Professional Documents
Culture Documents
SECURITY
BY EKODECK STÉPHANE 1
PLAN
Chapter 1 : Cyber Security
Chapter 2 : Internet Security
Chapter 3 : Basics Internet Technical details
Chapter 4 : Security
Chapter 5 : Identification & Authentication
Chapter 6 : Risk Analysis
Chapter 7 : Firewalls
Chapter 8 : Cryptography
Chapter 9 : Malicious Code
Chapter 10 : Virtual Private Network
BY EKODECK STÉPHANE 2
CHAPTER 1 : CYBER
SECURITY
BY EKODECK STÉPHANE 3
INTRODUCTION
This courses provides some basic information and practical
suggestions for protecting your personal information and computer
from cyber-attacks. Cyber-safety topics covered include:
BY EKODECK STÉPHANE 4
W hat i
s… WHAT IS CYBER-SAFETY?
Cyber-safety is a common term used to describe a
set of practices, measures and/or actions you can
take to protect personal information and your
computer from attacks.
Further, there are services in place to help all UC Davis Mrak Hall
students, faculty and staff meet the cyber-safety
standards. Specific information about these services
is provided in this tutorial.
BY EKODECK STÉPHANE 5
eat
s
CYBER-SAFETY THREATS
Thr
First, let’s talk about some common cyber-safety threats and the
problems they can cause . . .
Viruses Hackers
Viruses infect computers through Hackers are people who “trespass”
email attachments and file sharing. into your computer from a remote
They delete files, attack other location. They may use your
computers, and make your computer to send spam or viruses,
computer run slowly. One infected host a Web site, or do other
computer can cause problems for all activities that cause computer
computers on a network. malfunctions.
BY EKODECK STÉPHANE 6
seq
uen
c CONSEQUENCES OF INACTION
Con es
BY EKODECK STÉPHANE 7
ion
s
CYBER-SAFETY ACTIONS
Act
The following slides describe the top seven actions you can take to
protect personal information and your computer.
BY EKODECK STÉPHANE 8
TOP SEVEN CYBER-SAFETY ACTIONS
Here are the seven cyber-safety actions to make in order to secure you
environment:
5. Avoid Spyware/Adware
6. Protect Passwords
BY EKODECK STÉPHANE 9
INSTALL OS/SOFTWARE
UPDATES
Updates-sometimes called patches-fix problems with your operating system (OS) (e.g.,
Windows XP, Windows Vista, Mac OS X) and software programs (e.g., Microsoft Office
applications).
Most new operating systems are set to download updates by default. After updates are
downloaded, you will be asked to install them. Click yes!
Be sure to restart your computer after updates are installed so that the patches can be
applied immediately.
BY EKODECK STÉPHANE 10
RUN ANTI-VIRUS
SOFTWARE
BY EKODECK STÉPHANE 11
PREVENT IDENTITY THEFT
Don't give out financial account numbers, Social Security numbers, driver’s
license numbers or other personal identity information unless you know
exactly who's receiving it. Protect others people’s information as you would
your own.
Beware of phishing scams - a form of fraud that uses email messages that
appear to be from a reputable business (often a financial institution) in an
attempt to gain personal or account information. These often do not include a
personal salutation. Never enter personal information into an online form you
accessed via a link in an email you were not expecting. Legitimate
businesses will not ask for personal information online.
BY EKODECK STÉPHANE 12
TURN ON PERSONAL
FIREWALLS
Check your computer's security settings for a built-in personal firewall. If you have
one, turn it on. Microsoft Vista and Mac OSX have built-in firewalls. For more
information, see:
Mac Firewall
(docs.info.apple.com/article.html?path=Mac/10.4/en/mh1042.html)
Microsoft Firewall (
www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx)
Unix users should consult system documentation or online help for personal firewall
instructions and/or recommendations.
Once your firewall is turned on, test your firewall for open ports that could allow in
viruses and hackers. Firewall scanners like the one on
http://www.auditmypc.com/firewall-test.asp simplify this process.
Hackers search the Internet by sending out pings (calls) to random computers and
wait for responses. Firewalls prevent your computer from responding to these calls.
BY EKODECK STÉPHANE 13
AVOID SPYWARE/ADWARE
Spyware and adware take up memory and can slow down your
computer or cause other problems.
BY EKODECK STÉPHANE 14
PROTECT PASSWORDS
Do not share your passwords, and always make new passwords difficult to
guess by avoiding dictionary words, and mixing letters, numbers and
punctuation.
BY EKODECK STÉPHANE 15
BACK UP IMPORTANT
FILES
Reduce your risk of losing important files to a virus, computer
crash, theft or disaster by creating back-up copies.
Keep your critical files in one place on your computer’s hard drive
so you can easily create a back up copy.
Test your back up media periodically to make sure the files are
accessible and readable.
BY EKODECK STÉPHANE 16
e
CYBER-SAFETY AT HOME
Hom
BY EKODECK STÉPHANE 17
Wo
CYBER-SAFETY AT WORK
rk
BY EKODECK STÉPHANE 18
CYBER-SAFETY BASICS QUICK QUIZ
1. True or False? Viruses can be transmitted via email, email
attachments or IM.
