Online Security, Threats & Countermeasures

1. © 2007 NetSol Technologies, Inc. All rights reserved 1
Session Two
Online Security, Threats &
Countermeasures

2. © 2007 NetSol Technologies, Inc. All rights reserved 2
Online Security, Threats &
Countermeasures
 E-Mails
 Messengers
 Communities
 Maps / GPS

3. 3
Preventing Password
from Hacking

4. © 2007 NetSol Technologies, Inc. All rights reserved 4
Preventing Password from Hacking
Your password should be like your
Toothbrush, how?
 Choose a good password
 Use the password everyday
 Don’t share your password with anyone
 Change your password regularly

5. © 2007 NetSol Technologies, Inc. All rights reserved 5
Preventing Password from Hacking (Cont…)
 Attacks
Brute Force Attacks
Dictionary Attacks
Password Guessing
Scripts
Man-in-the-middle attacks
Social Engineering
Shoulder Surfing / Video Recording
Spy-ware/Key Loggers
Keyboard Interceptor

6. © 2007 NetSol Technologies, Inc. All rights reserved 6
Preventing Password from Hacking
(Cont…)
Controls which should be managed properly:
 Length
 Legibility
 Life
 Last passwords’ history
 Limited attempts
 Lockout duration
 Log of failed attempts
 Limited Login time
 Logon banner
 Last username
 Last successful logon

7. © 2007 NetSol Technologies, Inc. All rights reserved 7
Preventing Password from Hacking
(Cont…)
Password/Pin should include:
 Upper-and lowercase letters
 Numbers (e.g. replace s with 5)
 And special characters (e.g. replace a with @)
 More words or first letter of each word of sentence
Password/Pin should NOT be:
 User Name/mother’s name
 Country / City Name etc.
 Date/year of birth
 Digits of Phone No.
 Dictionary Words
 Saved/Written anywhere
Should be different for different accounts

8. © 2007 NetSol Technologies, Inc. All rights reserved 8
Preventing Password from Hacking
(Cont…)
 Protocols sending password as plain text:
 File Transfer Protocol (FTP)
 Password Authentication Protocol (PAP)
 Sites accepting password as plain text?
 Which don’t offer SSL protocol
 How can we know about SSL protocol?
 Yellow Lock icon on browser
 Hacker Profiling Project (HPP) isecom.org

9. 9
Avoiding Viruses &
Worms

10. © 2007 NetSol Technologies, Inc. All rights reserved 10
Avoiding Viruses & Worms
 Prevention is better than cure
 Vaccination. Vaccine?
E.g. Antivirus program

11. © 2007 NetSol Technologies, Inc. All rights reserved 11
Avoiding Viruses & Worms (Cont...)
 Types of Malicious Code:
 Viruses
 Worms
 Trojan Horses
 Hoaxes
 Logic Bombs
 Malicious Applets
 Trap Doors
 Hidden Code
 DOS Attacks
 Zombies / BotNets

12. © 2007 NetSol Technologies, Inc. All rights reserved 12
Trojan Horse

13. © 2007 NetSol Technologies, Inc. All rights reserved 13
Avoiding Viruses & Worms (Cont...)
Sources of Viruses & Worms
 Removable Medium
 Local Area Networks
 World Wide Web
 Wireless Network
 E-mail
 File Sharing

14. © 2007 NetSol Technologies, Inc. All rights reserved 14
Avoiding Viruses & Worms (Cont...)
Preventive Measures
 Keep removable medium Read-only
 Permissions of shared media
 Lock Hard Disk Boot Sector (from BIOS)
 Admin mode vs. normal user mode
 Software Firewall
 Backup Periodically

15. © 2007 NetSol Technologies, Inc. All rights reserved 15
Avoiding Viruses & Worms (Cont...)
Preventive Measures for Mobile Phones:
 Sure about the consequences of ‘Yes’ btn.
 Destroy unknown MMS messages
 Unknown Bluetooth Connections

16. © 2007 NetSol Technologies, Inc. All rights reserved 16
Source: http://www.antiphishing.org

17. © 2007 NetSol Technologies, Inc. All rights reserved 17
Source: http://www.antiphishing.org

