Civil Servants Training Manual: Advanced Cisco Netw Orks and Wireless Communication Centre Limited

CIVIL SERVANTS
TRAINING
MANUAL
Advanced Cisco Netw orks And Wireless Communication Centre Limited

No 24 Aminu Kano Crescent Wuse 2. near Park n Shop, Abuja
09098477993,07064411689. info@advancedcisconetworks.com,
www.advancedcisonetworks.com.ng

No. 24 Aminu Kano Crescent Wuse 2. Near Park n Shop, Abuja
09098477993, 07064411689. info@advancedcisconetworks.com, www.advancedcisconetworks.com.ng
DAY 1
INTRODUCTION OF THE PROGRAM AND EXPECTATION: As you already know, the
good image of this nation has being tempered with by the hackers and the so called yahoo boys.
We lost billions of Naira every year to this attackers or online scammers. People are deprived
from having freedom to access the internet as expected for the fear of being scammed.
The federal government through the office of the senate committee on ICT and Cyber Crime in
her effort to eradicate or reduce cybercrime to minimal have organized this cyber security
awareness campaign for the entire civil servants across all Ministries, Departments and Agencies
(MDAs) in the 774 LGAs in Nigeria, and is also commencing capacity building for the youths
across the 774 LGAs for self sustainability.
INTRODUCTION TO ICT AND CYBER SECURITY

There is no doubt that technology is playing a vital role in our daily life today. Technology has
changed the way we live and do things.
IoT (Internet of Things), AI (Artificial Intelligence), ML (Machine Learning) is gradually

changing the landscape of the digital world. As technologies like the aforementioned ones
continue to evolve and as the economic benefits of digitization continue to grow, we are seeing a
digital transformation. Digital Technology has enabled business to innovate their approach to
interacting with society.
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) is a broad term that

comprises of the tools and resources which we use to create, store, manipulate and communicate
information efficiently and effectively. The phones and computers we use today are all product
of ICT. ICT in a simpler term is the branch of science that deals with how information is being
disseminated from one location to another using technology
WHAT IS CYBER SECURITY?

As more time is spent online, your identity, both online and offline can affect your life. Those
whom you chat with online know your personal information, such as your name, age, or where
you live. Your online identity is who you are in cyberspace. Your online identity is how you
present yourself to others online. If such information about you is made available online, then
you are vulnerable to attack. These cyber-attacks are usually aimed at assessing, changing, or
destroying sensitive information. They can cause a serious harm to your personality.
Cyber Security is the practice of protecting your online presence and your gadgets like computer
systems, networks, and programs from digital attacks.

CAUSES AND SOLUTIONS TO CYBERCRIME
Cybercrime refers to any crime that involves the use of a computer and a network. Cybercrime
could also be defined as offences that are committed against individuals or group of individuals
with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental harm to the victim directly or indirectly using modern telecommunications networks such
as internet.
The following are some of the identified causes of cybercrime:
● Unemployment is one of the major causes of cybercrime in Nigeria. It is a known fact

that millions of graduates in the country do not have gainful employment, hence many
resort to cybercrime for survival.
● Quest for wealth is another cause of cybercrime in Nigeria. Youths of nowadays are
greedy, they are not ready to start small hence they strive to level up with their rich
counterparts by engaging in cybercrime.
● Lack of cybercrime laws also encourages the perpetrators to commit more crime knowing
they can always go uncaught. Today we have cybercrime laws in Nigeria but the
challenging part of it is lack of serious awareness campaign for the citizens to know
about the laws.
SOLUTIONS TO CYBERCRIME
1. Capacity building for the unemployed youths

2. Cyber Security awareness campaign
3. Enacting strict laws and sensitizing the entire citizens about the laws
4. Establishment of Institutional framework for coordinating cyber security efforts.
RULES GUIDING CYBERCRIME IN NIGERIA

Hacking
The cybercrime (prohibition and prevention act 2015) makes it an offence for any person,
without authorization, to intentionally access in whole or in part a computer system or network
with the intention of obtaining computer data, securing access to any program and commercial or
industrial secrets or classified information.
Maximum penalty: imprisonment for a term of not more than seven (7) years or a fine of not
more than N7,000,000.00 or both such fine and imprisonment.
Denial-of-service attacks
Denial of service is covered by section 8 of the cybercrimes Act, which makes it an offence for
any person to intentionally commit crime without lawful authority which causes the serious

