Introduction To Cyber-Defense (Richard Matevosyan)

Educational Technology Class

INTODUCTION TO CYBER DEFENSE INTODUCTION TO CYBER DEFENSE

- SIXTH GRADE -- SIXTH GRADE -

Richard MatevosyanJanuary 22, 2015

LAUNCHING THE OBJECTIVESLAUNCHING THE OBJECTIVES

Cyber-threats or risks

Vulnerabilities

Safeguarding

Promoting cyber -citizenship

Are we safe at cyber-school?

The school is a safer place than any other cyber-environment. However, we still

remain vulnerable for the outsiders. One of the defense tactics is knowing the

basics of virtual information assurance.

Fundamentals of Information Assurance

• Confidentiality (v. privacy)• Integrity (quality, accuracy, relevance)• Availability (accessibility) • Established Public Service

Announcement (PSA)• Peer-too-peer (P2P) network within the

school or organization

How Does an Attack Happen?

• By identifying the target• By gathering information• By preparing the malicious

code • By planning the attack• By attacking through the

“backdoor!”

Web can be used as a weapon

Let us commemorate:• Infrastructure run by computers• Overflow dam, disrupt oil supply• Sewage plant in Australia overflowed due to black

hat hackers• Cyberterrorism (Bin Laden, Aum Shinrikyo)• Combined attack • Cause power outage and biological attack• EMS disruption and nuclear emergency

MALICIOUS CODES AS THE BULLETS

SpywareMalware (Adware)

WarmsViruses

Intrude by email attachments, forwarded emails, or when we download unsolicited programs from free

cyber-space.

Malicious Software (Malware)

• Are designed to damage/disrupt a system without the owner’s consent.

• Software that gets installed on your system and performs unwanted tasks.

• Pop- ups to virus deployment.

Virus• Individual programs that

propagate by first infecting executable files or the system and then makes copies of itself.

• Can operate without our knowledge (when visiting a website, or opening an attachment).

• WE OPEN IT

Worms

• Are designed to replicate and spread from computer to computer

• WE DON’T HAVE TO OPEN IT

Trojan Horse

• Designed like benign programs, but have a hidden code that may compromise the system from remote user/computer.

Spyware

Computer software (benign or malignant) that gathers information (phone numbers, DOB, email account password, address, e-signature, credit card information) about the computer user and transmits it without the user's knowledge .

Adware

• Advertising supported software in which advertisements are displayed while the program is running. So annoying...

Hackers & Crackers

• White hat hackers (curious), explore our vulnerabilities.

• Black hat hackers (malicious), exploit vulnerabilities for monetary profit or perpetrate a crime - an organized crime.

• Gray hat hackers (ethically righteous, just), are motivated by a sense of public good - just like the cowboys.

WHAT CAN WE DO?

• Establish security culture

• Establish best security practices

• Define goals and structure of security program

• Educate personnel

• Maintain compliance with any regulations

P 2 P(peer to peer)

• Acceptable use policy (AUP) is about the cyber- behavior

• Separation of duties• Hiring and termination practices need to run

background checks, orientation, exit interview, escorting procedure, as the must.

SUMMARYSUMMARY

Human error is the biggest threat!

We must:• Know how to identify vulnerabilities • Know hot to report or fix vulnerabilities• Have policies and procedures • Have computer maintenance programs• Educate the staff• Stay informed of latest and greatest.