cyber security for everybody
DESCRIPTION
Cyber Security for Everybody. simple steps for defensive surfing. Plans for today. Introduction Internet ‘101’ Steps to prevent cyber crime Keep your PC clean (OS, Browser, security updates) Know about Browser security Never Trust Emails Manage your Passwords Wisely - PowerPoint PPT PresentationTRANSCRIPT
Cyber Security for Everybody
simple steps for defensive surfing
Plans for today
• Introduction• Internet ‘101’• Steps to prevent cyber crime
• Keep your PC clean (OS, Browser, security updates)• Know about Browser security • Never Trust Emails• Manage your Passwords Wisely• Defensive Online Shopping • Mind Open Access Points
• Resources
Introduction• Cyber security is much like real life security, the same
rules apply, e.g.: • Lock the doors• Don’t give away your keys• Stay away from dangerous places• Don’t talk to strangers• Don’t give your contact information to random acquaintances
Internet “plumbing” – quick 101
browser
DNS Server
www.google.com
174.125.19.103
2
Web Server
HTTP request(s)
3
HTTP response(s)
4
plugins5
What is HTTPS?Web
ServerHTTP request(s)
HTTP response(s)
S
S
SSL
Protect your PC!
Data source: McAfee; NCSA
Regularly check OS and S/W patches Install anti-virus/spyware/phishing/spam S/W Enable Firewalls Change H/W default passwords Download software only from trusted sources
Update software on a regular basis!
Be aware of Browser (in)security
browser
plugins
! Browser is on the ‘frontline’ of our Internet adventure
! The HTML pages are not static documents anymore
! Browser scripting is very powerful but also poses a serious security threat
It is possible to stay secure and get maximum features via:
tuning your browser’s security settings regular clearing up browser’s file caches and
cookies explicitly logoff your (bank, retail etc.) account as
soon as you are done using a different browser for ‘adventurous surfing’
Don’t trust Emails (and phone calls, too)
! Emails are another ‘door’ to you computer – just like web sites – with the exception that you don’t even have to initiate the action
! Emails are easily faked – including the sender’s name and the reply-to address
! Most emails are easily ‘sniffed’! Malicious emails are widely used to:
! make you give away sensitive information (passwords, bank account numbers, SSN etc.)
! infect your computer with viruses! SPAM you
‘Phishing’ – the most popular way to steal your valuable data
Some ‘Phishing’ examples
Fighting phishing…
Email: reducing the threat
Never send sensitive information (e.g.: passwords, SSN, credit card number) via email
Never open an email attachment if you are not sure about the email’s origin
Never click on links directly from emails (if you clicked) Always pay attention to the address bar to
see the real address of the site you are redirected toUse anti-phishing tools – toolbars or IE7Use different account name and password for your email
addressKeep low profile – use your email address judiciously;
use ‘lightweight’ email providers as a substitute
Manage your Passwords wisely
! Passwords are often the only way of identifying us ! Passwords can be ‘phished’, stolen, guessed…! By taking over your password the fraudsters take over
your cyber-identity
Minimize the risk by following: Avoid simple passwords (never a single word from dictionary!),
use special signs, digits, both upper and lower cases Use at least 6-10 characters long passwords Don’t use password as a super/sub-string of your login name Come out with your own password policy Don’t use the same password on multiple accounts Change your passwords regularly (at least once in 3 months) Whenever possible use two-factor authentication
Two-factor authentication
There are three universally recognized factors for authenticating individuals: 'Something you know‘ (e.g.: password, PIN). 'Something you have‘ (e.g.: physical credit card, mobile
phone, security token) 'Something you are‘ (e.g.: fingerprint, a retinal scan)
A system is said to leverage Two-factor authentication when it requires at least two of the authentication form factors
Two-factor authentication is virtually bullet-proof
Defensive Online Shopping Poorly secured online stores may lose your credit card/financial data!
Know your online merchantCheck if the URL you post the sensitive data into uses secure
connectionDon’t provide more information than needed for a transactionKeep good recordsUse one-time generated credit card numbers whenever
possible
Some online stores may be fake – temporary sites setup to collect your valuable data
Defensive Online Shopping on
Check the feedback - any feedback lower than 98% is a riskCarefully read the item's descriptionContact the seller if you have any doubtsPrefer items under eBay/PayPal cash back protectionAlways prefer paying by PayPal - avoid Instant Cash Transfer
ServicesIf received Second Chance Offer in the mailbox - always check
its validity by logging into your eBay account's inboxBe careful with 'unusual' requests coming from other users -
most probably it's a fraud
Completely avoid off-eBay transactions
Mind Open Access Points
! Web traffic going via non-secure connection is easily readable by anybody else who shares the connection
When setting up your own wireless network at home be sure to turn on the encryption (WPA, not WEP)
When using public access points use VPN (Virtual Private Network) services to encrypt all the traffic –
Resources Cyber Security Glossary
http://www.staysafeonline.org/basics/glossary.htmlBrowsers:
IE7 http://microsoft.com/windows/downloads/ie/getitnow.mspx Firefox http://www.mozilla.com/en-US/ Safari http://www.apple.com/safari/download/ Opera http://www.opera.com/
Tuning security zones on IE: http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm#security
Trusted software download site: http://www.download.com/ Lightweight e-mailbox provider - http://mailinator.com/PayPal/eBay security key http://ebay.com/securitykey or
http://paypal.com/securitykeyPayPal plugin https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hubeBay security tips http://pages.ebay.com/securitycenter/mrkt_safety.htmlVPN solutions http://anonymizer.com/, http://hotspotvpn.com,
http://publicvpn.com/
Final words…
Internet is a cyber-jungle! You are responsible for your own protection!
You can achieve reasonable security by following simple rules!
Any questions?