SECURITY TRAINING & AWARENESS
The free cybersecurity training site, Cybrary, offers content in beginner, intermediate, and advanced/leadership tiers. Included classes for each tier are:
What is a DoS attack and what does it attempt to do?
A DoS is a Denial of Service (DoS) attack. It attempts to disrupt access to, or use of, information technology (IT) systems or services. Visualize a super sales event, two hours before the event starts. A few early birds come to get a peek at the inventory. Traffic flow is not an issue and the shoppers can easily make their way into the store. Fast forward to the start of the event. A crowd has quickly assembled and the volume of shoppers have flooded the front door with other eager shoppers pushing to enter the store; they block entrance. Until some shoppers clear the entrance, admittance is disrupted. A DoS attack overruns the IT system’s ability to continue processing, thus disrupting normal operations. When DoS attacks are launched from one or a few easily identifiable source(s), systems can be told to block or drop the tidal wave of traffic. Thus, they can continue to operate.
What is a DDoS and what does it attempt to do?
A DDoS is a Distributed Denial of Service (DDoS) attack. It attempts to disrupt access to, or use of, information technology (IT) systems or services as well. However, DDoS occurs whenever multiple sources coordinate in the DoS attack. DDoS attacks are not new, however, they have recently garnered more attention and are being more widely used. Again, the main purpose behind a DDoS is the malicious consumption of resources, to cause significant disruption, loss of productivity, and/or revenue. DDoS mitigation is harder to thwart because of its distributed nature. Think about the blocking scenario above. If you have the tidal wave coming from countless sources and you are unable to filter the good from the bad, then it will all overrun the system and cause disruption for both legitimate and malicious actors. For IT practitioners, check out the CIS Guide to DDoS Attacks for mitigation techniques.
Why is it happening so often? Who’s doing it? And why?
DDoS can now be purchased. Instead of adding clothes or a movie to your online shopping cart, one could add a DDoS attack. So, instead of having to know the skills and techniques to launch an attack, all you have to do is pay a small fee for minutes or hours of disruption. Can it be traced back to you? Perhaps pay a premium to cover your tracks…what’s a few more dollars? Attackers are becoming more sophisticated and catering to new business and personal drivers. Some operate in an organized manner, others sell services as solo entrepreneurs, while others even work for free if a cause aligns with their convictions. A special term exists for bad actors that launch attacks based on political, religious, or environmental motivators - Hacktivists (a blend of hackers and activists). Whether the attacker is aiming for social protest, political change, or promoting ideological agendas, the end result can have lasting implications.
Secure Florida.org offers a free internet safety guide with tips on how to stay safe online at work.
Texas A&M Engineering Extension Service's Online Cybersecurity Training is designed to provide a basic understanding of awareness-level training, and in some cases, serve as the pre-requisite training for more advanced training. Courses are funded through DHS/FEMA's Homeland Security National Training Program and are offered at no cost. The online format allows individuals to register and take the training at their own pace. Each of the courses offers Continuing Education Units from the International Association of Continuing Education and Training. In addition, the Cybersecurity online courses offer the opportunity to earn college credit hours as recommended by the American Council on Education.
This Risk Management Course provided by the National Institute of Standards and Technology (NIST), Information Technology Laboratory, that provides people new to risk management with an overview of a methodology for managing organizational risk - the Risk Management Framework (RMF).
Part of the Stop. Think. Connect. Campaign, the Stay Safe Online blog offers articles and tips for online safety from subject matter experts. Part of the National Cyber Security Alliance.
Part of the Stop. Think. Connect. Campaign, the On Guard Online blog offers articles and tips for avoiding scams and hacking from subject matter experts . Part of the National Cyber Security Alliance.
The Microsoft Cyber Trust blog provides in-depth discussions on topics that frequently accrue to trust in technology. It includes timely news, trends, analysis, practical guidance and tools. Each week you'll hear from Microsoft experts who will regularly share insights, report on research, and discuss our collaborative work internally and externally with industry and governments around the world to help create a safer, more trusted Internet for everyone.
