Cybersecurity Awareness Training

[Audio] [this briefing was developed by Compliance Forge, LLC). All rights reserved.] Welcome to [Company Name]'s information security training..

[Audio] You may have a good understanding of what information security is, but you may not know why it is so important. Being educated about what a hacker may be looking for on your system can help you understand why keeping your network secure is so critical. Information Systems (such as your computers, servers, or the network in general) need protecting, since they control many aspects of how we go about our daily lives. The purpose of this training is to: Educate users on information security basics Demonstrate minimum levels of due care & due diligence Educate users so they can protect their systems from compromise from known and unknown threats. There are several reasons for keeping your information secure. Of course the obvious reason that most people consider network security so important is to keep hackers away from their personal information. Hackers can gain access to your financial records, confidential client information, and private company data. However, this is not the only reason for security. Most of us probably would not consider our communications and files to be top-secret information, but this does not mean we want others reading it. Many people believe if they only use their computers to send email, surf the Internet, or play computer games, they will not be targets for hacker attacks. That is not the case as all - Hackers may not care about your personal information, but they may want to take over your computer so they can launch attack other networks – all the while making the attacks appear to be coming from you! Having this control over your computer will enable hackers to mask their own identity. This could create a liability for you personally or your business..

[Audio] This briefing will cover the basics of networking technology, information security principles, hacker crime statistics, ways to protect your computers, and the consequences if your systems are compromised..

[Audio] In order to establish a basic understanding of what information security covers, it is important to clearly define the common terminologies and equipment used by most small and medium businesses..

[Audio] Information security focuses on three key areas, commonly referred to as the "CIA Triad" – no relation to the government agency, in case you were wondering. Confidentiality deals with limiting access and disclosure to only authorized users. Integrity deals with the trustworthiness of information – keeping data from being compromised Availability deals with the ability to access data at will..

[Audio] The CIA Triad is complete only when confidentiality, integrity and availability are addressed. In addition to the three main components, when encryption is added it can add the benefit of non-repudiation. Non repudiation deals with the ability to verify the legitimacy of the author or sender. Note that encryption does not have any effect on availability. It only enhances the confidentiality and integrity of data..

[Audio] To make the CIA triad easier to understand, I will demonstrate a real world example of how these concepts work together to make our communications work. In this situation, Bob wants to send Alice an e-mail, but Eve wants to stop it. For confidentiality, Bob wants to ensure Eve cannot read it. His e-mail is only for Alice. For integrity, Bob wants to make sure that Alice gets what Bob sends. She needs to trust the contents of the e-mail. For availability, Bob needs the e-mail system to work. When he clicks send, he expects both his network and Alice's network to work in harmony to transmit and deliver the e-mail in the blink of an eye. For non-repudiation, Alice wants to make sure that Bob sent the e-mail. She wants to make sure Eve did not "spoof" or forge the e-mail to make it look like Bob sent it..

[Audio] The proper name for viruses, spyware, Trojan horses, worms and all other nefarious applications is malicious software, or Malware for short. Malware is hardware, software, or firmware that is intentionally or accidentally inserted into a computer system for a harmful purpose. To make sure we are all on the same level of understanding, I will cover the 4 most common forms of Malware: viruses, spyware, Trojan horses, and worms. 1. A virus is a piece of computer software, that propagates by inserting a copy of itself into and becoming part of another program. A virus cannot run by itself. It requires user interaction to launch the virus application. This can be done by opening an e-mail attachment, going to a website that is infected, or by inserting a removable drive into your computer. 2. Spyware is a general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use spyware to gather data about customers. Spyware is bad, since it monitors and reports your activities, generally without your knowledge. Some spyware can also record your every keystroke and allow hackers to know everything you type into your computer. 3. Commonly thought of as a virus, a Trojan Horse is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system. Examples of Trojan horses are common among shareware or freeware, as a user thinks they downloaded a simple game or application, while they also downloaded a hacker's Trojan horse that was built into the game software. 4. A worm is a computer program that can run independently, so that is the main reason it is different from a virus. A worm can propagate a complete working version of itself onto other hosts on a network, and will generally destructively consume computer resources. Worms are commonly described as being network aware, since they can replicate across a network in a matter of seconds..