hindering of the functioning of a computer system by inputting data which prevent the computer
system from functioning in accordance with its intended purpose.
Maximum penalty: imprisonment for a term of not more than two years or a fine of not more
than N5,000,000.00 or both such fine and imprisonment.
Phishing
Under the cybercrimes Act, anyone who attempts to acquire sensitive information such as
usernames, passwords and credit cards details, by masquerading as a trustworthy entity in an
electronic communication through email or instant messaging either in the form of an email from
what appears to be your bank asking a user to change his or her password or by revealing his or
her identity so that such information can later be used to defraud the user.
Maximum penalty: imprisonment for a term not more than three years or a fine of N1,
000,000.00 or both.
Infection of IT systems with malware (including ransomware, spyware, worm, Trojans and
viruses)
The cybercrimes Act makes it an offence for any person to engage in malicious or deliberate
spread of viruses or any malware hereby causing damage to critical information in public, private
or financial institution‘s computers.
Maximum penalty: imprisonment for a term not more than three years or a fine of
N1,000,000.00 or both.
Possession or use of hardware, software or other tools used to commit cybercrime (e.g.
hacking tools)
Under the cybercrime Act, it is an offence for any person who with intention to commit an
offence under the Act, has in his possession, devices including a computer program, a computer
password, access code or similar data by which a computer system or network capable of being
accessed for the purpose of committing an offence under the Act.
Maximum Penalty: imprisonment for a term of not more than two years or a fine of not more
than N5,000,000.00 or both.
Identity theft or identity fraud (e.g. in connection with access devices)
The cybercrimes Act provides that any person who is engaged in the services of any financial
institution and as a result of his special knowledge commits identity theft of its employer, staff,
service providers and consultants with the intent to defraud is guilty of any offence and upon
conviction shall be sentenced to seven years imprisonment or a fine of N5,000,000.00 or both.
Cyber Stalking, harassment and Blackmailing scam: is the threatening and blackmailing acts
carried out on the internet by fraudsters on the victim. In most cases the perpetuators identity is
unknown by the use of a false alias or by blocking the identity and keeping all information
hidden.
Maximum penalty: is a fine of not more than N7 000 000 or imprisonment for a term of not
more than three years.

Cyber-pornography: is the act of using cyberspace to create, display, distribute, or publish
pornography or obscene materials, especially materials depicting children engaged in sexual acts
with adults.
Maximum penalty: is imprisonment for a term of 10 years or a fine of not more than N20, 000
000 or both fine and imprisonment.
Cyber Squatting: is an act of making use of a name, business name, trademark, domain name or
other word or phrase registered, owned or in use by any individual, body corporate or belonging
to either federal, state, or local governments in Nigeria, on the internet or any other computer
network, without authority or right, or for the purpose of interfering with their use by the owner,
registrant or legitimate prior user.
Maximum penalty: imprisonment of not less than 2 years or a fine of not less than N5, 000,
000.00 or both fine and imprisonment.
Cyber Terrorism: life imprisonments the penalty for any person that access or causes to be accessed
any computer system or network for purposes of terrorism.
Manipulation of ATM/POS terminals: The maximum penalty is five years imprisonment or a fine of
N5, 000 000.00 or both.
Introduction to Computer Networking

Networking is the process of connecting two or more networking devices (Computer with NIC,
switches, routers, IP Phones etc) together to enable sharing of network resources like text,
pictures, videos and voice. The two methods of networking are wired and wireless.
Wired network is a method of networking which requires cable for connectivity between the
devices.
Wireless network is a type of network which requires no cable for connectivity or sharing of
resources. Today the world is well interconnected and even migrating into IoT. Our offices,
homes including the gadgets that we use are migrating into the world of connectivity. In such a
world where things are connected together there is chances that an attack on a device could be
attack on all, hence the need for cyber security awareness on how to secure our systems and
networks.
Introduction to IP Address and Internet Appreciation

What is an IP Address?
It‘s a unique logical address arranged in a 32 bits and 4 octet format used by devices on a
network to enable communication and sharing of resources.
IP address is grouped into two versions, which are
IPv4: this contains 32 bits of address. E.g. 10.7.12.33 or 85.5.191.1
IPv6: this contains 128bits of address. E.g. FD00:0DB8:7654:3210:2CAI:BA17:7/142:0032

Classes of IP address
IPv4 is classified into:
Class A: 0.0.0.0 – 126.255.255.255
Class B: 128.0.0.0 – 191.255.255.255
Class C: 192.0.0.0 – 223.255.255.255
Class D: 224.0.0.0 – 239.255.255.255
Class E: 240.0.0.0 – 255.255.255.255
IP address is categorized into private IP and public IP. Private IP address is used within the
Local Area Network (LAN) it is a free address which is also called unregistered IP.
Public IP address is used on the Internet/Wide Area Network (WAN) and registered by the
Internet Service Provider (ISP), it is also called purchased or registered IP address. This
address is what we use in accessing the internet. Anytime you switch on your data, your
service provider will assign a dynamic IP address to your device for communication across
the internet. You can access your IP address when your data is on by going to any of your
browser and search for www.whatismyipaddress.com
Range of Private IP address
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255
For example, the address 172.11.6.29 is a public address of class B
What is Internet
The internet is the largest computer network in the world, connecting millions of computers. A
network is a group of two or more computer system connected together to share resources.
The World Wide Web (www) is a virtual network of websites connected by hyperlinks (or links).
Websites are stored on servers on the internet.
Search Engines
A search engine is just a website such as www.google.comthat stores searchable data about other
websites.
How to create email
To create an email address, you should follow these steps:
- Open your browser (opera, firefox, Crome)
- Type www.gmail.com
- Click sign up
- Fill in your details appropriately
- Enter the code sent to your phone number in its appropriate space and submit.
How to subscribe to our company YouTube Channel

Open your browser
Type www.youtube.com or click on the youtube app

Search for the name of the youtube channel you wish to connect to and click on subscribe.
You are advised to search our company channel on youtube and receive our short videos on
various ICT programs including cyber security. The name of our channel is ―IT EXPERT‖.

