Cyber Security 101 -...
Transcript of Cyber Security 101 -...
![Page 1: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/1.jpg)
CYBER SECURITY 101
Originally presented by Steve Andrews
Systems Administrator
Southwest Kansas Library System
Janelle Mercer
Technology Trainer
Southwest Kansas Library System
NECESSARY KNOWLEDGE 2017
NORTH CENTRAL KANSAS LIBRARY SYSTEM
![Page 2: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/2.jpg)
•Data privacy day is January 28th
https://staysafeonline.org/data-privacy-day/about
•October is National Cyber Security Awareness Month
https://www.dhs.gov/national-cyber-security-
awareness-month
![Page 3: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/3.jpg)
BRUCE SCHNEIER – SCHNEIER ON SECURITY
• I am regularly asked what average Internet users can do to ensure their safety. My
first answer is usually, “Nothing – you’re screwed.”
• But that's not true, and the reality is more complicated. You're screwed if you do
nothing to protect yourself, but there are many things you can do to increase your
security on the Internet.
• Bruce Schneier CNET News.com December 9, 2004 -
https://www.schneier.com/essays/archives/2004/12/who_says_safe_comput.html
![Page 4: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/4.jpg)
DATA BREACHES
• http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
breaches-hacks/
• https://www.privacyrights.org/data-breaches
• https://haveibeenpwned.com/PwnedWebsites
![Page 5: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/5.jpg)
KNOW YOUR ANTIVIRUSTEST FILE : HTTP://WWW.EICAR.ORG/85-0-DOWNLOAD.HTML
![Page 6: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/6.jpg)
AV ALERT - VIPRE
![Page 7: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/7.jpg)
ANTIVIRUS PROGRAMS ARE NOT BULLET-PROOF
• User actions can circumvent antivirus programs
• Bad Actors (virus creators) are constantly working to circumvent AV products
• Too many attack vectors to cover
• The end of the Anti-Virus era?
• http://www.computerworld.com/article/3146996/malware-vulnerabilities/is-antivirus-
software-dead-at-last.html
![Page 8: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/8.jpg)
ZERO-DAY VULNERABILITY
• A zero-day attack happens once that flaw, or software/hardware
vulnerability, is exploited and attackers release malware before a developer
has an opportunity to create a patch to fix the vulnerability—hence “zero-
day.”
![Page 9: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/9.jpg)
UPDATING YOUR DEVICESCOMPUTERS, PHONES, TABLETS, LAPTOPS, ROUTERS, IOT (INTERNET OF THINGS) STUFF
![Page 10: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/10.jpg)
INTERNET OF THINGS (IOT)
http://www.businessinsider.com/what-is-the-internet-of-things-definition-2016-8?IR=T
https://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-
that-anyone-can-understand/#274c71f1d091
FitbitAmazon Echo
![Page 11: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/11.jpg)
THE IMPORTANCE OF UPDATES
• Operating System (Windows, OS-X, Android, etc.)
• Applications (Adobe Reader, Office, WordPress, etc.)
• Web Browsers (Chrome, Firefox, etc.)
• Platforms, Plugins, Programming Languages
• Java
• Flash
• Antivirus Programs
![Page 12: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/12.jpg)
Java
FLASH
![Page 13: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/13.jpg)
ELECTRONIC MAIL
![Page 14: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/14.jpg)
EMAIL PIVOT ATTACKS
![Page 15: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/15.jpg)
SENSITIVE DATA IN EMAILS
• Account Login credentials (username & password)
• SSN
• Birthday
• Address
• Phone numbers
![Page 16: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/16.jpg)
GENERAL EMAIL TIPS
• Email clients (local i.e. Outlook) vs web-based email
• Deleting old e-mails
• Message retention - someone with ten years' worth of data to dig through is naturally going to reveal
more about themselves than someone who only has six months of messages.
• Password hints could be scraped (high school reunion, mother’s maiden name, etc.)
• Beware of unsolicited email
• Never click on links from unknown senders
• Never open attachments from unknown senders
• Be cautious of password reset emails
• URL shorteners
• http://getlinkinfo.com/
![Page 17: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/17.jpg)
CHECK THE EMAIL HEADER
![Page 18: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/18.jpg)
PHISHING
![Page 19: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/19.jpg)
PHISHING PART DEUX
![Page 20: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/20.jpg)
NETFLIX PHISH
• Email telling you your Netflix account has been suspended due to a problem
with your billing information.
• Link in email takes you to landing page that looks like Netflix.
• Asks you to enter in username, password. Takes you to page to enter credit
card information. Some versions have asked for other personal information.
• https://www.wired.com/story/netflix-phishing-scam/
![Page 21: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/21.jpg)
SUBJECT: FEDEX TRACKING NUMBER N4815347
• From: "Fedex Manager, Willis Grabinger"
• Dear. Unfortunately we failed to deliver the postal package you have sent on
the 27th of July in time because the recipient's address is erroneous. Please
print out the invoice copy attached and collect the package at our office. *
This site is protected by copyright and trademark laws under US and
International law.
