CyberSecurity Basics and Introduction (Work in Progress)

Current mode of communication relies on the transmission of data through computer systems and networks. Most of our daily activities like sending emails, browsing social media, online banking and shopping depend on these telecommunication platforms and the world wide web. More and more vital information and personal data are integrated in these network making privacy a serious concern. These security issues emphasize the need of a reliable method of protecting our information from unauthorized use and processing.

Introduction Information Security

Information Security Basics US-CERT Computer Emergency Readiness Team

C - confidentiality

is defined as the attribute of an information that is accessible only to authorized entity.

I - integrity

is defined as the attribute of an information that is robust to modification of outside entity.

A - availability

is defined as the attribute of an information that is accessible to the intended user.

Terms

Denial of Service

when users cannot access the network or specific services provided on the network.

Authentication

is proving that a user is the person he or she claims to be.

Authorization

act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program.

Nonrepudiation

when a user cannot later deny that he or she performed the activity.

In a nutshell InfoSec pertains to:

-they can trust the information they use.

-the information they are responsible for will be shared only in the manner that they expect

-the information will be available when they need it

-the systems they use will process information in a timely and trustworthy manner

CyberSecurity Basics

From

Mississippi Department of Information Technology Services

Backup Your Files

The golden rule for backing up is the 3-2-1 rule

3 - Keep 3 copies of any important file: 1 primary and 2 backups.

2 - Keep the files on 2 different media types to protect against types of hazards.

1 - Store 1 copy offsite (e.g., outside your home or business facility)

Source: US-CERT Computer Emergency Readiness Team Data Backup Options

Use cloud storage

pro: 3rd party maintains and protect your data from malware and natural disasters. accessibility anytime. cheap as you dont need to buy physical storage

con: dependent on internet connection. there will be some delay between you and the cloud. You may locked into one provider. jurisdiction problems when critical data is hosted to some geographically restricting areas. you don’t know the entire cloud infrastructure.

carefully check the service agreement of the cloud provider. make sure that your data will be encrypted with established encryption algorithms Advanced Encription Standard (AES) or Blowfish. Trasnfer data via secure socket layer (SSL) connection. Use firewall. Physically protect the hardware that stores, process and transmit your data.

hard and solid state drive

pro: you can quickly update backup files

con: rolling backup can cause malware propagation and eventually corruption of files. it can be physically damaged or stolen. lifespan varies. they can be rendered unusable via magnetic degaussing.

always encrypt, secure physical computer. use firewall and anti Virus

Removable Storage media

pro: flexible, potable, versatile storage sizes, reusable

con: prone to loss and theft, and also malware propagation leading to corruption.

you are more responsible for physically protecting the device. password protect them, encrypt their data, connect them only to systems that follow network security protocols, firewall and anti-virus

SSDs have no moving parts and not magnetic so not in danger of daguassing.

Email Scams

Filter spam. •Don’t trust unsolicited email. •Treat email attachments with caution. •Don’t click links in email messages. •Install antivirus software and keep it up to date. •Install a personal firewall and keep it up to date. •Configure your email client for security.

Fight Against Malware Mobile Security Top Ten CyberSecurity Tips Wi-Fi Security Before You Connect a New Computer to the Internet Scams and Safety on the Internet Keep Your Home Network Secure You Have a New Computer - Now What? Secure Your Web Browser Virus Basics Home Wireless Setup 101

shodan - search engine for hackers google hack whois - look at a particular domain (site) and see available information about it competitive intelligence - gov sites of pending cases of companies job boards - to investigate aboit companies, what kind of software they are using alerts - set up visualping to have alerts from website you are tracking website mirroring - httrack - website copier email footprinting - the harvester

tools maltego - like gephi but friendlier recon-ng - footprinting diff companies osrframework -

footprinting - this is a technique for gathering info on computer systems and the entities they belong to -google hacking

filetype: type - searches for only files of specific types -nikto - look vulnerabilities of certain websites -harvester

nikto

harvester - generalized public information

TCP Header Flags Synchronize (SYN) - set during the initial communication establishment and indicates the negotiation of parameters and sequence numbers. Ackowledge (ACK) - set as an acknowledgement of a SYN flag. Reset (RST) - this flag forces the termination of communications in both directions.