This document discusses information security and best practices. It covers common threats like viruses, worms, trojans, and social engineering. It also discusses more advanced threats like advanced persistent threats and rootkits. The document provides guidelines for safe practices like using antivirus software, firewalls, strong passwords, backing up important data, and following clean desk policies. The overall message is that information security requires vigilance and multiple layers of protection to defend against various threats.
2. Introduction
• InfoSec
Information security processes and policies typically involve
physical and digital security measures to protect data from
unauthorized access, use, replication or destruction.
• InfoSec Core Objectives(C-I-A Tried).
Confidential
Integrity
Availability
6. A virus attaches itself to a program, file, or disk
When the program is executed, the virus
activates and replicates itself
The virus may be benign or malignant but
executes its payload at some point (often upon
contact)
Viruses result in crashing of computers and loss
of data.
In order to recover/prevent virus/attacks:
Avoid potentially unreliable websites/emails
System Restore
Re-install operating system
Anti-virus (i.e. Avira, AVG, Norton)
Program
A
Extra Code
Program
B
infects
7. • Independent program which replicates itself and sends copies from computer to
computer across network connections. Upon arrival the worm may be activated to
replicate.
To Joe
To Ann
To Bob
Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@uwp.edu
8. • Logic Bomb: Malware logic executes upon certain conditions.
Program is often used for legitimate reasons.
▫ Software which malfunctions if maintenance fee is not paid
▫ Employee triggers a database erase when he is fired.
• Trojan Horse: Masquerades as beneficial program while
quietly destroying data or damaging your system.
▫ Download a game: Might be fun but has hidden part that emails your
password file without you knowing.
9. • Social engineering manipulates people into performing actions or divulging confidential information. Similar to a
confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or
access computer systems.
Phone Call:
This is John,
the System
Admin. What
is your
password?
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
software
patches
I have come
to repair
your
machine…
10. • Definition: An advanced persistent threat (APT) is a broad
term used to describe an attack campaign in which an
intruder, or team of intruders, establishes an illicit, long-term
presence on a network in order to mine highly sensitive data.
• Targets: Typically include Large Enterprises or Governmental
Networks
• Reason:
▫ Intellectual property theft (e.g., trade secrets or patents)
▫ Compromised sensitive information (e.g., employee and
user private data)
▫ The sabotaging of critical organizational infrastructures
(e.g., database deletion)
▫ Total site takeovers
11. • Phishing: a
‘trustworthy entity’
asks via e-mail for
sensitive information
such as SSN, credit
card numbers, login
IDs or passwords.
12. Symptoms:
Antivirus software detects a problem
Pop-ups suddenly appear (may sell security software)
Disk space disappears
Files or transactions appear that should not be there
System slows down to a crawl
Unusual messages, sounds, or displays on your monitor
Stolen laptop (1 in 10 stolen in laptop lifetime)
Your mouse moves by itself
Your computer shuts down and powers off by itself
Often not recognized
13.
14. • Anti-virus software detects malware and can destroy it
before any damage is done
• Install and maintain anti-virus and anti-spyware
software
• Be sure to keep anti-virus software updated
• Many free and pay options exist
15. • A firewall acts as a wall between your computer/private network
and the internet. Hackers may use the internet to find, use, and
install applications on your computer. A firewall prevents hacker
connections from entering your computer.
• Filters packets that enter or leave your computer
16. • Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin
• A good password is:
▫ private: it is used and known by one person only
▫ secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal
▫ easily remembered: so there is no need to write it down
▫ at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters,
digits and punctuation
▫ not guessable by any program in a reasonable time, for instance less than one week.
▫ changed regularly: a good change policy is every 3 months
• Beware that someone may see you typing it. If you accidentally type your password instead of
your login name, it may appear in system log files
17. • Do not open email attachments unless you are expecting the email with
the attachment and you trust the sender.
• Do not click on links in emails unless you are absolutely sure of their
validity.
• Only visit and/or download software from web pages you trust.
18. • Definition
A clean desk policy (CDP) is a corporate directive that specifies how employees should leave
their working space when they leave the office. Most Clean Desk Policies require employees to clear
their desks of all papers at the end of the day.
• Sensitive information must be protected at all times from
anyone who may pass by including other employees, cleaners,
and office visitors
• In effect, a clean desk policy is one of the simplest ways to
protect sensitive information and to reduce the risk of a data
breach and identity theft
• A clean desk policy also complies with information security
regulations
19. BACKUP IMPORTANT INFORMATION
19
No security measure is 100% reliable.
Even the best hardware fails.
What information is important to you?
Is your backup:
Recent?
Off-site & Secure?
Process Documented?
Encrypted?
Tested?
20. • Always logoff or lock you system if you leave (even for a minute)
• Keep systems patches and up to date
• Use strong passwords and protect them
• Encrypt sensitive files
• Watch what you share
• Disable insecure mechanisms if possible
• Never let someone have access to yours system under your credentials
• Be aware of individuals looking for information or access
• Don’t forget physical security
• Report any potential breach to your InfoSec Team