SlideShare a Scribd company logo

Jakarta Security Awareness Sharing

•Download as PPTX, PDF•
•
B
BangHendroz1

SECURITY AWARENESS

Leadership & Management
1 of 28
Jakarta, Indonesia Security Awareness Sharing Session Digit Oktavianto @digitoktav https://threathunting.id https://blueteam.id/
Jakarta, Indonesia https://blueteam.id/ Who Am I  Infosec Consulting Manager Pada Mitra Integrasi Informatika  Salah satu pendiri BlueTeam.ID (https://blueteam.id)  Born to be Blue Team  Pemimpin Komunistas @ Cyber Defense Community Indonesia  Anggota dari Indonesia Honeynet Project  Opreker dan Researcher  {GCIH | GMON | GCFE | GICSP | CEH | CSA | ECSA | ECIH | CHFI | CTIA | ECSS} Certifications Holder
Jakarta, Indonesia Trend Era (Cyber) Criminal As A Service Over the past few decades the digital underground has evolved and matured from a few small groups hacking and phreaking for fun and prestige, to a thriving criminal industry that costs global economies an estimated USD 300+ billion per year1. Naturally, we strongly advise against any such actions. What we want is to show you: • how attackers are changing the game by using automation to make more money • how you’re already in the crosshairs • and how you can improve your protection (and avoid becoming a victim).  1http://www.mcafee.com/nl/resources/reports/rp-economic-impact- cybercrime.pdf
Jakarta, Indonesia Money Involved in Cyber Criminal Activity
Jakarta, Indonesia Underground Criminal Services
Jakarta, Indonesia Data Breach & Compromise in Indonesia https://blueteam.id/
Jakarta, Indonesia 'The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. My access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.' Kevin Mitnick - an American computer security consultant, author and hacker, best known for his high-profile 1995 arrest and later five years in prison for various computer and communications-related crimes
Jakarta, Indonesia 'The Coming Third Wave of Internet Attacks: - The first wave of attacks targeted the physical electronics. - The second wave - syntactic attacks - targets the network's operating logic. - The third wave of attacks - semantic attacks - will target data and it's meaning. This includes fake press releases, false rumors, manipulated databases. Semantic attacks are much harder to defend against because they target meaning rather than software flaws. They play on security flaws in people, not in systems.' Bruce Schneier - an American cryptographer, computer security professional, privacy specialist and writer.
Jakarta, Indonesia So ….. ?
Jakarta, Indonesia How to Improve Your Protection… And Catch The Bad Guy Prepare Your Battle Ground : • Security Awareness for All Employee • Preparing Data Protection Capability in Your Organization
Jakarta, Indonesia Awareness... To focus attention on security National Institute for Standards and Technology
Jakarta, Indonesia Phishing • Deceptive emails to get users to click on malicious links • Enter sensitive information • Install Malicious Software • Download Documents • Look identical to legitimate emails • Your Bank • PayPal • Government • Variants • Vishing – same concept but with voice • User instructed to call into system • Text messages and postal mail
Jakarta, Indonesia Email phishing
Jakarta, Indonesia Demo - Email phishing
Jakarta, Indonesia Demo - Email phishing
Jakarta, Indonesia Passwords • Authentication is the first line of defense against bad guys • Logins and passwords authenticate you to the system you wish to access • Never share your password with others! • If someone using your login credentials does something illegal or inappropriate, you will be held responsible • The stronger the password, the less likely it will be cracked Cracking: Using computers to guess the password through “brute-force” methods or by going through entire dictionary lists to guess the password • Strong passwords should be: • A minimum of 8 characters in length • Include numbers, symbols, upper and lowercase letters (!,1,a,B) • Not include personal information, such as your name, previously used passwords, anniversary dates, pet names, or credit-union related words
