CYBER & INTERNET By Ekodeck Stéphane

SECURITY
BY EKODECK STÉPHANE 1
PLAN
Chapter 1 : Cyber Security
Chapter 2 : Internet Security
Chapter 3 : Basics Internet Technical details
Chapter 4 : Security
Chapter 5 : Identification & Authentication
Chapter 6 : Risk Analysis
Chapter 7 : Firewalls
Chapter 8 : Cryptography
Chapter 9 : Malicious Code
Chapter 10 : Virtual Private Network
BY EKODECK STÉPHANE 2
CHAPTER 1 : CYBER
SECURITY
BY EKODECK STÉPHANE 3
INTRODUCTION
This courses provides some basic information and practical
suggestions for protecting your personal information and computer
from cyber-attacks. Cyber-safety topics covered include:

What is Cyber-safety Consequences

Cyber-safety? Threats of Inaction

Cyber-safety Cyber-safety at Campus Cyber-

Actions Home &Work safety Services

BY EKODECK STÉPHANE 4
W hat i
s… WHAT IS CYBER-SAFETY?
 Cyber-safety is a common term used to describe a
set of practices, measures and/or actions you can
take to protect personal information and your
computer from attacks.

 At UC Davis, we have the Cyber-safety Program

policy, PPM 310-22, (
http://manuals.ucdavis.edu/ppm/310/310-22.htm)
which establishes that all devices connected to the
UC Davis electronic communications network must
meet certain security standards.

 As part of this policy, all campus units provide

annual reports demonstrating their level of
compliance.

 Further, there are services in place to help all UC Davis Mrak Hall
students, faculty and staff meet the cyber-safety
standards. Specific information about these services
is provided in this tutorial.

BY EKODECK STÉPHANE 5
 eat
s
CYBER-SAFETY THREATS
Thr
First, let’s talk about some common cyber-safety threats and the
problems they can cause . . .
Viruses
Viruses infect computers through
email attachments and file sharing.
They delete files, attack other
computers, and make your
computer run slowly. One infected
computer can cause problems for all
computers on a network.
Identity Thieves
People who obtain unauthorized
access to your personal information,
such as Social Security and financial
account numbers. They then use
this information to commit crimes
such as fraud or theft.
Hackers
Hackers are people who “trespass”
into your computer from a remote
location. They may use your
computer to send spam or viruses,
host a Web site, or do other
activities that cause computer
malfunctions.
Spyware
Spyware is software that
“piggybacks” on programs you
download, gathers information
about your online habits, and
transmits personal information
without your knowledge. It may also
cause a wide range of other
computer malfunctions.
BY EKODECK STÉPHANE 6
 seq
uen
c CONSEQUENCES OF INACTION
Con es

In addition to the risks identified on the previous slide,

you may face a number of other consequences if you fail to take actions to protect
personal information and your computer. Consequences include:

BY EKODECK STÉPHANE 7
 ion
s
CYBER-SAFETY ACTIONS
Act

 The following slides describe the top seven actions you can take to
protect personal information and your computer.

 By implementing all seven of these security measures, you will

protect yourself, others, and your computer from many common
threats.

 In most cases, implementing each of these security measures will

only take a few minutes.

BY EKODECK STÉPHANE 8
TOP SEVEN CYBER-SAFETY ACTIONS
Here are the seven cyber-safety actions to make in order to secure you
environment:

1. Install OS/Software Updates

2. Run Anti-virus Software

3. Prevent Identity Theft

4. Turn on Personal Firewalls

5. Avoid Spyware/Adware

6. Protect Passwords

7. Back up Important Files

BY EKODECK STÉPHANE 9
 INSTALL OS/SOFTWARE
UPDATES

 Updates-sometimes called patches-fix problems with your operating system (OS) (e.g.,
Windows XP, Windows Vista, Mac OS X) and software programs (e.g., Microsoft Office
applications).

 Most new operating systems are set to download updates by default. After updates are
downloaded, you will be asked to install them. Click yes!

 To download patches for your system and software, visit:

 Windows Update: http://windowsupdate.microsoft.com to get or ensure you
have all the latest operating system updates only. Newer Windows systems
are set to download these updates by default.
 Microsoft Update: http://www.update.microsoft.com/microsoftupdate/ to get
or ensure you have all the latest OS and Microsoft Office software updates.
You must sign up for this service.
 Apple: http://www.apple.com/support
 Unix: Consult documentation or online help for system update information
and instructions.

