Cyber Security Awareness Training Template for staffs of an Organization

Who needs Cyber Security Awareness Training

This template can serve as a training manual for organizations that want to organize cyber security awareness program for its staff. For maximum results, the points described below must be demonstrated using real life scenarios.

Summary

The content of this awareness template focuses on just three areas

Social Media usage

Email policy

Password Policy

The aim is enlighten the staffs of organizations and prepare them against various Social Engineering techniques which uses the channels stated above .

Protecting Organizational Network using Intrusion Detection Systems

The task of keeping organizations network secure isn't an easy one. There is no single tool for securing organisations network, rather it's a process and a continuous one. Various tools are available in helping organizations secure it's networks. Such tools include port scanning tools, application vulnerability detecting tools, firewalls, intrusion detection systems. In this article, the focus will be on IDS tools.

What is Intrusion Detection Systems

Intrusion detection systems are devices or software that monitors traffic over a network to identify malicious network activities by a user. Usually, when a malicious activities are detected, they are logged and alert sent to the network administrator. IDS are usually placed within a network in strategic positions or just outside the gateway to an organizations network.  

Intrusion prevention systems

Some IDS systems are also capable of stopping a malicious network when detected. Such systems are called Intrusion Detection and Prevention Systems. This system attracts extra overhead because they have to be working realtime to be effective.

Malware in the 80's and Malware in the 21st Century

Developing computer virus have been growing along side with the growth of computer technologies. The purpose, effect and technologies used in developing these viruses have varied greatly as the year of development. In this article we compare a popular virus designed in the 80's and the recent one designed in 2007.

Lehigh computer virus

Its is a file virus that was discovered in 1987 that affects command.com which is the filename of default DOS of Windows OS. Though the virus wasn’t traced  back to the originator but it was rather named after Lehigh University where it was first detected.

Methods of propagation

Lehigh spreads itself by infecting a DOS disk. If lehigh is running in the memory of a host computer and another DOS is inserted in the computer, lehigh detects the DOS disk and infect the command.com file.

Cyber Wars - ISIS attack on US Websites

Cyberwar is the act of hacking into information system of another country based on political reasons and ideologies. The purpose could be to steal information(espionage), bring down an information system( and also control systems) or destroy an entire network system. Another kind of motivation for cyberwar could be to spread propaganda or psychological warfare. The later is what ISIS seeks to achieve in their recent attacks on vulnerable US websites.

Most popular cases of cyber war involves when a group sponsored or coordinated by a nation state attacks the industrial control systems of another nation connected over the internet. such ICS include power plants, water supply, transport. The aim is to bring down such control systems and make is non functional. Another form could be an attempt to steal information such as trade secrets, classified documents etc from another nation state. However the ISIS attack is quite different from the above cases.

Live Social Engineering Hack on a live conference

First reported on Cnn Money news website

In a live conference/workshop on social Engineering hacking, Shane MacDougall hacked the identity of a Walmart Store Manager in a town in Canada. In less than 20 minutes, with only a mobile phone, Mr Shane tricked the store manager and got all his personal information with just a phone call.

No Tech Hacking - John Long's encounter with Apple fanboy soldier

Shoulder Surfing Technique

In a cafe was a US soldier surfing the net and having a good time with music blasting through his earphone. With a Macbook, Apple earphone and Apple magazine sitting around the corner, it was obvious this soldier is an Apple fanboy.
This soldier is not much aware of his environment because of his sitting position. He was actually sitting in such a way that he is backing the rest of the people in the cafe and coupled with loud music playing through his earphone, its safe to conclude that the soldier is less conscious of his surroundings. As a result, people around can easily have a clear view of his screen.
John Long who happened to be at the wrong place at the wrong time with his camera always with him took a few shots of the soldier guy while having a clear view of his screen. 

Discoveries

The Military man was actually working on his Mac because some of the captured screenshots showed that he was Logging into Administrative console of EBA logic web Server.

And also some of the shots showed his keystrokes as he was logging into the server and therefore his login credentials was compromised.

Lessons learnt

This rule - “Avoid public display of information” must be maintained at all times especially when using PC in public places.

Also it is important to be aware of one’s environment at all times especially when working with computers. Avoid such behaviours that make you loose too much concentration about your environment. Such behaviours like playing loud music through earphone while working PC’s must be discouraged at all times.

Operating Systems - Kali Linux Security tools for Information Gathering

The Operating System(OS) acts as a middle man between the Computer hardware and software. The operating system is a software which every other software that runs on users machine are built upon. Major operating systems are Windows, Linux, Unix etc. Also, there are other kind of Operating Systems called drivers. They are software that makes it possible for the main Operating system to communicate with any other hardware connected to the computer.

Kali Linux like the name implies is a variation of Linux Operating System. It comes along with a lot of security tools for Network Information gathering, penetrating testing tools, etc.
For some specific tools such as  DNS ENUM, DMITRY, NMAP allows a user to gather information(eg IP address, mac address, port numbers) across an organizations network.
Network information gathering tools are powerful tools, because for a successful network test(ethical hacking i must say), its best to gather as much information as possible about the targets machine.