DAY 2
HACKING TECHNIQUES
WHAT IS HACKING?
Hacking is the act of finding possible entry points that exists in a computer system and finally
entering into them.
Hacking is usually done to gain unauthorized access to a computer network, either to harm the
system or to steal sensitive information available on the computer.
There are four things a hacker normally targets;
1. Person
2. Emails
3. Website
4. Web Server
Types of hackers
1. Black Hat Hackers

2. White Hat Hackers
3. Grey Hat Hackers
White Hats: These are the ethical hackers, hired by a customer for the specific goal of testing
and improving security or for other defensive purposes. White hats are well respected and don‘t
use their knowledge and skills without prior consent. White hats are also known as security
analysts.
Black Hats: These are the crackers, illegally using their skills for either personal gain or
malicious intent. They seek to steal (copy) or destroy data and to deny access to resources and
systems. Black hats do not ask for permission or consent before intruding systems or network.
Gray Hats: The hardest group to categorize, these hackers are neither good nor bad. Generally
speaking, there are two subsets of gray hats—those who are simply curious about hacking tools
and techniques and those who feel like it‘s their duty, with or without customer permission, to
demonstrate security flaws in systems. In either case, hacking without a customer‘s explicit
permission and direction is usually a crime.

PHASES OF HACKING
FOOTPRINTING / INFORMATION GATHERING
Foot printing is the process of well knowing the target, digging details, and gathering
information about the target
How to perform information gathering
Active Information Gathering
In this method of information gathering, information is gathered directly. e.g. by phone call
Passive Information Gathering
In this method, information is gathered using third party e.g. Search Engines.
Tools for gathering information
1. www.proxysite.com
2. www.whois.com
3. www.netcraft.com
4. www.builtwith.com
5. www.yougetsignal.com
SCANNING
Scanning is the process of finding the vulnerabilities present in a computer network. It is an
advanced form of information gathering. Through scanning we can know the available open port
or services.
Tools used for scanning

1. Angry IP Scanner
2. Nmap
3. Megaping
4. SuperScan
5. Zenmap
PACKET SNIFFERS
A sniffer is a software utility which can ―eavesdrop‖ on a network and capture traffic for
analysis. It does not modify the original packets. Instead it makes copies of the packets that it

sniffs on the wire or in the air wirelessly. A hacker can install a sniffing tool to grab an email or
other forms of packet destined for someone else.
Examples of sniffing tools are: Wireshark, Sniffpass etc.
MALWARES
Malware is any code that can be used to steal data, bypass access controls, or cause harm to, or
compromise a system. Below are a few common types of malware:
Spyware – This malware is design to track and spy on the user. Spyware often includes activity
trackers, keystroke collection, and data capture. In an attempt to overcome security measures,
spyware often modifies security settings. Spyware often bundles itself with legitimate software
or with Trojan horses.
Adware – Advertising supported software is designed to automatically deliver advertisements.

Adware is often installed with some versions of software. Some adware is designed to only
deliver advertisements but it is also common for adware to come with spyware.
Bot – From the word robot, a bot is malware designed to automatically perform action, usually
online. While most bots are harmless, one increasing use of malicious bots are botnets. Several
computers are infected with bots which are programmed to quietly wait for commands provided
by the attacker.
Scareware – This is a type of malware designed to persuade the user to take a specific action
based on fear. Scareware forges pop-up windows that resemble operating system dialogue
windows. These windows convey forged messages stating the system is at risk or needs the
execution of a specific program to return to normal operation. In reality, no problems were
assessed or detected and if the user agrees and clears the mentioned program to execute, his or
her system will be infected with malware.
Rootkit – This malware is designed to modify the operating system to create a backdoor.
Attackers then use the backdoor to access the computer remotely. Most rootkits take advantage
of software vulnerabilities to perform privilege escalation and modify system files. It is also
common for rootkits to modify system forensics and monitoring tools, making them very hard to
detect. Often, a computer infected by a rootkit must be wiped and reinstalled.
Trojan Horse-it‘s a kind of malicious program that hides itself inside a legitimate or useful
application. It is configured by the hacker to give unauthorized backdoor access to the victim
computer, via which a hacker can control the computer. Examples are netbus, subseven, beast,
Njrat etc .

Worms-worms are standalone malicious programs which spread from one computer to another.
Worms have the ability to run independently and that is why they do not attach themselves to
another program. A worm spread itself in a network by exploiting the security vulnerabilities
existing inside computer systems.
Virus-A virus is a popular malware which is well known and one of the most widely discussed
topic in the field of computer security. A virus is a destructive computer program that is designed
to take control of the infected computers and harm the operating system‘s files, user data files or
degrade computer performance. Some well-known virus construction toolkits are JPS virus
maker, terabit virus maker, necro virus maker, poison virus maker, prorat virus maker tool etc.
Keyloggers-is a malicious code used to monitor a computer system remotely to steal vital
information like password and key strokes. One of the most popular tools for keyloggers is KGB
Employee Monitor. It is applications which monitor employees or remote computers in real time
with a centralized, computer-based surveillance system.
PHISHING
Phishing is when a malicious party sends a fraudulent email disguised as being from a legitimate,
trusted source. The message intent is to trick the recipient into installing malware on their device,
or into sharing personal or financial information. An example of phishing is an email forged to
look like it was sent by a retail store asking the user to click a link to claim a prize. The link may
go to a fake site asking for personal information, or it may install a virus.
SYSTEM HACKING/PASSWORD CRACKING TECHNIQUES

