Computer security 101
1 like453 views
The document appears to be a presentation on computer security given by Khairulmizam Samsudin, Ph.D. The presentation covers various computer security topics including scenarios of common security incidents like phishing and social engineering. It also defines computer security terms, discusses laws and best practices, and includes awareness tests to check audience understanding. The overall goal is to make the audience aware of computer security risks and how to identify and handle issues.
![khairulmizam@upm.edu.my
Scenario #1
Reference:https://goo.gl/2FWWAf 7
From: UPM Email Administrator [mailto:admin@email.upm.edu.my]
Sent: 12 May 2016 8:51am
To: khairulmizam@upm.edu.my
Subject: Email Storage Warning
Dear Dr. Khairulmizam Samsudin,
Your mailbox is almost full.
Please reduce your mailbox size by email deletion. Click here to reduce
size automatically](https://image.slidesharecdn.com/computersecurity1011-161008082117/85/Computer-security-101-7-320.jpg)
Computer security 101
- 1. khairulmizam@upm.edu.my ECC4703: Computer Security Khairulmizam Samsudin, Ph.D.
- 2. khairulmizam@upm.edu.my ECC4703: Computer Security Plain and Simple Khairulmizam Samsudin, Ph.D.
- 3. khairulmizam@upm.edu.my Presentation Contents 1. Awareness test for audience 2. Scenario related to security incident 3. Definition of computer related term 4. What to do in the event of attack 5. Statistics on computer crime 6. News related to computer security 7. Laws and regulation related to computer usage 3
- 4. khairulmizam@upm.edu.my Learning outcome At the end of this talk, audience will 1. be aware of computer security risk at home and in the workplace 2. be able to identify common computer security issues 3. follow best computer security practice 4. have the knowledge to handle computer security incident 4
- 7. khairulmizam@upm.edu.my Scenario #1 Reference:https://goo.gl/2FWWAf 7 From: UPM Email Administrator [mailto:admin@email.upm.edu.my] Sent: 12 May 2016 8:51am To: khairulmizam@upm.edu.my Subject: Email Storage Warning Dear Dr. Khairulmizam Samsudin, Your mailbox is almost full. Please reduce your mailbox size by email deletion. Click here to reduce size automatically
- 11. khairulmizam@upm.edu.my 11 Scenario #1: Phising Attack Definition: attempt to acquire sensitive information by masquerading as a trustworthy entity in electronic communication. Variation: bank account, monetary reward, over credit, using other communication medium, etc Reference:https://goo.gl/lygRnT
- 14. khairulmizam@upm.edu.my Scenario #1: To do 14 To Do ● Verify the URL address ● Use HTTPS (if available) ● Enable anti-virus ‘secure browsing’ feature ● Update OS and anti-virus regularly
- 15. khairulmizam@upm.edu.my The Internet of Things Reference:http://device.is/1dwxcL1 15
- 17. khairulmizam@upm.edu.my 17 Computer Network Architecture
- 18. khairulmizam@upm.edu.my 99% 18 of all computer security incidents involve human error - “IBM” Reference:http://goo.gl/2cIkZc
- 20. khairulmizam@upm.edu.my This talk is not about... How to… ● e-Punch from outside UPM? ● How to crack application or games? ● How to obtain password of protected WiFi? ● How to top-up SmartTAG for free? ● How to <illegal activity> ? 20
- 26. khairulmizam@upm.edu.my RM 1.6billion 26 Losses from cybercrime in 2012 - “PDRM”
- 29. khairulmizam@upm.edu.my Law and Regulation 1. Akta Jenayah Komputer 1997 (Akta 563) 2. Akta Komunikasi dan Multimedia 1998 (Akta 588) 3. Akta Harta Intelek (Paten dan Hakcipta) 4. Arahan Teknologi Maklumat 2007 (Akta 680) 5. Akta Perlindungan Data Peribadi 2010 (Akta 709) 6. Kaedah-Kaedah Universiti Putra Malaysia (Teknologi Maklumat Dan Komunikasi) 2013 7. Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014 29
- 33. khairulmizam@upm.edu.my Awareness Test #1: Computer/Smartphone 1. I know how to install and uninstall software 2. I pay my utility bill online 3. I know how to configure WiFi 4. I know how to hook up all the computer cables 5. I can format and reinstall OS on my computer 33
- 37. khairulmizam@upm.edu.my 37 Scenario #2: Hoax, Chain letter, Faxlore, etc Definition: a message that attempts to convince the recipient to distribute copies of the letter and then pass them on to as many recipients as possible. Variation: children in need, petitions, false warnings, monetary rewards, urban legends, superstitions