 Be sure to restart your computer after updates are installed so that the patches can be
applied immediately.

BY EKODECK STÉPHANE 10
 RUN ANTI-VIRUS
SOFTWARE

 To avoid computer problems caused by viruses, install and run an

anti-virus program like Sophos, Kaspersky, Avast, …

 Periodically, check to see if your anti-virus is up to date by opening

your anti-virus program and checking the Last updated: date.

 Anti-virus software removes viruses, quarantines and repairs

infected files, and can help prevent future viruses.

BY EKODECK STÉPHANE 11
 PREVENT IDENTITY THEFT

 Don't give out financial account numbers, Social Security numbers, driver’s
license numbers or other personal identity information unless you know
exactly who's receiving it. Protect others people’s information as you would
your own.

 Never send personal or confidential information via email or instant

messages as these can be easily intercepted.

 Beware of phishing scams - a form of fraud that uses email messages that
appear to be from a reputable business (often a financial institution) in an
attempt to gain personal or account information. These often do not include a
personal salutation. Never enter personal information into an online form you
accessed via a link in an email you were not expecting. Legitimate
businesses will not ask for personal information online.

BY EKODECK STÉPHANE 12
 TURN ON PERSONAL
FIREWALLS
 Check your computer's security settings for a built-in personal firewall. If you have
one, turn it on. Microsoft Vista and Mac OSX have built-in firewalls. For more
information, see:
 Mac Firewall  
(docs.info.apple.com/article.html?path=Mac/10.4/en/mh1042.html)
 Microsoft Firewall (
www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx)
 Unix users should consult system documentation or online help for personal firewall
instructions and/or recommendations.

 Once your firewall is turned on, test your firewall for open ports that could allow in
viruses and hackers. Firewall scanners like the one on
http://www.auditmypc.com/firewall-test.asp simplify this process.

 Firewalls act as protective barriers between computers and the internet.

 Hackers search the Internet by sending out pings (calls) to random computers and
wait for responses. Firewalls prevent your computer from responding to these calls.

BY EKODECK STÉPHANE 13
 AVOID SPYWARE/ADWARE

 Spyware and adware take up memory and can slow down your
computer or cause other problems.

 Use Spybot and Ad-Aware to remove spyware/adware from your

computer. UC Davis students, faculty and staff can get Spybot and
Ad-Aware for free on the Internet Tools CD (available from IT Express
in Shields Library).

 Watch for allusions to spyware and adware in user agreements

before installing free software programs.

 Be wary of invitations to download software from unknown internet

sources.

BY EKODECK STÉPHANE 14
 PROTECT PASSWORDS

 Do not share your passwords, and always make new passwords difficult to
guess by avoiding dictionary words, and mixing letters, numbers and
punctuation.

 Do not use one of these common passwords or any variation of them:

qwerty1, abc123, letmein, password1, iloveyou1, (yourname1), baseball1.

 Change your passwords periodically.

 When choosing a password:

o Mix upper and lower case letters
o Use a minimum of 8 characters
o Use mnemonics to help you remember a difficult password

 Store passwords in a safe place. Consider using KeePass Password Safe (

http://keepass.info/), Keychain (Mac) or an encrypted USB drive to store
passwords. Avoid keeping passwords on a Post-it under your keyboard, on
your monitor or in a drawer near your computer!

BY EKODECK STÉPHANE 15
 BACK UP IMPORTANT
FILES
 Reduce your risk of losing important files to a virus, computer
crash, theft or disaster by creating back-up copies.

 Keep your critical files in one place on your computer’s hard drive
so you can easily create a back up copy.

 Save copies of your important documents and files to a CD, online

back up service, flash or USB drive, or a server.

 Store your back-up media in a secure place away from your

computer, in case of fire or theft.

 Test your back up media periodically to make sure the files are
accessible and readable.

BY EKODECK STÉPHANE 16
 e
CYBER-SAFETY AT HOME
Hom

 Physically secure your computer by using security cables and

locking doors and windows in the dorms and off-campus housing.

 Avoid leaving your laptop unsupervised and in plain view in the

library or coffee house, or in your car, dorm room or home.