System hacking refers to hacking into a computer system by breaking the password protection in
order to either take control or steal data or crash the system.
Passwords and privilege escalation: passwords are the most commonly used authentication
method throughout the world. Username and password authentication is used on computer
systems, email and social media websites, bank accounts etc.
For privilege escalation, hackers will try to crack passwords of high privilege users like root or
administrators.
Password cracking: password cracking is the process of recovering passwords from data that
have been stored in or transmitted by a computer system. A common approach (brute-force-
attack) is to repeatedly try guesses for the password.
RANSOMWARE
This malware is designed to hold a computer system or the data it contains captive until a
payment is made. Ransomware usually works by encrypting data in the computer with a key
unknown to the user. Some other versions of ransomware can take advantage of specific system
vulnerabilities to lock down the system. Ransomware is spread by a downloaded file or some
software vulnerability.

DAY 3
CYBER SECURITY
SECURING YOUR SOCIAL MEDIA ACCOUNTS
1. How to detect if your account has been hacked.
• Gmail: In Gmail, the last account activity feature enables you to get when, how and from
where your account was accessed in the last few sessions.
Scroll to the bottom when you login to your Gmail account and click on the details link below
where it says last account activity. You can also do a lookup on the IP addresses given to you,
using www.whatismyipaddress.com
• Facebook: Facebook allows you to view a history of all logged-in sessions to your account
by clicking on settings-Account setting-security-Active sessions. If you notice any active
sessions that you did not start, you click on the End activity link to remotely log out from it.
It is also recommended that you enable login Notifications on your Facebook account, so that
you receive email and an SMS text message each time someone logs in to your account from a
device that you have not used before. To enable login notification on your account, simply go to
settings> Account settings>security> Login Notifications and enable them.
2. How to make your account Hack-Proof
If you have ever access internet, if you ever been to cafe for browsing, if you ever open links on
internet, chances are that, some malicious attackers might have tried to hack into your Gmail
account at some point in time.
USE TWO FACTOR AUTHENTICATION ON YOUR ONLINE ACCOUNTS
Two factors is a way of adding another extra layer of security on your online accounts apart from
your usernames and passwords.
Two-step verification or two-step authentication is a method of confirming a user's claimed

identity by utilizing something they know (password) and a second factor other than something
they have or something they are.
A good example of two-factor authentication is the withdrawing of money from an ATM; only
the correct combination of a bank card (something the user possesses) and a PIN (something the
user knows) allows the transaction to be carried out.

Two other examples are to supplement a user-controlled password with a one-time password
(OTP) or code generated or received by an authenticator (e.g. a security token or smart phone)
that only the user possesses.
PROTECTING YOUR GMAIL ACCOUNT
If you want to make it almost impossible for attackers to hack into your account, then you need
to enable "2-Step verification" on it. This will provide two security layers protecting your Gmail.
The first step will ask you to provide your username & password, the second layer or step will
request for a verification code. To enable 2-step verification on your Gmail account, login to
your Gmail account and then click on your name on the top right corner of the screen, and then
on the account link, to reveal the Accounts setting page for your account. Click on the security
option in the left column of your account settings page. This will open up the security settings
page for your account, which will allow you to manage various setting options related to your
Gmail account. Follow the steps in-there to receive your code. Enter the code on the space
provided and verify your phone number. Other things you can still do on your Gmail are:
•
Trust your computer feature

Provide backup phone
Get printable backup codes
Application-specific passwords
SECURING SOCIAL MEDIA ACCOUNTS (WHATSAPP AND FACEBOOK)
Use Unique Password for each Online Account
You probably have more than one online account, and each account should have a unique
password. That is a lot of passwords to remember. However, the consequence of not using strong
and unique passwords leaves you and your data vulnerable to cyber criminals. Using the same
password for all your online accounts is like using the same key for all your locked doors, if an
attacker was to get your key, he would have the ability to access everything you own. If
criminals get your password through phishing for example, they will try to get into your other
online accounts. If you only use one password for all accounts, they can get into all your
accounts, steal or erase all your data, or decide to impersonate you.
Tips for choosing a good password:
Do not use dictionary words or names in any languages

● Do not use common misspellings of dictionary words

● Do not use computer names or account names
If possible use special characters, such as ! @ # $ % ^ & * ( )
● Use a password with ten or more characters
This table shows examples of OK, good and better passwords.
OK passwords: allwhitecat, Fblogin, amazonpass, ilikemyschool, hightidenow. Good

passwords: a11whitecat, 1FBLogin, AmazonPa55, ILikeMySchool, HighTideNow.
Better passwords: A11whi7ec@t, 1.FB.L0gin$, Am@z0nPa55, !Lik3MySch00l,
H1gh7id3Now.
6 ways to make your Facebook account more secure

There are many ways in which your Facebook data can be misused. Here are 6 lesser-known
privacy features of the social media website you should use to protect your data.
1. Protect your profile picture

Your profile picture is used as a primary tool for identification on social media. Trouble is,
anyone can create a fake Facebook account using your name and even your actual profile picture.
To stop this from happening, Facebook has added a feature called 'Profile picture guard'. Open
your Facebook profile and click on the current profile picture (don‘t click on 'Update profile
picture'). When the profile picture opens up, click on options at the bottom of the image and
select ‗Turn on profile picture guard‘. A blue shield will appear on your picture and no one will
be able to share or download it anymore.
2. Make your friends authenticators

