1 / 19

Cyber Security for Everybody

Cyber Security for Everybody. simple steps for defensive surfing. Plans for today. Introduction Internet ‘101’ Steps to prevent cyber crime Keep your PC clean (OS, Browser, security updates) Know about Browser security Never Trust Emails Manage your Passwords Wisely

abiba
Télécharger la présentation

Cyber Security for Everybody

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security for Everybody simple steps for defensive surfing

  2. Plans for today • Introduction • Internet ‘101’ • Steps to prevent cyber crime • Keep your PC clean (OS, Browser, security updates) • Know about Browser security • Never Trust Emails • Manage your Passwords Wisely • Defensive Online Shopping • Mind Open Access Points • Resources

  3. Introduction • Cyber security is much like real life security, the same rules apply, e.g.: • Lock the doors • Don’t give away your keys • Stay away from dangerous places • Don’t talk to strangers • Don’t give your contact information to random acquaintances

  4. Internet “plumbing” – quick 101 DNS Server www.google.com Web Server 1 74.125.19.103 2 3 HTTP request(s) HTTP response(s) browser 4 5 plugins

  5. What is HTTPS? SSL S S Web Server HTTP request(s) HTTP response(s)

  6. Protect your PC! Data source: McAfee; NCSA • Regularly check OS and S/W patches • Install anti-virus/spyware/phishing/spam S/W • Enable Firewalls • Change H/W default passwords • Download software only from trusted sources Update software on a regular basis!

  7. Be aware of Browser (in)security browser plugins • Browser is on the ‘frontline’ of our Internet adventure • The HTML pages are not static documents anymore • Browser scripting is very powerful but also poses a serious security threat • It is possible to stay secure and get maximum features via: • tuning your browser’s security settings • regular clearing up browser’s file caches and cookies • explicitly logoff your (bank, retail etc.) account as soon as you are done • using a different browser for ‘adventurous surfing’

  8. Don’t trust Emails (and phone calls, too) • Emails are another ‘door’ to you computer – just like web sites – with the exception that you don’t even have to initiate the action • Emails are easily faked – including the sender’s name and the reply-to address • Most emails are easily ‘sniffed’ • Malicious emails are widely used to: • make you give away sensitive information (passwords, bank account numbers, SSN etc.) • infect your computer with viruses • SPAM you

  9. ‘Phishing’ – the most popular way to steal your valuable data

  10. Some ‘Phishing’ examples

  11. Fighting phishing…

  12. Email: reducing the threat • Never send sensitive information (e.g.: passwords, SSN, credit card number) via email • Never open an email attachment if you are not sure about the email’s origin • Never click on links directly from emails • (if you clicked) Always pay attention to the address bar to see the real address of the site you are redirected to • Use anti-phishing tools – toolbars or IE7 • Use different account name and password for your email address • Keep low profile – use your email address judiciously; use ‘lightweight’ email providers as a substitute

  13. Manage your Passwords wisely • Passwords are often the only way of identifying us • Passwords can be ‘phished’, stolen, guessed… • By taking over your password the fraudsters take over your cyber-identity • Minimize the risk by following: • Avoid simple passwords (never a single word from dictionary!), use special signs, digits, both upper and lower cases • Use at least 6-10 characters long passwords • Don’t use password as a super/sub-string of your login name • Come out with your own password policy • Don’t use the same password on multiple accounts • Change your passwords regularly (at least once in 3 months) • Whenever possible use two-factor authentication

  14. Two-factor authentication • There are three universally recognized factors for authenticating individuals: • 'Something you know‘ (e.g.: password, PIN). • 'Something you have‘ (e.g.: physical credit card, mobile phone, security token) • 'Something you are‘ (e.g.: fingerprint, a retinal scan) • A system is said to leverage Two-factor authentication when it requires at least two of the authentication form factors Two-factor authentication is virtually bullet-proof

  15. Defensive Online Shopping Poorly secured online stores may lose your credit card/financial data! Some online stores may be fake – temporary sites setup to collect your valuable data • Know your online merchant • Check if the URL you post the sensitive data into uses secure connection • Don’t provide more information than needed for a transaction • Keep good records • Use one-time generated credit card numbers whenever possible

  16. Defensive Online Shopping on • Check the feedback - any feedback lower than 98% is a risk • Carefully read the item's description • Contact the seller if you have any doubts • Prefer items under eBay/PayPal cash back protection • Always prefer paying by PayPal - avoid Instant Cash Transfer Services • If received Second Chance Offer in the mailbox - always check its validity by logging into your eBay account's inbox • Be careful with 'unusual' requests coming from other users - most probably it's a fraud Completely avoid off-eBay transactions

  17. Mind Open Access Points • Web traffic going via non-secure connection is easily readable by anybody else who shares the connection • When setting up your own wireless network at home be sure to turn on the encryption (WPA, not WEP) • When using public access points use VPN (Virtual Private Network) services to encrypt all the traffic –

  18. Resources • Cyber Security Glossary http://www.staysafeonline.org/basics/glossary.html • Browsers: • IE7 http://microsoft.com/windows/downloads/ie/getitnow.mspx • Firefox http://www.mozilla.com/en-US/ • Safari http://www.apple.com/safari/download/ • Opera http://www.opera.com/ • Tuning security zones on IE: http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm#security • Trusted software download site: http://www.download.com/ • Lightweight e-mailbox provider - http://mailinator.com/ • PayPal/eBay security key http://ebay.com/securitykey or http://paypal.com/securitykey • PayPal pluginhttps://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hub • eBay security tips http://pages.ebay.com/securitycenter/mrkt_safety.html • VPN solutions http://anonymizer.com/, http://hotspotvpn.com, http://publicvpn.com/

  19. Final words… Internet is a cyber-jungle! You are responsible for your own protection! You can achieve reasonable security by following simple rules! Any questions?

More Related