[Audio] Phishing is entirely focused on identity theft. It is the act of sending an e-mail to a user falsely claiming to be a legitimate company in an attempt to scam the user into surrendering private information. The phishing e-mail directs the user to visit a fake website where the user is asked to update personal information. Phishing scams (as well as drive-by or man in the middle attacks) successfully harvest passwords, credit card numbers, social security numbers, and bank account numbers without ever letting the user know they were scammed until it is too late. While phishing attaches deal with email, drive by and man-in-the-middle attacks are very likely at places offering "free wifi" – in situations like this you may not know if you connect to what is called a rogue access point. While you do get free Internet access, everything you do during that session is recorded by a hacker since your data flows through his wireless networking equipment..

[Audio] I'm going to take a few minutes to cover the basic networking hardware you routinely see around the office. It is important to know how everything interacts so you can understand to big picture. A router is a device that connects two or more networks together. Routers connect your Local Area Network (LAN) with the Internet. The router can be thought of as the "traffic cop" that sits between the LAN and the Internet. It tells data where it should go and how to get there..

[Audio] A firewall filters all network packets to determine whether to forward them toward their destination. A firewall is a term for any device (software or hardware) that prevents undesirable activity from either entering or exiting a network. Once data passes through the router or "traffic cop' the data must pass through the firewall to see if it is legitimate. There are a number of firewall screening methods and your IT staff manages these firewall rules..

[Audio] A switch is a device that simply connects segments of your LAN. Switches allow computers to communicate with other computers on the LAN and the router. Each computer with a physical connection to the network must plug into the switch. If you have 10 computers, then 10 cables will plug into the switch..

[Audio] A server is a specialized computer on a network that manages network resources. There can be one or there can be many servers on a network. Some servers can cover multiple functions or some companies can have one server for each role. For example: 1. A file server is a computer and storage device dedicated to storing files. 2. A web server is a computer that stores a website. For example - you connect to a web server when you enter www.google.com or any other website into Internet Explorer. 3. An e-mail server is a computer that controls the sending and receiving of e-mail messages..

[Audio] A virtual private network (VPN) is a network connection that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. For example, [click] a company with an office on the west coast and [click] an office on the east coast can create a secure connection so they can share data. The solution is to connect the firewalls [click] in both locations to create a VPN connection. In this manner, the data flows between the offices in a secure manner where in reality, the data is going out through the Internet. From the perspective of the users, there is no difference accessing resources as if they were in the same office..

[Audio] Layered defenses, or Defense In-Depth, is the approach of using multiple layers of security to guard against failure of a single security component. The most common place to insert a firewall or VPN device is right behind the gateway router that connects to the Internet. For an example of how this works: If a hacker sends a "ping of death" from the Internet, it will be stopped at the router. If a hacker tries to attack a network, there is a good chance it will be stopped at the firewall. All the while, legitimate traffic such as e-mail can flow through the defensive barriers..

[Audio] In association with Layered Defenses, the concept of endpoint security focuses on the desktops, laptops and servers on the network. This is because computers require specialized software and continuous updates to keep hackers out. If you can visualize a protective barrier around a computer, it requires a combination of a software firewall, antivirus software, anti-spam software, antispyware software, as well as software and firmware updates. Missing any of these components leaves a significant vulnerability to the computer that hackers can use to compromise it..

[Audio] There have been several widely-publicized attacks and vulnerabilities related to Microsoft software. Many organizations with proactive security patch management in place were not affected by these attacks, because they acted on information that Microsoft made available in advance of the attack. Patches are "follow on" releases of software code to fix weaknesses in the original program. All software has flaws and those vulnerabilities are continuously being discovered. Therefore, patch management must be addressed. It helps you to maintain operational efficiency and effectiveness, overcome security vulnerabilities, and maintain the stability of your production environment. Common versions of software patches include: Security Patches Hotfixes Service Packs Critical Updates.

