Cyber Security Awareness Training Template for staffs of an Organization

Who needs Cyber Security Awareness Training

This template can serve as a training manual for organizations that want to organize cyber security awareness program for its staff. For maximum results, the points described below must be demonstrated using real life scenarios.

Summary

The content of this awareness template focuses on just three areas

Social Media usage

Email policy

Password Policy

The aim is enlighten the staffs of organizations and prepare them against various Social Engineering techniques which uses the channels stated above .

Protecting Organizational Network using Intrusion Detection Systems

The task of keeping organizations network secure isn't an easy one. There is no single tool for securing organisations network, rather it's a process and a continuous one. Various tools are available in helping organizations secure it's networks. Such tools include port scanning tools, application vulnerability detecting tools, firewalls, intrusion detection systems. In this article, the focus will be on IDS tools.

What is Intrusion Detection Systems

Intrusion detection systems are devices or software that monitors traffic over a network to identify malicious network activities by a user. Usually, when a malicious activities are detected, they are logged and alert sent to the network administrator. IDS are usually placed within a network in strategic positions or just outside the gateway to an organizations network.  

Intrusion prevention systems

Some IDS systems are also capable of stopping a malicious network when detected. Such systems are called Intrusion Detection and Prevention Systems. This system attracts extra overhead because they have to be working realtime to be effective.

Malware in the 80's and Malware in the 21st Century

Developing computer virus have been growing along side with the growth of computer technologies. The purpose, effect and technologies used in developing these viruses have varied greatly as the year of development. In this article we compare a popular virus designed in the 80's and the recent one designed in 2007.

Lehigh computer virus

Its is a file virus that was discovered in 1987 that affects command.com which is the filename of default DOS of Windows OS. Though the virus wasn’t traced  back to the originator but it was rather named after Lehigh University where it was first detected.

Methods of propagation

Lehigh spreads itself by infecting a DOS disk. If lehigh is running in the memory of a host computer and another DOS is inserted in the computer, lehigh detects the DOS disk and infect the command.com file.

Cyber Wars - ISIS attack on US Websites

Cyberwar is the act of hacking into information system of another country based on political reasons and ideologies. The purpose could be to steal information(espionage), bring down an information system( and also control systems) or destroy an entire network system. Another kind of motivation for cyberwar could be to spread propaganda or psychological warfare. The later is what ISIS seeks to achieve in their recent attacks on vulnerable US websites.

Most popular cases of cyber war involves when a group sponsored or coordinated by a nation state attacks the industrial control systems of another nation connected over the internet. such ICS include power plants, water supply, transport. The aim is to bring down such control systems and make is non functional. Another form could be an attempt to steal information such as trade secrets, classified documents etc from another nation state. However the ISIS attack is quite different from the above cases.

Live Social Engineering Hack on a live conference

First reported on Cnn Money news website

In a live conference/workshop on social Engineering hacking, Shane MacDougall hacked the identity of a Walmart Store Manager in a town in Canada. In less than 20 minutes, with only a mobile phone, Mr Shane tricked the store manager and got all his personal information with just a phone call.

No Tech Hacking - John Long's encounter with Apple fanboy soldier

Shoulder Surfing Technique

In a cafe was a US soldier surfing the net and having a good time with music blasting through his earphone. With a Macbook, Apple earphone and Apple magazine sitting around the corner, it was obvious this soldier is an Apple fanboy.
This soldier is not much aware of his environment because of his sitting position. He was actually sitting in such a way that he is backing the rest of the people in the cafe and coupled with loud music playing through his earphone, its safe to conclude that the soldier is less conscious of his surroundings. As a result, people around can easily have a clear view of his screen.
John Long who happened to be at the wrong place at the wrong time with his camera always with him took a few shots of the soldier guy while having a clear view of his screen. 

Discoveries

The Military man was actually working on his Mac because some of the captured screenshots showed that he was Logging into Administrative console of EBA logic web Server.

And also some of the shots showed his keystrokes as he was logging into the server and therefore his login credentials was compromised.

Lessons learnt

This rule - “Avoid public display of information” must be maintained at all times especially when using PC in public places.

Also it is important to be aware of one’s environment at all times especially when working with computers. Avoid such behaviours that make you loose too much concentration about your environment. Such behaviours like playing loud music through earphone while working PC’s must be discouraged at all times.

Operating Systems - Kali Linux Security tools for Information Gathering

The Operating System(OS) acts as a middle man between the Computer hardware and software. The operating system is a software which every other software that runs on users machine are built upon. Major operating systems are Windows, Linux, Unix etc. Also, there are other kind of Operating Systems called drivers. They are software that makes it possible for the main Operating system to communicate with any other hardware connected to the computer.

Kali Linux like the name implies is a variation of Linux Operating System. It comes along with a lot of security tools for Network Information gathering, penetrating testing tools, etc.
For some specific tools such as  DNS ENUM, DMITRY, NMAP allows a user to gather information(eg IP address, mac address, port numbers) across an organizations network.
Network information gathering tools are powerful tools, because for a successful network test(ethical hacking i must say), its best to gather as much information as possible about the targets machine.

A Better Legislation to Protect Internet Users Privacy and Counter File Effect

Privacy settings
Before facebook privacy settings, lots of websites collected users profile  information and store them on their own database for the purpose of advertisement or other uses (profileengine.com is a typical example of such websites). This is done without the prior knowledge of the users. After the facebook introduced its popular privacy settings, a lot users changed their privacy settings, which made their information not to be available for public. However, the information these websites stored about facebook users before they changed  their privacy settings still reside in their databases.

Breach of Internet Privacy

Over the last decade, internet privacy has being a hot topic. And also in many years to come, privacy online will continue to be a hot topic. The recent revelation by former CIA analyst Edward Snowden on how Government with the help of NSA is constantly snooping on our activities will add more controversy to this topic.

More of the confusion surrounding the issue of online privacy mostly arises from the fact that there is no general understanding as regards to what is private and what is not.
The Case of Google Street view
In 2007, Google added a new feature to its popular Google map product. The Street View works by posting real life images taken by Google satellite cameras at particular intervals and associating it with the current location on Google map. Privacy issues came up as these cameras caught pictures of men leaving strippers club, there are also pictures of men picking up prostitutes etc. Google was fined for these privacy breaches in some countries. At the end, Google has to blur these type of images in its Street view application to avoid further lawsuits.

Three most common mistakes of pC users

In this article, we are going to highlight three most common mistakes pc users make and how its going to affect the security of their PC.

1. User Account Password Settings

Most PC users fail to set password for their PC user account. The consequence of this is that anyone can access their file(private) by physically having access to the system. And most dangerously is the fact that anyone that access this computer can easily setup an admin account and lock the user out permanently from his/her PC. 

Also most browsers allow the users to store their password in the browser and therefore such unauthorized user can easily can access passwords for various user accounts of the PC owner stored in the web browser.

Privacy, How it was done in the olden days

Over the years, since man developed means of communication in form of languages and writing, protecting information has always being very important. 
Humans have developed several ways of hiding information from people they don't want access to such information. Such information can be religious, trade secrets etc. The Assyrians developed the Intaglio for protecting their trade secrets, the Egyptians developed Hieroglyphs as a way for the priests to communicate with the dead and writing down prayers, the Hebrews  developed the ATBASH system, while the Greeks developed Wound Tape and unlocking key for hiding special information.
In this article, we are going to look into the Hieroglyphs and Atbash systems.