sâmbătă, noiembrie 05, 2016

Notes from Security Awarness lessons

Social Engineering
- Cyber attacks can happen in varietate of ways including emails, instant messages, phone calls
- Tricks to get attention to Cyber attacks: Free download, You Won, Pretending your computer is infected, Emails/Messages pretending to be from your bank.
Email & Messaging
- Fishing attacks come in form of emails/messages pretending to represent your bank
- attacker email may trick you to click on a link, to open an attachment, .. which may infect you computer
- Alerts to a fishing attack may be generic message in the emails not addressing personally to you
- Messages that demand imediat actions
- Spelling mistakes in messages
- Using personal email address such as gmail, yahoo
- Emails asking highly sensitive information such as credit card number, your password
- Before clicking on link hover the link to see the real destination
- Type the address directly in the browser
Browsers attacks:
-Ensure the latest browser update
-Do not open unsafe sites, modern browsers detects bad sites
-Make shure https is used for sites
-Use Only Aproved and latest updates for Plugins or Addons
-Logout from website when finished the actions
Social Networks
-Strong uniq passwords, different passwords for different accounts, 2 step verifcation to use if posibile
-When posting something ensure it is posted
-When someone you dont know posts something about you ask them to remove or report about it
-Install Social Networks 3rd party application only from trusted sources
-When there is suspicious post from somebody please contact them directly and tell them about
-Do not post confidential information on any sites
Mobile Device Security:
-Protect with screen lock, password, pin,
-Active Remote Wiping
-Apps from trusted sources, read reviews, see popularity
-Check apps permissions required when installing
-Keep apps updated
-Keep Mobile OS updated
-Buy new mobile device if there is no more OS support
-Never jailbreak or hack mobile device
-Be ware of malicious links in sms messages
- Do not use simple passwords
- Do not use personal information in passwords like date of birth, name, pet name
- Use long passwords, use Upper/Lower case, Numbers, special chars
- Use Password Managers
- Do not use public computers to log in bank accounts,
- Be aware of sites where personal questions are asked, answers can be found on internet
- Use 2 factor authentication
Data Security and Data Destruction
- It is about how to store, process, transmit and destroy sensitive information
- Use system authorized by organization
- Do not copy organisation information to personal devices
- Use authorized and licensed software
- Do not use cloud services (drop box, iCloud, gDrive) if not approved by org
- Do not leave hard-copy documents on desks, lock them in folders
- Always lock the computer when leaving the desk
- Use strong encryption when sending info over network
- Use aproved external devices and software for storing information
- Use special software to delete secure information
- Always shred hard-copy documents when no longer needed
Working Remotely
- Use only devices provided/approved by organization
- Family members should not use work devices
- Use encrypted channels when connected through public networks like VPNs
- Ensure OS and applications used are up to date.
- Never use public computers for work
- Do not allow others to connect to you devices via usb, bluetooth,...
Insider Threats (created by someone employed )
- Someone asking for information which he/sher is not required to have
- Someone caring large number of documents out of org
- Someone transferring large files when he is not required to do this
- Someone working strange hours
- Someone trying to login in somebody else accounts or asking for access to data centers
- Someone with strange behavior
- Never share you credentials with nobody including your supervisor
Protecting your personal computer
- Your computer is running the latest OS installed and latest application installed ex. Word, Excel, ..
- Automatic updates is activated on you computer/devices
- Uninstall unused application
- Ensure web browsers and thier plugins are updated
- Use private/anonymous mode when browsing on internet
- Ensure Firewall is activate
- Ensure Antivirus is running and is updated
- Perform regular backups of your personal information
Hacked,You may be hacked when:
- Antivirus generates alerts
- Browser takes you to unwanted sites
- Your passwords is no longer working
- Your friends are telling you that they receive messages from facebook, twitter, or email account which you didn't sent.
- Contact security team immediately when you think you was hacked
Payment Card Industry Data Security Standard (PSI DSS)
- Limit data access only to required people
- Do not store sensitive data information
- Store PAN in encrypted form according to org standards
- Verify Identy of the person before granting then access to any payment card device
- Cardholder information should be used only for processing payments
- Only authorized payment system may be used to store, process or transmit cardholder data
Cloud Services
- You never know where data is stored
- Obtain permission to use cloud services in org
- Obtain permission on what type of information can be stored on cloud
- Never access personal cloud accounts from org without prior permission
- Use uniq passwords for your cloud accounts
- Share cloud information only with approved people

joi, octombrie 20, 2016

Cum in Windows verificam spatiul folosit pe disk.

Dese ori ajungem la momentul cind nu mai avem spatiu pe disk, si atunci incepem sa vedem ce sa mai stergem ca sa eliberam din spatiu.

Pentru asta va propun urmatorii pasi:

1. Curatim Recycle Bean-ul
2. Stergem tot din temp folder, deschide  %temp% din Windows->Run si sterge tot din el.
3. Vedem unde se foloseste spatiul si decidem care sa-l eliberam, pentru asta descarcati aplicatia Disk Usage de aici https://technet.microsoft.com/en-us/sysinternals/du.aspx Din command line executati urmatoare comanda: du  -c -l 2 c:/ > 2levelfolderssize.csv

Daca vreti csv sa fie mai detaliat la  nivel de folder atunci puneti in loc de 2 un numar mai mare.

Apoi deschide cu Excel csv fisierul creat.