Introduction to Cyber Security


Data Security Council of India (DSCI)



Yüklə 1,12 Mb.
səhifə29/72
tarix07.01.2024
ölçüsü1,12 Mb.
#210959
1   ...   25   26   27   28   29   30   31   32   ...   72
Introduction-cyber-security

Data Security Council of India (DSCI): Data Security Council of India (DSCI) is a premier industry body on data protection in India, setup by NASSCOM, committed to making the cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. DSCI brings together national governments and their agencies, industry sectors including IT-BPM, BFSI, Telecom, industry associations, data protection authorities and think tanks for public advocacy, thought leadership, capacity building and outreach initiatives. To further its objectives, DSCI engages with governments, regulators, industry associations and think tanks on policy matters. To strengthen thought leadership in cyber security and privacy, DSCI develops best practices and frameworks, publishes studies, surveys and papers. It builds capacity in security, privacy and cyber forensics through training and certification program for professionals and law enforcement agencies and engages stakeholders through various outreach initiatives including events, awards, chapters, consultations and membership programs. DSCI also endeavours to increase India‟s share in the global security product and services market through global trade development initiatives. These aim to strengthen the security and privacy culture in the India.

GUIDELINES FOR SECURE PASSWORD, TWO STEP VERIFICATION AND USING FREE ANTIVIRUS




    1. GENERATING SECURE PASSWORD




      1. Guideline for setting secure Password10


Choosing the right password is something that many people find difficult, there are so many things that require passwords these days that remembering them all can be a real problem. Perhaps because of this a lot of people choose their passwords very badly. The simple tips below are intended to assist you in choosing a good password.
Basics

        • Use at least eight characters, the more characters the better really, but most people will find anything more than about 15 characters difficult to remember.

        • Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.

        • Don't use a word found in a dictionary, English or foreign.

        • Never use the same password twice.
Things to avoid




        • Don't just add a single digit or symbol before or after a word. e.g. "apple1"

        • Don't double up a single word. e.g. "appleapple"

        • Don't simply reverse a word. e.g. "elppa"

        • Don't just remove the vowels. e.g. "ppl"

        • Key sequences that can easily be repeated. e.g. "qwerty","asdf" etc.

        • Don't just garble letters, e.g. converting e to 3, L or i to 1, o to 0. as in "z3r0-10v3"
Tips




          • Choose a password that you can remember so that you don't need to keep looking it up, this reduces the chance of somebody discovering where you have written it down.

          • Choose a password that you can type quickly, this reduces the chance of somebody discovering your password by looking over your shoulder.
Bad Passwords

10 http://www.lockdown.co.uk/?pg=password_guide

        • Don't use passwords based on personal information such as: name, nickname, birthdate, wife's name, pet's name, friends name, home town, phone number, social security number, car registration number, address etc. This includes using just part of your name, or part of your birthdate.

        • Don't use passwords based on things located near you. Passwords such as "computer", "monitor", "keyboard", "telephone", "printer", etc. are useless.

        • Don't ever be tempted to use one of those oh so common passwords that are easy to remember but offer no security at all. e.g. "password", "letmein".

        • Never use a password based on your username, account name, computer name or email address.
Choosing a password




        • Use good password generator software.

        • Use the first letter of each word from a line of a song or poem.

        • Alternate between one consonant and one or two vowels to produce nonsense words. eg. "taupouti".

        • Choose two short words and concatenate them together with a punctuation or symbol character between the words. eg. "seat%tree"
Changing your password




        • You should change your password regularly, I suggest once a month is reasonable for most purposes.

        • You should also change your password whenever you suspect that somebody knows it, or even that they may guess it, perhaps they stood behind you while you typed it in.

        • Remember, don't re-use a password.
Protecting your password




        • Never store your password on your computer except in an encrypted form. Note that the password cache that comes with windows (.pwl files) is NOT secure, so whenever windows prompts you to "Save password" don't.

        • Don't tell anyone your password, not even your system administrator

        • Never send your password via email or other unsecured channel

        • Yes, write your password down but don't leave the paper lying around, lock the paper away somewhere, preferably off-site and definitely under lock and key.

        • Be very careful when entering your password with somebody else in the same room.
Remembering your password

Remembering passwords is always difficult and because of this many people are tempted to write them down on bits of paper. As mentioned above this is a very bad idea. So what can you do?



        • Use a secure password manager, see the downloads page for a list of a few that won't cost you anything.

        • Use a text file encrypted with a strong encryption utility.

        • Choose passwords that you find easier to remember.
Bad Examples




        • "fred8" - Based on the users name, also too short.

        • "christine" - The name of the users girlfriend, easy to guess




        • "kciredref" - The users name backwords




        • "indescribable" - Listed in a dictionary




        • "iNdesCribaBle" - Just adding random capitalisation doesn't make it safe.







        • "zeolite" - Listed in a geological dictionary




        • "qwertyuiop" - Listed in word lists




        • "merde!" - Listed in a foreign language dictionary



Good Examples

None of these good examples are actually good passwords, that's because they've been published here and everybody knows them now, always choose your own password don't just use somebody elses.



        • "mItWdOtW4Me" - Monday is the worst day of the week for me.



How would a potential hacker get hold of my password anyway?

There are four main techniques hackers can use to get hold of your password:




  1. Yüklə 1,12 Mb.

    Dostları ilə paylaş:
1   ...   25   26   27   28   29   30   31   32   ...   72



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin