Оглавление
Joseph Steinberg. Cybersecurity For Dummies
Cybersecurity For Dummies® To view this book's Cheat Sheet, simply go to www.dummies.com and search for “Cybersecurity For Dummies Cheat Sheet” in the Search box. Table of Contents
List of Tables
List of Illustrations
Guide
Pages
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
Getting Started with Cybersecurity
What Exactly Is Cybersecurity?
Cybersecurity Means Different Things to Different Folks
Cybersecurity Is a Constantly Moving Target
Technological changes
Digital data
The Internet
Cryptocurrency
Mobile workforces and ubiquitous access
Smart devices
Big data
The COVID-19 pandemic
Social shifts
Economic model shifts
Political shifts
Data collection
Election interference
Hacktivism
Greater freedom
Sanctions
New balances of power
Looking at the Risks Cybersecurity Mitigates
The goal of cybersecurity: The CIA Triad
From a human perspective
Getting to Know Common Cyberattacks
Attacks That Inflict Damage
Denial-of-service (DoS) attacks
Distributed denial-of-service (DDoS) attacks
Botnets and zombies
Data destruction attacks
Is That Really You? Impersonation
Phishing
Spear phishing
CEO fraud
Smishing
Vishing
Pharming
Whaling: Going for the “big fish”
Messing around with Other People’s Stuff: Tampering
Captured in Transit: Interception
Man-in-the-middle attacks
Taking What Isn’t Theirs: Data Theft
Personal data theft
Business data theft
Data exfiltration
Compromised credentials
Forced policy violations
Cyberbombs That Sneak into Your Devices: Malware
Viruses
Worms
Trojans
Ransomware
Scareware
Spyware
Cryptocurrency miners
Adware
Blended malware
Zero-day malware
Fake malware on computers
Fake malware on mobile devices
Fake security subscription renewal notifications
Poisoned Web Service Attacks
Network Infrastructure Poisoning
Malvertising
Drive-by downloads
Stealing passwords
Exploiting Maintenance Difficulties
Advanced Attacks
Opportunistic attacks
Targeted attacks
Blended (opportunistic and targeted) attacks
Some Technical Attack Techniques
Rootkits
Brute-force attacks
Injection attacks
Cross-site scripting
SQL injection
Session hijacking
Malformed URL attacks
Buffer overflow attacks
The Bad Guys You Must Defend Against
Bad Guys and Good Guys Are Relative Terms
Bad Guys Up to No Good
Script kiddies
Kids who are not kiddies
Terrorists and other rogue groups
Nations and states
CHINESE FIRMS STEAL AMERICAN INTELLECTUAL PROPERTY
Corporate spies
Criminals
Hacktivists
Terrorists
Rogue insiders
Cyberattackers and Their Colored Hats
How Cybercriminals Monetize Their Actions
Direct financial fraud
Indirect financial fraud
Profiting off illegal trading of securities
Stealing credit card, debit card, and other payment-related information
Stealing goods
Stealing data
Ransomware
Cryptominers
Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats
Human error
Humans: The Achilles’ heel of cybersecurity
Social engineering
External disasters
Natural disasters
Pandemics
Man-made environmental problems
Cyberwarriors and cyberspies
The impotent Fair Credit Reporting Act
Expunged records are no longer really expunged
Social Security numbers
Social media platforms
Google’s all-knowing computers
Mobile device location tracking
Defending against These Attackers
Improving Your Own Personal Security
Evaluating Your Current Cybersecurity Posture
Don’t be Achilles: Identifying Ways You May Be Less than Secure
Your home computer(s)
Your mobile devices
Your Internet of Things (IoT) devices
Your networking equipment
Your work environment
Identifying Risks
UNDERSTANDING ENDPOINTS
Protecting against Risks
Perimeter defense
Firewall/router
Security software
Your physical computer(s) and any other endpoints
Backups
Detecting
Responding
Recovering
Improving
Evaluating Your Current Security Measures
Software
Hardware
Insurance
Education
Privacy 101
Think before you share
Think before you post
General privacy tips
TURNING ON PRIVACY MODE
Banking Online Safely
Safely Using Smart Devices
Cryptocurrency Security 101
Enhancing Physical Security
Understanding Why Physical Security Matters
