Modern Digital Security John Dmytrasz - Senior Network Administrator - - PowerPoint PPT Presentation

Modern Digital Security

John Dmytrasz - Senior Network Administrator Mike Ali - Network Administrator

What are the threats facing you in your digital life?

• “The biggest threat to computer security is you and your

employees”

• Social Engineering
• They are trying to trick you into doing something they want you to

do to gain access or information

• “You and your employees are the best defense against computer

threats”

Who is the enemy?

• “Hacker” - not the stereotypical archenemy anymore
• International, organized criminal enterprises
• Terrorist Groups
• Hostile Foreign Governments
• “Mafia” type of criminal gangs
• Mainly profit based activities

3

What do they want?

• Money
• Your information
• Credit card information
• SSN
• Access to your PC and/or Network
• Used as a proxy to attack other computers
• Used as a tool to run the hackers applications - spam,

decryption, DOS

4

How do they do it? What do they do?

• Guess or obtain your password(s) through a variety of methods and

use them to access computers or websites

• Used “Phishing” attacks to trick you into doing something to their

advantage

• Infect your computer with an application that does something

undesirable - virus, key loggers

• Things we can’t even imagine yet

5

What’s the damage so far?

• July 2013 - McAfee - U.S. Cybercrime resulted in 70-120 billion dollars
• f damage and/or loss.
• Pilferage resulted in 70 - 280 billion dollars in loss or damages.
• Globally - 300 billion to 1 trillion dollars
• Many companies don’t report loss or damages occurred by Cybercrime.
• "Cybercrime and cyber espionage cost the global economy billions of

dollars every year. The dollar amount, large as it is likely to be, may not fully reflect the damage to the global economy," the report reads. "Cyber espionage and crime slows the pace of innovation, distorts trade, and brings with it the social costs associated with crime and job

• loss. This larger effect may be more important than any actual number

and it is one we will focus on in our final report."

6

Passwords

• Easy to guess passwords
• “password”, “Password”, “p@ssword”
• Names of children or spouse, pets
• combination of name - doej, jdoe, johnd, nhoj
• Password is too short
• Using the same password for everything
• Never changing the password

7

Password Cracking #1 - Brute Force

• Brute force attempt
• a, b, c, d, …
• aa, ab, ac, ad …
• aaa, aab, aac, …
• Show Calculator

8

Password Cracking #2 - Dictionary

• Uses a list of words, known passwords, or commonly used

alphanumeric combinations.

• Show password list

9

Password Cracking #3 - Interception

• Intercept your password in-between your computer and the

“server/website”. Or retrieved it from a database.

• Password is encrypted
• Encryption strengths vary
• Uses a mathematical algorithm to encode your password
• If the algorithm is known it can be used to reverse engineer your

encrypted password.

• Keyloggers and Phishing

10

Password Cracking #4 - Social Engineering

• Facebook, Google, Club websites, Social Business Groups sites
• Facebook - First and Last name, email address, phone numbers,

where you live, birthdate, Parents, Children, Spouse, Where you went to school, Where you were born, Where you grew up, Where you like to visit, What products you like, What activities you participate in, etc.

• Google or other web search engines can also provide a surprising

amount of information regarding your personal data.

• Is your password the name of one of your children, the name of

your boat, the city you grew up in?

11

What you can do!

• Password length and complexity is key!!!
• Use at least a 10 character password that has a combination of

upper and lowercase letters, numbers, and special characters

• Refrain from using commonly known or accessible information

in the password. (Children's names)

• Use a phrase for your password - JohnLikesC@ke2233
• This password is 17 characters long
• Utilizes a combination of characters and words that are

difficult to “guess”.

12

What you can do!

• Use at least three different passwords!
• The first password will only be used for logging onto your computer

and associated services (Google services, iCloud, Microsoft)

• The second password will be used for critical web sites like your

bank account, medical, and/or government.

• The third password will be used for everything else - Dominos

Pizza, Amazon, eBay.

• Change these passwords periodically, so that if one gets

compromised there will be less risk over time.

• Utilize password generators and tools.

13

What you can do!

• In addition to the three passwords, also create at least three email

accounts

• One will be used with that second password only for the critical

websites (Banking)

• The second one will be for signups with the other websites (eBay,

Amazon, Dominos)

• The third is for personal communication with friends and family.
• This makes it harder for hackers to guess your username for many

sites

14

What you can do!

• Create a false persona for “Security Questions”

15

What can you do!

• When available use 2 step authentication services
• Apple, Google
• This utilizes an extra step to verify you are who you say you are
• Text messages with a verification code
• Create application specific passwords
• Helps to prevent an attacker from accessing certain websites and

information because they don’t have access to your security codes

• If one of the applications get hacked it does not compromise the

rest of your services.

16

17

18

Scary Virus Infections

• Cryptolocker
• Once running on your computer - encrypts Microsoft Office, Adobe

PDF, Images, Text, and other common files

• Will then try to connect to other computers or servers via mapped

drives.

• Ransomware - asks for money in exchange for the encryption key
• There is no known way to recover these encrypted files
• Restoring from backup is the only resolution

19

Preventing Cryptolocker

• Be very careful of email attachments and links
• Beware of those Phishing attempts and popups when visiting web

sites

• Verify that users only have access to the shared folders and

network resources they need

• Might want to use UNC links to shared folders instead of mapped

drives.

• Don’t store important files on your local PC. Store them on the

server where the files are backed up.

• Verify your backups are running and what the retention time is

20

Other general prevention steps

• Make sure your Anti-virus is still running - disabling this is usually

the first step many virus take

• Make sure your Anti-virus is up to date - when does it scan?
• Make sure your computer has the latest updates
• Use a backup scanning tool like Malwarebytes and run it weekly

after updating the definitions

• Backup your computer/files to multiple sources. Online, USB drive,

USB flash

• Use non-admin accounts for daily use and use UAC on Windows
• Use mobile devices for suspicious websites or emails as these are

currently less likely to get infected.

21

Business Security

• Restrict employees activities on business networks and devices
• No Facebook, g-mail, outlook.com
• This creates a backdoor access
• Downloading screensaver, applications
• Webfiltering - block known compromised sites
• Employees can access these sites from personal devices over

cellular connections

22

23