If Facebook detects an unrecognized login or hacking attempt, it will lock down your account,
and you wouldn‘t be able to access it. The process to regain access to your account used to be a
long one and complicated one, but now Facebook allows you to simply choose up to five trusted
friends who can help you regain access to your account. Go to Settings Security and login
Choose friends to contact, and select at least three people from your friend list. If you get locked
out, these friends can send you verification codes for authentication to help you regain access to
your account.
3. Settings Security and know which devices you use

Under the Login, Facebook shows a section called ‗Where you’re logged in’. This section lists
all the devices (laptop, phone, tablet etc.) on which you have logged in to your Facebook
account. Remove any devices you don‘t recognise or don‘t have access to anymore. If you're

unsure of the status of certain devices, we recommend that you use the ‗Log out of all sessions‘
option, and log in afresh. This will ensure no one else has access to your Facebook account.
4. View all your information

When you open your Facebook account settings, you will notice a new menu item on the left –
'Your Facebook information'. Facebook has consolidated access to all of your information on a
single page. You can view information about you by category (posts, photos, comments, likes,
etc.) and download any information you want. You can even view and manage your activity log
from this page and control which of your activities appear on your friends' timelines.
5. Manage your Facebook data

In the Facebook Information page, you also have a shortcut to ‗Manage your data‘. When you
access this feature, you need to select if you want to manage data on Facebook or Instagram. For
Facebook, you get advanced control on how and where Facebook uses any of your data. You can
manage your location data, control contacts uploaded to Facebook, face recognition setting, ad
preference and various other features.
6. Control your third party login

The majority of websites and apps give you the option to log in using your Facebook account
instead of creating a new account from scratch. While this makes things easier, we often forget to
revoke Facebook access for these third-party apps and websites when we stop using them. Head
to Settings, Apps and websites. You will see a list of all the active apps and websites that have
access to your Facebook account. You can choose the apps you want to remove from the list, as
well as delete any posts that a particular app or website might have published on your behalf.
SECURING BANK ACCOUNTS (BVN/SIM SWAP)
Bank Verification Number (BVN)

With the increasing incidents of compromise on conventional security systems (password and
PIN), there is a high demand for greater security on access to sensitive or personal information in
the Banking system.
The BVN gives each Bank customer a unique identity across the Nigerian Banking industry that
can be used for easy identification and verification at Point of Banking operations.
Biometrics refers to the identification of an individual based on physiological attributes-

fingerprint, voice, facial features etc. To address existing challenges with identity management,
the Central Bank of Nigeria, in collaboration with all Nigerian banks launched a centralized
biometric identification system tagged Bank Verification Number (BVN). Hacking bank account

with just a BVN number is pretty simple and real. The detail discussion is beyond the scope of
this document. Experts advise that you should secure your BVN to be at saver side.
What is SIM swap fraud?

A SIM swap fraud happens when someone convinces your carrier to switch your phone number
over to a SIM card that a criminal possesses. In some cases, there are carrier‘s employees
working together with criminals.
By diverting your incoming SMS messages, scammers can easily complete the text-based two-
factor authentication checks that protect your most sensitive accounts in financial services, social
networks, webmail services and instant messengers.
While payment methods through mobiles offer a convenience that is hard to debate, Kaspersky
Lab research showed that mobile payments and the banking system are suffering a wave of
attacks – mostly powered by SIM swap fraud – and people are losing their money as a result.
This type of attack is used to not only steal credentials and capture one-time passwords (OTPs)
sent via an SMS, but also to cause financial damage to victims, resetting the accounts on
financial services, allowing the fraudsters access to currency accounts not only in banks but also
in fintechs and credit unions. Fraudsters are also using it as way to steal money using WhatsApp,
loading the messages in a new phone, contacting the victim‘s contacts asking for money,
simulating an emergency situation.
According to the National Fraud Intelligence Bureau, the SIM splitter‘s first step is to access
your personal information. This can be achieved through bank statements, as well as increasingly
through scouring social media profiles.
The hacker then obtains a blank SIM card and rings your mobile phone operator. With your
personal information in hand, they pass the security checks and report your phone stolen.
At this point your SIM is blocked and the hacker activates the ‗new‘ one.
While the victim is left with no service, the hacker is able to access all texts and calls,
including the unique code that the bank sends to access their online system. The
perpetrator has free reign over your account and can transfer your funds wherever they
wish
ATM MANIPULATION
ATM hacking or manipulation is becoming rampant. Gone are the days where a hacker will
approach an ATM machine and stuck down one of the keys with a pin like object, broom or

candle wax, so that a victim can insert his or her card and after transaction the card and cash get
hooked inside the machine. Only for the fraudster to come over and remove the object for the
cash and card to come out. Another obsolete step is to search for the manufacturer of an ATM
machine, and identify the default password of the machine. An ATM card is then manufactured
or even ordinary plastic ID card could work things out. The fake card is assumed to be the ATM
master or default card that accompanies it from the company. Once inserted on the machine the
machine requested for pin and the attacker will insert the default password and take control of
the machine. Those tricks hardly work today. Attackers now use advanced technical skills to
manipulate the machine and take control. For criminals, the interesting parts of an ATM include
the computer, network equipment, and main peripherals (card reader and cash dispenser). An
attack on these components could enable intercepting card data, interfering with transaction
processing by the processing center, or telling the dispenser to issue cash. For such attacks the
criminals require physical access to the cabinet of the ATM or a connection to the network on
which the ATM is located.
HOW TO SECURE COMPUTER AND MOBILE DEVICES
Keep the Firewall On

Whether it is a software firewall or a hardware firewall on a router, the firewall should be turned
on and updated to prevent hackers from accessing your personal or company data.
Use Antivirus and Antispyware

Malicious software, such as viruses, Trojan horses, worms, ransomware and spyware, are
installed on your computing devices without your permission, in order to gain access to your
computer and your data. Viruses can destroy your data, slow down your computer, or take over
your computer. One way viruses can take over your computer is by allowing spammers to
broadcast emails using your account. Spyware can monitor your online activities, collect your
personal information, or produce unwanted pop-up ads on your web browser while you are
online. A good rule is to only download software from trusted websites to avoid getting spyware
in the first place. Antivirus software is designed to scan your computer and incoming email for
viruses and delete them. Sometimes antivirus software also includes antispyware. Keep your
software up to date to protect your computer from the newest malicious software.
Encrypt Your Data

What is encryption? Encryption is the process of converting the information into a form where
an unauthorized party cannot read it. Only a trusted, authorized person with the secret key or
password can decrypt the data and access it in its original form. The encryption itself does not
prevent someone from intercepting the data. Encryption can only prevent an unauthorized person
from viewing or accessing the content.

Software programs are used to encrypt files, folders, and even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked
to a specific user account. Only the user that encrypted the data will be able to access it after it
has been encrypted using EFS. To encrypt data using EFS in all Windows versions, follow these
steps:
Step 1. Select one or more files or folders.
Step 2. Right-click the selected data >Properties.
Step 3. Click Advanced…
Step 4. Select the Encrypt contents to secure data check box.
Manage Your Operating System and Browser
Hackers are always trying to take advantage of vulnerabilities in your operating systems and
your web browsers. To protect your computer and your data, set the security settings on your
computer and browser at medium or higher. Update your computer‘s operating system including
your web browsers and regularly download and install the latest software patches and security
updates from the vendors.
HOW TO IMPROVE THE SECURITY ON YOUR PHONE
1. Your computing devices, whether they are PCs, laptops, tablets, or smart phones, should be
password protected to prevent unauthorized access. The stored information should be
encrypted, especially for sensitive or confidential data. Enable a strong screen lock password
by going to Settings – Location – Screen Lock
2. For mobile devices, only store necessary information, in case these devices are stolen or lost
when you are away from your home. If any one of your devices is compromised, the
criminals may have access to all your data through your cloud-storage service provider, such
as iCloud or Google drive.
3. It is advisable that you never install an app on your android device that has not been
downloaded from the official Android market. You can disable the installation of non-market
apps by going to Settings – Applications Settings – unselect the unknown sources option.

4. Always switch off wireless and Bluetooth when not in use.
5. On certain android versions you can encrypt all the contents of your phone and SD card so
that none of the data stored on it can be accessed without entering an access password. To
enable this encryption feature, simply press Settings – Security – Encrypt Device
10 WAYS TO FIND OUT IF A WEBSITE IS REAL OR FAKE.
1. Verify the Website‘s Trust Seal.

A trust seal attempts to communicate to you as an end user that the website they‘re on is safe,
and that the business itself views security as a priority. It is a stamp granted by a security partner
(such as a certificate authority, or CA) that‘s indicative of the legitimacy of the website. If a trust
seal is legitimate, clicking on it will take you to a page that verifies the authenticity of that seal.
2. Does It Have the Padlock with HTTPS? Did You View the Certificate Details?
HTTPS merely means that the communication channel between you and the server is encrypted
and secure (i.e., an attacker listening in on the network will get garbled encrypted information
that won‘t make sense). HTTPS does not assure that the server you are communicating with will
not steal your data. If the server is itself malicious, the S in ―HTTPS‖ will do very little to ensure
security.
Look at it this way: While it‘s a no brainer that if your browser flags a website as ―not secure,‖
no sensitive information should be entered on the page. But even if the site uses HTTPS, it
doesn‘t automatically guarantee safety. This is why SSL/TLS certificates offer different
validation levels.
To view the digital certificate issued to the website, click on the padlock in the web address bar
and select Certificate if using Google‘s Chrome browser. For Firefox, click on the padlock and
then on the arrow to show connection details. Click on more information and then view
certificate.
3. Check the Contact Page

Our third recommendation for how to tell if a website is legit is to verify whether the website has
a physical address. Does the company have a phone number listed and an email ID? Try sending
an email to the ID provided on the contact page and check if it gets delivered. Verify that the
email is not a generic one (such as xyz@gmail.com) but one that comes with the company brand
(such as name@companydomain.com).
4. Check Whether the Company Has a Social Media Presence

Most legitimate companies have some level of a social media presence. Fake websites sometimes
have the icons for Twitter or Facebook, but the graphics don‘t actually link to a real account.