Taking Inventory
SECRETARY OF STATE HILLARY CLINTON’S EMAIL PROBLEM
Stationary devices
SMARTPHONES ARE A LOT MORE THAN SMART PHONES
Mobile devices
Locating Your Vulnerable Data
Creating and Executing a Physical Security Plan
Implementing Physical Security
Security for Mobile Devices
Realizing That Insiders Pose the Greatest Risks
Cybersecurity Considerations When Working from Home
Network Security Concerns
Device Security Concerns
Location Cybersecurity
Shoulder surfing
Eavesdropping
Theft
Human errors
Video Conferencing Cybersecurity
Keep private stuff out of camera view
Keep video conferences secure from unauthorized visitors
Social Engineering Issues
Regulatory Issues
Protecting Yourself from Yourself
Securing Your Accounts
Realizing You’re a Target
Securing Your External Accounts
Securing Data Associated with User Accounts
Conduct business with reputable parties
Use official apps and websites
Don’t install software from untrusted parties
Don’t root your phone
Don’t provide unnecessary sensitive information
Use payment services that eliminate the need to share credit card numbers
Use one-time, virtual credit card numbers when appropriate
Monitor your accounts
Report suspicious activity ASAP
Employ a proper password strategy
Utilize multifactor authentication
Log out when you’re finished
Use your own computer or phone
Lock your computer
Use a separate, dedicated computer for sensitive tasks
Use a separate, dedicated browser for sensitive web-based tasks
Secure your access devices
Keep your devices up to date
Don’t perform sensitive tasks over public Wi-Fi
Never use public Wi-Fi in high-risk places
Access your accounts only in safe locations
Use appropriate devices
Set appropriate limits
Use alerts
Periodically check access device lists
Check last login info
Respond appropriately to any fraud alerts
Never send sensitive information over an unencrypted connection
Beware of social engineering attacks
Establish voice login passwords
Protect your cellphone number
Don’t click on links in emails or text messages
Securing Data with Parties You’ve Interacted With
Securing Data at Parties You Haven’t Interacted With
Securing Data by Not Connecting Hardware with Unknown Pedigrees
Passwords
Passwords: The Primary Form of Authentication
Avoiding Simplistic Passwords
TOP TEN COMMON PASSWORDS
Password Considerations
Easily guessable personal passwords
Complicated passwords aren’t always better
Different levels of sensitivity
Your most sensitive passwords may not be the ones you think
You can reuse passwords — sometimes
Consider using a password manager
Creating Memorable, Strong Passwords
Knowing When to Change Passwords
Changing Passwords after a Breach
Providing Passwords to Humans
Storing Passwords
Storing passwords for your heirs
Storing general passwords
Transmitting Passwords
Discovering Alternatives to Passwords
Biometric authentication
SMS-based authentication
App-based one-time passwords
Hardware token authentication
USB-based authentication
Preventing Social Engineering Attacks
Don’t Trust Technology More than You Would People
Types of Social Engineering Attacks
Six Principles Social Engineers Exploit
Don’t Overshare on Social Media
A SOCIAL PLATFORM’S ENTIRE DATABASE LEAKS
Your schedule and travel plans
Financial information
Personal information
Information about your children
Information about your pets
Work information
Possible cybersecurity issues
Crimes and minor infractions
Medical or legal advice
Your location
Your birthday
Your “sins”
Leaking Data by Sharing Information as Part of Viral Trends
Identifying Fake Social Media Connections
Photo
Verification
Friends or connections in common
Relevant posts
Number of connections
Industry and location
Similar people
Duplicate contact
Contact details
Premium status
LinkedIn endorsements
Group activity
Appropriate levels of relative usage
Human activities
Cliché names
Poor contact information
Skill sets
Spelling
Age of an account
Suspicious career or life path
Level or celebrity status
DO YOU NEED TO AVOID FAKE CONNECTIONS?
Using Bogus Information
Using Security Software
General Cyberhygiene Can Help Prevent Social Engineering
Cybersecurity for Businesses, Organizations, and Government
Securing Your Small Business
Making Sure Someone Is In Charge
Watching Out for Employees
Incentivize employees
Avoid giving out the keys to the castle
Give everyone separate credentials
Restrict administrators
Limit access to corporate accounts
Implement employee policies
Enforce social media policies
Monitor employees
Dealing with a Remote Workforce
Use work devices and separate work networks
Set up virtual private networks
Create standardized communication protocols
Use a known network
Determine how backups are handled
Be careful where you work remotely
Be extra vigilant regarding social engineering
Considering Cybersecurity Insurance
CYBERSECURITY INSURANCE IS NOW AVAILABLE TO BUSIENSSES OF ALL SIZES
Complying with Regulations and Compliance
Protecting employee data
PCI DSS
Breach disclosure laws
GDPR
HIPAA
Biometric data
Anti-money laundering laws
International sanctions
Handling Internet Access
Segregate Internet access for personal devices
Create bring your own device (BYOD) policies
Properly handle inbound access
Protect against denial-of-service attacks
Use https
Use a VPN
Run penetration tests
Be careful with IoT devices
Use multiple network segments
Be careful with payment cards
Managing Power Issues
LOCKING ALL NETWORKING EQUIPMENT AND SERVERS IN A VENTILATED CLOSET
Cybersecurity and Big Businesses
Utilizing Technological Complexity
Managing Custom Systems
Continuity Planning and Disaster Recovery
Looking at Regulations
Sarbanes Oxley
Stricter PCI requirements
Public company data disclosure rules
Breach disclosures
Industry-specific regulators and rules
Fiduciary responsibilities
INSIDER TRADING AFTER A BREACH OCCURS AND BEFORE IT IS REPORTED
Deep pockets
Deeper Pockets — and Insured
Considering Employees, Consultants, and Partners
Dealing with internal politics
Offering information security training
Replicated environments
Looking at the Chief Information Security Officer’s Role
Overall security program management
Test and measurement of the security program
Human risk management
Information asset classification and control
Security operations
Information security strategy
Identity and access management
Data loss prevention
Fraud prevention
Incident response plan
Disaster recovery and business continuity planning
Compliance
Investigations
Physical security
Security architecture
Geopolitical risks
Ensuring auditability of system administrators
Cybersecurity insurance compliance
Handling a Security Incident (This Is a When, Not an If)
Identifying a Security Breach
Identifying Overt Breaches
Ransomware
Defacement
Claimed destruction
Detecting Covert Breaches
Your device seems slower than before
Your Task Manager doesn’t run
Your Registry Editor doesn’t run
Your device starts suffering from latency issues
Your device starts suffering from communication and buffering issues
Your device’s settings have changed
Your device is sending or receiving strange email messages
Your device is sending or receiving strange text messages
New software (including apps) is installed on your device — and you didn’t install it
Your device’s battery seems to drain more quickly than before
Your device seems to run hotter than before
File contents have been changed
Files are missing
Websites appear different than before
Your Internet settings show a proxy, and you never set one up
Some programs (or apps) stop working properly
Security programs have turned off
An increased use of data or text messaging (SMS)
Increased network traffic
Unusual open ports
Your device starts crashing
Your cellphone bill shows unexpected charges up to here
Unknown programs request access
External devices power on unexpectedly
Your device acts as if someone else were using it
New browser search engine default
Your device password has changed
Pop-ups start appearing
New browser add-ons appear
New browser home page
Your email from the device is getting blocked by spam filters
Your device is attempting to access “bad” sites
You’re experiencing unusual service disruptions
Your device’s language settings changed
You see unexplained activity on the device
You see unexplained online activity
Your device suddenly restarts
You see signs of data breaches and/or leaks
You are routed to the wrong website
Your hard drive or SSD light never seems to turn off
Other abnormal things happen
Recovering from a Security Breach
An Ounce of Prevention Is Worth Many Tons of Response
Stay Calm and Act Now with Wisdom
Bring in a Pro
Recovering from a Breach without a Pro’s Help
Step 1: Figure out what happened or is happening
Step 2: Contain the attack
Step 3: Terminate and eliminate the attack
TERMINATING NETWORK CONNECTIVITY
Boot the computer from a security software boot disk
Backup
Delete junk (optional)
Run security software
Reinstall Damaged Software
Restart the system and run an updated security scan
Erase all potentially problematic System Restore points
Restore modified settings
IN CHROME
IN FIREFOX
IN SAFARI
IN EDGE
Rebuild the system
Dealing with Stolen Information
Paying ransoms
Consult a cybersecurity expert
Consult a lawyer
CYBER LIABILITY INSURANCE AND RANSOMS
Learning for the future
Recovering When Your Data Is Compromised at a Third Party
Reason the notice was sent
Scams
Passwords
Payment card information
Government-issued documents
School or employer-issued documents
Social media accounts
Backing Up and Recovery
Backing Up
Backing Up Is a Must
Backing Up Data from Apps and Online Accounts
SMS texts
Social media
WhatsApp
Google Photos
Other apps
Backing Up Data on Smartphones
Android
Automatic backups
Manual backups
Apple
Backing up to iCloud
Backing up using iTunes
Conducting Cryptocurrency Backups
Backing Up Passwords
Looking at the Different Types of Backups
Full backups of systems
Original system images
Later system images
Original installation media
Downloaded software
Full backups of data
Incremental backups
Differential backups
Mixed backups
Continuous backups
Partial backups
Folder backups
Drive backups
Virtual drive backups
Exclusions
In-app backups
Figuring Out How Often You Should Backup
Exploring Backup Tools
Backup software
Drive-specific backup software
Windows Backup
Smartphone/tablet backup
Manual file or folder copying backups
Automated task file or folder copying backups
Creating a Boot Disk
Knowing Where to Back Up
Local storage
Offsite storage
Cloud
Network storage
Mixing locations
Knowing Where Not to Store Backups
Encrypting Backups
Testing Backups
Disposing of Backups
Resetting Your Device
Exploring Two Types of Resets
Soft resets
Older devices
Windows computers
Mac computers
Android devices
iPhones
Hard resets
Resetting a modern Windows device
METHOD 1
METHOD 2
METHOD 3
Resetting a modern Android device
SAMSUNG GALAXY SERIES RUNNING ANDROID 11
SAMSUNG TABLETS RUNNING ANDROID 11
HUAWEI DEVICES RUNNING ANDROID 8
Resetting a Mac
Resetting an iPhone
Rebuilding Your Device after a Hard Reset
Restoring from Backups
You Will Need to Restore
Wait! Do Not Restore Yet!