[Audio] The next section will cover basic network infrastructure..

[Audio] In a standard small and medium business network, users connect to the network in one of two ways: wired or wireless. If they are wireless, they connect to a wireless access point. If they are wired, they connect to a switch. Often, the firewall and router and built into the same device. The separates the internal network (which is commonly referred to as the trusted network) from the Internet (which is commonly referred to as the untrusted network). The router connects to your Internet Service Provider (ISP) by either a DSL, cable or T-1 modem and that allows you to get access to the Internet. At any given time, data is flowing in multiple directions on the network. To make sense of this, let's look at what happens when you click on www.google.com for something you are searching for: The data travels from Internet Through your ISP's modem Into your router Firewall, Switch, And then to your computer It all happens at close to the speed of light..

[Audio] In an effort to demonstrate how data transfer works, here is an example of one network sending data to another network. This can be viewed as sending an e-mail to a client. In your network, you click send The outbound rules of the firewall check the type of data being transmitted. If it does not meet the firewall rules, it will be blocked. If the data does meet the firewall rules, it will be allowed to leave the network. At the client's network, the data will have to go through the client's firewall and be subject to that company's inbound rules. If the data does not meet the inbound rules, it will be blocked. This can be equivalent to having an attachment that is not allowed or maybe the data contains a virus. If the data does meet the inbound rules, it will be allowed into the network and delivered to the proper recicient..

[Audio] Now getting into Information Security, we'll cover a basic understanding of the situation.

[Audio] Hacking is no longer the young, brilliant teenagers portrayed in movies like Wargames. Hacking is a multi-billion dollar industry and it is now largely the realm of international, organized crime. That is the face of the modern day hacker. Malware developers no longer hack for just fame and notoriety. Identity theft has made hacking a lucrative business with little chance of being caught. Their money-making strategy involves controlling as many compromised computers as possible. Well designed viruses and spyware will go unnoticed by users and can turn off antivirus software to elude detection..

[Audio] The term botnet may be new to you, but there is a good chance your home computer or ever a computer there at your workplace is part of a botnet. These compromised computers are called bots, which are short for robots and they are also affectionately known as zombies, since they are the living dead. These networks of zombies are controlled by hackers and do their bidding 24 hours a day, 7 days a week. It is these compromised computers that networked together to form bot networks, or botnets. These computers in the botnets are responsible for sending out spam, attacking other networks, and stealing people's identities. All the while, the user does not know that his or her computer is infected, since botnets use well-designed malware that generally go unnoticed by users and can turn off antivirus software to elude detection. These botnets are made of up infected computers from around the world and some botnets have been reported to be as large as half a million infected computers. Not only are botnets effective at doing cybercrime, but they make it extremely hard for authorities to locate and procecute the botnet herder who is the hacker behind it all issuing orders to his zombie army. Hackers "hire out" their botnets to the highest bidder. One day hackers may have their computers send out spam for a Canadian pharmaceutical company, the next day they may be paid by a company to crash it the website of their competitor to cause embarrassment. All the while, hackers are always "recruiting" new computers to their army of darkness through ever evolving, ingenious ways of infecting victim computers with their latest malware..

[Audio] There are many challenges facing companies with Information Security. System and network administrators not prepared due to insufficient resources and the lack of formalized training Critical infrastructures increasingly rely upon the Internet for operations, and Intruders are leveraging the availability of broadband connections from vulnerable home computers and collections of thousands of compromised computers they use as weapons..

[Audio] We are still in the dawn of the Internet. In the past two decades, technologies have rapidly evolved and since the original architecture of the Internet was not made with security as a main concern, there is a great deal of weakness inherent to the Internet. With greater computing power has also come with the rise of automated or scripted attacks. What used to be manual and the realm of computer programmers is now open to most users with the desire to cause problems..

[Audio] The face of the hacker has changed dramatically. The level of attack sophistication has grown incredibly, while the level of intruder knowledge has inversely dropped. Such novice attackers with automated attack tools are commonly referred to as "script kiddies" since they rely upon the scripts or programs other hackers created..