- 38. khairulmizam@upm.edu.my Scenario #2: Law and Regulation 38 Akta Komunikasi dan Multimedia 1998 (Akta 588)
- 39. khairulmizam@upm.edu.my Scenario #2: Law and Regulation 39 Akta Komunikasi dan Multimedia 1998 (Akta 588)
- 40. khairulmizam@upm.edu.my Scenario #2: To do 40
- 42. khairulmizam@upm.edu.my Scenario #2: News Y2K Bug 42
- 43. khairulmizam@upm.edu.my Scenario #2: News Y2K Bug 43
- 44. khairulmizam@upm.edu.my Scenario #2: News Y2K Bug 44
- 46. khairulmizam@upm.edu.my Scenario #2: Law and Regulation 46 Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
- 47. khairulmizam@upm.edu.my Scenario #2: News Putin lying? 47
- 48. khairulmizam@upm.edu.my Awareness Test #2: Security 1. I know how to scan for virus/malware 2. I password protect my computer/smartphone 3. I have 8 character password with 1 capital letter, 1 symbol and 1 number 4. I update my computer OS and software frequently 5. I use a non-administrator user account on my computer 48
- 51. khairulmizam@upm.edu.my Scenario #3: or worst Reference:https://goo.gl/2FWWAf 51
- 53. khairulmizam@upm.edu.my Scenario #3: Law and Regulation (Cont…) 53 Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
- 54. khairulmizam@upm.edu.my Scenario #3: To do 54 To Do ● Do not use the same password ● Do not share password and be sure no one watches ● Use ‘incognito’ mode if you are using public computer ● Lock or log off everytime ● Use biometric password (if possible) ● Update OS and anti-virus regularly
- 57. khairulmizam@upm.edu.my 57 Awareness Test #3: What is a computer?
- 58. khairulmizam@upm.edu.my 58 Awareness Test #2: What is a computer?
- 60. khairulmizam@upm.edu.my 60 News: Car hacking … two researchers managed to take control of an unaltered vehicle’s electronically controlled subsystems (radio, AC, wipers, transmission, steering, even brakes) from afar, using the Internet connection its entertainment system makes through Sprint’s cellular network … - “IEEE Spectrum”
- 61. khairulmizam@upm.edu.my What is Computer Security? 61Reference:http://goo.gl/uoFnoo
- 62. khairulmizam@upm.edu.my News: Worst case scenario 62
- 63. khairulmizam@upm.edu.my 63 Definition: Computer Security in UPM Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
- 64. khairulmizam@upm.edu.my 64 Information Definition: Computer Security in UPM Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
- 67. khairulmizam@upm.edu.my Scenario #4 Reference:https://goo.gl/2FWWAf 67 Ring ring ring... Caller: Hi Jenny, this is Smith from Accounting Department. Can you email me the latest quaterly report? Jenny: Ok...
- 68. khairulmizam@upm.edu.my Scenario #4 68 Ring ring ring... Caller: Hi Jenny, this is Smith from Accounting Department. Can you email me the latest quaterly report? Jenny: Ok...
- 69. khairulmizam@upm.edu.my 69 Scenario #2: Social Engineering Definition: an attack that relies heavily on human interaction and involves tricking people into breaking security procedures. Variation: call from IT, reset password, install a software, click a link, etc
- 70. khairulmizam@upm.edu.my Scenario #4: Law and Regulation 70 Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
- 71. khairulmizam@upm.edu.my Scenario #4: To do 71 ● Slow down ● Research the facts ● Never provide confidential information to unknown source (i.e. email) ● Beware of any downloads and links ● Update OS and anti-virus regularly
- 72. khairulmizam@upm.edu.my 72 News: Looking for a job?
- 73. khairulmizam@upm.edu.my What to do if you are a victim? 73 1. Disconnect from network 2. Inform online account provider 3. Report to authority 4. Get help
- 74. khairulmizam@upm.edu.my 74 99% of Malaysian use Facebook while on the throne Reference:http://goo.gl/q20oWc
- 76. khairulmizam@upm.edu.my Scenario #5: Man-in-the-middle attack 76 Definition: an attacker secretly relays and alters the communication between two parties who believe they are directly communicating with each other.. Reference:http://goo.gl/22mq8V
- 78. khairulmizam@upm.edu.my Scenario #5: To do & Not to do 78 To Do ● Avoid using public Wi-Fi (if possible) ● Avoid entering passwords when using public Wi-Fi connections ● Use HTTPS or VPN if you need to enter passwords
- 80. khairulmizam@upm.edu.my Additional tips 80 ● Only download from trusted sources ● Only install trusted software ● Use a decent web browser