 Set up a user account and password to prevent unauthorized access

to your computer files.

 Do not install unnecessary programs on your computer.

 Microsoft users can download the free Secunia Personal Software

Inspector (https://psi.secunia.com/), which lets you scan your
computer for any missing operating system or software patches and
provides instructions for getting all the latest updates.

BY EKODECK STÉPHANE 17
Wo
CYBER-SAFETY AT WORK
rk

 Be sure to work with your technical support coordinator before

implementing new cyber-safety measures.

 Talk with your technical support coordinator about what cyber-

safety measures are in place in your department.

 Report to your supervisor any cyber-safety policy violations,

security flaws/weaknesses you discover or any suspicious activity
by unauthorized individuals in your work area.

 Physically secure your computer by using security cables and

locking building/office doors and windows.

 Do not install unnecessary programs on your work computer.

BY EKODECK STÉPHANE 18
CYBER-SAFETY BASICS QUICK QUIZ
1. True or False? Viruses can be transmitted via email, email
attachments or IM.

2. People who seek out your personal information and then use it to
commit crimes are called:_____________________

3. Which of the following are ways to help prevent identity theft.

(Check all that apply.)
__A. Never send personal information via email or instant
messages.
__B. Always send personal information via email or instant
messages.
__C. Lock my office door.
__D. Don’t tell anybody my name.

4. True or False? Iloveyou2 is a good password. Why or why not?

BY EKODECK STÉPHANE 19
CYBER-SAFETY BASICS QUICK QUIZ
1. Which anti-virus program is available to all UC Davis students,
faculty and staff for free?________________________

2. I just downloaded a free program online and now my computer is

running very, very slowly. Which of the following most likely
happened?
__A. I didn’t install the program properly.
__B. I didn’t have enough space on my hard drive for the new
program.
__C. I downloaded spyware and/or adware, too.
__D. Someone snuck in while the program was downloading
and changed my password.

3. ___________________help prevent your computer from responding to

pings (calls) from hackers.

8. To fix problems with my operating system and/or application

software, I should install __________________.
Answers on next slide ...
BY EKODECK STÉPHANE 20
QUICK QUIZ ANSWERS
1. True
2. Identity thieves
3. A and C are correct. D would probably help too, but seems a bit
extreme!
4. False. Iloveyou2 is a very common password.
5. Sophos Anti-Virus is free to UC Davis students, faculty and staff.
6. C. It’s most likely that you downloaded spyware and/or adware.
7. Firewalls
8. OS and/or software updates (patches)

How did you do?

8-7 correct: Fantastic! You can help write the next quiz!
6-5 correct: Good. You can help write the next quiz, but we’ll check it for accuracy . . .
just in case.
4-3 correct: You might want to review the material for the questions you missed.

BY EKODECK STÉPHANE 21
 CHAPTER 2 :
INTERNET SECURITY
BY EKODECK STÉPHANE 22
 THE THREATS – THE
Human Agents RISKS Exposures
Hackers Information theft, loss &
corruption
Disgruntled employees
Monetary theft & embezzlement
White collar criminals
Critical infrastructure failure
Organized crime
Hacker adventures, e-
Terrorists graffiti/defacement
Methods of Attack Business disruption
Brute force
Denial of Service Representative Incidents
Viruses & worms Code Red, Nimda, Sircam

Back door taps & CD Universe extortion, e-Toys

misappropriation, “Hactivist” campaign,

Information Warfare (IW) Love Bug, Melissa Viruses

techniques BY EKODECK STÉPHANE 23

THE DILEMMA: GROWTH IN NUMBER
OF VULNERABILITIES REPORTED TO
CERT/CC
4,500
4,129
4,000

3,500

3,000
2,437
2,500

2,000

1,500 1,090

1,000 417
500 171 345 311 262

0
1995 2002

BY EKODECK STÉPHANE 24
GROWTH IN INCIDENTS REPORTED
TO THE CERT/CC

120000
110,000

100000

80000

55,100
60000

40000

21,756
20000
9,859
6 132 252 406 773 1,334 2,340 2,412 2,573 2,134 3,734
0 1988 1989 1990 1991 1992 1993 1994 1995
1996 1997 1998 1999 2000 2001 2002

BY EKODECK STÉPHANE 25
COMPUTER VIRUS COSTS (IN
BILLIONS)
150
$
billi
on Range
Damage
120

