Cyber Security

Discover how no-code development platforms are changing the way designers, developers, and creators are building websites and software — without writing code. What is no-code development? No-code development is a type of web development that allows non-programmers and programmers to create software using a graphical user interface, instead of writing code. The no-code movement rests upon the fundamental belief that technology should enable and facilitate the creation, not be a barrier to entry. So much that we do in our day-to-day lives is powered by code. Whether we’re checking our bank accounts, liking friends’ photos on social media, or searching for new outfits on our favourite eCommerce sites, programming is what makes all of these actions possible. ‍ For the majority of us who lack the know-how in writing code, the idea of crafting a web app, or building a website seems forever out of reach. But what was once a space that only developers and those well-skilled in coding could nav

This chapter covers some of the technology and processes used by cybersecurity professionals when protecting an organization’s network, equipment and data. First, it briefly covers the many types of firewalls, security appliances, and software that are currently used, including best practices. Next, this chapter explains botnets, the kill chain, behavior-based security, and using NetFlow to monitor a network. The third section discusses Cisco’s approach to cybersecurity, including the CSIRT team and the security playbook. It briefly covers the tools that cybersecurity professionals use to detect and prevent network attacks.

In this lab, you will identify risky online behavior and explore some tips on how to become safer online. Lab - Discover Your Own Risky Online Behavior

Every day, millions of email messages are used to communicate with friends and conduct business. Email is a convenient way to communicate with each other quickly. When you send an email, it is similar to sending a message using a postcard. The postcard message is transmitted in plain sight of anyone who has access to look, and the email message is transmitted in plain text, and is readable by anyone who has access. These communications are also passed among different servers while in route to the destination. Even when you erase your email messages, the messages can be archived on the mail servers for some time. Anyone with physical access to your computer, or your router, can view which websites you have visited using web browser history, cache, and possibly log files. This problem can be minimized by enabling the in-private browsing mode on the web browser. Most of the popular web browsers have their own name for private browser mode: Microsoft Internet Explorer : InPrivate Google Ch

If you want to keep your privacy on social media, share as little information as possible. You should not share information like your birth date, email address, or your phone number on your profile. The people who need to know your personal information probably already know it. Do not fill out your social media profile completely, only provide the minimum required information. Furthermore, check your social media settings to allow only people you know to see your activities or engage in your conversations. The more personal information you share online, the easier it is for someone to create a profile about you and take advantage of you offline. Have you ever forgotten the username and password for an online account? Security questions like “What is your mother’s maiden name?” or “In what city were you born?” are supposed to help keep your account safe from intruders. However, anyone who wants to access your accounts can search for the answers on the Internet. You can answer these ques

Open Authorization (OAuth) is an open standard protocol that allows an end user’s credentials to access third party applications without exposing the user’s password. OAuth acts as the middle man to decide whether to allow end users access to third party applications. For example, say you want to access web application XYZ, and you do not have a user account for accessing this web application. However, XYZ has the option to allow you to log in using the credentials from a social media website ABC. So you access the website using the social media login. For this to work, the application ‘XYZ’ is registered with ‘ABC’ and is an approved application. When you access XYZ, you use your user credentials for ABC. Then XYZ requests an access token from ABC on your behalf. Now you have access to XYZ. XYZ knows nothing about you and your user credentials, and this interaction is totally seamless for the user. Using secret tokens prevents a malicious application from getting your information and

Popular online services, such as Google, Facebook, Twitter, LinkedIn, Apple and Microsoft, use two factor authentication to add an extra layer of security for account logins. Besides the username and password, or personal identification number (PIN) or pattern, two factor authentication requires a second token, such as a: Physical object  - credit card, ATM card, phone, or fob Biometric scan  - fingerprint, palm print, as well as facial or voice recognition Even with two factor authentication, hackers can still gain access to your online accounts through attacks such as phishing attacks, malware, and social engineering. Go  here  to find out if websites you visit use two factor authentication.

In this lab, you will explore legal agreements required to use various online services. You will also explore some of the ways you can protect your data. Lab - Who Owns Your Data

When you move a file to the recycle bin or trash and delete it permanently, the file is only inaccessible from the operating system. Anyone with the right forensic tools can still recover the file due to a magnetic trace left on the hard drive. In order to erase data so that it is no longer recoverable, the data must be overwritten with ones and zeroes multiple times. To prevent the recovery of deleted files, you may need to use tools specifically designed to do just that. The program SDelete from Microsoft (for Vista and higher), claims to have the ability to remove sensitive files completely. Shred for Linux and Secure Empty Trash for Mac OSX are some tools that claim to provide a similar service. The only way to be certain that data or files are not recoverable is to physically destroy the hard drive or storage device. It has been the folly of many criminals in thinking their files were impenetrable or irrecoverable. Besides storing data on your local hard drives, your data may also

In this lab, you will use an external disk and a remote disk to back up your data. Lab - Backup Data to External Storage