McAfee's blog for Family Safety provides information regarding online safety and information about Cyberbullying, security tips and online trends to save you time and keep your family safe.
- U.S. Cyber Command (U.S. Department of Defense/CyberDomain Security and Operations), the services, and U.S. partners and allies are working together to make cyberspace a suitable place for military command and control. For the Defense Department, the focus on security in cyberspace includes the full spectrum of 21st century operations.
- Tips and links from the U.S. Department of Defense/Homeland Security - Cybersecurity section for information on staying safe online.
- The National Vulnerability Database (National Institute of Standards and Technology - NIST) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
- The National Institute of Standards and Technology, Computer Security Division (NIST) uses various publications to promulgate computer security standards and guidelines and present relevant supporting information and research.
- Part of the US Department of Homeland Security, the United States Computer Emergency Readiness Team (US-CERT) strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.
- Guide to DDoS Attacks: This Center for Internet Security (CIS) Multi-State Information Sharing and Analysis Center (MS-ISAC) document is a guide to aid our partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks.
- Florida Center for Cybersecurity: Cybersecurity Outreach, related upcoming events, and cybersecurity resources provided by the University of South Florida.
- Social Media Smart Cards: The FBI has created "Smart Cards" to assist users of social media with proper configuration of account privacy and security settings.
- Take cybersecurity into your own hands. In this Lab, you’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen your cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.
- FTC - Consumer Information: Computer Security: The internet offers access to a world of products and services, entertainment and information. At the same time, it creates opportunities for scammers, hackers, and identity thieves. Learn how to protect your computer, your information, and your online files.
- FTC - Consumer Information: Kids' Online Safety: The opportunities kids have to socialize online come with benefits and risks. Adults can help reduce the risks by talking to kids about making safe and responsible decisions.
- FTC - Consumer Information: Gamers - Avoid the Phishing Hook: Did you ever get an email that seemed legit, but it asked you to click a link or give up some personal information? Well, if you play massive multiplayer online games, be warned: phishers are looking for ways to get those emails into your inbox.
- FTC - Consumer Information: Scam du Jour - Chip Card Scams: Here's what’s happening: Scammers are emailing people, posing as their card issuer. The scammers claim that in order to issue a new chip card, you need to update your account by confirming some personal information or clicking on a link to continue the process.
- FTC - Consumer Information: Free Phones for Veterans? Not Quite.
- FBI's Parent's Guide to Internet Safety: The FBI's Cyber Division has published an online guide to Internet Safety for parents.
- McAfee's blog for Family Safety provides information regarding online safety and information about Cyberbullying, security tips and online trends to save you time and keep your family safe.
- WiredSafety is the largest and oldest online safety, education, and help group in the world. Originating in 1995 as a group of volunteers rating websites, it now provides one-to-one help, extensive information, and education to cyberspace users of all ages on a myriad of Internet and interactive technology safety, privacy and security issues. These services are offered through a worldwide organization comprised entirely of unpaid volunteers who administer specialized websites, resources and programs.
- OnGuardOnline.gov - Social networking sites, chat rooms, virtual worlds, and blogs are how teens and tweens socialize online; it's important to help your child learn how to navigate these spaces safely. Among the pitfalls that come with online socializing are sharing too much information or posting comments, photos, or videos that can damage a reputation or hurt someone's feelings. Applying real-world judgment can help minimize those risks.
- Common Sense - We rant, educate, and advocate for kids, families, and schools on issues like privacy and online safety, cyberbullying, and screen time.
- Microsoft's 11 Tips for social networking safety: Social networking websites like Facebook, Twitter, and Windows Live Spaces are services people can use to connect with others to share information like photos, videos, and personal messages. As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic. Read these tips to help protect yourself when you use social networks.