1 / 33

Information Security and Best Online Practices

Learn about cyber security, data analysis, encryption, hashing, and password management. Stay protected online with these best practices.

connieharris
Download Presentation

Information Security and Best Online Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and Best Online Practices

  2. Introductions • About Us • About the Class (MGMT636) • About the MSISA program • Cybersecurity • Data Analysis • Database Management • And more

  3. Google Trends “Cybersecurity” Worldwide

  4. Overview • What are we going to talk about? • More In-depth, • Encryption, Hashing • Tech Demos • Real Quickly, • Password Creation • Password management/protection

  5. Instagram Accounts got HACKED!!! • Recently some Russian hackers have hacked several people’s Instagram Account • The reason is still unknown. • Facebook and Cambridge Analytica too.

  6. HSBC Bank suffers data breach • HSBC Bank suffered a data breach in last October 4 and October 14,2018 • Fortunately only a small amount of customers were affected, reportedly less than 1%. • Important information stolen: full name, mailing address, date of birth, phone number, email address, account numbers etc.

  7. Encryption Video • Local Location • ../Documents/TrimmedEncryption.mp4 • Web Location • https://youtu.be/r4HQ8Bp-pfw?t=55

  8. Hashing vs. Encryption • Not the same thing. • Both result in “jumbled” text. • Encryption can be decrypted with a key • Hash cannot be un-hashed (one-way)

  9. What is Encryption? • Turn data into unreadable character. • These unreadable characters can be converted back to the data. (with the right key). • Two Types (symmetric key, public key).

  10. Where is Encryption Used? • Anywhere and everywhere that information is stored. • Anywhere a password is used or communication is used. • Internet, Phones, computers, applications, banking, cars, IoT, communication, computer games, etc…

  11. One of first Examples • Caesar Cipher The Caesar cipher is named after Julius Caesar, who used it with a shift of three to protect messages of military significance. While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have been used earlier.

  12. Using A Keyword

  13. What is Hashing? • A string or number generated from a string or text. • Fixed Length. • Varies Widely. (“hello” vs. “Hello”) • Best algorithms are designed to be nearly impossible to turn hash back to original string.

  14. When is Hashing Used? • Used to store passwords(SQL Database). • Strong hashing algorithm with salt = hard to reverse. • When user logs in. • To make sure a file wasn’t changed.

  15. What is a Salt???? • Salt is extra text added to the end. • If password was “password” the database can salt it by adding “safe” to the end of it. • “passwordsafe” now gets hashed and saved. • Protect against dictionary attack and rainbow table.

  16. Salt in The News • LinkedIn sued for a data breach (2013) • They were deemed negligent for not salting their stored passwords. • The database was susceptible to SQL injection attacks.

  17. TECH DEMO!!! Hashing and Encrypting using Terminal (applies to Windows in a similar manner) The Handout provides examples of the code used.

  18. Types of Authentication

  19. Types of Authentication cont. • Knowledge factors: Factors the user must know in order to log in are considered a knowledge factor. This can be anything from a username, password, or pin number

  20. Types of Authentication cont. • Possession factors. Anything that the user must have in order to log in is known as a possession factor. One-time password tokens, key fobs, ID cards, and physical tokens are all considered possession factors

  21. Types of Authentication Cont. • Inheritance factors. Using a person’s biological characteristics is known as an inheritance factor.

  22. Password Creation

  23. Some Common Password

  24. How long it takes to hack?

  25. Combinatorics • How we do calculate the number of possible combinations from a password of 8 – 12 characters? • (Password Characters)^(Password Length) • Numbers 0-9, letters a-z, A-Z, symbols (!@#$%) • 958 +959 +9510 +9511 +9512 = 546,108,599,162,939,437,890,625

  26. Some Interesting Stats • 2 out of 5 people have been 'hacked' in the last year • 21% use password that are at least 10 years old • 47% use passwords that are at least 5 years old • 54% use 5 or fewer passwords across their entire online presence • On average, only 6 unique passwords are used to guard 24 online accounts

  27. Password Recommendations • At least 8 characters long • Use mixture of upper case, lower case, digits, symbols • Utilize biometrics (Automatic on iPhones) • Do not use words listed in the dictionary • Do not store in text or word file • It should be used and known by one person only

  28. Password Manager • Stores different login information and passwords from all sites you want • No need to remember them all! • Can autofill during login process • Password managers are secure

  29. Lastly • Why is all this protection of data important? • You might not know what data these companies are keeping on you.

  30. Why are these Apps free? • A staggering $24.1 billion of Google's $27.77 billion revenue for Q3 2018 was from advertising • Facebook reported $11.97 billion in revenue and $4.98 billion in profit for the past quarter, with 91 percent of its advertising revenue coming from mobile.

  31. Download Your Information • We have passed out a handout that gives you quick easy instructions for requesting and downloading your information from facebook, google, Instagram and snapchat.

  32. References • https://securityscorecard.com/blog/worlds-worst-passwords • https://swoopnow.com/user-authentication/ • https://latesthackingnews.com/2018/11/07/hsbc-bank-suffers-data-breach/ • https://www.independent.co.uk/life-style/gadgets-and-tech/news/instagram-hack-accounts-russia-breached-take-over-accounts-how-locked-2018-a8553776.html

  33. References Cont. • https://www.cbsnews.com/news/how-easy-is-it-to-hack-your-password-john-pozadzides-tells-all/ • https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting

More Related