• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Sedona Chamber of Commerce
 

Sedona Chamber of Commerce

on

  • 260 views

Cyber security awareness training - Sept. 2012

Cyber security awareness training - Sept. 2012

Statistics

Views

Total Views
260
Views on SlideShare
260
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • http://globalsecuritymap.com/
  • http://www.youtube.com/watch?v=v1R_5wVbdz4&feature=player_embedded#!
  • http://www.youtube.com/watch?v=v1R_5wVbdz4&feature=player_embedded#!
  • Screenshots from the Trusteer tool.
  • It is important to remember that cyber criminals are always developing new and unique methods to gain access to banking resources. That includes our technology, our business processes and our people. It is an evolving threat landscape. It is important to be aware of the threats and to be on the lookout.
  • Here are some useful resources if you have questions on any of the materials I’ve covered today.

Sedona Chamber of Commerce Sedona Chamber of Commerce Presentation Transcript

  • Presented by: Jane GinnSedonaCyberLink 2012
  • CONSTANT THREATS: KEY ISSUESD ATA S E C U R I T Y P R I VA C Y
  • CONTENT Characterize magnitude of the problem Identify typical threats  On personal computers  eMail & browsing Internet  Social media (Facebook, Twitter, etc…) On Point-of-Sale (POS) devices  On personal mobile devices Describe countermeasures Provide useful resources
  • GLOBAL SOURCES OF CYBER THREATSSource: Host Exploit. (2012, April). Global Security Report. In J. Armin (Ed.): Group iB, CyberDefcon,CSIS, NominetTrust, Deepend Research.
  • WHAT IS A BOTNET?Source: FireEyeWebinar by AtifMushtaq, (2012,August 14).
  • CRIMINAL UNDERGROUND ECOMMERCE
  • SPAM VOLUME GOING DOWN OVER TIMESource: M86 Security. (2011). Security Labs Report: January - June 2011 Recap. Irvine, CA: M86 Security.
  • BUSINESSES & MOBILE DEVICES ARE TARGETSSource: Symantec. (2012, April). Internet security threat report: 2011 trends (Vol. 17). Mountain View, CA.
  • 2011 IN NUMBERSSource: Symantec. (2012, April).Internet security threat report: 2011trends (Vol. 17). Mountain View, CA.
  • CRIMINAL SYNDICATES OPERATING
  • CRIMINAL AFFILIATE MARKETING TECHNIQUES
  •  Web Browsing  Spoofed sites  XSS  SQL injection
  • BROWSING THE INTERNETSource: Causey,B. (2011, July).Stop SQLinjection: Dontlet thieves inthrough yourweb apps:InformationWeekAnalytics &DarkReading.
  • WEB VULNERABILITIES
  • SPOOFING ATTACKS
  • WEB BROWSER ATTACKS: SQL INJECTIONSource:Atlas.arbor.net,July 10, 2012.
  •  eMail Spam  Phishing  Plant malware  viruses, worms, Trojans  Botnet recruitment  Spear Phishing  Targeted attacks
  • SPAM DOWN: BOTNET TAKE-DOWNS
  • SPAM: PHISHING ATTACK VECTORSSource: Trustwave. (2012). Global Security Report. In S. Brown (Ed.). Chicago, IL.
  • ONLINE ECOMMERCE SITES
  • TYPE MALWARE FROM SPAM IN 2011 Source: Panda Labs. (2011). Annual Report. Bilbao, Spain.
  • WHAT IS A TROJAN?
  • TYPES OF EMAIL CONFIGURATIONS  Client – MS Outlook using:  POP3  SMTP  IMAP  Dedicated mail server  Online “cloud” service  Yahoo!  gMail  AOL  Encrypted eMail
  •  Network Penetration  Work  Home  On-the-road  Point-of-Sale (POS) Terminals
  • NETWORK VULNERABILITIESWireless Wired• Unsecured • Ethernet networks in broadcasts to public places all computers• Network on network access to info • Need personal on your firewall computer
