Upload
jason-jakus
View
27
Download
0
Embed Size (px)
Citation preview
AVOID THE HACKCyber Security Measures for Your Customers and Yourself
Jason M. Jakus
What this session is about!
HACKING
Hacking is the act of illegally accessing the computer system or Network of an individual, group or business enterprise without the consent of approval of the owner of the system.
CRACKING
Cracking is a higher form of hacking in which the unauthorized access culminates with the process of defeating the security system for the purpose or acquiring money or information and/or free services.
LAUNCHING OF HARMFUL COMPUTER VIRUSES
A computer virus is a program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves. A virus can only spread from the one computer to another when the host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a USB drive.
DISTRIBUTED DENIAL OF SERVICE ATTACKS
DDOS attacks can be committed by employment multiple computers controlled by a single master computer server to target a particular server by bombarding it with thousands of packets of data in an attempt to overwhelm the server and cause it to crash.
WEBSITE DEFACEMENT
• WEBSITE DEFACEMENT IS THE UNAUTHORIXED MODIFICATION OF A WEBSITE.
ACQUIRING CREDIT CARD INFORMATION FROM A WEBSITE THAT OFFERS E-SERVICES
Hackers prefer VISA, American Express and MasterCard when filtering credit card information. It is because VISA and MasterCard are widely accepted by almost all internet shopping sites.
Phishing ExplainedPhishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information.
Avoiding Phishing Scams• Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself
• The safest practice is to read your email as plain text• If you choose to read your email in HTML format: Hover your mouse over the links in each email message to display the actual URL. Check whether the hover-text link matches what's in the text, and whether the link looks like a site with which you would normally do business.
Passwords• If possible, make your password at least 12-15 characters in length
• Use at least 2 upper-case letters, 2 lower-case letters, 2 numbers, and 2 special characters (except the common ones such as "!@#$")
• Never use whole words. Make the password as random as possible
• Avoid using personal information as part of your password
Securing Your Router• Change the password used to access the router. Anything but the default is OK.
• Turn off WPS• Wi-Fi security should be WPA2 with AES (do not use TKIP)
• The Wi-Fi passwords need to be long enough to stall brute force attacks. Opinions on the minimum length differ, my best guess is that 14 characters should be sufficient. A totally random password is not necessary, "999yellowtulips" is both long enough and easy to remember.
Securing Your Router• Turn off Remote Administration (its probably off already)
• If any of your Wi-Fi networks (a router can create more than one) use the default name (a.k.a. SSID) then change it. Also, if they use a name that makes it obvious that the network belongs to you, then change it.
• Use a Guest Network whenever possible. Any computer running Windows 10 should never be allowed on the main network, always restrict them to a Guest Network.
Picking Out A Router• The devices shipped by ISPs suffer from a general level
of incompetence both in their initial configuration and ongoing maintenance.
• Spying: We have seen that ISPs, at times, co-operate with spy agencies and governments. Even without outside influence, an ISP may well put a backdoor in the devices they give to their customers, if for no other reason than to make their life easier in some way.
• Don't be a prime target. Any router provided by an ISP to millions of customers is a prime target for bad guys and spies. More bang for the hacking buck. You are safer using a less popular device.
Testing Your Router• https://www.grc.com/shieldsup
Open Wi-Fi Networks• Public Wi-Fi networks—like those in coffee shops or hotels—are not nearly as safe as you think. Even if they have a password, you're sharing a network with tons of other people, which means your data is at risk.
Turn Off Sharing
Use HTTPS and SSL Whenever Possible
Use Firewall
Automate Your Settings
Computer Virus, Malware, Spyware
New Viruses Daily
Top 2016 Anti Virus Software
http://www.top10antivirussoftware.com
Mobile Device Security
Have you ever seen this screen?
Probable Ways to Get Phone Hacked• Wi-Fi in public places, such as cafes and airports could be unsecure, letting malicious actors view everything you do while connected.
• Applications add functionality to smartphone, but also increase the risk of a data breach, especially if they are downloaded from websites or messages, instead of an app store.
• Despite the best intentions of smartphone manufacturers, vulnerabilities are found which could let attackers in.
Passwords Best Practices• Don't re-use passwords. One ultra-secure one won't be any good
if someone finds it• While combining upper and lower case passwords with numbers
to alter a memorable word - M4raD0na - is often advised, these are more easily cracked than you might think
• Good advice is to make a memorable, unusal sentence: "I am a 7-foot tall metal giant" is better than "My name is John", and use the first letter of each word with punctuation: "Iaa7-ftmg”
• Alternatively, you can use a password manager such as 1Password, which can generate secure passwords and store them online
• The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in
If you think you got hacked!!
Ghostery for Individuals
URL X-Ray tells you where URL is going
Best Practices• Don’t use the same password for every system• Change Passwords frequently• Update your Anti-Virus Software• Protect Yourself in open wi-fi environments• Install the HTTPS Everywhere browser extension.
More Information
• http://www.slideshare.net/JJakus• http://www.linkedin.com/in/jasonjakus• @JasonJakus on Twitter
Complete Evaluations Please