2. People who seek out your personal information and then use it to
commit crimes are called:_____________________
BY EKODECK STÉPHANE 19
CYBER-SAFETY BASICS QUICK QUIZ
1. Which anti-virus program is available to all UC Davis students,
faculty and staff for free?________________________
8-7 correct: Fantastic! You can help write the next quiz!
6-5 correct: Good. You can help write the next quiz, but we’ll check it for accuracy . . .
just in case.
4-3 correct: You might want to review the material for the questions you missed.
BY EKODECK STÉPHANE 21
CHAPTER 2 :
INTERNET SECURITY
BY EKODECK STÉPHANE 22
THE THREATS – THE
Human Agents RISKS Exposures
Hackers Information theft, loss &
corruption
Disgruntled employees
Monetary theft & embezzlement
White collar criminals
Critical infrastructure failure
Organized crime
Hacker adventures, e-
Terrorists graffiti/defacement
Methods of Attack Business disruption
Brute force
Denial of Service Representative Incidents
Viruses & worms Code Red, Nimda, Sircam
3,500
3,000
2,437
2,500
2,000
1,500 1,090
1,000 417
500 171 345 311 262
0
1995 2002
BY EKODECK STÉPHANE 24
GROWTH IN INCIDENTS REPORTED
TO THE CERT/CC
120000
110,000
100000
80000
55,100
60000
40000
21,756
20000
9,859
6 132 252 406 773 1,334 2,340 2,412 2,573 2,134 3,734
0 1988 1989 1990 1991 1992 1993 1994 1995
1996 1997 1998 1999 2000 2001 2002
BY EKODECK STÉPHANE 25
COMPUTER VIRUS COSTS (IN
BILLIONS)
150
$
billi
on Range
Damage
120
90
60
30
0
'96 '97 '98 '99 '00 '01 '02 '03
(Through Oct
BY EKODECK STÉPHANE 7)
26
THE BAD NEWS
Attacks are up 2,000 % in 5 years
CRS says attacked company may lose up to 5% share price
WSJ reports Organized Crime is main problem---companies are
paying ransom
World Wide losses up to $226 BILLION
Former CIA Director says that terrorists are rapidly getting involved
and regulation may be necessary
BY EKODECK STÉPHANE 27
THE PRIVATE SECTOR AND NATIONAL
CYBERSECURITY
US government is holding
companies responsible for their
security
BY EKODECK STÉPHANE 30
THE GOOD NEWS
Adherence to best practices can mitigate attacks
CSO Magazine (http://www.csoonline.com/) offers the latest
information and best practices on business continuity and data
protection, best practices for prevention of social engineering
scams, and other common attacks
CSO reports 20% of companies who follow best practices are still
attacked but:
Suffer no down time
Suffer minimal economic loss
BY EKODECK STÉPHANE 31
SMALL BUSINESS
CONCERNS
Small Businesses are attacked 3 times as often as large businesses
Small Businesses can’t afford the time and money to keep up with
big guys
BY EKODECK STÉPHANE 32
THIS COULD HAPPEN TO
YOU (FROM SM BUS GUIDE)
Contractor loses customers due to not updating pass words
Small manufacturer loses govt. contract due to software “time
bomb”
Diner has supply chain disrupted by virus attack
Law & Vent. Cap. Firms lose big by not having tech support
Retailer loses everything due to lack of insurance
BY EKODECK STÉPHANE 33
SMALL BUSINESS EXPOSURE
TO CYBER ATTACKS
“Many small businesses still do not conform to industry’s most
basic security requirements” NYT 7/26/05
“Many small businesses do not have sufficient recourses to
implement the proven security best practices” SYS-Con 7/29/05
“Smaller companies intent on growing their profits often do not
focus on critical issues like security…the savings from skimping on
security can be eaten up with 1 small attack”
BY EKODECK STÉPHANE 34
SMALL BUSINESS GETS
ATTACKED
Aug 05 Gallop Poll shows 1/3 of small businesses had been
attacked this year. 28% had lost data and 29% had to replace
equipment.
A Carnegie Mellon Study last year found 17 % of small and mid-
sized businesses had fallen victim to a cyber extortion case and in
41% of the cases the company did not peruse the extortionists
identity
BY EKODECK STÉPHANE 35
ATTACKS ON SMALL
BUSINESSES ARE GROWING
“Due to the perception that they are less secure cyber criminals are
increasingly targeting small businesses. On-line transactions are a
particular target as they often involve sensitive data.” Gov.Sec 8/05
According to the most recent FBI survey (Jan 06) nearly 9 or 10
businesses suffered some form of computer attack in the last year
with average loses apx 25k”
BY EKODECK STÉPHANE 36
FINANCIAL/DATA LOSSES
ARE JUST THE BEGINNING
LIABILITY CONCERNS
“Companies that pass viruses, worms or any type of malware to
other companies via electronic transmissions could find themselves
in court,” say legal and security experts. “They could be held
liable for damage done even if they unintentionally spread such
cyberpests.” Tech World Magazine 8/05
BY EKODECK STÉPHANE 37