Jakarta, Indonesia Social Engineering • People are often the weakest links • All the technical controls in the world are worthless if you share your password or hold the door open • Attempts to gain • Confidential information or credentials • Access to sensitive areas or equipment • Can take many forms • In person • Email • Phone • Postal Mail
Jakarta, Indonesia Remote Social Engineering • Often takes place over the phone • Attempts to gain information that may help stage further attacks • May pose as technical support, telephone company, or a vendor • Usually requests sensitive information • Login credentials or account information • Employee names and methods of contact • Information about computer systems • If you are unsure, or something seems suspicious, always verify by calling the official number listed in phone directory! • Ask for name, company, callback number, and issue inquired about • Inform the caller you will call back
Jakarta, Indonesia Face-to-Face Social Engineering • Social engineering can become very complex • Custom costuming, props, equipment, vehicles, signage, and logos • Elaborate ruses and back-stories • Involves in-depth planning • Knowledge of personnel, internal procedures • Can be prefaced by dumpster diving, remote information gathering, by phone (pretext calling) • Knowledge of locations and hours of operation • May precede digital attacks or breaches • Low-tech method, High-reward approach • Uses the traditional approach to theft • Social engineers seek information: restricted systems, backup tapes, confidential documents, etc…
Jakarta, Indonesia Social Engineering: Protect Yourself • Verify the visit with management • Make sure the visit has been scheduled and approved • Always request identification and credentials • Require a valid, government-issued form of identification • Closely monitor and observe visitors and vendors • Never leave visitors alone in sensitive areas • Visitors should be escorted AT ALL TIMES • Closely observe their activities • Never trust suspicious emails • If an email seems out of the ordinary, has an incorrect signature, or just seems out of character, pick up the phone and verify! • If the visit cannot be verified, the visitor should not be granted access – period!
Jakarta, Indonesia Wireless • Common Attacks • WEP Cracking • Sniffing • Fake Access Points • Beware of the WiFi Pineapple! • Best Practices • WPA/WPA2 • VPN
Jakarta, Indonesia Fake USB Flash Drive • Common Attacks • Bad USB (USB HID) -> USB Rubber Duck • USB Killer (37 USD in Aliexpress) • Best Practices • Always Lock Screen Your Laptop • Never Plug In Untrusted USB Device • Disable Autorun USB Drive
Jakarta, Indonesia Physical Threats: Protect Yourself • Never share your keys, passwords, or access tokens with others. This includes co-workers or other employees! • Never prop the door open or allow strangers inside the building • Ask them if they would politely check in with the front desk, then escort the visitor • Destroy all confidential paper data • Place in provided shred bins for disposal • Shred it yourself if you have access to a personal shredder • Cross-cut only – Straight-cut is easy to re-assemble • Secure all confidential information when you are not around • Lock information in filing cabinets • Clean desk policy • Always lock your workstation when you step away • This prevents others from accessing your resources
Jakarta, Indonesia One Man’s Trash… • Dumpster diving is the act of sorting through garbage to find documents and information that has been improperly discarded • Customer information • Internal records • Applications • Some things we’ve found: • Credit cards • Technical documentation • Backup tapes • Loan applications • Floor plans/schematics • Copies of identification • Lots of banana peels and coffee cups
Jakarta, Indonesia Your Workstation • Access to a personal computer allows you to complete work more efficiently • Email • Word processing software • Online resources • Someone with access to your workstation now has access to your resources: • Databases • Customer records • Personal data • Email • Lock your workstation when you leave – even if you will be gone briefly! • Critical Data can be stolen in a matter of seconds Windows Key + L lock your computer This will prevent somebody from “volunteering” you for the lunch tab tomorrow!
Jakarta, Indonesia Security Tips
Jakarta, Indonesia Thank you
Jakarta, Indonesia THANK YOU Q & A https://blueteam.id/

