
updates from the vendors.

4. Set up password protection

All your computing devices should be password protected to prevent unauthorized access. Any stored
information, especially sensitive or confidential data, should be encrypted. You should only store
necessary information on your mobile device in case it is stolen or lost. Remember, if any of your devices
is compromised, the criminals may be able to access all data through your cloud storage service provider,
such as iCloud or Google Drive.
 WIRELESS NETWORK SECURITY AT HOME

Wireless Networks

Allow Wi-Fi-enabled devices to connect to the network by way of an SSID.
Wireless Router
o Can be configured not to broadcast the SSID, but there needs to be an adequate security for a
wireless network.
Hackers will be aware of the preset SSID and default password, so to prevent intruders from entering your
home wireless network you should change these details.
Furthermore, you can encrypt wireless communication by enabling wireless security and the WPA2
encryption feature on your wireless router.
But be aware even with WPA2 encryption enabled, a wireless network can still be vulnerable.

DISCOVERY OF A SECURITY FLAW IN THE WPA2 PROTOCOL IN 2017

❖ Key reinstallation attacks (KRACKs) by intruders that break the encryption between a wireless router and
a wireless device, giving them access to network data can exploit this vulnerability.
❖ This flaw affects all modern, protected Wi-Fi networks, and to mitigate this situation, you should:
❖ Update all wireless capable devices as soon as security updates become available
❖ Use a wired connection for any devices with a wired NIC
❖ Use a trusted VPN service when accessing a wireless network.

PUBLIC WI-FI RISKS

❖ When you are away from home, you can access your online information and surf the Internet via public
wireless networks or Wi-Fi hotspots.
❖ However, some risks are involved, meaning it is best not to access or send personal information using
public Wi-Fi.
❖ It would help if you continuously verified that your device does not configure with file and media sharing
and requires user authentication with encryption.
❖ Encrypted VPN service
o Used to prevent others from intercepting your information (known as ‘eavesdropping’) over a public
wireless network.
o This service gives you secure access to the Internet by encrypting the connection between your
device and the VPN server.
❖ Even if hackers intercept a data transmission in an encrypted VPN tunnel, they cannot decipher it.

TIPS ON CHOOSING A STRONG PASSWORD

❖ Do not use dictionary words or names in any languages.
❖ Do not use common misspellings of dictionary words.
❖ If possible, use special characters such as ! @ # $ % ^ & “ ( ).
❖ Do not use computer names or account names.
❖ Use a password with more than ten characters.
 USING A PASSPHRASE

❖ It would help if you considered using passphrases instead of passwords to prevent unauthorized access
to your devices.
❖ A passphrase generally takes the form of a sentence (‘Acat th@tlov3sd0gs.’), making it easier for you to
remember.
❖ And because it’s longer than a typical password, it’s less vulnerable to dictionary or brute-force attacks.
❖ Here are a few tips for creating a good passphrase:
o Choose a statement that is meaningful to you.
o Add special characters such as ! @ # $ % ^ & “ ( ).
o The longer, the better.
o Avoid common or famous statements, for example, lyrics from a popular song.

PASSWORD GUIDELINES

❖ United States National Institute of Standards and Technology (NIST)
o Published improved password requirements.
o Its standards are intended for government applications but can also serve as a standard for other
sectors.
❖ These guidelines aim to place responsibility for user verification on service providers and ensure a better
experience for users overall.
❖ They state:
o Passwords should be at least eight characters but no more than 64 characters.
o Common, easily guessed passwords, such as ‘password’ or ‘abc123’, should not be used.
o No composition rules should exist, including lower and uppercase letters and numbers.
o Users should be able to see the password when typing to help improve accuracy.
o All printing characters and spaces should be allowed.
o There should be no password hints.
o There should be no password expiration period.
o There should be no knowledge-based authentication, such as providing answers to secret
questions or verifying transaction history.
 DATA MAINTENANCE

Encryption

The process of converting information into a form in which unauthorized parties cannot read it.
Only a trusted, authorized person with a secret key or password can decrypt the data and access it in its
original form.
Note the encryption itself does not prevent someone from intercepting the data.
It can only prevent an unauthorized person from viewing or accessing the content.
Some criminals may encrypt your data and make it unusable until you pay a ransom.

How Do You Encrypt Your Data?

