SlideShare a Scribd company logo

What is Network Security and Why is it Needed?

Download as PPTX, PDF
L
lorzinian

This presentation explains basics about What is Network Security, and Why it is Needed? There are two case studies - Heartbleed and Wannacry.

Technology
1 of 22
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 1 NETWORK SECURITY – WHAT IS IT AND WHY DO WE NEED IT? Aug 8 2017, NSRTNA ’17, NGM College, Pollachi
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 2 WHAT IS COMPUTER SECURITY? • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, and availability
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 3 Identification and assurance of the origin of information. AUTHENTICITY Concealment of information or resources. CONFIDENTIALITY Ability to use the information or resource desired. Trustworthiness of data or resources in terms of preventing improper and unauthorized changes. AVAILABILITYINTEGRITY BASIC COMPONENTS OF SECURITY
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 4 SECURITY THREATS AND ATTACKS A threat is a potential violation of security. Flaws in design, implementation, and operation. Threat • An attack is any action that violates security. • An attack has an implicit concept of “intent” • Router mis-configuration or server crash can also cause loss of availability, but they are not attacks • Attacks can be on • Confidentiality • Integrity • Availability • Authenticity Attack
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 5 THE DIFFERENT ATTACKS EXPLAINED • Well-known example in network security world • Bob and Alice want to communicate “securely” • Trudy (intruder) may intercept, delete, add messages SECURE SENDER SECURE RECEIVER ALICE BOB TRUDY DATA CHANNEL DATA
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 6 ATTACK ON CONFIDENTIALITY • Unauthorized access to information • Packet sniffers and wire-tappers • Illicit copying of files and programs Eavesdropping (Message Interception) A B Eavesdropper (Passive)
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 7 ATTACK ON INTEGRITY • Stop the flow of the message • Delay and optionally modify the message • Release the message again Tampering with Messages A B Perpetrator
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 8 ATTACK ON AUTHENTICITY • Unauthorized assumption of other’s identity • Generate and distribute objects under this identity Identity Theft / Fabrication A B Masquerader: From A
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 9 ATTACK ON AVAILABILITY • Destroy hardware (cutting fiber) or software • Modify software in a subtle way (alias commands) • Corrupt packets in transit • Blatant denial of service (DoS): • Crashing the server • Overwhelm the server (use up its resource) Identity Theft / Fabrication A B DDoS
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 10 WHAT IS COMPUTER SECURITY? • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, and availability
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 11 “Cyber theft is the fastest growing crime in the United States by far” US President Donald Trump Ginni Rometty, Chairman, CEO and President, IBM “Cyber crime is the greatest threat to every company in the world.” WHY NETWORK SECURITY?
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 12 ALARMING NETWORK SECURITY STATISTICS 95 percent of breached records came from three industries in 2016: Government, Retail, and Technology In 2016, the most effective bank robbers were armed with computers, not guns; billions of dollars were stolen in virtual attacks. In Q3 2016 alone, 18 million new malware samples were captured. Global ransomware damage costs are predicted to exceed $5 billion in 2017
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 13 ALARMING NETWORK SECURITY STATISTICS Cyber crime damage costs to hit $6 trillion annually by 2021 More than 4,000 ransomware attacks have occurred every day since the beginning of 2016. Human attack surface to reach 4 billion people by 2020. Business Email Compromise (BEC) scams targeted over 400 businesses every day, draining $3 billion over the last three years.
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 14 CASE STUDY: HEARTBLEED 2014 Discovered Vulnerability: CVE-2014-0160 • What: Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. • Cause: This is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services. • What was leaked: All content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. • Impact: Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixed the bug. • In 2011, almost 66% of the Internet used the OpenSSL library to implement SSL, implying that 66% of the world’s websites were vulnerable.
CASE STUDY: HEARTBLEED 2014 Discovered Vulnerability: CVE-2014-0160
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 16 CASE STUDY: WANNACRY 2017 Ransomware: CVE-2017-0144 • What: Targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. • Cause: WannaCry propagated using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. • How It worked: The payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within 3 days, or $600 within 7 days. Three hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. • Impact: As of 14 June 2017, a total of 327 payments totaling $130,634.77 (51.62396539 XBT) had been transferred. • Around 200,000 computers were infected across 150 countries. The four most affected countries were Russia, Ukraine, India and Taiwan.
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 17 CASE STUDY: WANNACRY 2017 Ransomware: CVE-2017-0144
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 18 WANNACRY: FEW IMPACTED ORGANIZATIONS Ransomware: CVE-2017-0144 • Andhra Pradesh Police, India • Aristotle University of Thessaloniki, Greece • Automobile Dacia, Romania • Cambrian College, Canada • Chinese public security bureau • CJ CGV • Dalian Maritime University • Deutsche Bahn • Dharmais Hospital, Indonesia • Faculty Hospital, Nitra, Slovakia • FedEx • Telenor Hungary, Hungary • Telkom (South Africa) • Timrå Municipality, Sweden • Universitas Jember, Indonesia • University of Milano-Bicocca, Italy • University of Montreal, Canada • Vivo, Brazil • Sun Yat-sen University, China • Petrobrás • PetroChina • Portugal Telecom • Q-Park • Renault • Russian Railways • Sandvik • São Paulo Court of Justice • Saudi Telecom Company • Sberbank • Shandong University • State Governments of India • Government of Gujarat • Government of Kerala • Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Telefónica • O2, Germany • Garena Blade and Soul • Guilin University Of Aerospace Technology • Guilin University Of Electronic Technology • Harapan Kita Hospital, Indonesia • Hezhou University • Hitachi • Honda • Instituto Nacional de Salud, Colombia • Lakeridge Health • LAKS • LATAM Airlines Group • MegaFon • Ministry of Internal Affairs of the Russian Federation • Ministry of Foreign Affairs (Romania) • National Health Service (England) • NHS Scotland • Nissan Motor Manufacturing UK
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 19 Security Experts in each organization as well as academicians constantly research OSS to find vulnerabilities and exposures. Once a vulnerability is discovered, it is reported to the developer, usually discreetly, so that they can develop a fix for it. The Software Owner develops the fix, and after multiple rounds of testing, publish the fix in subsequent releases as well as patches for older releases RESEARCH DISCOVERY FIX DEVELOPMENT Security notification is published to CVE(Common Vulnerabilities and Exposures) https://cve.mitre.org NOTIFICATION LIFECYCLE OF A SECURITY VULNERABILITY Seeing the security bulletin, software users install required updates to fix the vulnerability. PATCH INSTALLATION
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 20 • Use complex passwords. According to stats, 55% people use unsecure passwords. Don’t be one of them! • Change passwords frequently. • Never reuse passwords. One site gets hacked and leaked, your password might be used in other sites. • Use password managing programs like Dashlane, to generate secure passwords. PASSWORDS • Do not click on unauthentic links in emails. It could be a phishing or malware attack. • Do not use pirated software. 72% attacks are due to exploits exposed by Cracks and Keygens. • Software updates(including your phone updates) are not Boring! Always keep your software up to date, as they keep fixing vulnerabilities. • Backup data at least once in 15 days. Don’t yield to Ransomware. SOFTWARE/EMAIL USAGE SECURITY STARTS WITH YOU! Little things you can do to improve security!
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 21 QUESTIONS?
www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 22 LET’S BUILD A SECURE WORLD TOGETHER! KEEP IN TOUCH! ash.sjc@gmail.com https://in.linkedin.com/in/ashokhashtag/ THANK YOU!

