CYBER AWARENESS TRAINING - Allied Maritime Command CY¢  CYBER AWARENESS TRAINING. INTRODUCTION Growing

  • View
    3

  • Download
    2

Embed Size (px)

Text of CYBER AWARENESS TRAINING - Allied Maritime Command CY¢  CYBER AWARENESS TRAINING....

  • CYBER AWARENESS TRAINING

  • INTRODUCTION

     Growing threats in the Cyber domain .

     Definitions  Cyber security

     Cyber defence

     Information Security system

     Cyber Awareness

     Cyber security Goals • Availability

    • Integrity

    • Confidentiality

    2007 Estonia 2008 Georgia

    2010 Iran (Stuxnet) 2011

    Drones

    2012 Aramco (Shamoon)

    2014 Ukraine (Uroboros)

    2015 France /Charlie Hebdo TV5 Monde Desert falcons

    2016 MIRAI Locky Dyn DNS

    • + 46% attacks in 2017 • 758 millions of cyber

    attacks in 2017 • 1 attack every 40s

    2017 Maersk Wannacry Petya GPS

  • Types of threats and attackers

     Attackers  Cybercrime  Cyber warfare  Hacktivism  Cyber terrorism  Unintentional insiders

     Threats

  • MALWARE

     MALWARE,  Trojan horse  Worms  Ransomware  Viruses  Adware  Spyware  Rootkit  Bug  Bots

     Example of Malware Click on the video of NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) cyber training

    https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11798/objects/il_0_mob_2544/fullscreen.html https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11798/objects/il_0_mob_2544/fullscreen.html

  • Antivirus

     How it works

     Recommendations

  • Passwords

     Type of attacks  Brute force,  Dictionary,

     Password strength  9 characters including : 1 capital letter, 1 number, 1 special character

     Re-use password + changing password

  • Identity theft and emails

     Dangers  Phishing,  Spear phishing,  Social engineering,

     Video fake URL

     Example of phishing email Example of phishing website

    https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11864/objects/il_0_mob_4320/fullscreen.html https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11864/objects/il_0_mob_4320/fullscreen.html

  • Mobile devices  Risks

     Data Leakage  Unsecured Wi-Fi  Network Spoofing  Phishing Attacks  Spyware  Broken Cryptography  Improper Session Handling

     Vulnerabilities  Malware  Device vulnerabilities  Data leaks  Physical protection

     Best practices  Regularly update the operating system and apps  Use relevant built-in security features  Minimize location access  Avoid connecting to unsecured Wi-Fi networks  Download apps from trusted sources  Know the risks of jailbreaking/rooting  Be wary of unsolicited calls or messages  Set automatic locks on mobile devices  Limit the personal information given to apps and websites  Manage what is shared online  Be aware of the nature of your conversation and your surroundings

  • Removable media  Type

     Risks

     Recommendations

     Every division within HQ MARCOM has a Divisional File Transfer Secretary authorized to transfer data between NS/NU networks (HQTM 006/14)

    https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11850/objects/il_0_mob_4327/fullscreen.html https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_17722/11850/objects/il_0_mob_4327/fullscreen.html

  • Social media

     Dangers  Defeating passwords  Social engineering  Identity theft  Exploitation by Foreign Intelligence Services  Physical interception  Blackmail

     Recommendations  Arranging privacy settings to protect a personal social media profile, noting that individual account settings can affect

    anyone that has links to that account.  Speaking to family and friends about what they post and ‘tag’ to their social media accounts.  Considering what is uploaded, whether it is an image or information, and who may access it.  Awareness of geo-data attached to uploaded content.  Considering whether there is a need to identify as a military member, and what other personal and sensitive

    information is attached to NATO member’s social media profile.