  • POINT-OF-SALE ATTACKS
  •  Social Engineering  Scam tricks  Seeking personally identifiable information Dumpster Diving  Hard copy of papers Political Activism  Hacktivist attacks
  • SOCIAL ENGINEERINGFLASH DRIVE TRICK DRINKS & DINNER TRICK
  • DUMPSTER DIVINGPhoto Source:DiegoFuego via Flickr
  • MOTIVATION FOR CYBER CRIME
  • ONLINE: WEB BROWSING Use secure browser  Goggle & Firefox in secure mode (https://)  Configure for alerts and notifications if site is not trusted Avoid porn, gambling & personal webs Use caution with social media Don‟t use same password when registering With banking use special software
  • ONLINE PAYMENTS PROTECTION: PRODUCTSSource:Matousec.com(2012, July).OnlinePaymentsThreats.
  • TRUSTEER: BANKING SECURITY TOOL E D I TA B L E S E C U R I T YSIMPLE CONTROLS POLICY
  • ONLINE: EMAIL Use Anti-Virus program  Configure filters for Medium to High Screening  Set up ‘Black Lists’ Use Firewall Don‟t open if you don‟t know sender Don‟t click on suspicious links  Watch for 419 Scams  Watch for ‘spoofed’ sites at hyperlinks Use encrypted email
  • SOME TOOLS • Secunia PSIPC Scans • SQLmap Banking • Trusteer Rapport Trust • Kaspersky Internet Security 2013 WiFi • PrivateWiFi Security • Enterprise VPNsEncrypted • Hushmail • SafeGmail email
  • MOBILE DEVICES Use anti-virus software Use spam filter software Be careful opening email Don‟t browse to questionable sites Take care „friending‟ or „liking‟ on social networks Don‟t use unsecured wireless networks
  • SOCIAL NETWORKINGFA C E B O O K TWITTER• Third-party “apps” • Account hijacking• Adware/Spyware • Read reviews for• Predators & Social third-party “apps” Engineers • Block porn tweeters• Avoid sharing • Take care with personal info shortened „links‟• Avoid location info
  • POS SECURITY• Take audits seriously• Do penetration testing• Ensure wireless network is encrypted• Use Third-Party contractor if unsure of checklist criteria
  • PAYMENT CARD INDUSTRY (PCI)DATA SECURITY STANDARD (DSS)Follow „Requirements and Security Assessment Procedures, Ver. 2.0, Oct. 2010Mobile Guidance
  • LOCAL RESOURCESResidential & Small Commercial NAZTEQ – Ken Hughes (928) 301-0171  Windows & OS X, Antivirus installs, Wireless MacClinic – Tim Miller (928) 282-5606  OS X, Antivirus cleaning & installsCommercial Networking Installations Tri-City Computers – Hayden Sales (928) 634-2468  Windows & OS X & Apps, CISCO, Networking Defcon5 Tech – Kevin Goglin (928) 852-0066  IBM, HP, Lexmark – Phone systems installs
  • USEFUL WEBSITES Identity Theft Privacy Rights Clearinghouse Electronic Privacy Information Center Banking Fraud Federal Trade Commission Phishing Intelligence FraudWatch International http://www.dmarc.org/ http://iase.disa.mil/eta/phishing_v2/phishing_v2/launchPage.htm Online Quiz - http://www.sonicwall.com/furl/phishing/
  • MONITORING WEBSITES Notifications  US-CERT Global Botnet & Phishing Activity  atlas.arbor.net (24-hour activity) Overall Threats  Internet Storm Center
  • CONSTANT THREATS: KEY ISSUESD ATA S E C U R I T Y P R I VA C Y
  • SUMMARY Characterized the problem Identified typical threats  Online: email  Online: browsing Internet & social media  On personal mobile devices Described countermeasures Provided useful resources
  • Q&A©SEDONACYBERLINK 2012