Luís Filipe Roque · How to protect equipment and information against users who do not have...
Transcript of Luís Filipe Roque · How to protect equipment and information against users who do not have...
February 19th , 2019
Luís Filipe Roque
2
@Luís Roque
• ICT Teacher
• ICT Coordinator
responsible for entire school group
• Teachers Trainer
4
Concerns as Citizens
5
Concerns as Teachers
How to make a PC safe?
A German security specialist presented its already famous "2 rules" of total security
The 2 rules of Herbert
Rule number 1Don´t buy a computer!
Rule number 2If you purchased a computer, do not turn it on!
The 2 rules of Herbert
9
Norbert Wiener, an
American mathematician,
was the first, in 1948, to
speak about Cyberspace.
What is CyberSpace?
10
Complex environment, values and interests materializing an area
of collective responsibility, which
results from the interaction between people, information, information systems,
technological equipment and digital networks, including the internet
What is CyberSpace?
11
Set of measures and actions of prevention, monitoring, detection, reaction, analysis and correction
which aim to maintain the desired security state and guarantee the
confidentiality, integrity and availability of information, digital
networks and information systems in cyberspace
What is CyberSecurity?
12
• Physical Security
• Logical Security
• Best Practices
Dimensions of Safety
How to protect equipment and information against users who do not have authorization to access them.
13
Physical security
A set of resources run to protect the system, data and programs against attempts by unknown people or programs.
14
Logic Security
15
I have nothing to hide
• Automatic access to websites (e.g. Bank
accounts )
• Miscellaneous Documents
• Conversations with family and friends
• Photos
• Videos
• Lists of passwords
…
17
Malware Phishing Password
Attacks
DDoS
Man in the
middle
Drive-by
Download
Malvertising
Rogue
Software
Main Types of CyberAttacks
18
Malware
Malicious software is any part of software that has been written to cause damage to data, devices, or persons
19
Phishing
Attacks usually carried out by e-mails apparently from trusted entities where people are invited to enter sensitive data
20
Passwords Attacks
An attempt to obtain or decrypta user’s password for ilegal use. Hackers can use crackingprograms, dictionary attacks, and password sniffers in password attacks.
21
DDoS
Distributed denial of services(DDoS) attacks are a subclasse ofdenial of services (DoS) attacks. A DDoS attack envolves multipleconnected online devices, collectively know as a botnet, wich are used to overwhelm a target website with fake traffic.
22
Man in the middle
Form of attack in which the data exchanged between two parties (e.g. you and your bank) are somehow intercepted, recorded and possibly altered by the attacker without the victims noticing
23
Drive-by download
Occur when vulnerablecomputers get infected by justvisiting a website. Findings fromlatest Microsoft SecurityIntelligence Report and many ofits previous volumes reveal thatDrive-by Exploits have becomethe top web security threat to worry about.
24
Malvertising
Criminally-controlled advertswhich intentionally infect peopleand businesses. These can beany ad on any site – often oneswhich you use as part of youreveryday Internet usage.
25
Rogue Software
Also called smitfraud orscareware, this type of software is defined as malware. It isdesigned specifically to damageor disrupt a computer system. In this case, not only is thesoftware going to disrupt yoursystem, it´s going to try and trickyou into making a purchaseusing your credit card.
26
27
Do Backup
The loss of personal information can cause even more problems than the loss of the device itself. So, make sure that all your important information is well stored in various places.
28
Stay up to date
Make sure your device's operating systems and
applications have up-to-date security updates. This prevents software
with known vulnerabilities from
being abused by cybercriminals.
29
Use Robust Passwords
With 10 or more characters
Character combination
Words with purposefulerrors
They do not derive from the name of the user or any close relative
Not derived from personal information
30
Passwords Fails
@2013, SplashData
31
Block intruders
Regardless of the devices, make sure that your screen is protected with a strong and unique password or PIN code, or one of the biometric authentication methods available, such as fingerprint reader or facial recognition.
32
Reduce Digital Footprint
Consider becoming a digital minimalist for a while and leave most of your devices at home. In this way, not only will you have less equipment than you can afford to lose as you are giving less opportunities for personal information being stolen by cybercriminals.
33
Moderate in Social Networks
Resist the temptation to share on social networks, for example, that you and your family will be away from home in a certain period of time. Doing so may expose you to a physical intrusion of your home.
34
Browse incognito
35
Use a secure email
36
Beware of Wi-Fi free zones
Carefully choose the network
Disable file sharing and mark the Wi-Fi connection as a public network
Never make updates or install applications using these networks
Use two-factor authentication Make sure to log off after
accessing any service you have accessed
Forget the network after using it
37
Beware of card cloning
Card cloning happens when all information about a particular
card (your PIN - Personal Identification Number and its
number) is copied
When making payments at establishmentsnever lose sight of your card
When entering the PIN code, be discreet and try to
make sure no one is trying to watch you
Avoid choosing a PIN code that is too obvious
Do not provide data about your cards over the phone, even if the person asking you to identify yourself as an employee of your bank
Avoid carrying out ATM operations in low-traffic areas
Do not shop online in computers with access to public Wi-Fi networks and prefer sites with "https: //" in the URL
38
Beware of Card Payments
39
Be careful: leaving the e-mail open
40
Be Careful: Passwords saved in browsers
41
Be careful: Students knowing passwords
42
Be careful: Accessing Insecure Sites
43
Be Careful: Computer Maintenance Companies
Thank you
44