❖ The use of software programs is to encrypt files, folders, and even entire drives.
❖ EFS
o A Windows feature that can encrypt data. It directly links to a specific user account, and only the
user who encrypts the data can access it after encryption using EFS.
❖ How to encrypt data using EFS in all Windows versions:
o Select one or more files or folders.
o Right click the selected data and go to ‘Properties.’
o Find and click ‘Advanced.’
o Select the ‘Encrypt contents to secure data’ check box.
o Files and folders that have been encrypted with EFS are displayed in green.

Back Up Your Data

❖ Having a backup may prevent the loss of irreplaceable data.
❖ To back up data correctly, you will need an additional storage location and must copy the data to that
location regularly.

ADDITIONAL STORAGE LOCATIONS

1. Home network

Locally storing your data means that you have total control of it.

2. Secondary location

You could copy all your data to a NAS, a simple external hard drive, or maybe even back up important
folders on thumb drives, CDs, DVDs, or tapes. In this scenario, you are the data owner, and you are
responsible for the cost and maintenance of the storage device equipment.

3. The cloud

You could subscribe to a cloud storage service, like AWS. The cost of this service will depend on the storage
space you need, so you may need to be more selective about what data you back up. You will have access
to your backup data as long as you have access to your account. One of the benefits of using a cloud storage
service is that your data is safe in the event of a storage device failure or if you experience an extreme
situation such as a fire or theft.
How Do You Delete Your Data Permanently?

❖ Have you ever had to delete data or get rid of a hard drive?
❖ If so, did you take any precautions to safeguard the data to keep it from falling into the wrong hands?
❖ What should you do to ensure you delete your files securely and permanently?
o To erase data, so it is no longer recoverable, it must be overwritten with ones and zeroes multiple
times, using tools specifically designed to do just that.
o SDelete from Microsoft
▪ Claims to have the ability to remove sensitive files altogether.
o Shred for Linux and Secure Empty Trash for Mac OS X claim to provide a similar service.
o The only way to ensure that data or files are not recoverable is to destroy the hard drive or storage
device physically.
o Many criminals have taken advantage of files thought to be impenetrable or irrecoverable!

TERMS OF SERVICE

Understand the Terms

❖ Terms of Service
o Include some sections, from user rights and responsibilities to disclaimers and account
modification terms.
❖ Data use policy
o Outlines how the service provider will collect, use and share your data.
❖ Privacy settings
o Allow you to control who sees information about you and who can access your profile or account
data.
❖ Security policy
o Outlines what the company is doing to secure the data it obtains from you.

Before You Sign Up

❖ What factors should you consider before you sign up for an online service?
❖ Have you read the Terms of Service?
❖ What are your rights regarding your data?
❖ Can you request a copy of your data?
❖ What can the provider do with the data you upload?
❖ What happens to your information when you close your account?
 SAFEGUARDING YOUR ONLINE PRIVACY

TWO FACTOR AUTHENTICATION

❖ Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple, and Microsoft, use two-
factor authentication to add an extra layer of security for account logins.
❖ Besides your username and password or personal identification number (PIN), two-factor authentication
requires a second token to verify your identity.
❖ This may be:
o A physical object such as a credit card, mobile phone, or fob
o A biometric scan such as a fingerprint or facial and voice recognition
o Verification code sent via SMS or email.

OPEN AUTHORIZATION (OAuth)

❖ An open standard protocol that allows you to use your credentials to access third-party applications
without exposing your password.
❖ What does this mean in practice?
o You are looking forward to registering for Cisco’s ‘Cybersecurity Essentials,’ the next course in this
series, to help you develop your career. But you must be logged into the eLearning portal to do so.
o You can’t remember your login details, but that’s OK. The portal allows you to log in using your
credentials from a social media website such as Facebook or via another account such as
Google.
o So instead of having to reset your login details, you easily log into the eLearning portal using your
existing social media accounts and register for your next course. You can’t wait to get started!

EMAIL AND WEB BROWSER PRIVACY

❖ These problems can be minimized by enabling the in-private browsing mode on your web browser.
❖ Many of the most used web browsers have their name for private browser mode:
o Microsoft Internet Explorer: InPrivate
o Google Chrome: Incognito
o Mozilla Firefox: Private tab or private window
o Safari: Private browsing
❖ How does the private mode work?
o When private mode is enabled, cookies — files saved to your device to indicate your visited
websites — are disabled.
o Therefore, remove any temporary internet files, and delete your browsing history when you close
the window or program.
o This may help prevent others from gathering information about your online activities and enticing
you to buy something with targeted ads.
o Even with private browsing enabled and cookies disabled, companies are constantly developing
new ways of fingerprinting users to track their online behavior.