     Personal Security Online : navy  Personal Security Online : friends and family  Personal Security Online : defence civilians  Personal Security Online : army

    https://www.youtube.com/watch?v=3U4-SRBmjaY https://www.youtube.com/watch?v=3U4-SRBmjaY https://www.youtube.com/watch?v=tpxDtZI96so https://www.youtube.com/watch?v=tpxDtZI96so https://www.youtube.com/watch?v=6w5tq8-6VOk https://www.youtube.com/watch?v=6w5tq8-6VOk https://www.youtube.com/watch?v=Q9zuGqKNKLs https://www.youtube.com/watch?v=Q9zuGqKNKLs

  • MARCOM SOI 409.02 Mobile phones and connected devices

     POLICIES FOR THE USE OF MOBILE COMMUNICATION DEVICES (MCD)  No MCD shall be introduced into Atlantic Building  All MCD will be stored in the dedicated lockers at corridor. Such phones will be turned off.  All MCD, regardless of the ownership, will only be used for the conveyance of publicly release and non-

    sensitive NATO UNCLASSIFIED information.  In cases when an official has NATO approved secure voice capability, the classification of the information

    exchange may be up to NATO SECRET, if all other rules and regulations (e.g. COMSEC doctrine for device) are observed.

     It is chairperson’s responsibility to preface all proceedings held in the MARCOM conference rooms with a verbal reminder to remove MCD from the building.

  • Types of malware Question 1/3

  • Types of malware Question 2/3

  • Types of malware Question 3/3

  • Types of threats and attackers Question 1/3

  • Types of threats and attackers Answer

    FALSE

  • Types of threats and attackers Answer

    FALSE

  • Types of threats and attackers Answer

    TRUE

  • Types of threats and attackers Question 2/3

  • Types of threats and attackers Answer

    FALSE

  • Types of threats and attackers Answer

    TRUE

  • Types of threats and attackers Answer

    FALSE

  • Types of threats and attackers Questions 3/3

  • Types of threats and attackers Answer

    TRUE

  • Types of threats and attackers Answer

    FALSE

  • Types of threats and attackers Answer

    FALSE

  • Antivirus Question 1/2

  • Antivirus Answer

    TRUE

  • Antivirus Answer

    FALSE

  • Antivirus Question 2/2

  • Antivirus Answer

    FALSE

  • Antivirus Answer

    TRUE

  • Passwords Question 1/2

  • Passwords Answer

    TRUE

  • Passwords Answer

    FALSE

  • Passwords Question 2/2

  • Passwords Answer

    TRUE

  • Passwords Answer

    FALSE

  • Identity theft and emails Question 1/3

  • Identity theft and emails Answer

    FALSE

  • Identity theft and emails Answer

    TRUE

  • Identity theft and emails Question 2/3

  • Identity theft and emails Answer

    FALSE

  • Identity theft and emails Answer

    TRUE

  • Identity theft and emails Question 3/3

  • Identity theft and emails Answer

    TRUE

  • Identity theft and emails Answer

    FALSE

  • Mobile devices Question 1/2

  • Mobile devices Answer

    TRUE

  • Mobile devices Answer

    FALSE

  • Mobile devices Answer

    FALSE

  • Mobile device Question 2/2

    There is no danger if I plug my MD on my desktop/laptop.

  • Mobile device Answer

    There is no danger if I plug my MD on my desktop/laptop.

    FALSE

  • Mobile device Answer

    There is no danger if I plug my MD on my desktop/laptop.

    TRUE

  • Removable media Question 1/2

  • Removable media Answer

    FALSE

  • Removable media Answer

    TRUE

  • Removable media Question 2/2

  • Removable media Answer

    FALSE

  • Removable media Answer

    TRUE

  • Please submit your completion and add your full name, rank and division in the email body

    “certificate will be sent by email once received by N6 CYBER”

    Click here to submit your completion

    mailto:marcomcyber@mc.nato.int?subject=Cyber%20Introduction%20Training%20Completion&body=Name,Rank,Division mailto:marcomcyber@mc.nato.int?subject=Cyber%20Introduction%20Training%20