Traning security 2013
Upcoming SlideShare
Loading in...5
×
 

Traning security 2013

on

  • 203 views

test

test

Statistics

Views

Total Views
203
Views on SlideShare
203
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Traning security 2013 Traning security 2013 Presentation Transcript

  • : : 55500777 , Fax . 215523 , Email : somvang.phengsavanh@ltc.laotel.com Last update 13/06/2013
  • Part I Last update 13/06/2013
  • ( Internet Threat )  Last update 13/06/2013
  • Malware  Last update 13/06/2013
  • Virus  Last update 13/06/2013
  • Botnet  Bot Worm Trojan Last update 13/06/2013
  • Phishing  Last update 13/06/2013
  • ( Spyware ).  Last update 13/06/2013
  • Adware Last update 13/06/2013 •Adware software download . • Adware Spyware
  • hijacker Browser hijacker malware Start page, error page search page malware Last update 13/06/2013
  • Identity Theft / Social Engineering  Indentity Theft WEB “myspace” : “rnyspace” Email Address Last update 13/06/2013 Social Network
  • Hacker http://www.dek-d.com/board/view/2529707/ Last update 13/06/2013
  • SQL Injection SQL Login SELECT UserID FROM User WHERE UserName = '$userName' AND Password = '$password' userName password POST input tag Username Password SQL Injection Post input tag WHERE CLAUSE User name: 1' = OR '1 = 1 Password: 1' = OR '1 = 1 SQL SELECT UserID FROM User WHERE UserName = '1' = OR '1 = 1' AND Password = '1' = OR '1 = 1' Last update 13/06/2013 SQL Injection hacker SQL Input UI INSERT, UPDATE, DELETE, DROP form input post
  • Ransomware  ” ” Last update 13/06/2013 http://www.androidgyan.com/th/20 12/10/ransomware-internet- security-risks.html
  • ( OS ) .  . (OS). Windows, MacOS, Linux , OS .  Last update 13/06/2013
  • Top 10 of Social Network 1. Facebook 2. Twitter 3.Google 4.Myspace 5.LinkedIn 6. Orkut 7. Friendster 8. Hi5 9. BeBo 10. NetLog Last update 13/06/2013
  • Top 10 of Anti-VIRUS Last update 13/06/2013
  • Online Anti-VIRUS https://www.virustotal.com/en/Last update 13/06/2013
  • The top threats for 2013, as seen by McAfee  Mobile threats Mobile worm infections could go on a shopping spree in 2013 -- once embedded in a smartphone or tablet after a dodgy download, they'll purchase malicious apps and do their stealing through near-field communications (NFC) technology, McAfee says. NFC and other "tap and pay" mechanisms could also make it easier for our phones to become infiltrated. McAfee suggests that "bump and infect" scenarios will become more common in order to steal money and that these kinds of malware will be most commonly found in densely populated areas including airports and malls.  In addition, mobile malware that prevents your smartphone or tablet from updating security software is expected to rise.  Build your own ransomware McAfee predicts that ransomware "kits" designed around mobile technology will rise, allowing people without advanced programming skills to be able to more easily attempt to extort money out of the general public, especially through the Windows PC platform, which saw reported attacks triple in 2012. Ransomware differs from backdoors, keyloggers or Trojans as it "locks" a system, leaving users without the means to access their data or system. This is where the malicious software comes in; pay up or potentially lose your data. Last update 13/06/2013
  • The top threats for 2013, as seen by McAfee  Attacks focused on new platforms The report suggests that we will see a "rapid development" in ways to attack both Microsoft'snew Windows 8 platform and HTML5, a standard for Web-based applications. Rootkits, the use of bootkit techniques and attacks which target master boot records, the BIOS and volume boot records are expected to diversify and evolve. Windows 8 platform is expected to be targeted through malware as well as phishing techniques. McAfee warns that platform upgrades will not necessarily protect your system, although it is deemed more secure that previous versions.  An increase in large-scale attacks According to the firm, large scale attacks reminiscent of Stuxnet or Flame, designed to destroy infrastructure rather than based on purely financial gain, will firmly take hold in 2013. Used in order to cripple businesses, steal intellectual property and simply cause as much damage as possible, large-scale hacktivism can be devastating for businesses that are often vulnerable to the simplest methods, such as distributed denial-of-service (DDoS) attacks. Last update 13/06/2013
