Modern Digital Security John Dmytrasz - Senior Network Administrator Mike Ali - Network Administrator
What are the threats facing you in your digital life? • “The biggest threat to computer security is you and your employees” • Social Engineering • They are trying to trick you into doing something they want you to do to gain access or information • “You and your employees are the best defense against computer threats”
Who is the enemy? 3 • “Hacker” - not the stereotypical archenemy anymore • International, organized criminal enterprises • Terrorist Groups • Hostile Foreign Governments • “Mafia” type of criminal gangs • Mainly profit based activities
What do they want? 4 • Money • Your information • Credit card information • SSN • Access to your PC and/or Network • Used as a proxy to attack other computers • Used as a tool to run the hackers applications - spam, decryption, DOS
How do they do it? What do they do? 5 • Guess or obtain your password(s) through a variety of methods and use them to access computers or websites • Used “Phishing” attacks to trick you into doing something to their advantage • Infect your computer with an application that does something undesirable - virus, key loggers • Things we can’t even imagine yet
What’s the damage so far? 6 • July 2013 - McAfee - U.S. Cybercrime resulted in 70-120 billion dollars of damage and/or loss. • Pilferage resulted in 70 - 280 billion dollars in loss or damages. • Globally - 300 billion to 1 trillion dollars • Many companies don’t report loss or damages occurred by Cybercrime. • "Cybercrime and cyber espionage cost the global economy billions of dollars every year. The dollar amount, large as it is likely to be, may not fully reflect the damage to the global economy," the report reads. "Cyber espionage and crime slows the pace of innovation, distorts trade, and brings with it the social costs associated with crime and job loss. This larger effect may be more important than any actual number and it is one we will focus on in our final report."
Passwords 7 • Easy to guess passwords • “password”, “Password”, “p@ssword” • Names of children or spouse, pets • combination of name - doej, jdoe, johnd, nhoj • Password is too short • Using the same password for everything • Never changing the password
Password Cracking #1 - Brute Force 8 • Brute force attempt • a, b, c, d, … • aa, ab, ac, ad … • aaa, aab, aac, … • Show Calculator
Password Cracking #2 - Dictionary 9 • Uses a list of words, known passwords, or commonly used alphanumeric combinations. • Show password list
Password Cracking #3 - Interception 10 • Intercept your password in-between your computer and the “server/website”. Or retrieved it from a database. • Password is encrypted • Encryption strengths vary • Uses a mathematical algorithm to encode your password • If the algorithm is known it can be used to reverse engineer your encrypted password. • Keyloggers and Phishing
Password Cracking #4 - Social Engineering 11 • Facebook, Google, Club websites, Social Business Groups sites • Facebook - First and Last name, email address, phone numbers, where you live, birthdate, Parents, Children, Spouse, Where you went to school, Where you were born, Where you grew up, Where you like to visit, What products you like, What activities you participate in, etc. • Google or other web search engines can also provide a surprising amount of information regarding your personal data. • Is your password the name of one of your children, the name of your boat, the city you grew up in?
What you can do! 12 • Password length and complexity is key!!! • Use at least a 10 character password that has a combination of upper and lowercase letters, numbers, and special characters • Refrain from using commonly known or accessible information in the password. (Children's names) • Use a phrase for your password - JohnLikesC@ke2233 • This password is 17 characters long • Utilizes a combination of characters and words that are difficult to “guess”.
What you can do! 13 • Use at least three different passwords! • The first password will only be used for logging onto your computer and associated services (Google services, iCloud, Microsoft) • The second password will be used for critical web sites like your bank account, medical, and/or government. • The third password will be used for everything else - Dominos Pizza, Amazon, eBay. • Change these passwords periodically, so that if one gets compromised there will be less risk over time. • Utilize password generators and tools.
What you can do! 14 • In addition to the three passwords, also create at least three email accounts • One will be used with that second password only for the critical websites (Banking) • The second one will be for signups with the other websites (eBay, Amazon, Dominos) • The third is for personal communication with friends and family. • This makes it harder for hackers to guess your username for many sites
What you can do! 15 • Create a false persona for “Security Questions”
What can you do! 16 • When available use 2 step authentication services • Apple, Google • This utilizes an extra step to verify you are who you say you are • Text messages with a verification code • Create application specific passwords • Helps to prevent an attacker from accessing certain websites and information because they don’t have access to your security codes • If one of the applications get hacked it does not compromise the rest of your services.
17
18
Scary Virus Infections 19 • Cryptolocker • Once running on your computer - encrypts Microsoft Office, Adobe PDF, Images, Text, and other common files • Will then try to connect to other computers or servers via mapped drives. • Ransomware - asks for money in exchange for the encryption key • There is no known way to recover these encrypted files • Restoring from backup is the only resolution
Preventing Cryptolocker 20 • Be very careful of email attachments and links • Beware of those Phishing attempts and popups when visiting web sites • Verify that users only have access to the shared folders and network resources they need • Might want to use UNC links to shared folders instead of mapped drives. • Don’t store important files on your local PC. Store them on the server where the files are backed up. • Verify your backups are running and what the retention time is
Other general prevention steps 21 • Make sure your Anti-virus is still running - disabling this is usually the first step many virus take • Make sure your Anti-virus is up to date - when does it scan? • Make sure your computer has the latest updates • Use a backup scanning tool like Malwarebytes and run it weekly after updating the definitions • Backup your computer/files to multiple sources. Online, USB drive, USB flash • Use non-admin accounts for daily use and use UAC on Windows • Use mobile devices for suspicious websites or emails as these are currently less likely to get infected.
Business Security 22 • Restrict employees activities on business networks and devices • No Facebook, g-mail, outlook.com • This creates a backdoor access • Downloading screensaver, applications • Webfiltering - block known compromised sites • Employees can access these sites from personal devices over cellular connections
23
Recommend
More recommend