Your SlideShare is downloading. ×
0
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security

924

Published on

Lecture for UT EMBA class

Lecture for UT EMBA class

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
924
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. R. Scott Studham<br />Chief Information Officer<br />Computer Security<br />
  • 2. Agenda<br />Ethics<br />CyberSecurity<br />What do hackers want?<br />Social Engineering<br />Privacy: Reputation Management<br />How can you protect yourself?<br />
  • 3. “A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.”<br />— Mitch Ratliff<br />CyberSecurity<br />
  • 4. Before …<br />
  • 5. After<br />
  • 6. Who wants this Information? <br />Updated12/2/09<br />http://securitylabs.websense.com/content/CrimewarePhishing.aspx<br />
  • 7. FBI: Infragard<br />
  • 8. Targets<br />
  • 9. Targets<br />
  • 10. Resources<br />
  • 11. Three Major Goals:<br />Information<br />Username and password.<br />Bank Information<br />Resources<br />Computing<br />Networking<br />Money!<br />
  • 12. Stolen Credit Card Numbers<br />
  • 13. Credit Card Applications<br />Name<br />Address<br />Social Security Number<br />
  • 14. Four components of security<br />
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. November 2009 Phishing<br />Sent: Thursday, November 12, 2009 10:34 AM<br />Subject: Utk.edu Post Update<br />Dear subscriber,<br />Your e-mail account needs to be upgraded with our new F-Secure R HTK4S anti-virus/anti-spam 2009 version.<br />Fill the columns below and click reply and send back or your account will be Suspended from our services.<br />E-mail address: <br />Password:<br />* Please note that your password will be encrypted with 1024-bit RSA keys for increased security.<br />Thank you for your cooperation<br />Management <br />1<br />2<br />3<br />4<br />5<br />6<br />7<br />
  • 20.
  • 21.
  • 22. Hacked Site<br />
  • 23.
  • 24. Real Site<br />
  • 25. Spearphishing<br />To: John Doe &lt;jdoe@utk.edu&gt;<br />From:Scott Studham &lt;studham@utk.edu&gt;<br />Subject:CyberSecurityPresentation Slides<br />Attachment:CyberSecurity.pptx(7.5mb)<br />Hello John,<br />Your instructor asked me to send everyone a copy of the slides from my presentation. See attached.<br />Best regards,<br />Scott<br />
  • 26. Bob Hacker<br />1234 Pwned Lane<br />Silly Rabbit, HA<br />
  • 27. Phishing<br />Don’t reveal personal or financial information<br />Contact the sender before you respond or open any attached files.<br />Never click links in an e-mail message.<br />Report phishing campaigns to your company or ISP.<br />Use tools with “Phishing Filters” (Philters?)<br />
  • 28. Spear Phishing<br />Personalized phishing attack<br />Social attack<br />Appears genuine<br />Someone you’ve had contact with<br />Someone from HR, IT, etc.<br />Users of a particular website<br />Goal: compromise an organization<br />
  • 29. “It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.”<br />-- Mark Twain<br />Reputation Management<br />
  • 30. Social Networks<br />
  • 31. Facebook<br />42 coworkers<br />Including:<br />Direct reports<br />Former boss<br />School program?<br />
  • 32. Google Hacking<br />
  • 33. Drunken Pirate (May 2006)<br /><ul><li>“Arrrrggghhh, I need a job!”
  • 34. Denied Degree and Teaching Certificate by Millersville University
  • 35. University Officialsreported that the photowas “unprofessional.”
  • 36. She lost court battle(Dec 2008)</li></li></ul><li>Cisco Fatty (March 2009)<br />Connor Riley on Twitter:<br />“Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work.”<br />“Who is the hiring manager? I’m sure they would love to know that you will hate the work. We here at Cisco are versed in the web.<br />http://www.theconnor.net/ <br />
  • 37. Sick Day, Part 1<br />From: Kevin Colvin [mailto: REDACTED]<br />Sent: Wednesday, October 31, 2007 3:55PM<br />To: Jill Thompson (North America)<br />CC: Paul Davis (North America)<br />Subject:<br />Paul/Jill –<br />I just wanted to let you know that I will not be able to come into work tomorrow. Something came up at home and I had to go to New York this morning for the next couple of days. I apologize for the delayed notice.<br />Kind regards,<br />Kevin<br />
  • 38. Sick Day, Part 1<br />From: Paul Davis (North America)<br />Sent: Thursday, November 01, 2007 4:54 PM<br />To: Kevin Colvin; Jill Thompson (North America); Kevin Colvin (North America)<br />Subject: RE:<br />Kevin,<br />Thanks for letting us know—<br />hope everything is ok in<br />New York. (cool wand)<br />Cheers,<br />PCD<br />
  • 39. Sick Day, Part 2<br />From: NireshRegmiSent: Wednesday, 27 August 2008 9:35 a.m. To: Kyle Doyle Subject: Absence on Thursday 21st 2008 <br />Hi Kyle,<br />Please provide a medical certificate stating a valid reason for your sick leave on Thursday 21st 2008. <br />Thank You<br />NIRESH REGMI Real Time Manager, Workforce Operations<br />
  • 40. Sick Day, Part 2<br />From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:38 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 <br />Niresh, <br />1 day leave absences do not require a medical certificate as stated in my contract, provided I have stated that I am on leave for medical reasons. <br />Thanks <br />Regards, Kyle Doyle Resolutions Expert - Technical<br />
  • 41. Sick Day, Part 2<br />From: NireshRegmiSent: Wednesday, 27 August 2008 9:39 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 <br />Hi Kyle, <br />Usually that is the case, as per your contract. However please note that leave during these occasions is only granted for genuine medical reasons. You line manager has determined that your leave was not due to medical reasons and as such we cannot grant leave on this occasion.<br />NIRESH REGMI<br />
  • 42. Sick Day, Part 2<br />From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:43 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 <br />Hi Niresh, <br />My leave was due to medical reasons, so you cannot deny leave based on a line manager&apos;s discretion, with no proof, please process leave as requested. <br />Thanks <br />Regards,<br />Kyle Doyle<br />
  • 43. Sick Day, Part 2<br />From: NireshRegmiSent: Wednesday, 27 August 2008 9:50 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 <br />Hi Kyle, I believe the proof that you are after is below<br />
  • 44. Sick Day, Part 2 (Epilogue)<br />From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:55 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 <br />HAHAHA LMAO epic fail <br />No worries man <br />Regards,<br />Kyle Doyle<br />http://www.theregister.co.uk/2008/10/23/sickie_woo/<br />
  • 45. James Karl Buck sent a single word:<br />“Arrested” <br />
  • 46. Witness Protection<br />“I talked to Jen today, she is having fun at the beach in West Palm, I hate her :)”<br />
  • 47. Can Happen to Anyone<br />
  • 48. 1st Possible Response<br />
  • 49. 2nd Possible Response<br />
  • 50. Contact Poster/Content Owner<br />
  • 51. Social Networks<br />
  • 52. Hosting Service or ISP<br />
  • 53. Online Reputation<br />?<br />
  • 54. Raise Your Stock<br />
  • 55. Online Reputation Management<br />
  • 56. Prevention<br />Beware what you post<br />Control access<br />
  • 57. Google Alerts<br />Create query of choice<br />Be specific<br />site:utk.edu“Studham”<br />site:utk.edufiletype:xlsssn<br />site:tennessee.edufiletype:ppt OR filetype:pdf<br />
  • 58. “By trying we can easily endure adversity. Another man&apos;s, I mean.”<br />-- Mark Twain<br />Protecting Yourself<br />
  • 59. Five Good Practices<br />Don’t click email links.<br />Use strong passwords.<br />Use protection software.<br />Manage your online reputation<br />Keep your software updated.<br />
  • 60. Don’t Click Email Links<br />Copy & paste<br />Type it manually<br />
  • 61. BAD Passwords <br />Dictionary words & combos (BadIdea)<br />Family members or pets<br />Sports teams (GoVols!)<br />Nicknames (princess)<br />Word or username reversals (terces)<br />Sequential (aaaaaaaa or hijklmnop)<br />Letter replacement (P@$$w0rd)<br />Any password mentioned in this presentation!<br />Hackers guess easy passwords!<br />
  • 62. Strong Passwords<br />Think passphrases<br />Upper and lowercase letters<br />Punctuation & numbers<br />At least eight characters<br />Should appear random<br />Easy for you to remember<br />Phrase acronyms: Y(t@Bbic!<br />
  • 63. Use protection software<br />Anti-Spyware<br />Anti-Virus<br />Microsoft SecurityEssentials (FREE!)<br />Firewall (built in!)<br /> Keep this software updated!<br />
  • 64. Be Careful what Info you Provide<br />Join top Social Networks<br />Minimal placeholder<br />Setup privacy controls<br />Monitor mentions<br />Early warnings<br />Watch out for mentions of yourself<br />Don’t overreact: squeaky wheel, etc.<br />Internet can be a good or bad advertisement … especially if its funny<br />
  • 65. Keep software updated!<br />Software updates<br />Microsoft Update<br />OS & Applications<br />Office (Outlook!), etc.<br />Other software packages<br />Acrobat and Flash <br />Virus & Spyware definitions<br />
  • 66. If you do nothing else …<br />Don’t click email links<br />Use strong passwords<br />Use protection software<br />Be careful what you post.<br />Keep software updated!<br />… but remember that’s not all.<br />
  • 67. Review<br />CyberSecurity<br />What do hackers want?<br />Social Engineering<br />Privacy: Reputation Management<br />How can you protect yourself?<br />
  • 68. Thank you!<br />Most slides were stolen from<br />Office of Information Technology<br />Information Security Office<br />Questions?<br />

×