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptShivaniSingha1
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcareNicholas Davis
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Cyber_Crime_Security.pptx
Cyber_Crime_Security.pptxCyber_Crime_Security.pptx
Cyber_Crime_Security.pptxbcanawakadalcollege
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringMuhanned Alaqili
 

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptShivaniSingha1
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcareNicholas Davis
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Cyber_Crime_Security.pptx
Cyber_Crime_Security.pptxCyber_Crime_Security.pptx
Cyber_Crime_Security.pptxbcanawakadalcollege
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringMuhanned Alaqili
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfVarinder K
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Abzetdin Adamov
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Cyber security
Cyber securityCyber security
Cyber securityPawanKalyanAmbati
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4gpioa
 
Hacking
HackingHacking
HackingRanjan Som
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Online ethics
Online ethicsOnline ethics
Online ethicsMohammad Syukran Kamal Ruzzaman
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, MumbaiPooja Nehwal
 
Risk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptxRisk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptxSaujanya Jung Pandey
 

More Related Content

Similar to Jakarta Security Awareness Sharing

CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfVarinder K
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Abzetdin Adamov
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4gpioa
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 

Similar to Jakarta Security Awareness Sharing (20)

CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4
 
Hacking
HackingHacking
Hacking
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Online ethics
Online ethicsOnline ethics
Online ethics
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 

Recently uploaded

{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, MumbaiPooja Nehwal
 
Risk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptxRisk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptxSaujanya Jung Pandey
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girladitipandeya
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
Training Methods and Training Objectives
Training Methods and Training ObjectivesTraining Methods and Training Objectives
Training Methods and Training Objectivesmintusiprd
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyHafizMuhammadAbdulla5
 
LPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System PresentationLPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System Presentationthomas851723
 
LPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering PresentationLPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering Presentationthomas851723
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentationcraig524401
 

Recently uploaded (20)

{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
 
Risk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptxRisk management in surgery (bailey and love).pptx
Risk management in surgery (bailey and love).pptx
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
Training Methods and Training Objectives
Training Methods and Training ObjectivesTraining Methods and Training Objectives
Training Methods and Training Objectives
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biography
 
LPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System PresentationLPC User Requirements for Automated Storage System Presentation
LPC User Requirements for Automated Storage System Presentation
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
LPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering PresentationLPC Facility Design And Re-engineering Presentation
LPC Facility Design And Re-engineering Presentation
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentation
 