90

60

30

0
'96 '97 '98 '99 '00 '01 '02 '03
(Through Oct
BY EKODECK STÉPHANE 7)
26
THE BAD NEWS
Attacks are up 2,000 % in 5 years
CRS says attacked company may lose up to 5% share price
WSJ reports Organized Crime is main problem---companies are
paying ransom
World Wide losses up to $226 BILLION
Former CIA Director says that terrorists are rapidly getting involved
and regulation may be necessary

BY EKODECK STÉPHANE 27
THE PRIVATE SECTOR AND NATIONAL
CYBERSECURITY

US government is holding
companies responsible for their
security

Fiduciary and oversight

responsibility is being enforced

Corporate governance, vision and

goals reside at the executive level
BY EKODECK STÉPHANE 28
NIPP PRIVATE SECTOR
RESPONSIBILITIES
National Infrastructure Protection Plan - Department of Homeland
Security
Be aware of their systems vulnerabilities & not allowing their system to
be used in an attack
Reviewing and exercising continuity plans
Active involvement in industry information sharing programs
Evaluate Your System by:
Conducting audits
Participate in info share and Best Practices
Develop continuity plans w/ off-site equipment
BY EKODECK STÉPHANE 29
NIPP PRIVATE SECTOR
RESPONSIBILITIES (CONT.)
Promote instillation and implementation of security by:
Increasing user awareness
Consider ease of use in system procurement
Promote industry guidelines and best practices that support such
efforts

BY EKODECK STÉPHANE 30
THE GOOD NEWS
Adherence to best practices can mitigate attacks
CSO Magazine (http://www.csoonline.com/) offers the latest
information and best practices on business continuity and data
protection, best practices for prevention of social engineering
scams, and other common attacks
CSO reports 20% of companies who follow best practices are still
attacked but:
Suffer no down time
Suffer minimal economic loss

BY EKODECK STÉPHANE 31
SMALL BUSINESS
CONCERNS
Small Businesses are attacked 3 times as often as large businesses

Impact on Small Businesses is magnified due to small operating

margins

Small Businesses can’t afford the time and money to keep up with
big guys

BY EKODECK STÉPHANE 32
THIS COULD HAPPEN TO
YOU (FROM SM BUS GUIDE)
Contractor loses customers due to not updating pass words
Small manufacturer loses govt. contract due to software “time
bomb”
Diner has supply chain disrupted by virus attack
Law & Vent. Cap. Firms lose big by not having tech support
Retailer loses everything due to lack of insurance

BY EKODECK STÉPHANE 33
SMALL BUSINESS EXPOSURE
TO CYBER ATTACKS
“Many small businesses still do not conform to industry’s most
basic security requirements” NYT 7/26/05
“Many small businesses do not have sufficient recourses to
implement the proven security best practices” SYS-Con 7/29/05
“Smaller companies intent on growing their profits often do not
focus on critical issues like security…the savings from skimping on
security can be eaten up with 1 small attack”

BY EKODECK STÉPHANE 34
SMALL BUSINESS GETS
ATTACKED
Aug 05 Gallop Poll shows 1/3 of small businesses had been
attacked this year. 28% had lost data and 29% had to replace
equipment.
A Carnegie Mellon Study last year found 17 % of small and mid-
sized businesses had fallen victim to a cyber extortion case and in
41% of the cases the company did not peruse the extortionists
identity

BY EKODECK STÉPHANE 35
ATTACKS ON SMALL
BUSINESSES ARE GROWING
“Due to the perception that they are less secure cyber criminals are
increasingly targeting small businesses. On-line transactions are a
particular target as they often involve sensitive data.” Gov.Sec 8/05
According to the most recent FBI survey (Jan 06) nearly 9 or 10
businesses suffered some form of computer attack in the last year
with average loses apx 25k”

BY EKODECK STÉPHANE 36
FINANCIAL/DATA LOSSES
ARE JUST THE BEGINNING
LIABILITY CONCERNS
“Companies that pass viruses, worms or any type of malware to
other companies via electronic transmissions could find themselves
in court,” say legal and security experts. “They could be held
liable for damage done even if they unintentionally spread such
cyberpests.” Tech World Magazine 8/05

BY EKODECK STÉPHANE 37