Information Security Who Are We We work at

  • Slides: 25
Download presentation
Information Security

Information Security

Who Are We? We work at Sandia labs We are graduate students at UNM

Who Are We? We work at Sandia labs We are graduate students at UNM Our goal? To reach out to the youth

Game time WHAT DEVICES CAN GET HACKED?

Game time WHAT DEVICES CAN GET HACKED?

(Clue) What Tech Do You Use? Laptop Desktop Cellphone Tablet Choices: Fitbit/Smart Watch Bluetooth

(Clue) What Tech Do You Use? Laptop Desktop Cellphone Tablet Choices: Fitbit/Smart Watch Bluetooth Speaker Smart TV Other

Survey Analysis The introduction paragraph was meant to bore you. Similar setup to many

Survey Analysis The introduction paragraph was meant to bore you. Similar setup to many terms and conditions. The first question was optional.

What is considered sensitive information? Any way to uniquely identify you. High risk (1

What is considered sensitive information? Any way to uniquely identify you. High risk (1 identifier): Social Security Number (SSN) Identification card License, Passport, School ID, etc. Credit Card information Medium Risk (multiple identifiers): First Name, Last Name, Date of Birth, Address Phone Number Login information (username & password)

What is considered sensitive information? Any way to uniquely identify you. High risk (1

What is considered sensitive information? Any way to uniquely identify you. High risk (1 identifier): Social Security Number (SSN) Identification card License, Passport, School ID, etc. Medium/ High Risk Credit Card information High Risk Medium Risk (multiple identifiers): First Name, Last Name, Date of Birth, Address Phone Number Login information (username & password) Low Risk

Don’t Give Out Your Personal Information Why? Companies that collect data such as your

Don’t Give Out Your Personal Information Why? Companies that collect data such as your name, address, phone number, and other data about you can be compromised. Don’t give out your real information unless you completely trust the source/company. Personal information is Sensitive Information.

The Cloud Companies own the cloud. Applications use the cloud. Companies own your data

The Cloud Companies own the cloud. Applications use the cloud. Companies own your data Your login, photos, about sections, credit card info are saved on the cloud. The cloud needs an internet connection to store data Ever tried logging into You. Tube or uploading anything without the internet?

DEFCON Hacking is social engineering DEFCON Example • https: //www. youtube. com/watch? v=f. Hh.

DEFCON Hacking is social engineering DEFCON Example • https: //www. youtube. com/watch? v=f. Hh. NWAKw 0 b. Y

Hacking Benefits: Companies can learn entry points. Increase our skills at protecting information There

Hacking Benefits: Companies can learn entry points. Increase our skills at protecting information There are professional jobs that pay you to find security vulnerabilities. (professional hackers exist) Downfalls: Hackers sell your information Hackers use your information against you Hackers steal from you if there is a way to make money

Types of Hackers White Hat – Ethical Hacker Black Hat – Stereotypical Hacker Red

Types of Hackers White Hat – Ethical Hacker Black Hat – Stereotypical Hacker Red Hat – Vigilante Hacker

What are we really downloading? Downloading apps that seem secure may not be the

What are we really downloading? Downloading apps that seem secure may not be the case Remember the required terms and conditions? Not everything is required. Some apps have a legitimate reason to access your files, some don’t. Use logic and reason. Pay attention to your downloaded files to see if it appears familiar.

Mobile Security Android Security issue When mobile players downloaded Fortnite it allowed the phone

Mobile Security Android Security issue When mobile players downloaded Fortnite it allowed the phone to become vulnerable to outside entities. A rogue app had access to the device’s settings and other areas for malware to be installed. It may not be your fault Sometimes a friend or relative can expose your sensitive data. link

Social Media TIKTOK Formally known as musical. ly. Was the most downloaded application (globally)

Social Media TIKTOK Formally known as musical. ly. Was the most downloaded application (globally) in Sept. TIKTOK compilations are posted on You. Tube Are Vine complications still on You. Tube? Your posts from popular apps doesn’t actually get deleted even when they are no longer available.

Guess this Screenshot Who is this? How do we recognize this screenshot? Details: December

Guess this Screenshot Who is this? How do we recognize this screenshot? Details: December 31, 2017 Maverick Apparel lawsuit Why does it matter what we post on the internet?

Phishing is the fraudulent attempt to obtain sensitive information, (such as usernames, passwords, credit

Phishing is the fraudulent attempt to obtain sensitive information, (such as usernames, passwords, credit card details, etc. ), by disguising as a trustworthy entity in an electronic communication.

Phishing Fake websites False logins Authentication Emails

Phishing Fake websites False logins Authentication Emails

Phishing Email Sender’s email address is not consistent to the content of the email.

Phishing Email Sender’s email address is not consistent to the content of the email. Contain a generic introduction. Pay attention to grammar If there is a link hover it and verify the URL. . fake. Linkhas. Malware. uk/948 ur 93 u Ctrl + Click to follow link

Companies that store sensitive information about you should have the data encrypted. Encryption Example.

Companies that store sensitive information about you should have the data encrypted. Encryption Example. risky clicky

Be More Paranoid Open networks Online Shopping Hackers use open networks Be careful where

Be More Paranoid Open networks Online Shopping Hackers use open networks Be careful where you input data such as credit card information, SSN, etc. Hack occurs every 39 seconds!!

Password Game Rules: Groups of 5 Group decide on a secure password Most secure

Password Game Rules: Groups of 5 Group decide on a secure password Most secure password gets a prize! Consists of letters, numbers, etc.

Game results PASSWORD CRACKING PASSWORD GENERATOR

Game results PASSWORD CRACKING PASSWORD GENERATOR

Password Tip: Try to remember your passwords as phrases WOO!TPwont. SB = Woo! The

Password Tip: Try to remember your passwords as phrases WOO!TPwont. SB = Woo! The Packers won the Super Bowl! 2 Chnz. L!k$Pbj = 2 Chainz likes PB & J ch. [email protected] St 230 = Cheese pie at 7 th street, 2: 30 pm Du. Mb. Ld 0 [email protected] 7 = Dumbledore is a wizard D = #I hate hashtags 2018 #i. Ht 3 hs. Htg$2018

BE CAREFUL WHAT YOU DOWNLOAD IN THE FIRST PLACE • UNDERSTAND YOUR PRIVACY SETTINGS

BE CAREFUL WHAT YOU DOWNLOAD IN THE FIRST PLACE • UNDERSTAND YOUR PRIVACY SETTINGS ON ALL YOUR DEVICES AND HOW YOU SECURE THOSE DEVICES • BE WEARY OF WHAT INFORMATION YOU GIVE OUT TO OTHERS • PAY ATTENTION TO WHAT YOU POST IN THE LONG RUN • Conclusion