Recommended

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Bangladesh Network Operators Group
 
Ransomware
RansomwareRansomware
RansomwareDevAkabari
 
Web security 2012
Web security 2012Web security 2012
Web security 2012Mohamed Elabnody
 

Recommended

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Bangladesh Network Operators Group
 
Ransomware
RansomwareRansomware
RansomwareDevAkabari
 
Web security 2012
Web security 2012Web security 2012
Web security 2012Mohamed Elabnody
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
WEB SECURITY
WEB SECURITYWEB SECURITY
WEB SECURITYMDERAMTALUKDER
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Web Security
Web SecurityWeb Security
Web SecurityGerald Villorente
 
Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Cyberterrorismv1
Cyberterrorismv1Cyberterrorismv1
Cyberterrorismv1100688767-barrett
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Bangladesh Network Operators Group
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Cyber security meetup from Nepal
Cyber security meetup from NepalCyber security meetup from Nepal
Cyber security meetup from NepalChiranjibi Adhikari
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyStefano Maccaglia
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeLeonardo
 

More Related Content

What's hot

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Cyber security meetup from Nepal
Cyber security meetup from NepalCyber security meetup from Nepal
Cyber security meetup from NepalChiranjibi Adhikari
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyStefano Maccaglia
 

What's hot (20)

Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
WEB SECURITY
WEB SECURITYWEB SECURITY
WEB SECURITY
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
Web Security
Web SecurityWeb Security
Web Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Cyberterrorismv1
Cyberterrorismv1Cyberterrorismv1
Cyberterrorismv1
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Cyber security meetup from Nepal
Cyber security meetup from NepalCyber security meetup from Nepal
Cyber security meetup from Nepal
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed Monkey
 

Similar to What is Network Security and Why is it Needed?

Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeLeonardo
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
Application security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust modelApplication security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust modelLINE Corporation
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks TrendsCharles Mok
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainInternet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainDuncan Purves
 

Similar to What is Network Security and Why is it Needed? (20)

Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and Cybercrime
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Application security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust modelApplication security as crucial to the modern distributed trust model
Application security as crucial to the modern distributed trust model
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Cyber security
Cyber securityCyber security
Cyber security
 
TOPIC7.pptx
TOPIC7.pptxTOPIC7.pptx
TOPIC7.pptx
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network security
Network securityNetwork security
Network security
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainInternet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chain
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

What is Network Security and Why is it Needed?

  • 1. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 1 NETWORK SECURITY – WHAT IS IT AND WHY DO WE NEED IT? Aug 8 2017, NSRTNA ’17, NGM College, Pollachi
  • 2. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 2 WHAT IS COMPUTER SECURITY? • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, and availability
  • 3. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 3 Identification and assurance of the origin of information. AUTHENTICITY Concealment of information or resources. CONFIDENTIALITY Ability to use the information or resource desired. Trustworthiness of data or resources in terms of preventing improper and unauthorized changes. AVAILABILITYINTEGRITY BASIC COMPONENTS OF SECURITY
  • 4. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 4 SECURITY THREATS AND ATTACKS A threat is a potential violation of security. Flaws in design, implementation, and operation. Threat • An attack is any action that violates security. • An attack has an implicit concept of “intent” • Router mis-configuration or server crash can also cause loss of availability, but they are not attacks • Attacks can be on • Confidentiality • Integrity • Availability • Authenticity Attack
  • 5. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 5 THE DIFFERENT ATTACKS EXPLAINED • Well-known example in network security world • Bob and Alice want to communicate “securely” • Trudy (intruder) may intercept, delete, add messages SECURE SENDER SECURE RECEIVER ALICE BOB TRUDY DATA CHANNEL DATA
  • 6. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 6 ATTACK ON CONFIDENTIALITY • Unauthorized access to information • Packet sniffers and wire-tappers • Illicit copying of files and programs Eavesdropping (Message Interception) A B Eavesdropper (Passive)
  • 7. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 7 ATTACK ON INTEGRITY • Stop the flow of the message • Delay and optionally modify the message • Release the message again Tampering with Messages A B Perpetrator
  • 8. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 8 ATTACK ON AUTHENTICITY • Unauthorized assumption of other’s identity • Generate and distribute objects under this identity Identity Theft / Fabrication A B Masquerader: From A
  • 9. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 9 ATTACK ON AVAILABILITY • Destroy hardware (cutting fiber) or software • Modify software in a subtle way (alias commands) • Corrupt packets in transit • Blatant denial of service (DoS): • Crashing the server • Overwhelm the server (use up its resource) Identity Theft / Fabrication A B DDoS
  • 10. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 10 WHAT IS COMPUTER SECURITY? • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, and availability
  • 11. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 11 “Cyber theft is the fastest growing crime in the United States by far” US President Donald Trump Ginni Rometty, Chairman, CEO and President, IBM “Cyber crime is the greatest threat to every company in the world.” WHY NETWORK SECURITY?
  • 12. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 12 ALARMING NETWORK SECURITY STATISTICS 95 percent of breached records came from three industries in 2016: Government, Retail, and Technology In 2016, the most effective bank robbers were armed with computers, not guns; billions of dollars were stolen in virtual attacks. In Q3 2016 alone, 18 million new malware samples were captured. Global ransomware damage costs are predicted to exceed $5 billion in 2017
  • 13. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 13 ALARMING NETWORK SECURITY STATISTICS Cyber crime damage costs to hit $6 trillion annually by 2021 More than 4,000 ransomware attacks have occurred every day since the beginning of 2016. Human attack surface to reach 4 billion people by 2020. Business Email Compromise (BEC) scams targeted over 400 businesses every day, draining $3 billion over the last three years.