Read company reviews on such platforms and see if you can find real employees of the company
on LinkedIn.
5. Don‘t Click on Links Within the Body of an Email

Unless you requested a password reset link, there‘s almost never a compelling reason to click on
links in your email.
If PayPal was writing to you, they would know your name and use proper grammar. They‘re not
going to refer to you as ―member‖ or ―customer.‖ Furthermore, not in a million years would they
threaten to suspend your account forever with a poorly written email, use urgent or threatening
language, or ask you to provide personal or account informatio n.
By just hovering the mouse over the login button, you should be able to see the actual link where
you would get redirected. Remember that once you hit login, it might take you to a site that looks
eerily similar to the original PayPal website. But the moment you enter your credentials, there‘s
a very good chance that your account will get compromised or your account details will be sold.
6. Look for Spelling or Grammatical Mistakes. Is There a False Sense of Urgency?

These are all telltale signs of a phishing attack. Most legitimate companies make an effort to
ensure minimum quality standards in all communication that leaves their desks. Apart from rare
genuine typos, it‘s highly improbable that you will ever receive a poorly worded email from an
Apple or a Microsoft. All communications from legitimate companies will have an appropriate
tone and will never sound menacing or threatening, even if you don‘t follow through with their
call to action.
If the website looks like it was designed by some seven-year-old who is learning to draw, or if it
has glaring grammar issues, chances are that it‘s a malicious website and you should avoid it at
all costs.
7. Use the Google Safe Browsing Transparency Report

When in doubt about a website‘s safety, head over to the Google Safe Browsing Transparency
Report. This tool allows you to enter a URL to check whether it hosts any malware or if the site
is safe for browsing.
8. Check for a Website Privacy Policy

Most countries and industries have data privacy laws and regulations that make it mandatory for
a website to let their users know how data is collected, used, protected, and stored. This process
is usually achieved by writing a privacy policy document and getting users to read them and
agree to the terms and conditions. By now, most of us have skimmed through enough privacy
policies to know what a decent one looks like in contrast to one that pretends to be an authentic
document.
Apart from the privacy policy, if you‘re on an e-commerce platform, be sure to read their
shipping and return policies. This is always a great method of telling website a website is legit or

fake. If the website lacks one, or if it looks unpolished at best, rethink your decision to make any
purchase from such a dubious site.
9. Pay Close Attention to the URL

Check that the website isn‘t attempting a homograph phishing attack. Browsers can be tricked
into displaying fake domain names as trusted legitimate sites such as a domain registered as xn--
pple-43d.com is displayed as apple.com.
URLs can be manipulated using alphabets that appear similar from other foreign languages such
as the Cyrillic alphabet. The URL can be designed to look a certain way using subdomains, but if
inspected closely, the name of the actual domain is appears right before the TLD. A simple way
to identify whether a URL is a homograph phishing attack is to copy and paste the URL in
another tab. When pasted on the address bar the URL appears as ―https://www.xn--
80ak6aa92e.com/‖ before you hit enter and load the site.
10. Know the Obvious Signs of Website Malware

Web defacement attacks, suspicious pop-ups, and advertisements that attempt to entice you to
click on them typically are indicative of malicious websites egging you on to download and
execute some malware on your system. Be wary of websites that redirect you to other sites with
promotional content or to a legitimate looking page asking you to enter sensitive information.
Always exercise caution when clicking on any ads!
HOW TO BLOCK INAPPROPRIATE WEBSITE
If there are specific websites that you want to block, you can access a specific file called ―hosts‖
in your windows computer. To open the host file on your computer, make sure you are logged in
as Admin, launch the notepad app, click on File-Open and open the following location:
C:\Windows\System32\drives\etc\hosts.
Go to a new line at the bottom of the file and enter the following text:
127.0.0.1 www.websitetoblock.com
127.0.0.1 www.blockme.com
127.0.0.1 www.faceboook.com
A tool that you can use to save you all this difficulty and time consuming task is ―Net Nanny‖ (
www.netnanny.com)
DATA PROTECTION AND RECOVERY

Data protection involves backing up data, such as files, for security reasons on external
storage locations (flash drive, hard disk) or virtually on goggle drive.

Data protection should always be applied to all forms of data, whether it is personal or corporate.
It deals with both the integrity of the data, protection from corruption or errors, and privacy of
data, it being accessible to only those that have access privilege to it.
Backing up data on Google Drive

You can upload, view, share, and edit files with google drive. When you upload a file to Google
drive, it will take up space in your drive, even if you upload to a folder owned by someone else.
---On your Android phone or tablet, open the google drive app,
---Tap Add (+)
---Tap Upload
---Find and tap the files you want to upload
---View uploaded files in My Drive until you move them
To view all the backup files:
---At the top right, click Menu (the three horizontal lines),
---Click on backups
Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted
or made inaccessible. In enterprise IT, data recovery refers to the restoration of data to a desktop,
laptop, server or external storage system from a backup.
Below are the best free recovery software available for free: Recuva pro, MiniTool Power Data
Recovery free, Disk Drill, EaseUS Data Recovery Wizard Free, UnDeleteMyFiles Pro
HOW TO RECOGNIZE PHISHING ATTACKS
Phishing is a technique used by cybercriminals who try to steal your confidential information by
pretending to be someone you trust. Typically, phishing attacks can be in the following forms:
1. Account upgrade, system maintenance, software crash.
2. SMS text message that seems as if your bank, relatives or friends are trying to get in touch
with you
3. Instant message asking you for confidential details about some online account