18. © 2007 NetSol Technologies, Inc. All rights reserved 18
Avoiding Viruses & Worms (Cont...)
Preventive Measures for E-mail & WWW
 Spoofed e-mail address
 Unexpected attachments
 .exe, .com, .cmd, .vbs, .js, .scr, .bat, .reg etc.
attachments
 Macros of documents
 “amazon.com/skdjfhskjdfskgf/ws” and
“amazon.com.skdjfhskjdfskgf.ws”
 DNS Poisoning
 Multilingual domain name. MSN.com, ΜSΝ.com

19. © 2007 NetSol Technologies, Inc. All rights reserved 19
Avoiding Viruses & Worms (Cont...)
Multilingual

20. © 2007 NetSol Technologies, Inc. All rights reserved 20

21. © 2007 NetSol Technologies, Inc. All rights reserved 21
Antivirus Types
 Signature based
 Behavior based
 Software based
 Hardware based

22. 22
Protecting Identity

23. © 2007 NetSol Technologies, Inc. All rights reserved 23
Protecting Identity

24. © 2007 NetSol Technologies, Inc. All rights reserved 24
Protecting Identity (Cont…)

25. © 2007 NetSol Technologies, Inc. All rights reserved 25
Protecting Identity (Cont…)

26. © 2007 NetSol Technologies, Inc. All rights reserved 26
Protecting Identity (Cont…)

27. © 2007 NetSol Technologies, Inc. All rights reserved 27
Protecting Identity (Cont…)
 Disclosing your Account/Credit Card (CC)
Info. on e-mail / Phone
 Debit card v. Credit card for E-payment
 Photocopies of Cards
 Use CC Only with “yellow lock” website
 Keep your CC/ATM receipts
 Mother’s maiden name
 Selling your computer/mobile
 Having used computer/mobile

28. © 2007 NetSol Technologies, Inc. All rights reserved 28
Protecting Identity (Cont…)
 CC with photo
 CC Statement Security
 Your Letterbox
 Shred, to avoid dumpster diving
 Warnings/information by the Browser
 Websites of illegal software / cracks etc.
 Cracked / Illegally patched software
 Phishing

29. © 2007 NetSol Technologies, Inc. All rights reserved 29
Guidelines by SBP (7 pages)
Source: http://www.sbp.org.pk/psd/2006/CardHolders_Guide_URDU.pdf

30. © 2007 NetSol Technologies, Inc. All rights reserved 30

31. © 2007 NetSol Technologies, Inc. All rights reserved 31

32. © 2007 NetSol Technologies, Inc. All rights reserved 32

33. © 2007 NetSol Technologies, Inc. All rights reserved 33
Source: http://www.antiphishing.org

34. © 2007 NetSol Technologies, Inc. All rights reserved 34
Source: http://www.antiphishing.org

35. © 2007 NetSol Technologies, Inc. All rights reserved 35
Most Targeted Industry Sectors
Source: http://www.antiphishing.org

36. © 2007 NetSol Technologies, Inc. All rights reserved 36
Protecting Identity (Cont…)
 Aprox.10 million Identity thefts/year in
USA
 19 people/minute
 Becoming no.1 crime after drug trafficking
 Left in cabs of London during 6 months:
4973 Laptops
5939 Pocket PCs.
63135 Mobile phonesSource: East California University, www.ecu.edu

37. © 2007 NetSol Technologies, Inc. All rights reserved 37
Protecting Identity (Cont…)
Technical Countermeasures:
 Encryption
 Digital certificate, Pvt. Pub. Key pair
 Authenticity of Identity
 Digital Signature
 Secure Private Key
 Two factor authentication
 Secure Socket Layer (SSL)

38. © 2007 NetSol Technologies, Inc. All rights reserved 38

39. © 2007 NetSol Technologies, Inc. All rights reserved 39

40. © 2007 NetSol Technologies, Inc. All rights reserved 40

41. © 2007 NetSol Technologies, Inc. All rights reserved 41
Protecting Identity (Cont…)
Frauds:
 Certificate issued by an un trusted party
 Expired Certificate
 Certificate of someone else’s Site

42. © 2007 NetSol Technologies, Inc. All rights reserved 42

43. © 2007 NetSol Technologies, Inc. All rights reserved 43

44. © 2007 NetSol Technologies, Inc. All rights reserved 44

45. © 2007 NetSol Technologies, Inc. All rights reserved 45
Protecting Identity (Cont…)

46. © 2007 NetSol Technologies, Inc. All rights reserved 46
?

47. © 2007 NetSol Technologies, Inc. All rights reserved 47
Thank
You