Peter Gyger online

"Gring ache u seckle" (Quelle: A. Weyermann)


Internet Security for Beginners - en Detail

Letzter Update:  18. März 2018 Aktuell besuche ich an der OpenHPI den Kurs "Internet Security for Beginners" (MOOC). Da ich die Kurse i.d.R. mit Neugierde und Begeisterung besuche, arbeite ich mich über das notwendige (Minimal-) Mass in das Kursthema ein. Dieser Artikel sind die Notizen zu den Recherchen des Kursthemas. Der Kursinhalt: Course characteristics: Language: English Starting from: February 26, 2018 Course end: April 9, 2018 Duration: 6 weeks (3-6 hours per week) Target group: Anyone who uses the Internet Course requirements: none What are the topics that will be presented during the next 6 weeks? During the next 6 weeks we will cover the following topics: Internet and Cybercrime Digital Identities and Passwords Malware from the Internet: Viruses, Trojans, Botnets Open Internet - Unsafe Transport Routes Information Security through Cryptography Private Sphere and Data Privacy Lernmaterial   Week 1: We will explain the basic terms vulnerability, attack, and incident in the first week. Furthermore, we will elaborate on attackers, their motives and their origins. Week 2: In week 2, we will explain the idea and the concept of digital Identities and passwords. We will discuss the digital footprint, the feasibility to (easily) crack passwords and guidelines to chose a secure password. Week 3 In this week we will discuss several issues about malware. We will cover different types, such as, viruses, worms, and trojans, talk about botnets and mention some countermeasures. Week 4: In week 4, we will talk about dangers and risks that arise through the usage of open routes in the Internet. Therefore, we will discuss how attacks can capture messages and eavesdrop or even manipulate and compromise connections. Furthermore, some security mechanisms for those open communication channels, such as firewalls and encryption are illustrated. Week 5: In the 5th week, we will take a closer look at the general topic encryption. Therefore, we explain different cryptographic algorithms and how they can be used for various purposes. Week 6: In this week we will talk about several topics related to data privacy and private sphere in the digital world. Starting at the Internet as one big eco-system we will also cover privacy in the context of smartphones and wearables, the Internet-of-things or cloud computing, for example.   Woche 2 Folge1:  "Digital Identities and Passwords" What is Digital Identity? Access Control. Authentication by Username - Password. Strong Authentication. Multi-Factor Authentication. Folge2:  "Identity Theft" Target: Digital Identity Data. Digital Identity Data Theft. HPI Identity Leak Checker. Motivation for Identity Theft.  Folge3:  "Password-Based Login Process" Log-in Procedure with Passwords. Weak Spot: Plaintext Passwords. Safe Storage of Passwords. Validation of a Password. Safe Hashes with Salt. Sekundärliteratur: Wikipedia: Rainbow Table Folge4:  "Dilemma of Weak Passwords" Weak Passwords. Choose Safe Passwords Folge5:  "Attacks on Passwords" Attacks on Passwords. Passwort Guessing. Password Cracking. Interception of Passowrds - Sniffing. Spying for Passwords. Major Password Violation Incidents. Major Password Violation Incidents. Folge6:  "Protection: Good Passwords" Choosing "Good" i.e. Safe Passwords. Use of Password Safes.  Folge7:  "Identity Theft by Social Engineering" What is Social Engineering? Social Engineering: Phishing. Social Engineering: Widespread Phishing Attacks. Social Engineering: Personalized Phishing. Social Engineering: Other Techniques. Social Engineering: Notable Past Cases. Social Engineering: Precautions.  Folge8:  " Secure Authentication" Secure Public Key Authentication. Secure Public Key Authentication. Secure Authentication with Smartcards. Sekundärliteratur: Wikipedia: Public-Key-Authentifizierung Ergänzung1:  "Password Length" Ergänzung2:  "Hash Functions" Woche 3  Folge1:  "Introduction - Malware form the Internet"  Malicious Software - a Major Threat on the Internet. Overview of the Week's Program on Malware. Overview of the Week's Program on Malware - Excursion.  Folge2:  "Malware from the Internet: Viruses, Trojans, Botnets" Malware - Malicious Software. Malware: Viruses. Malware: Worms. Malware: Trojan or Trojan Horse. Malware: Keylogger. Malware: Botnets. Malware: Rootkit and Backdoor. Malware: Adware. Malware: Spyware. Malware: Scareware. Malware: Rogueware / Rogue Antivirus. Malware: Ransomware. Malware Today.   Folge3:  "Botnets" "Botnets". Botnets - Basic Principle. Botnets - Attack Scenarios. Botnets - Well-Known Examples. Example of Botnet Attack: Bitcoin Mining. "Storm" Botnet. "Storm" Botnet: Stormfucker. Zeus. Zeus - Gameover ZeuS.  Sekundärliteratur: Elektro Kompendium: Botnetze Swisscom: Sicherheit im Smart Home Krebs on Security: Botnet    Folge4:  "Malware: Spectacular Examples"  Malware - Some Spectacular Examples. Malware - Some Spectacular Examples. Cookie Monster. ILOVEYOU. Conficker. Stuxnet. Regin. "Kampagnen" Malvertising. Ransom32. WannaCry.     Folge5: ""Malware: Protective Measures" Regular Backup. Programm Updates. Virus Scanners - Antivirus Software. Firewalls. Healthy Mistrust.  Sekundärliteratur: O'Reilly Open Book: "Linux-Firewalls - Ein praktischer Einstieg, 2. Auflage " ERNSTFALL SOCIAL ENGINEERING: WIE HACKER IN IHRE PSYCHE EINDRINGEN   Folge6: "Mobile Apps and Malware" Mobile Platforms. Basic Concepts. Alternative App Stores. Mobile Malware. Mobile Malware Examples: Dendroid. Mobile Malware Examples: ExpensiveWall. Vulnerabilities in Mobile Operating Systems. Common Vulnerabilities in Android. Protective Measures.