[Audio] Exploits, such as the weaknesses viruses or spyware attack, follow certain cycles. Click 1 - In the beginning, attackers fine a vulnerability either through accident or on purpose. Since the vulnerability is not published or well known, it operates "under the radar" of the antivirus and antispyware companies whose job it is to create fixes and protect computers. Click 2 - As the vulnerability starts to be attacked or exploited, it also gets more well known and crude attack tools are created to make the exploit easier to launch. Click 3 - By the time the exploit is being widely used, this caps the cycle since the antivirus and antispyware companies are now aware of the vulnerability and have created fixes to prevent new infections. Click 4 - At the same time the exploit is losing popularity, new variants or entirely new exploits are being launched to take advantage of other weaknesses..

[Audio] The exploitation cycles of various vulnerabilities will overlap. It is a never-ending cycle and requires users to always be aware of new threats. It is simply a new fact of life. The exploits to known weaknesses will never go away..

[Audio] I am now going to cover: Who the hackers are What these people are doing Where they are coming from When you are most vulnerable Why they are doing it, and How they are doing it.

[Audio] There are 5 main categories of hackers: The stereotypical teenage hacker just seeing if something is possible or to gain bragging rights. The disgruntled employee who is already entrenched within your company The corporate spy who is willing to brave jail time for your trade secrets The new scourge of cyber criminals, largely operated by international organized crime syndications, and Foreign governments that are not only spying on our government, but are spying on our companies to gain trade secrets to provide to their own companies. While the U.S. intelligence services are barred from such activities, most other countries have no such laws barring their intelligence services from being used to benefit their country's economy by providing their companies with stolen trade secrets..

[Audio] To answer "what" hackers are doing is hard, since there are so many different reasons. These can range from: Theft of services can include stealing Internet access Denial of service attacks can bring networks to a halt by overwhelming the network with traffic. Unauthorized use or misuse of resources can be using resources without permission or trespassing on another network Criminals store data on unsuspecting user's networks to keep their hands clean. Defacing websites or compromising data can be done for many reasons Financial loss can take many routes from identity theft to embezzlement to trade secrets Infrastructure attacks are currently theory-based, but are only a matter of time. This is where public utilities are attacked and damaged by cyber attacks. Chaos can be implemented for many reasons as well, from teenager bragging rights to a pre-emptive military strike..

[Audio] The Internet is available world-wide, so we face not only home-grown threats but those from every country in the world. No other threat exists that allows criminals from all over the world to attempt to steal critical data on a daily basis without any form of retribution. Worst case situations are countries such as Nigeria and North Korea, where it is documented that there are government ties with hackers. These tend to be poorer countries that have officials who are easily enticed by the money that can be earned from hacking or providing a safe haven for hackers..

[Audio] The computer emergency response team (CERT) at Carnegie Mellon performed an experiment in 2002 with a Linux PC. In this experiment, an Out-of-the-box Linux PC was plugged directly into the Internet without a router or firewall to protect it. Within 30 seconds the first port scans were detected Within 1 hour, the first compromise attempts were detected Within 12 hours the PC was fully compromised which means: - Administrative access obtained - Event logging selectively disabled - System software modified to suit the intruder - Attack software was installed and the PC was actively probing for new hosts to compromise Keep in mind in 2002 the Linux operating system made up about 1% of the computers in use, while Microsoft made up about 90% of those operating systems in use. This is important, since Linux was less well known and had LESS vulnerabilities than Microsoft did..

[Audio] The motivations for hacking are many: 1. Money (Identity Theft) 2. Access to additional resources – the escalation of privileges based on the ego of the user 3. Competitive advantage Economic Political 4. Grievance or vengeance 5. Curiosity 6. Mischief 7. Attention or notoriety It is usually not possible to determine the motive while you are under attack..

[Audio] Most intrusions result from the exploitation of known vulnerabilities, configuration errors, or virus attacks where countermeasures were available. The most damaging Internet worm/virus events all were preventable and had prior warning. Event Days of Prior Warning Code Red 28 SQL Slammer 184 Nimda 336.

