1 / 20

Information Security

Information Security

guest49204
Télécharger la présentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. I Protecting yourself in a Digital Age: nformation Security & Privacy Sumit Dhar 18th Sept, 2012

  2. A cautionary tale of… … Aaron Barr (CEO, HBGary Federal) • Hacked by the group Anonymous • Every account compromised • Lost his job

  3. Three pillars of Security… • …and how they were Violated Kevin Mitnick Kevin Poulsen Vladimir Levin

  4. How do we defend ourselves?

  5. First line of defense… • …is a goodPassword

  6. First line of defense… • …is a goodPassword • 12 characters or more • Upper / lower case, special characters and numerals • Different from the previous passwords • Not a dictionary word; not based on your name • Changed frequently

  7. But a key lesson… • …from psychological research Chunking theory states that 5 ± 2 chunks is the limitof the human working memory

  8. Security Implications… • …of this theory • Simpler passwords • Users write the passwords down • Use same passwords across sites

  9. Strategies for creating… • … a securePassword Let us hear some thoughts from the audience

  10. Which of these… • … passwords is better? Option A: sumit1 Option B: J&Jw^th2fapoH2O

  11. Using Mnemonics… • … to create secure passwords? Jack &Jill went up the hill to fetch apail of water= J&Jw^th2fapoH2O Account Specific Passwords: Gmail: J&Jw^th2fapoH2Oma Linkedin: J&Jw^th2fapoH2Oin Twitter: J&Jw^th2fapoH2Owi Facebook: J&Jw^th2fapoH2Oac

  12. If your password is hard… • …what else can the hackers try? Now where can a malicious attacker get such informationfrom?

  13. If your password is hard… • …what else can the hackers try? Information leakage via Social Media

  14. Social Media didn’t work… • …what next?

  15. Social Media didn’t work… • …what next? Phishing Attempt to acquire usernames, passwords or credit card details by masquerading as a trustworthy entity

  16. Worst Case Scenario… • …installing malware on your PC • Malware can: • Track everything you do on your computer • Log every keystroke (including your passwords) • Activate your computer’s video cam without your knowledge • Take periodic screen shots of your system; transfer your files

  17. Can you access my… • … Gmail if you have my password? Yes or No?

  18. Can you access my… • … Gmail if you have my password? User Name: gbsinfosec.demo Password: gbs.bcp.team

  19. Enhance your security… • …enable dual authentication! • Visit: http://accounts.google.com/SmsAuthConfig and setup dual authentication • Similar features available for Facebook and many other sites

More Related