• ATTACHMENT: FEDEXInvoiceEE057100OP.zip
![Page 22: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/22.jpg)
CRYPTO VIRUS
![Page 23: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/23.jpg)
PHISHING TEST CAMPAIGNS
• Sophos Phish Test - https://www.sophos.com/en-us/products/phish-threat.aspx
• Duo Insight - https://duo.com/resources/duo-insight
![Page 24: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/24.jpg)
BROWSING THE WEB
![Page 25: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/25.jpg)
WEBSITE SECURITY - HTTPS
• Demonstration of https webpage - https://www.bankofamerica.com
• Never enter credentials (login username / password) in unsecured (http) web
pages
• Getting a security warning? Check your clock!
• Hover on links before clicking to see where they go
![Page 26: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/26.jpg)
WEBSITE MALWARE
![Page 27: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/27.jpg)
FAKE ANTIVIRUS MESSAGES IN WEB BROWSERS (SCARE-WARE)
EXAMPLES (GOOGLE IMAGE SEARCH)
• Can look very legitimate
• Can contain information such as your ISP or geographic location
• Don’t click on anything!
• Restart computer or Ctl-Alt-Del and end browser process
• Tech Support Scam
• Unsolicited phone calls for tech support
![Page 28: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/28.jpg)
MALVERTISING
• Malicious advertising that spreads malware
• https://blog.malwarebytes.com/threat-analysis/2016/03/large-angler-malvertising-
campaign-hits-top-publishers/
• According to Heimdal Security, 90% of web attacks are delivered through advertising
• Consider using an ad-blocker (added bonus: use less bandwidth)
• uBlock Origin
• Adblock Plus
• Ghostery
![Page 29: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/29.jpg)
UNTRUSTED NETWORKSPUBLIC WI-FI VS. SECURED WI-FI
![Page 30: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/30.jpg)
WIRELESS
• Public Wifi & Default SSIDs
• Cellphones have a bad habit of connecting to WiFi on their own
• Use free / public wifi with extreme caution
• Does your home wifi require a password?
![Page 31: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/31.jpg)
PASSWORDS
![Page 32: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/32.jpg)
GENERAL PASSWORD TIPS
• Don’t use simple passwords
• https://howsecureismypassword.net
• Don’t re-use passwords
• Check for breeched credentials
• https://haveibeenpwned.com
• Don’t enter credentials on unsecured web pages (http vs. https)
• Consider using two-factor authentication
![Page 33: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/33.jpg)
GENERAL PASSWORD TIPS
• Password managers (as opposed to sticky notes on your monitor)
• Keepass
• LastPass
• Don’t save critical login info in your browser
• Password hints
![Page 34: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/34.jpg)
DEFAULT PASSWORDS ON EQUIPMENT
• Wireless Routers
• Security / Video Cameras
• Devices Internet of Things Devices (IoT)
• Printers
• IoT botnets have transformed the threat landscape, resulting in a big increase in the size of
DDoS attacks from 500Gbps in 2015 up to 800Gbps last year. (DDoS = Distributed Denial
of Service)
• Hackers have been able to "weaponise" digital video recorders, webcams and other IoT
devices due to inherent security vulnerabilities.
![Page 35: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/35.jpg)
@ YOUR LIBRARY
• Importance of library staff computers (especially circulation) in regards to securing patron
data.
• Make sure staff understand that they are handling sensitive information in regards to patron
information
• Never let patrons or non-staff persons access secured WiFi
• Ask to see identification from anyone wanting access to staff areas for maintenance or
inspection work
• Educate all your staff.
• Including part-time staff, volunteers, and/or subs
![Page 36: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/36.jpg)
BACKUPS
• Be sure your data is being backed up on a regular basis
• Consider air-gapping (isolating) your backup device when not in use
• Test your backups !!!
![Page 37: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/37.jpg)
REVIEW
![Page 38: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/38.jpg)
REVIEW
• Know your Antivirus
• Keep your devices up to date
• Practice safe emailing
• Be careful when browsing the web
• Be mindful of open wifi
• Practice good password use
• Practice good backup techniques
![Page 39: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/39.jpg)
RESOURCES
![Page 40: Cyber Security 101 - lib.nckls.orglib.nckls.org/wp-content/uploads/2017/12/Cyber-Security-101-002.pdf · GENERAL EMAIL TIPS •Email clients (local i.e. Outlook) vs web-based email](https://reader033.fdocuments.net/reader033/viewer/2022051607/60383aea43861d28de237b98/html5/thumbnails/40.jpg)
INFORMATION RESOURCES
• FTC Info - https://www.consumer.ftc.gov/topics/online-security
• KeePass - http://keepass.info/
• Have I Been Pwned - https://haveibeenpwned.com/
• Heimdal Cybersecurity Course - https://cybersecuritycourse.co/
• DHS Toolkit - https://www.dhs.gov/stopthinkconnect-toolkit
• Cybrary - https://www.cybrary.it/
• Tech Support Scams - https://www.consumer.ftc.gov/articles/0346-tech-support-scams
• Sophos Phish Test - https://www.sophos.com/en-us/products/phish-threat.aspx
• Duo Insight - https://duo.com/resources/duo-insight