Combating Cyber Crime by Priyanka Tomar @ OWASP Delhi July, 2014 Meeting

971 views

Published on

Combating Cyber Crime by Priyanka Tomar @ OWASP Delhi July, 2014 Meeting in Adobe Systems, Noida

Published in: Internet
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
971
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Combating Cyber Crime by Priyanka Tomar @ OWASP Delhi July, 2014 Meeting

  1. 1. Presentation by : Priyanka Tomar priyanka@newerasystem.com
  2. 2. Objective  Provide a brief idea of cyber/computer attacks and preventive measure to be adopted with reference to Law Enforcement Agencies.
  3. 3. PREREQUISITES  Computer Hardware  Computer Software  Internet Surfing  Email  Networking  IP Address
  4. 4. Combating Cyber Crime  Cyber + Security  What is Security  What is Cyber Security  involves detection, prevention and responding to attacks  Why do we need Cyber Security –Phishing, Credit Card Frauds
  5. 5. Combating Cyber Crime  Who is Vulnerable –e.g. screen hack
  6. 6. Cyber Security Threats  Virus  Worm  Trojan Horse  Remote Administration Tool – Prorat, Poison Ivy
  7. 7. Cyber Security Threats-RAT The operator controls the RAT through a network connection. RAT provide an operator the following capabilities:  Screen/camera control.  File management (download/upload/execute etc.  Shell control (from command prompt).  Computer control (power off/on/log off).  Registry management (query/add/delete/modify).  Start, stop and restart Windows services.  Copy/delete files and format disks.  View and clear the windows event logs.  Other software product-specific functions.
  8. 8. Cyber Security Threats  Hackers  Identity Thieves  Spyware/Adware  Website advertisements
  9. 9. Consequences of Inaction  Loss of access  Loss of confidentiality, integrity and public trust  Lawsuits, Disciplinary action The US has charged six members of an international cybercrime gang that hacked into user accounts to defraud eBay's Stubhub ticket reselling website of about $1m. The men were arrested in the UK, Canada and Spain in connection with the scam in which more than 1,600 StubHub users had their credit cards used to buy tickets, which were then sold on by the criminals.
  10. 10. Preventive Measures -I  OS/Software Updates  Anti virus  Personal Firewalls  Check Open Ports -http://www.auditmypc.com/firewall-test.asp
  11. 11. How to block Ports  Block Ports  Control Panel>System and Security> Windows Firewall  Advanced Settings  See inbound and outbound rules  Create your own rule
  12. 12. How to know if there is spyware?  Endless pop-up windows.  Redirected to other websites automatically.  Random Windows error messages .  Computer suddenly seems slow.  New and unexpected toolbars appear in web browser.  New and unexpected icons appear in the task tray.  Browser's home page suddenly changed.  Search engine your browser opens has been changed.
  13. 13.  Don't click on links within pop-up windows  Be careful while installing free software , never forget to read user agreement.  Block pop-up windows and cookies by adjusting browser preferences.  Be aware of unexpected dialog boxes asking -Do you want to run a xxxx program . Always select "no" or "cancel," or close the dialog box. Prevent Spyware Installation
  14. 14. Remove Spyware  Spyware copies several files to different directories and changes the registry. Use a spyware remover - a program dedicated to removal of sypware.  Run a legitimate product to remove spyware e.g Ad-Aware, Microsoft Window Defender, Webroot's SpySweeper etc.
  15. 15. Preventive Measures-II  Prevent Identity Theft-Beware of phishing scams - a form of fraud that uses email messages that appear to be from a reputable business (often a financial institution) in an attempt to gain personal/ financial account information. These often do not include a personal salutation. Never enter personal information into an online form you accessed via a link in an email you were not expecting. Legitimate businesses will not ask for personal information online.  Intrusion Detection Software/Device
  16. 16. Phishing Google Security Team to Sunitha Verification Required. Dear Gmail User, The Gmail infrastructure is going through an annual security and performance overhaul. In the same respect, you are requested to verify your account by clicking on the following link. The Google Security Team is available to provide you all the assistance for secure communication over the Internet. Happy surfing! accountverification.gmail.com/src/verify.php?confirmation=dhPGcsiuUNdnAoN77q5CHwCgl4MmCAXE 72d You are requested to act on this immediately to guarantee the smooth functioning of your mail account. Thanks, Account Security Administrator Google Security Team Google, Inc. Phone: +1 650-253-0000 You are receiving this message from Google because you are a valued member. Google respects your privacy. To learn more, please read our online Privacy Statement. For more information or for general questions regarding your e-mail account, please visit Gmail Help. Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043. All rights reserved.
  17. 17. Preventive Measures  Protect Passwords  Regular Backup
  18. 18. Preventive Measures -II  Setup Cyber Security Policies  Email Virus Filtering Services  Firewall Services  Email attachment Filtering  Vulnerability Scanning  Intrusion Prevention System
  19. 19. By: Priyanka Tomar priyanka@newerasystem.com

×