[Audio] I'm now going to cover some recent criminal statistics to demonstrate the real threats.

[Audio] In 2005, the United States Secret Service and CSO magazine compiled a survey on hacking activity among U.S. businesses. 68% of respondents admitted to having an information security breach. Only 32% claimed they were without incident..

[Audio] Of the respondents that admitted to having security breaches, 82% had viruses 61% had spyware 57% were the victims of phishing scams 57% were the victims of identity theft 48% had at least one machine that was compromised and was sending spam as an illicit mail server or spam server Note that the columns add up to over 100%. This means that many of the compromised systems contained a combination of viruses, spyware and other malware. Infections are not mutually exclusive to just one type of malware infection..

[Audio] There are multiple categories of e-crime or hacking. Some variants did not exist until recently, while other variants are decreasing in popularity. This is an ever-changing battle against criminals..

[Audio] Respondents reported 55% suffered operational losses, 28% suffered direct financial losses, and 12% reported harm to their business reputation. Financial loss is sometimes hard to classify, since there are generally both hard and soft costs associated with security breaches. The hard costs can include the replacement of hardware and software, as well as the labor for technicians to perform their work. The soft costs that often go un-noticed are the loss of productivity suffered by the business from employees not being able to perform normal business functions. Again, when it comes to financial loss, the Return on Investment or ROI for preventative security measures are a fraction of the cost as compared to reactive security costs. An ounce of prevention is worth far more than a pound of cure..

[Audio] Interestingly enough, 1 in 5 security breaches were tracked to insiders. While employees can be a company's greatest asset, sometimes employees can also prove to be the greatest threat. Therefore companies must provide information security policies to protect the organization from employee misdeeds..

[Audio] I will next cover due care and due diligence. Due care is the care and forethought a reasonable individual would exercise under the circumstances. It is the standard for determining legal duty. Due diligence is the effort made by a reasonable individual to avoid harm to another party, where failure to make this effort may be considered negligence..

[Audio] Due care is the care and forethought a reasonable individual would exercise under the circumstances. It is the standard for determining legal duty. Information Security policies are in place to protect the organization, its employees, its partners, and its clients Ask your supervisor if you need clarification on any Information Security topic Information Security applies to every user.

[Audio] Due diligence is the effort made by a reasonable individual to avoid harm to another party, where failure to make this effort may be considered negligence. Follow all applicable: Policies Procedures Standards Guidelines Report any suspicious computer / network activity to your supervisor immediately Report discrepancies / weaknesses to your supervisor – be proactive!.

[Audio] Always use common sense Only open e-mail from senders you know Keep your computer updated Use current virus / spyware definitions Use appropriate hardware & software.

[Audio] Never open e-mail from unknown senders Never download free software Only visit reputable web sites Never disable firewall / antivirus software Never disclose passwords to anyone.

[Audio] Many people and businesses unknowingly leave their private information readily available to hackers because they subscribe to some common myths about computer and network security. I will cover 5 common myths and the facts to dispel them..

[Audio] MYTH: "I have virus protection software so I am already secure." FACT: Viruses and security threats are two completely different things. Your anti-virus software will not tell you about any of the security threats, such as whether financial or customer records are exposed to the Internet or whether your computer is vulnerable to various hacker attacks..

[Audio] MYTH: "I have nothing to worry about; there are too many computers on the Internet." FACT: A single hacker can scan thousands of computers looking for ways to access your private information in the time it takes you to eat lunch..

[Audio] MYTH: "Network and computer security is only important for large businesses." FACT: In reality, nothing could be further from the truth. Whether you are work in a home office or a large enterprise, your computer contains valuable and sensitive information. This could be financial records, passwords, business plans, confidential files, and any other private data. In reality, nothing could be further from the truth. Whether you are work in a home office or a large enterprise, your computer contains valuable and sensitive information. This could be financial records, passwords, business plans, confidential files, and any other private data. In addition to your private information, it is also important to protect your network from being used in denial of service attacks, as a relay to exploit other systems, as a repository for illegal software or files, and much more..