  • The top threats for 2013, as seen by McAfee  Snowshoes and spam In addition to an increase in attacks based on botnets, "shoeshoe" spamming of legitimate products available online, made through numerous IP addresses, is expected to be a cyberattack trend in 2013. Well-known businesses can fall prey to shady marketing companies that promise e-mail address lists of potential customers, and blatant spamming still goes unchecked.  Hacking as a service Hacking "as a service" is expected to rise, mainly due to the rise of invitation-only and fee- paying professional hacker forums available to only those who have guarantors to ensure their authenticity. Based on e-commerce shopping cart models, it is expected that anonymity will be maintained through anonymous payment methods including Liberty Reserve.  The decline of Anonymous, but a rise in extreme hacktivism McAfee argues that a lack of structure and organization in the hacking collective referred to as Anonymous has impacted the idea's reputation. Misinformation, false claims and hacking for the simple joy of it may result in the collective's political claims taking a beating. As a result, success and fame will decline -- but higher-level professional hacking groups may take up the slack, and promote a rise in military, religious, political and "extreme" campaign attacks. Last update 13/06/2013
  • Last update 13/06/2013
  •   ( ‘‘ ’’)       Last update 13/06/2013
  • No.1 ​ ​ ​ , Last update 13/06/2013
  • No. USB​ ​ ​ , ​ ​ ​ , Last update 13/06/2013
  • No. CD ​ , ​ ​ ​ ​ ​ ​ ​ Last update 13/06/2013
  • No. CD/USB , , Last update 13/06/2013
  • No. - Last update 13/06/2013
  • No. USB ​ ​ CD, USB , Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. [ ] Windows Update Safety & Security http://www.microsoft.com/securitity/ Windows Update Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. ( Pass    ABC123 ABC123 ? Last update 13/06/2013
  • No. ( Virus ) ID Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. FAX FAX FAX !!! To !!!! Last update 13/06/2013
  • No. ( E-mails ) TO, CC, BCC Last update 13/06/2013
  • No. ( E- mails ) Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. 「 」 Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. Last update 13/06/2013
  • No. ! ! Last update 13/06/2013
  • Part III Last update 13/06/2013
  • ( User Account ) . ( User Account ) Last update 13/06/2013
  • Notebook, Desktop ​ ​ ​ ​ ​ ​ ​ ​ MAC Address ​ ​ ​ ​​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​ . 2 Last update 13/06/2013
  • 3  ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ : USB , Storage Device, External Hard Drive, ​ Floppy disk ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ password ​ . ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ . ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ . Last update 13/06/2013
  • 4  ​ ​ Password Screen Saver ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​ Last update 13/06/2013
  • 5  ​​ ​ ​​ ​ ​ ​ ​ ​ ​ , ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​  ​ ​ ​, ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ : Hup, Switch, Bridge, Router ​ Access point ​ ​ ​ ​ ​ ​. Network Network Last update 13/06/2013
  • 6  ​​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ : ​ ​ scan port, sniffer, hacker ​ ​ .  ​​ , ​ ​ ​ , ​ , ​ , ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . Last update 13/06/2013
  • 7  ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​ ​ ​ : ​ , ​ , ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ Share file ​ .  ​ ​ ​ IP Address ​ ​ .  ​​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ IP Address, Bridging, Routing ​ ​ Internet Traffic ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ Proxy, DHCP Server, Bridge Router ​ ​ ​ ​ ​ ​ ​. Last update 13/06/2013
  • 8  ​ ​ ​ ​ ​ : ​ ​ ​ MS Excel, MS Powerpoint ​ ​ ​ ​ ​ ​ : 1. ​ ​ ​ ​ ​ , ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​.pdf . 2. ​ ​​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . Last update 13/06/2013
  • 9  Software ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . Last update 13/06/2013
  • 10  Sofware . Last update 13/06/2013
  • 11  ​​ Internet ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . LTC Network ( Billing , Accounting , POS … ) ADSL , WIFI , HSPA … Last update 13/06/2013
  • 12  E-mail account ​ ​ ​ ​ ​ ​ ​​​ ​ ​ ​ ​​ ​ ​ ​ . xxxxxxxx@laotel.com xxxxxxxx@ltc.laotel.com Last update 13/06/2013
  • 13  E-mail Internet Posters . Last update 13/06/2013
  • 14 : ( Application System ), . . Last update 13/06/2013
  • 15 Share files . Last update 13/06/2013
  • 16  . Last update 13/06/2013
  • 17  Password Poster . Last update 13/06/2013
  • 18  ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ Antivirus/Anti-Spyware ​ ​ IT ​ ​ ​ . ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ . ​ ​ ​​ ​ ​ ​ Update ​ Virus (Virus Definition) ​ ​ ​ ​ ​ ​ ​ .  ​ ​ ​ ​ ​ ​ ​ ​ E- mail, USB Storage Device External Hard Drive ​ ​ ​ ​ Antivirus Copy Transfer ​ ​ ​ ​ ​ . Last update 13/06/2013
  • Last update 13/06/2013
  •  Password Server ​ Network ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ Password 06 ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​ ​ ​ ​ ​ .  Default Password ​ ​ Application ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ ​ ​​ ​ ​ .  ​ ​ ​ ​ ​ 06 ​ Password Server ​ ​ NetworkLast update 13/06/2013
  • 20   Server Network Authentication logs, Web Server Logs, Mail Server logs, File Server logs , Remote access Logs, ( Application logs ) ( Login- Logout logs ) ( Login Attempts ) commandline firewall logs 3 . Last update 13/06/2013
  • 21  Server ​ ​ ​ ​ ​ ​ ​ Port service ​ ​ ​ .  Server ​ ​ ​ ​ ​ ​ Antivirus / Anti-Spyware ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ .  Server ​ ​ ​ ​ ​ Server ​ ​ Backup, ​ ​ ​ ​ ​Last update 13/06/2013
  • 22  ​ Remote Access / Administration ​ ​ ​ Secure Channels ​ : SSH ​ VPN ​ ​ .  ​ ​ ​​ ​ ​ ​ ​ ​ ​ ​ ​ Remote Access ​ ​ System Administrator ​ ​ ​ ​ ​ ​ ​ ​ ​​ Last update 13/06/2013
  • 23  patch (system software) DBMS web server .  Firewall .  : ◦ . ◦ . ◦ . Last update 13/06/2013
  • 24  parameter parameter . .  (tools) Last update 13/06/2013
  • 25 ◦ ( Operating System ) , ( Application System ) . ◦ :  .  ( Media ).  ( Copy ). Last update 13/06/2013
  • 26  ( log book ) .  1 .  .  Last update 13/06/2013
  • 27  ( computer operator ) - , , . Last update 13/06/2013
  • 28 • . • , , Hard disk , (CPU) (capacity) . • Billing , OCS , Internet . Last update 13/06/2013
  • 29  ​ ​ ​ ​ ​ ​ supplier, Third party ​ Outsource ​ ​ ​ ​ ​ ​ ​ ​ .  ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ Development System ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ .  ​ ​ ​ Supplier, Third party ​ Outsource ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ 2 Last update 13/06/2013
  • Last update 13/06/2013
  • 30  , . :  ( Stickly Confidential ) Last update 13/06/2013
  • 31 ◦ ( storage ) , ( input ) , (operate) (output) (distributed database) . ◦ Last update 13/06/2013
  • 32  ​ ​ ​ ​ ​ / ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ : ​ ​ ​ ​ , Flowchart ​, Software Supplier ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ .  ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ .  ​ ​ ​ ​ ​Last update 13/06/2013
  • 33  ​​ ​ ​ ​ ​ ​ ​ ​ ​ Recycle.  ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ 2048 bit ​ RSA DSS.  Encrypt ​ Last update 13/06/2013
  • Last update 13/06/2013
  • 34 ◦ , , . ◦ (emergency change) . ◦ . ◦ ( electronic transaction email ) Last update 13/06/2013
  • 35 ◦ ( operation ) ( security ) ( functionality ) . ◦ . ◦ (develop environment) (promotion environment) Last update 13/06/2013
  • 36 ◦ . ◦ (security) (availability ) . ◦ Last update 13/06/2013
  • 37 ◦ . ◦ . ◦ , , , Last update 13/06/2013
  • Last update 13/06/2013