2. Security importance
Algerian ministry of defense subjected to 3500 attempt daily.
Hacking on UAV in south Korea.
Hacking on Boshahr Nuclear reactor in Iran.
Electric failure in USA due to cyber attack.
Thieving of subscriber data of ashley madison, AT&T, T
mobile US.
Thieving of 55000 username/password from Twitter.
Nasa hacking.
4. Cyber attack (online attack)- Why
On line criminals for money ( i.e bank accounts)
On line criminals for opinions and protest
(anonymous)
Governments against its citizens
For fun
5. Levels f security
User security
Application security
System security
Network security
Physical security
6. System security
Virus
Worms(network)
Backdoor
Trojans (79% of malware)
Key logger
Logic bomb
Spy ware
Password cracking (brute force, dictionary attack,
shoulder surfing, social engineering)
Zombie (bot)
7. Statistics (Sophos & F5)
250000 virus every day (315000 Kaspersky)
30,000 hacked site every day
99 % from people fail to implement the basic security
procedures
25% of malware is caught by antivirus
82% of security problems from internal
8. Famous viruses
1986 – Brain – Baset & Amgad Farouk
1988 – morris worm – 10% of internet PC 6000-100M$
1998 – Chernobyl – erase MBR
2000 – I love you worm –file editing-10% of internet
PC-(5-10 B$)
2008 – Conficker worm –slowing and steal data-15
million windows servers
2010 – Stuxnet – scada systems – Boshaar - Iran
9. Guidelines for windows
Strong password
Lock the system when not in use
Apply software patches
Use windows firewall
Hide files/folders
Use NTFS
Implement malware protection
10. Identity theft
Personal information
Names
Addresses
Birth date
Telephone number
Passport number
Social security number
Credit card number
11. How attacker steal identity?
Physical methods:
Stealing (computer, mobile, wallets)
Social engineering (people trust)
Pretexting: info from telephone companies of
financial institutions.
12. Internet methods
Phishing : pretend to be financial institution site
or email.
Key loggers: may be by Trojans
Hacking: compromise user O.S , user sniffers, etc.
13. Social Engineering
Art of convincing people to reveal confidential
information from people
Human based method:
Laying
Eavesdropping
Shoulder surfing
Dumpster diving
14. Computer based method
Chain letter: free money or gift
Hoax letter: warning from viruses
Fake website: to know your info.
15. Measures
Complex password
Disable auto login
Not post sensitive/personal information
Be careful clicking links in messages (fake sites)
16. Mobile devices security
Mobile malware: conversations listener, wipe-out
info. ,monitor your actions.
Application vulnerabilities
Lost or stolen devices
17. Measure procedures
Patching mobile platforms and applications
Use power-on authentication
Backup
Use mobile phone anti-virus
Encrypt your data
Secure Bluetooth
18. Avoid mobile device theft
Avoid lending mobile phone
Do not talk while walking/driving
Turn off ringer
Record IMEI (*#06#)
Use anti-theft S/W to remotely wipe the data &
make the device unusable.
Cancel SIM
19. Network security types
Network sniffers
Denial of service (DoS)
DNS poisoning (DNS spoofing)
Wireless security
Man-in-the-middle attack
Sql injection
20. Encryption
Plain text
Cipher text
Encryption key
Encryption types (symmetric / asymmetric / hash
function)
Encryption standard (DES / AES)