Jakarta Security Awareness Sharing

  • 1. Jakarta, Indonesia Security Awareness Sharing Session Digit Oktavianto @digitoktav https://threathunting.id https://blueteam.id/
  • 2. Jakarta, Indonesia https://blueteam.id/ Who Am I  Infosec Consulting Manager Pada Mitra Integrasi Informatika  Salah satu pendiri BlueTeam.ID (https://blueteam.id)  Born to be Blue Team  Pemimpin Komunistas @ Cyber Defense Community Indonesia  Anggota dari Indonesia Honeynet Project  Opreker dan Researcher  {GCIH | GMON | GCFE | GICSP | CEH | CSA | ECSA | ECIH | CHFI | CTIA | ECSS} Certifications Holder
  • 3. Jakarta, Indonesia Trend Era (Cyber) Criminal As A Service Over the past few decades the digital underground has evolved and matured from a few small groups hacking and phreaking for fun and prestige, to a thriving criminal industry that costs global economies an estimated USD 300+ billion per year1. Naturally, we strongly advise against any such actions. What we want is to show you: • how attackers are changing the game by using automation to make more money • how you’re already in the crosshairs • and how you can improve your protection (and avoid becoming a victim).  1http://www.mcafee.com/nl/resources/reports/rp-economic-impact- cybercrime.pdf
  • 4. Jakarta, Indonesia Money Involved in Cyber Criminal Activity
  • 6. Jakarta, Indonesia Data Breach & Compromise in Indonesia https://blueteam.id/
  • 7. Jakarta, Indonesia 'The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. My access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.' Kevin Mitnick - an American computer security consultant, author and hacker, best known for his high-profile 1995 arrest and later five years in prison for various computer and communications-related crimes
  • 8. Jakarta, Indonesia 'The Coming Third Wave of Internet Attacks: - The first wave of attacks targeted the physical electronics. - The second wave - syntactic attacks - targets the network's operating logic. - The third wave of attacks - semantic attacks - will target data and it's meaning. This includes fake press releases, false rumors, manipulated databases. Semantic attacks are much harder to defend against because they target meaning rather than software flaws. They play on security flaws in people, not in systems.' Bruce Schneier - an American cryptographer, computer security professional, privacy specialist and writer.
  • 10. Jakarta, Indonesia How to Improve Your Protection… And Catch The Bad Guy Prepare Your Battle Ground : • Security Awareness for All Employee • Preparing Data Protection Capability in Your Organization
  • 11. Jakarta, Indonesia Awareness... To focus attention on security National Institute for Standards and Technology
  • 12. Jakarta, Indonesia Phishing • Deceptive emails to get users to click on malicious links • Enter sensitive information • Install Malicious Software • Download Documents • Look identical to legitimate emails • Your Bank • PayPal • Government • Variants • Vishing – same concept but with voice • User instructed to call into system • Text messages and postal mail
  • 14. Jakarta, Indonesia Demo - Email phishing
  • 15. Jakarta, Indonesia Demo - Email phishing
  • 16. Jakarta, Indonesia Passwords • Authentication is the first line of defense against bad guys • Logins and passwords authenticate you to the system you wish to access • Never share your password with others! • If someone using your login credentials does something illegal or inappropriate, you will be held responsible • The stronger the password, the less likely it will be cracked Cracking: Using computers to guess the password through “brute-force” methods or by going through entire dictionary lists to guess the password • Strong passwords should be: • A minimum of 8 characters in length • Include numbers, symbols, upper and lowercase letters (!,1,a,B) • Not include personal information, such as your name, previously used passwords, anniversary dates, pet names, or credit-union related words
  • 17. Jakarta, Indonesia Social Engineering • People are often the weakest links • All the technical controls in the world are worthless if you share your password or hold the door open • Attempts to gain • Confidential information or credentials • Access to sensitive areas or equipment • Can take many forms • In person • Email • Phone • Postal Mail
  • 18. Jakarta, Indonesia Remote Social Engineering • Often takes place over the phone • Attempts to gain information that may help stage further attacks • May pose as technical support, telephone company, or a vendor • Usually requests sensitive information • Login credentials or account information • Employee names and methods of contact • Information about computer systems • If you are unsure, or something seems suspicious, always verify by calling the official number listed in phone directory! • Ask for name, company, callback number, and issue inquired about • Inform the caller you will call back
  • 19. Jakarta, Indonesia Face-to-Face Social Engineering • Social engineering can become very complex • Custom costuming, props, equipment, vehicles, signage, and logos • Elaborate ruses and back-stories • Involves in-depth planning • Knowledge of personnel, internal procedures • Can be prefaced by dumpster diving, remote information gathering, by phone (pretext calling) • Knowledge of locations and hours of operation • May precede digital attacks or breaches • Low-tech method, High-reward approach • Uses the traditional approach to theft • Social engineers seek information: restricted systems, backup tapes, confidential documents, etc…
  • 20. Jakarta, Indonesia Social Engineering: Protect Yourself • Verify the visit with management • Make sure the visit has been scheduled and approved • Always request identification and credentials • Require a valid, government-issued form of identification • Closely monitor and observe visitors and vendors • Never leave visitors alone in sensitive areas • Visitors should be escorted AT ALL TIMES • Closely observe their activities • Never trust suspicious emails • If an email seems out of the ordinary, has an incorrect signature, or just seems out of character, pick up the phone and verify! • If the visit cannot be verified, the visitor should not be granted access – period!
  • 21. Jakarta, Indonesia Wireless • Common Attacks • WEP Cracking • Sniffing • Fake Access Points • Beware of the WiFi Pineapple! • Best Practices • WPA/WPA2 • VPN
  • 22. Jakarta, Indonesia Fake USB Flash Drive • Common Attacks • Bad USB (USB HID) -> USB Rubber Duck • USB Killer (37 USD in Aliexpress) • Best Practices • Always Lock Screen Your Laptop • Never Plug In Untrusted USB Device • Disable Autorun USB Drive
  • 23. Jakarta, Indonesia Physical Threats: Protect Yourself • Never share your keys, passwords, or access tokens with others. This includes co-workers or other employees! • Never prop the door open or allow strangers inside the building • Ask them if they would politely check in with the front desk, then escort the visitor • Destroy all confidential paper data • Place in provided shred bins for disposal • Shred it yourself if you have access to a personal shredder • Cross-cut only – Straight-cut is easy to re-assemble • Secure all confidential information when you are not around • Lock information in filing cabinets • Clean desk policy • Always lock your workstation when you step away • This prevents others from accessing your resources
  • 24. Jakarta, Indonesia One Man’s Trash… • Dumpster diving is the act of sorting through garbage to find documents and information that has been improperly discarded • Customer information • Internal records • Applications • Some things we’ve found: • Credit cards • Technical documentation • Backup tapes • Loan applications • Floor plans/schematics • Copies of identification • Lots of banana peels and coffee cups
  • 25. Jakarta, Indonesia Your Workstation • Access to a personal computer allows you to complete work more efficiently • Email • Word processing software • Online resources • Someone with access to your workstation now has access to your resources: • Databases • Customer records • Personal data • Email • Lock your workstation when you leave – even if you will be gone briefly! • Critical Data can be stolen in a matter of seconds Windows Key + L lock your computer This will prevent somebody from “volunteering” you for the lunch tab tomorrow!
  • 28. Jakarta, Indonesia THANK YOU Q & A https://blueteam.id/