Sedona Chamber of Commerce

356 views
266 views

Published on

Cyber security awareness training - Sept. 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
356
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://globalsecuritymap.com/
  • http://www.youtube.com/watch?v=v1R_5wVbdz4&feature=player_embedded#!
  • http://www.youtube.com/watch?v=v1R_5wVbdz4&feature=player_embedded#!
  • Screenshots from the Trusteer tool.
  • It is important to remember that cyber criminals are always developing new and unique methods to gain access to banking resources. That includes our technology, our business processes and our people. It is an evolving threat landscape. It is important to be aware of the threats and to be on the lookout.
  • Here are some useful resources if you have questions on any of the materials I’ve covered today.
  • Sedona Chamber of Commerce

    1. 1. Presented by: Jane GinnSedonaCyberLink 2012
    2. 2. CONSTANT THREATS: KEY ISSUESD ATA S E C U R I T Y P R I VA C Y
    3. 3. CONTENT Characterize magnitude of the problem Identify typical threats  On personal computers  eMail & browsing Internet  Social media (Facebook, Twitter, etc…) On Point-of-Sale (POS) devices  On personal mobile devices Describe countermeasures Provide useful resources
    4. 4. GLOBAL SOURCES OF CYBER THREATSSource: Host Exploit. (2012, April). Global Security Report. In J. Armin (Ed.): Group iB, CyberDefcon,CSIS, NominetTrust, Deepend Research.
    5. 5. WHAT IS A BOTNET?Source: FireEyeWebinar by AtifMushtaq, (2012,August 14).
    6. 6. CRIMINAL UNDERGROUND ECOMMERCE
    7. 7. SPAM VOLUME GOING DOWN OVER TIMESource: M86 Security. (2011). Security Labs Report: January - June 2011 Recap. Irvine, CA: M86 Security.
    8. 8. BUSINESSES & MOBILE DEVICES ARE TARGETSSource: Symantec. (2012, April). Internet security threat report: 2011 trends (Vol. 17). Mountain View, CA.
    9. 9. 2011 IN NUMBERSSource: Symantec. (2012, April).Internet security threat report: 2011trends (Vol. 17). Mountain View, CA.
    10. 10. CRIMINAL SYNDICATES OPERATING
    11. 11. CRIMINAL AFFILIATE MARKETING TECHNIQUES
    12. 12.  Web Browsing  Spoofed sites  XSS  SQL injection
    13. 13. BROWSING THE INTERNETSource: Causey,B. (2011, July).Stop SQLinjection: Dontlet thieves inthrough yourweb apps:InformationWeekAnalytics &DarkReading.
    14. 14. WEB VULNERABILITIES
    15. 15. SPOOFING ATTACKS
    16. 16. WEB BROWSER ATTACKS: SQL INJECTIONSource:Atlas.arbor.net,July 10, 2012.
    17. 17.  eMail Spam  Phishing  Plant malware  viruses, worms, Trojans  Botnet recruitment  Spear Phishing  Targeted attacks
    18. 18. SPAM DOWN: BOTNET TAKE-DOWNS
    19. 19. SPAM: PHISHING ATTACK VECTORSSource: Trustwave. (2012). Global Security Report. In S. Brown (Ed.). Chicago, IL.
    20. 20. ONLINE ECOMMERCE SITES
    21. 21. TYPE MALWARE FROM SPAM IN 2011 Source: Panda Labs. (2011). Annual Report. Bilbao, Spain.
    22. 22. WHAT IS A TROJAN?
    23. 23. TYPES OF EMAIL CONFIGURATIONS  Client – MS Outlook using:  POP3  SMTP  IMAP  Dedicated mail server  Online “cloud” service  Yahoo!  gMail  AOL  Encrypted eMail
    24. 24.  Network Penetration  Work  Home  On-the-road  Point-of-Sale (POS) Terminals
    25. 25. NETWORK VULNERABILITIESWireless Wired• Unsecured • Ethernet networks in broadcasts to public places all computers• Network on network access to info • Need personal on your firewall computer
    26. 26. POINT-OF-SALE ATTACKS
