Drooger, jack   cyber security
Upcoming SlideShare
Loading in...5

Drooger, jack cyber security






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Drooger, jack   cyber security Drooger, jack cyber security Presentation Transcript

  • Self Defense For Cybersecurity Whats Happening Inside The FirewallJack Drooger – Hagerstown Community College
  • Buzzword Bingo• Dumpster diving• Script Kiddie• Shoulder surfing• Whaling• Hacking• Vishing• DoS attack
  • Objectives• Examine how organizations are comprised – scenarios that put assets at risk• Identify traditional fixes for computer security risks that you can’t live without• Vulnerabilities that disrupt the best laid plans of mice and IT men• When in doubt, back it up• Home computing – what’s at risk?
  • Security Breach Scenarios• Company: RSA Security• Date: March, 2011• Breach: Data theft• Estimated cost: $66 Million
  • Avenues of Attack• Specific targets – Chosen based on attacker’s motivation – Not reliant on target system’s hardware and software• Targets of opportunity – Systems with hardware or software vulnerable to a specific exploit – Often lacking current security patches
  • The Steps in an Attack1. Conducting reconnaissance2. Scanning3. Researching vulnerabilities4. Performing the attack5. Creating a backdoor6. Covering tracks
  • Traditional Fixes for Security Risks• Firewalls• Intrusion Detection/Prevention Systems• Anti-virus Software• Anti-Spyware and Malware Software• Email Scanning• Anti-phishing Protection
  • Security Breach Scenarios• Company: Stratfor Global Intelligence• Date: December, 2011• Breach: website defacement and data theft
  • PeopleA Security Problem?
  • Social Engineering• Technique in which the attacker uses deceptive practices – Convince someone to divulge information they normally would not divulge. – Convince someone to do something they normally wouldn’t do• Why social engineering is successful – People desire to be helpful – People desire to avoid confrontation
  • The Famous Nigerian Scam
  • Phishing• Type of social engineering – Attacker masquerades as a trusted entity – Typically sent to a large group of random users via e-mail or instant messenger• Typically used to obtain – Usernames, passwords, credit card numbers, and details of the user’s bank accounts• Preys on users – PayPal, eBay, major banks, and brokerage firms
  • Phishing Sample - Easy to Spot
  • Phishing Sample - Camouflaged
  • Phishing Sample - Revealed
  • Recognizing Phishing• Analyze any e-mails received asking for personal information carefully• Organizations need to educate their employees – Never send e-mails asking for personal information – Never request passwords• Watch for technical or grammatical errors• Strange URL address
  • Security Breach Scenarios• Company: Global Payments• Date: April 2012• Breach: Theft of card information• Cost: Visa dropping company as provider
  • Importance of Passwords• Gateway externally and internally to resources• Major goal of cybercrime is to capture passwords
  • Use Passwords to Advantage• Choose strong passwords – At least 8 characters long – Mix letters and numbers – Add an uppercase letter – Use non-alpha characters Don’t share• Example 1 your passwords – Bad: flintstone with others!! – Better: Fl1nst0ne=
  • Use Passwords to Advantage• Example 2  Jack be nimble, Jack be quick  Jack jumped over the candlestick Becomes: Jbn,JbqJjotc• Need to write a password down? – Keep in a secure place – Use password encryption products
  • Life is Short Back it Up
  • Protecting Your Home Computer• Common target of cybercriminals• Personal data – Tax records, banking information, and lists of contacts – Family archive of photos, documents, and other sentimental items• Protect your family’s privacy and decrease your odds of a cyberattack
  • For more information about the Institute andCybersecurity training at HCC, see us online at: www.hagerstowncc.edu/cyber