Professional Documents
Culture Documents
Topics
What is Cyber Security?
Common Cyber threats include:
Social Engineering Attacks
Malwares
Weak and Default Passwords
Unpatched or Outdated Software Vulnerabilities
Removable Media
Frauds - The Nigerian Email Scam
Topics
Mobile Devices Security
Social Media Security
Email Best Practices
What is spam?
What is BCC ? - Why would you want to use BCC?
Wireless Security
Common Network Attacks
Maintain Good Computer & Security Habits
Key Steps to Better Secure Your Company and Workplace
Dumpster Diving
Shoulder Surfing
Eavesdropping
Piggybacking
Tailgating
Smishing
Vishing
Graytips Cyber Technologies @ 2014
10
11
12
information.
Widely adopted method by Social Engineers.
you may be asked to click on a link or fraudulent
website which asks you to submit your personal data
or account information.
Spear phishing is a type of targeted phishing that
appears to be directed towards a specific individual
or group of individuals.
Graytips Cyber Technologies @ 2014
13
Common Symptoms
Uses e-mail
May include bad grammar, misspellings, and/or generic
greetings
May include maliciously-crafted attachments with varying
file extension or links to a malicious website
May appear to be from a position of authority or legitimate
company:
Your employer
Bank or credit card company
Online payment provider
Government organization
14
Spear Phishing
Has a high level of targeting sophistication and
15
Countermeasures
Ensure anti-virus software and definitions are up to date
Never trust an unsolicited email, text message, pop-up
16
Countermeasures - contd
Turn off the option to automatically download
attachments
Save and scan any attachments before opening them
Dont trust the message no matter how convincing or
official it looks; no matter if it appears to come from your
bank, the government, your ISP, or your best friend.
Always independently verify the authenticity of the
message before you respond.
Dont use an email address, link, or phone number in the
message itself. If its from your bank, search online for the
customer service line and call the bank
Graytips Cyber Technologies @ 2014
17
Countermeasure - contd
Do not:
Open suspicious e-mails
Click on suspicious links or attachments
in e-mails
Call telephone numbers provided
18
Phishing
Malwares
Malware - short for malicious software - that is
20
What is a Virus?
21
Symptoms
System will not start normally (e.g. blue screen of
death)
System repeatedly crashes for no obvious reason
Internet browser goes to unwanted web pages
Antivirus software appears not to be working
Many unwanted advertisements pop up on the
screen
The user cannot control the mouse/pointer
Graytips Cyber Technologies @ 2014
22
Countermeasures
Ensure Antivirus software is fully uptodate
23
TROJAN
24
What is a TROJAN ?
The main objective of this type of malware is
25
legitimate program,
They can harm their host computer,
Corrupt the file allocation table on your computer,
Install keyloggers, steal bank details, logons to websites,
Install other software including third party malware,
Watch what the user is doing on screen,
Upload files from your computer,
Graytips Cyber Technologies @ 2014
26
27
Trojan
What is an Adware ?
Adware is the name given to programs that are
29
Adware Example
30
Adware Example
31
Adware Example
32
What is a Spyware?
Spyware is software that gathers information about
33
Types Of Spyware
Video Spyware
Audio Spyware
Desktop Spyware
USB Spyware
Email Spyware
Spytechagent
What is a Rootkit?
Malware authors use rootkits to hide
36
Keylogger
A program designed to capture the keystrokes
Two Types
Hardware keylogger
Software Keylogger
37
Hardware Keylogger
38
Symptoms of Malware
Your computer is running extremely slow.
Unexpected Crashes:
Excessive Hard Drive Activity:
Random Network Activity
Erratic Email:
Beware of pop-ups!
Your Antivirus and firewall protection is
unexpectedly disabled.
Unfamiliar and peculiar error messages
Graytips Cyber Technologies @ 2014
39
Distribution Of Malwares
E-mail attachments
Downloading files
Visiting an infected website
Removable media
Cracked/Pirated Games and Softwares
40
Countermeasures
To guard against malicious code in email:
View e-mail messages in plain text
Use caution when opening e-mail
Scan all attachments
Delete e-mail from senders you do not know
Turn off automatic downloading
41
Countermeasures
To guard against malicious code in websites:
Block malicious links / IP addresses
Block all unnecessary ports at the Firewall and Host
Disable unused protocols and services
Stay current with all operating system service packs and
software patches
42
43
Symptoms
Words found in the dictionary
Readily available information significant to you
44
Countermeasures
Combine letters, numbers, special characters,
45
Countermeasures
Do not write down your password, memorize it
Change password according to your organizations
policy
Enforce account lockout for end-user accounts after a
set number of retry attempts
Do not save your passwords or login credentials in
your browser
NEVER share your password
46
47
49
Symptoms
List of suspicious indicators related to unpatched and
outdated software:
Unauthorized system access attempts
Unauthorized system access to or disclosure of
information
Unauthorized data storage or transmission
Unauthorized hardware and software modifications
50
Countermeasures
Comply with the measures in your organizations
policies
Stay current with patches and updates
Conduct frequent computer audits
Ideally: Daily
At minimum: Weekly
Do not rely on firewalls to protect against all attacks
51
Removable Media
Removable media is any type of storage device that
52
Symptoms
Adversaries may:
Leave removable media, such as thumb drives, at
53
Countermeasures
Follow your organizations removable media policy
Disable autorun/autoplay
54
55
Secure Browsing
Fundamentals
Avoid Microsoft Internet Explorer
Google Chrome is currently the best choice
Safari and Firefox are the middle choices
Login in as a Limited User
Make sure https for financial transaction
Use NoScript or NotScripts
Know what link you are clicking
56
57
connections.
Set Bluetooth-enabled devices to nondiscoverable.
Delete all information stored in a device prior to
discarding it.
Do not root or jailbreak the device.
58
applications.
59
60
date
61
62
email
Avoid phishing attempts
Look for an email provider with strong antispam
filtering capability.
Use filters
Identify unwanted spam with the spam button.
63
64
What is spam?
Spam is the electronic version of "junk mail."
65
HTML mail
Consider opening an additional email account
66
67
Wireless Security
Change the default username and password
Use the highest encryption level (e.g.
WPA/WPA2
Do not use WEP encryption
Change the default Service Set Identifier (SSID)
Do not automatically connect to an open wireless
network
Turn off the wireless network when not in use
68
69
ARP Spoofing
70
Network Sniffing
71
72
73
users.
Lock your computer When you are away.
Disconnecting your computer from the Internet
when you aren't using it.
Backup your important data regularly
Graytips Cyber Technologies @ 2014
74
75
76
Q&A
Graytips Cyber Technologies @ 2014
77
Thank You
Shafeeque Olassery Kunnikkal
C|EH, C|HFI, C|EI, MCP
Founder & CTO
Graytips Cyber Technologies
www.graytips.com
Email: shafeeque@graytips.com
Mobile: 9847113216
Graytips Cyber Technologies @ 2014
78