Your hard drive may fail. Your laptop could be lost. Your smart phone stolen. Maybe you erased the original version of an important document. Having a backup may prevent the loss of irreplaceable data, such as family photos. To back up data properly, you will need an additional storage location for the data and you must copy the data to that location regularly and automatically. The additional location for your backed up files can be on your home network, secondary location, or in the cloud. By storing the backup of the data locally, you have total control of the data. You can decide to copy all of your data to a network attached storage device (NAS), a simple external hard drive, or maybe select only a few important folders for backup on thumb drives, CDs/DVDs, or even tapes. In that scenario, you are the owner and you are totally responsible for the cost and maintenance of the storage device equipment. If you subscribe to a cloud storage service, the cost depends on the amount storag

Your data should always be encrypted. You may think you have no secrets and nothing to hide so why use encryption? Maybe you think that nobody wants your data. Most likely, this is probably not true. Are you ready to show all of your photos and documents to strangers? Are you ready to share financial information stored on your computer to your friends? Do you want to give out your emails and account passwords to the general public? This can be even more troublesome if a malicious application infects your computer or mobile device and steals potentially valuable information, such as account numbers and passwords, and other official documents. That kind of information can lead to identity theft, fraud, or ransom. Criminals may decide to simply encrypt your data and make it unusable until you pay the ransom. What is encryption? Encryption is the process of converting the information into a form where an unauthorized party cannot read it. Only a trusted, authorized person with the secret k

In this lab, you will explore the concepts to create strong passwords and how to store it securely. Lab - Create and Store Strong Passwords

To prevent unauthorized physical access to your computing devices, use passphrases, rather than passwords. It is easier to create a long passphrase than a password, because it is generally in the form of a sentence rather than a word. The longer length makes passphrases less vulnerable to dictionary or brute force attacks. Furthermore, a passphrase maybe easier to remember, especially if you are required to change your password frequently. Here are some tips in choosing good passwords or passphrases: Tips in choosing a good passphrase: Choose a meaningful statement to you Add special characters, such as ! @ # $ % ^ & * ( ) The longer the better Avoid common or famous statements, for example, lyrics from a popular song Recently, United States National Institute for Standards and Technology (NIST) published improved password requirements. NIST standards are intended for government application but can also serve as a standard for others as well. The new guidelines aim to provide bette

You probably have more than one online account, and each account should have a unique password. That is a lot of passwords to remember. However, the consequence of not using strong and unique passwords leaves you and your data vulnerable to cyber criminals. Using the same password for all your online accounts is like using the same key for all your locked doors, if an attacker was to get your key, he would have the ability to access everything you own. If criminals get your password through phishing for example, they will try to get into your other online accounts. If you only use one password for all accounts, they can get into all your accounts, steal or erase all your data, or decide to impersonate you. We use so many online accounts that need passwords that is becomes too much to remember. One solution to avoid reusing passwords or using weak passwords is to use a password manager. A password manager stores and encrypts all of your different and complex passwords. The manager can t

Wireless networks allow Wi-Fi enabled devices, such as laptops and tablets, to connect to the network by way of the network identifier, known as the Service Set Identifier (SSID). To prevent intruders from entering your home wireless network, the pre-set SSID and default password for the browser-based administrative interface should be changed. Hackers will be aware of this kind of default access information. Optionally, the wireless router can also be configured to not broadcast the SSID, which adds an additional barrier to discovering the network. However, this should not be considered adequate security for a wireless network. Furthermore, you should encrypt wireless communication by enabling wireless security and the WPA2 encryption feature on the wireless router. Even with WPA2 encryption enabled, the wireless network can still be vulnerable. In October 2017, a security flaw in the WPA2 protocol was discovered. This flaw allows an intruder to break the encryption between the wirele

Your computing devices store your data and are the portal to your online life. Below is a short list of steps you can take to protect your computing devices from intrusion: Keep the Firewall On  – Whether it is a software firewall or a hardware firewall on a router, the firewall should be turned on and updated to prevent hackers from accessing your personal or company data. Click  Windows 7 and 8.1  or  Windows 10  to turn on the firewall in the respective version of Windows. Click  here  to turn on the firewall for Mac OS X devices. Use Antivirus and Antispyware  – Malicious software, such as viruses, Trojan horses, worms, ransomware and spyware, are installed on your computing devices without your permission, in order to gain access to your computer and your data. Viruses can destroy your data, slow down your computer, or take over your computer. One way viruses can take over your computer is by allowing spammers to broadcast emails using your account. Spyware can monitor your online

This chapter focuses on your personal devices and your personal data. It includes tips for protecting your devices, creating strong passwords and safely using wireless networks. It also discusses maintaining your data securely.  It covered data backups, data storage and deleting your data permanently. Your online data is worth something to cyber criminals. This chapter briefly covers authentication techniques to help you maintain your data securely. It also covers ways to enhance the security of your online data with tips about what to do and what not to do online. Authentication techniques were discussed to help you maintain your data securely. It briefly covered how easy it is to share too much information on social media and how to avoid this security risk. If you would like to further explore the concepts in this chapter, please check out the Additional Resources and Activities page in Student Resources.