Drooger, jack cyber security

315 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
315
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Drooger, jack cyber security

  1. 1. Self Defense For Cybersecurity Whats Happening Inside The FirewallJack Drooger – Hagerstown Community College
  2. 2. Buzzword Bingo• Dumpster diving• Script Kiddie• Shoulder surfing• Whaling• Hacking• Vishing• DoS attack
  3. 3. Objectives• Examine how organizations are comprised – scenarios that put assets at risk• Identify traditional fixes for computer security risks that you can’t live without• Vulnerabilities that disrupt the best laid plans of mice and IT men• When in doubt, back it up• Home computing – what’s at risk?
  4. 4. Security Breach Scenarios• Company: RSA Security• Date: March, 2011• Breach: Data theft• Estimated cost: $66 Million
  5. 5. Avenues of Attack• Specific targets – Chosen based on attacker’s motivation – Not reliant on target system’s hardware and software• Targets of opportunity – Systems with hardware or software vulnerable to a specific exploit – Often lacking current security patches
  6. 6. The Steps in an Attack1. Conducting reconnaissance2. Scanning3. Researching vulnerabilities4. Performing the attack5. Creating a backdoor6. Covering tracks
  7. 7. Traditional Fixes for Security Risks• Firewalls• Intrusion Detection/Prevention Systems• Anti-virus Software• Anti-Spyware and Malware Software• Email Scanning• Anti-phishing Protection
  8. 8. Security Breach Scenarios• Company: Stratfor Global Intelligence• Date: December, 2011• Breach: website defacement and data theft
  9. 9. PeopleA Security Problem?
  10. 10. Social Engineering• Technique in which the attacker uses deceptive practices – Convince someone to divulge information they normally would not divulge. – Convince someone to do something they normally wouldn’t do• Why social engineering is successful – People desire to be helpful – People desire to avoid confrontation
  11. 11. The Famous Nigerian Scam
  12. 12. Phishing• Type of social engineering – Attacker masquerades as a trusted entity – Typically sent to a large group of random users via e-mail or instant messenger• Typically used to obtain – Usernames, passwords, credit card numbers, and details of the user’s bank accounts• Preys on users – PayPal, eBay, major banks, and brokerage firms
  13. 13. Phishing Sample - Easy to Spot
  14. 14. Phishing Sample - Camouflaged
  15. 15. Phishing Sample - Revealed
  16. 16. Recognizing Phishing• Analyze any e-mails received asking for personal information carefully• Organizations need to educate their employees – Never send e-mails asking for personal information – Never request passwords• Watch for technical or grammatical errors• Strange URL address
  17. 17. Security Breach Scenarios• Company: Global Payments• Date: April 2012• Breach: Theft of card information• Cost: Visa dropping company as provider
  18. 18. Importance of Passwords• Gateway externally and internally to resources• Major goal of cybercrime is to capture passwords
  19. 19. Use Passwords to Advantage• Choose strong passwords – At least 8 characters long – Mix letters and numbers – Add an uppercase letter – Use non-alpha characters Don’t share• Example 1 your passwords – Bad: flintstone with others!! – Better: Fl1nst0ne=
  20. 20. Use Passwords to Advantage• Example 2  Jack be nimble, Jack be quick  Jack jumped over the candlestick Becomes: Jbn,JbqJjotc• Need to write a password down? – Keep in a secure place – Use password encryption products
  21. 21. Life is Short Back it Up
  22. 22. Protecting Your Home Computer• Common target of cybercriminals• Personal data – Tax records, banking information, and lists of contacts – Family archive of photos, documents, and other sentimental items• Protect your family’s privacy and decrease your odds of a cyberattack
  23. 23. For more information about the Institute andCybersecurity training at HCC, see us online at: www.hagerstowncc.edu/cyber

×