    27. 27.  Social Engineering  Scam tricks  Seeking personally identifiable information Dumpster Diving  Hard copy of papers Political Activism  Hacktivist attacks
    28. 28. SOCIAL ENGINEERINGFLASH DRIVE TRICK DRINKS & DINNER TRICK
    29. 29. DUMPSTER DIVINGPhoto Source:DiegoFuego via Flickr
    30. 30. MOTIVATION FOR CYBER CRIME
    31. 31. ONLINE: WEB BROWSING Use secure browser  Goggle & Firefox in secure mode (https://)  Configure for alerts and notifications if site is not trusted Avoid porn, gambling & personal webs Use caution with social media Don‟t use same password when registering With banking use special software
    32. 32. ONLINE PAYMENTS PROTECTION: PRODUCTSSource:Matousec.com(2012, July).OnlinePaymentsThreats.
    33. 33. TRUSTEER: BANKING SECURITY TOOL E D I TA B L E S E C U R I T YSIMPLE CONTROLS POLICY
    34. 34. ONLINE: EMAIL Use Anti-Virus program  Configure filters for Medium to High Screening  Set up ‘Black Lists’ Use Firewall Don‟t open if you don‟t know sender Don‟t click on suspicious links  Watch for 419 Scams  Watch for ‘spoofed’ sites at hyperlinks Use encrypted email
    35. 35. SOME TOOLS • Secunia PSIPC Scans • SQLmap Banking • Trusteer Rapport Trust • Kaspersky Internet Security 2013 WiFi • PrivateWiFi Security • Enterprise VPNsEncrypted • Hushmail • SafeGmail email
    36. 36. MOBILE DEVICES Use anti-virus software Use spam filter software Be careful opening email Don‟t browse to questionable sites Take care „friending‟ or „liking‟ on social networks Don‟t use unsecured wireless networks
    37. 37. SOCIAL NETWORKINGFA C E B O O K TWITTER• Third-party “apps” • Account hijacking• Adware/Spyware • Read reviews for• Predators & Social third-party “apps” Engineers • Block porn tweeters• Avoid sharing • Take care with personal info shortened „links‟• Avoid location info
    38. 38. POS SECURITY• Take audits seriously• Do penetration testing• Ensure wireless network is encrypted• Use Third-Party contractor if unsure of checklist criteria
    39. 39. PAYMENT CARD INDUSTRY (PCI)DATA SECURITY STANDARD (DSS)Follow „Requirements and Security Assessment Procedures, Ver. 2.0, Oct. 2010Mobile Guidance
    40. 40. LOCAL RESOURCESResidential & Small Commercial NAZTEQ – Ken Hughes (928) 301-0171  Windows & OS X, Antivirus installs, Wireless MacClinic – Tim Miller (928) 282-5606  OS X, Antivirus cleaning & installsCommercial Networking Installations Tri-City Computers – Hayden Sales (928) 634-2468  Windows & OS X & Apps, CISCO, Networking Defcon5 Tech – Kevin Goglin (928) 852-0066  IBM, HP, Lexmark – Phone systems installs
    41. 41. USEFUL WEBSITES Identity Theft Privacy Rights Clearinghouse Electronic Privacy Information Center Banking Fraud Federal Trade Commission Phishing Intelligence FraudWatch International http://www.dmarc.org/ http://iase.disa.mil/eta/phishing_v2/phishing_v2/launchPage.htm Online Quiz - http://www.sonicwall.com/furl/phishing/
    42. 42. MONITORING WEBSITES Notifications  US-CERT Global Botnet & Phishing Activity  atlas.arbor.net (24-hour activity) Overall Threats  Internet Storm Center
    43. 43. CONSTANT THREATS: KEY ISSUESD ATA S E C U R I T Y P R I VA C Y
    44. 44. SUMMARY Characterized the problem Identified typical threats  Online: email  Online: browsing Internet & social media  On personal mobile devices Described countermeasures Provided useful resources
    45. 45. Q&A©SEDONACYBERLINK 2012

    ×