  • 14. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 14 CASE STUDY: HEARTBLEED 2014 Discovered Vulnerability: CVE-2014-0160 • What: Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. • Cause: This is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services. • What was leaked: All content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. • Impact: Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixed the bug. • In 2011, almost 66% of the Internet used the OpenSSL library to implement SSL, implying that 66% of the world’s websites were vulnerable.
  • 15. CASE STUDY: HEARTBLEED 2014 Discovered Vulnerability: CVE-2014-0160
  • 16. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 16 CASE STUDY: WANNACRY 2017 Ransomware: CVE-2017-0144 • What: Targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. • Cause: WannaCry propagated using EternalBlue, an exploit of Windows' Server Message Block (SMB) protocol. U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft. • How It worked: The payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within 3 days, or $600 within 7 days. Three hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. • Impact: As of 14 June 2017, a total of 327 payments totaling $130,634.77 (51.62396539 XBT) had been transferred. • Around 200,000 computers were infected across 150 countries. The four most affected countries were Russia, Ukraine, India and Taiwan.
  • 17. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 17 CASE STUDY: WANNACRY 2017 Ransomware: CVE-2017-0144
  • 18. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 18 WANNACRY: FEW IMPACTED ORGANIZATIONS Ransomware: CVE-2017-0144 • Andhra Pradesh Police, India • Aristotle University of Thessaloniki, Greece • Automobile Dacia, Romania • Cambrian College, Canada • Chinese public security bureau • CJ CGV • Dalian Maritime University • Deutsche Bahn • Dharmais Hospital, Indonesia • Faculty Hospital, Nitra, Slovakia • FedEx • Telenor Hungary, Hungary • Telkom (South Africa) • Timrå Municipality, Sweden • Universitas Jember, Indonesia • University of Milano-Bicocca, Italy • University of Montreal, Canada • Vivo, Brazil • Sun Yat-sen University, China • Petrobrás • PetroChina • Portugal Telecom • Q-Park • Renault • Russian Railways • Sandvik • São Paulo Court of Justice • Saudi Telecom Company • Sberbank • Shandong University • State Governments of India • Government of Gujarat • Government of Kerala • Government of Maharashtra • Government of West Bengal • Suzhou Vehicle Administration • Telefónica • O2, Germany • Garena Blade and Soul • Guilin University Of Aerospace Technology • Guilin University Of Electronic Technology • Harapan Kita Hospital, Indonesia • Hezhou University • Hitachi • Honda • Instituto Nacional de Salud, Colombia • Lakeridge Health • LAKS • LATAM Airlines Group • MegaFon • Ministry of Internal Affairs of the Russian Federation • Ministry of Foreign Affairs (Romania) • National Health Service (England) • NHS Scotland • Nissan Motor Manufacturing UK
  • 19. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 19 Security Experts in each organization as well as academicians constantly research OSS to find vulnerabilities and exposures. Once a vulnerability is discovered, it is reported to the developer, usually discreetly, so that they can develop a fix for it. The Software Owner develops the fix, and after multiple rounds of testing, publish the fix in subsequent releases as well as patches for older releases RESEARCH DISCOVERY FIX DEVELOPMENT Security notification is published to CVE(Common Vulnerabilities and Exposures) https://cve.mitre.org NOTIFICATION LIFECYCLE OF A SECURITY VULNERABILITY Seeing the security bulletin, software users install required updates to fix the vulnerability. PATCH INSTALLATION
  • 20. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 20 • Use complex passwords. According to stats, 55% people use unsecure passwords. Don’t be one of them! • Change passwords frequently. • Never reuse passwords. One site gets hacked and leaked, your password might be used in other sites. • Use password managing programs like Dashlane, to generate secure passwords. PASSWORDS • Do not click on unauthentic links in emails. It could be a phishing or malware attack. • Do not use pirated software. 72% attacks are due to exploits exposed by Cracks and Keygens. • Software updates(including your phone updates) are not Boring! Always keep your software up to date, as they keep fixing vulnerabilities. • Backup data at least once in 15 days. Don’t yield to Ransomware. SOFTWARE/EMAIL USAGE SECURITY STARTS WITH YOU! Little things you can do to improve security!
  • 21. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 21 QUESTIONS?
  • 22. www.hashtagtechnologies.com © 2017 HashTag Technologies. All Rights Reserved. 22 LET’S BUILD A SECURE WORLD TOGETHER! KEEP IN TOUCH! ash.sjc@gmail.com https://in.linkedin.com/in/ashokhashtag/ THANK YOU!