330 likes | 342 Views
Learn about cyber security, data analysis, encryption, hashing, and password management. Stay protected online with these best practices.
E N D
Introductions • About Us • About the Class (MGMT636) • About the MSISA program • Cybersecurity • Data Analysis • Database Management • And more
Google Trends “Cybersecurity” Worldwide
Overview • What are we going to talk about? • More In-depth, • Encryption, Hashing • Tech Demos • Real Quickly, • Password Creation • Password management/protection
Instagram Accounts got HACKED!!! • Recently some Russian hackers have hacked several people’s Instagram Account • The reason is still unknown. • Facebook and Cambridge Analytica too.
HSBC Bank suffers data breach • HSBC Bank suffered a data breach in last October 4 and October 14,2018 • Fortunately only a small amount of customers were affected, reportedly less than 1%. • Important information stolen: full name, mailing address, date of birth, phone number, email address, account numbers etc.
Encryption Video • Local Location • ../Documents/TrimmedEncryption.mp4 • Web Location • https://youtu.be/r4HQ8Bp-pfw?t=55
Hashing vs. Encryption • Not the same thing. • Both result in “jumbled” text. • Encryption can be decrypted with a key • Hash cannot be un-hashed (one-way)
What is Encryption? • Turn data into unreadable character. • These unreadable characters can be converted back to the data. (with the right key). • Two Types (symmetric key, public key).
Where is Encryption Used? • Anywhere and everywhere that information is stored. • Anywhere a password is used or communication is used. • Internet, Phones, computers, applications, banking, cars, IoT, communication, computer games, etc…
One of first Examples • Caesar Cipher The Caesar cipher is named after Julius Caesar, who used it with a shift of three to protect messages of military significance. While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have been used earlier.
What is Hashing? • A string or number generated from a string or text. • Fixed Length. • Varies Widely. (“hello” vs. “Hello”) • Best algorithms are designed to be nearly impossible to turn hash back to original string.
When is Hashing Used? • Used to store passwords(SQL Database). • Strong hashing algorithm with salt = hard to reverse. • When user logs in. • To make sure a file wasn’t changed.
What is a Salt???? • Salt is extra text added to the end. • If password was “password” the database can salt it by adding “safe” to the end of it. • “passwordsafe” now gets hashed and saved. • Protect against dictionary attack and rainbow table.
Salt in The News • LinkedIn sued for a data breach (2013) • They were deemed negligent for not salting their stored passwords. • The database was susceptible to SQL injection attacks.
TECH DEMO!!! Hashing and Encrypting using Terminal (applies to Windows in a similar manner) The Handout provides examples of the code used.
Types of Authentication cont. • Knowledge factors: Factors the user must know in order to log in are considered a knowledge factor. This can be anything from a username, password, or pin number
Types of Authentication cont. • Possession factors. Anything that the user must have in order to log in is known as a possession factor. One-time password tokens, key fobs, ID cards, and physical tokens are all considered possession factors
Types of Authentication Cont. • Inheritance factors. Using a person’s biological characteristics is known as an inheritance factor.
Combinatorics • How we do calculate the number of possible combinations from a password of 8 – 12 characters? • (Password Characters)^(Password Length) • Numbers 0-9, letters a-z, A-Z, symbols (!@#$%) • 958 +959 +9510 +9511 +9512 = 546,108,599,162,939,437,890,625
Some Interesting Stats • 2 out of 5 people have been 'hacked' in the last year • 21% use password that are at least 10 years old • 47% use passwords that are at least 5 years old • 54% use 5 or fewer passwords across their entire online presence • On average, only 6 unique passwords are used to guard 24 online accounts
Password Recommendations • At least 8 characters long • Use mixture of upper case, lower case, digits, symbols • Utilize biometrics (Automatic on iPhones) • Do not use words listed in the dictionary • Do not store in text or word file • It should be used and known by one person only
Password Manager • Stores different login information and passwords from all sites you want • No need to remember them all! • Can autofill during login process • Password managers are secure
Lastly • Why is all this protection of data important? • You might not know what data these companies are keeping on you.
Why are these Apps free? • A staggering $24.1 billion of Google's $27.77 billion revenue for Q3 2018 was from advertising • Facebook reported $11.97 billion in revenue and $4.98 billion in profit for the past quarter, with 91 percent of its advertising revenue coming from mobile.
Download Your Information • We have passed out a handout that gives you quick easy instructions for requesting and downloading your information from facebook, google, Instagram and snapchat.
References • https://securityscorecard.com/blog/worlds-worst-passwords • https://swoopnow.com/user-authentication/ • https://latesthackingnews.com/2018/11/07/hsbc-bank-suffers-data-breach/ • https://www.independent.co.uk/life-style/gadgets-and-tech/news/instagram-hack-accounts-russia-breached-take-over-accounts-how-locked-2018-a8553776.html
References Cont. • https://www.cbsnews.com/news/how-easy-is-it-to-hack-your-password-john-pozadzides-tells-all/ • https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting