This document discusses various cybersecurity threats and issues. It covers hacking of government and private systems, the scope of hacking (devices, networks, etc.), common cyber attacks and their motives, potential results of attacks, and levels of security. It also provides examples of famous viruses and outlines guidelines, measures, and security procedures to help protect against various threats like identity theft, social engineering, mobile device risks, and network attacks. The key message is that security awareness is the first step to improving protection.

1. Dr. Mostafa Elgamala
RHCE-MCSA-CCNA-CCAI-CSCU-PMP-ITIL-IBDL

2. Security importance
 Algerian ministry of defense subjected to 3500 attempt daily.
 Hacking on UAV in south Korea.
 Hacking on Boshahr Nuclear reactor in Iran.
 Electric failure in USA due to cyber attack.
 Thieving of subscriber data of ashley madison, AT&T, T
mobile US.
 Thieving of 55000 username/password from Twitter.
 Nasa hacking.

3. Hacking scope
1- Planted medical devices hacking
2- Automobiles hacking
3- Computer hacking
4- Network devices hacking
5- UAV hacking
6- Industrial devices hacking
…….Any software based device is vulnerable.

4. Cyber attack (online attack)- Why
 On line criminals for money ( i.e bank accounts)
 On line criminals for opinions and protest
(anonymous)
 Governments against its citizens
 For fun

5. Results
 Financial loss (AT&T)
 Identity theft
 Loss of trust
 Data loss/theft (ashley madiso , T mobile)
 Misuse of computer resources.

6. Levels f security
 User security
 Application security
 System security
 Network security
 Physical security

7. System security
 Virus
 Worms(network)
 Backdoor
 Trojans (79% of malware)
 Key logger
 Logic bomb
 Spy ware
 Password cracking (brute force, dictionary attack,
shoulder surfing, social engineering)
 Zombie (bot)

8. Statistics (Sophos & F5)
 250000 virus every day (315000 Kaspersky)
 30,000 hacked site every day
 99 % from people fail to implement the basic security
procedures
 25% of malware is caught by antivirus
 50% of malware designed to bypass security defenses
 82% of security problems from internal

9. Famous viruses
 1986 – Brain – Baset & Amgad Farouk
 1987 – chirstmas tree worm-slowing
 1988 – morris worm – 10% of internet PC 6000-100M$
 1998 – Chernobyl – erase MBR
 2000 – I love you worm –file editing-10% of internet
PC-(5-10 B$)
 2008 – Conficker worm –slowing and steal data-15
million windows servers
 2010 – Stuxnet – scada systems – Boshaar - Iran

10. Guidelines for windows
 Strong password
 Lock the system when not in use
 Apply software patches
 Use windows firewall
 Hide files/folders
 Disable unnecessary services
 Use NTFS
 Implement malware protection

11. Identity theft
 Personal information
 Names
 Addresses
 Birth date
 Telephone number
 Passport number
 Social security number
 Credit card number

12. How attacker steal identity?
 Physical methods:
 Stealing (computer, mobile, wallets)
 Social engineering (people trust)
 Skimming: steal credit no. by special storage.

13.  Internet methods
Phishing : pretend to be financial institution site
or email.
Key loggers: may be by Trojans
Hacking: compromise user O.S , user sniffers, etc.

14. Social Engineering
 Art of convincing people to reveal confidential
information from people
 Human based method:
 Laying
 Eavesdropping
 Shoulder surfing
 Dumpster diving

15.  Computer based method
 Chain letter: free money or gift
 Hoax letter: warning from viruses
 Pop-up window: ask for information
 Fake website: to know your info.

16. Measures
 Complex password
 Disable auto login
 Not post sensitive/personal information
 Be careful clicking links in messages (fake sites)

17. Social networking security
 Cyber bullying: spreading rumors, threating,
harassments.
 Be careful about what is posted on internet
 Ignore the bully
 Document all conversations
 Contact local authorities

18. Mobile devices security
 Mobile malware: conversations listener, wipe-out
info. ,monitor your actions.
 Application vulnerabilities
 Lost or stolen devices

19. Measure procedures
 Patching mobile platforms and applications
 Use power-on authentication
 Backup
 Use mobile phone anti-virus
 Encrypt your data
 Secure Bluetooth

20. Avoid mobile device theft
 Avoid lending mobile phone
 Do not talk while walking/driving
 Do not leave mobile in a car
 Turn off ringer
 Record IMEI (*#06#)
 Use anti-theft s/w to remotely wipe the data &
make the device unusable
 Cancel SIM

21. Network security types
 Network sniffers
 Denial of service (DOS)
 DNS poisoning (DNS spoofing)
 Wireless security
 Man-in-the-middle attack
 Sql injection

22. Encryption
 Plain text
 Cipher text
 Encryption key
 Encryption types (symmetric / asymmetric / hash
function)
 Encryption standard (DES / AES)

23. Security awareness is the first
step for your security

24. Thanks