Restoring Data to Apps
Restoring from Full Backups of Systems
Restoring to the computing device that was originally backed up
Restoring to a different device than the one that was originally backed up
Original system images
Later system images
Installing security software
Original installation media
Downloaded software
Restoring from full backups of data
Restoring from Incremental Backups
Incremental backups of data
Incremental backups of systems
Differential backups
Continuous backups
Partial backups
Folder backups
Drive backups
Virtual-drive backups
Restoring the entire virtual drive
Restoring files and/or folders from the virtual drive
Dealing with Deletions
Excluding Files and Folders
Understanding Archives
Multiple files stored within one file
Old live data
Old versions of files, folders, or backups
Restoring Using Backup Tools
Restoring from a Windows backup
Restoring to a system restore point
Restoring from a smartphone/tablet backup
Restoring from manual file or folder copying backups
Utilizing third-party backups of data hosted at third parties
Returning Backups to Their Proper Locations
Network storage
Restoring from a combination of locations
Restoring to Non-Original Locations
Never Leave Your Backups Connected
Restoring from Encrypted Backups
Testing Backups
Restoring Cryptocurrency
WHAT IS A DIGITAL WALLET?
Booting from a Boot Disk
Looking toward the Future
Pursuing a Cybersecurity Career
Professional Roles in Cybersecurity
Security engineer
Security manager
Security director
Chief information security officer (CISO)
Security analyst
Security architect
Security administrator
Security auditor
Cryptographer
Vulnerability assessment analyst
Ethical hacker
Security researcher
Offensive hacker
Software security engineer
Software source code security auditor
Security consultant
Security expert witness
Security specialist
Incident response team member
Forensic analyst
Cybersecurity regulations expert
Privacy regulations expert
Exploring Career Paths
Career path: Senior security architect
Career path: CISO
Starting Out in Information Security
Exploring Popular Certifications
CISSP
CISM
CEH
Security+
GSEC
Verifiability
Ethics
Overcoming a Criminal Record
Overcoming Bad Credit
Looking at Other Professions with a Cybersecurity Focus
Emerging Technologies Bring New Threats
Relying on the Internet of Things
Critical infrastructure risks
STUXNET
Computers on wheels: modern cars
Using Cryptocurrencies and Blockchain
Cloud-Based Applications and Data
Optimizing Artificial Intelligence
Increased need for cybersecurity
AI CAN ALREADY FALSIFY MRI IMAGES AND PRODUCE INCORRECT MRI RESULTS
Use as a cybersecurity tool
Use as a hacking tool
Where Was This Laptop Really Made? Supply Chain Risks
Nothing Is Trustworthy: Zero Trust
Genius Computers Are Coming: Quantum Supremacy
Experiencing Virtual Reality
Transforming Experiences with Augmented Reality
POKÉMON GO
The Part of Tens
Ten Ways to Improve Your Cybersecurity without Spending a Fortune
Understand That You Are a Target
Use Security Software
Encrypt Sensitive Information
Back Up Often
Do Not Share Login Credentials
Use Proper Authentication
Use Social Media Wisely
Segregate Internet Access
Use Public Wi-Fi Safely (Or Better Yet, Don’t Use It!)
Hire a Pro
Ten (or So) Lessons from Major Cybersecurity Breaches
Marriott
Target
Sony Pictures
U.S. Office of Personnel Management
Anthem
Colonial Pipeline and JBS SA
Colonial Pipeline
JBS
Ten Ways to Safely Use Public Wi-Fi
Use Your Cellphone as a Mobile Hotspot
Turn Off Wi-Fi Connectivity When You’re Not Using Wi-Fi
Don’t Perform Sensitive Tasks over Public Wi-Fi
Don’t Reset Passwords When Using Public Wi-Fi
Use a VPN Service
Use Tor
Use Encryption
Turn Off Sharing
Have Information Security Software on Any Devices Connected to Public Wi-Fi Networks
Understand the Difference between True Public Wi-Fi and Shared Wi-Fi
Index. A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
About the Author
Dedication
Author’s Acknowledgments
WILEY END USER LICENSE AGREEMENT