4. Private messages on facebook containing a link that may take you to a page that looks like a
login screen for Facebook, but actually been a fake login screen meant to steal your password.
SOME TIPS TO HELP AVOID PHISHING ATTACK
1. Your bank or credit company will never ask you your password
2. Before opening a link, move your mouse over it to get some information about it
3. Read the complete URL of a site before opening it. There is difference between
www.gtbaiik.com and www.gtbank.com@nigeria.com Also check the spelling, www. gtbank.
comis not the same with www. gtbenk. com
4. If a link is sent to you and you feel it is a legitimate link, you should avoid using it to login to
any of your accounts. Whenever you want to login to an online account, always open the browser
in a new window, type the website address and then type the username and password to login.
5. Before entering confidential details on a website always check for https instead of http.
6. A simple way to differentiate between a real email and phishing email is to carefully look for
your full name mentioned somewhere in the email. A cybercriminal will hardly know your full
name, so they will use generic salutation to address you (like Sir, Ma, or your email address)
7. Gmail and some other popular site maintains a good database of phishing website, they will
warn you whenever you are attempting to open any of it. You can also check
www.phishtank.com to see the list of phishing websites
8. When you start receiving email or offer from a bank or telecom provider which you did not
open account with, be suspicious and careful with them.
9. Ensure you have anti-phishing software tools available in your computer or phone. McAfee's
"SiteAdvisorLive" is a product that allows you to identify and protect yourself from risky
websites.
10. When buying anti virus ensure you go to the official websites, some free Anti-Virus you
download are actually Virus.
For special and comprehensive training both online and classroom session contact us via
09098477993 / 07064411689 or www.advancedcisconetworks.com.ng


Civil Servants Training Manual: Advanced Cisco Netw Orks and Wireless Communication Centre Limited

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Civil Servants Training Manual: Advanced Cisco Netw Orks and Wireless Communication Centre Limited

Uploaded by

Copyright:

Available Formats

CIVIL SERVANTS

Advanced Cisco Netw orks And Wireless Communication Centre Limited

Advanced Cisco Netw orks And Wireless Communication Centre Limited

INTRODUCTION TO ICT AND CYBER SECURITY

IoT (Internet of Things), AI (Artificial Intelligence), ML (Machine Learning) is gradually

INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) is a broad term that

WHAT IS CYBER SECURITY?

Advanced Cisco Netw orks And Wireless Communication Centre Limited

The following are some of the identified causes of cybercrime:

● Unemployment is one of the major causes of cybercrime in Nigeria. It is a known fact

1. Capacity building for the unemployed youths

RULES GUIDING CYBERCRIME IN NIGERIA

Advanced Cisco Netw orks And Wireless Communication Centre Limited

Advanced Cisco Netw orks And Wireless Communication Centre Limited

Introduction to Computer Networking

Introduction to IP Address and Internet Appreciation

Advanced Cisco Netw orks And Wireless Communication Centre Limited

How to subscribe to our company YouTube Channel

Advanced Cisco Netw orks And Wireless Communication Centre Limited

Advanced Cisco Netw orks And Wireless Communication Centre Limited

1. Black Hat Hackers

Advanced Cisco Netw orks And Wireless Communication Centre Limited

FOOTPRINTING / INFORMATION GATHERING

How to perform information gathering

Active Information Gathering

Passive Information Gathering

Tools for gathering information

Tools used for scanning

Advanced Cisco Netw orks And Wireless Communication Centre Limited

Adware – Advertising supported software is designed to automatically deliver advertisements.

Advanced Cisco Netw orks And Wireless Communication Centre Limited

SYSTEM HACKING/PASSWORD CRACKING TECHNIQUES

Advanced Cisco Netw orks And Wireless Communication Centre Limited

SECURING YOUR SOCIAL MEDIA ACCOUNTS

1. How to detect if your account has been hacked.

2. How to make your account Hack-Proof

USE TWO FACTOR AUTHENTICATION ON YOUR ONLINE ACCOUNTS

Two-step verification or two-step authentication is a method of confirming a user's claimed

Advanced Cisco Netw orks And Wireless Communication Centre Limited

PROTECTING YOUR GMAIL ACCOUNT

Trust your computer feature

SECURING SOCIAL MEDIA ACCOUNTS (WHATSAPP AND FACEBOOK)

Use Unique Password for each Online Account

Tips for choosing a good password:

Do not use dictionary words or names in any languages

Advanced Cisco Netw orks And Wireless Communication Centre Limited

OK passwords: allwhitecat, Fblogin, amazonpass, ilikemyschool, hightidenow. Good

6 ways to make your Facebook account more secure

1. Protect your profile picture

2. Make your friends authenticators

3. Settings Security and know which devices you use

Advanced Cisco Netw orks And Wireless Communication Centre Limited

4. View all your information

5. Manage your Facebook data

6. Control your third party login

SECURING BANK ACCOUNTS (BVN/SIM SWAP)

Bank Verification Number (BVN)

Biometrics refers to the identification of an individual based on physiological attributes-

Advanced Cisco Netw orks And Wireless Communication Centre Limited

What is SIM swap fraud?

Advanced Cisco Netw orks And Wireless Communication Centre Limited

HOW TO SECURE COMPUTER AND MOBILE DEVICES

Keep the Firewall On