Traning security 2013

:
: 55500777 , Fax . 215523 ,
Email : somvang.phengsavanh@ltc.laotel.com
Last update 13/06/2013

( Internet Threat )


Malware


Virus


Botnet
 Bot
Worm Trojan

Phishing


( Spyware ).


Adware
•Adware software
download
.
• Adware Spyware

hijacker
Browser hijacker
malware
Start page, error page
search page
malware

Identity Theft / Social
Engineering

Indentity
Theft
WEB “myspace”
:
“rnyspace”
Email Address
Social
Network

Hacker
http://www.dek-d.com/board/view/2529707/

SQL Injection
SQL Login
SELECT UserID
FROM User
WHERE UserName = '$userName'
AND Password = '$password'
userName password POST input tag Username Password
SQL Injection Post input tag
WHERE CLAUSE
User name: 1' = OR '1 = 1
Password: 1' = OR '1 = 1
SQL
SELECT UserID
FROM User
WHERE UserName = '1' = OR '1 = 1'
AND Password = '1' = OR '1 = 1'
SQL Injection
hacker
SQL
Input UI
INSERT, UPDATE, DELETE, DROP
form input
post

Ransomware

”
”
http://www.androidgyan.com/th/20
12/10/ransomware-internet-
security-risks.html

( OS )
.

.
(OS).
Windows, MacOS, Linux
,
OS
.
 Last update 13/06/2013

Top 10 of Social Network
1.
Facebook
2. Twitter
3.Google
4.Myspace
5.LinkedIn
6. Orkut
7. Friendster
8. Hi5
9. BeBo
10. NetLog

Top 10 of Anti-VIRUS

Online Anti-VIRUS
https://www.virustotal.com/en/Last update 13/06/2013

The top threats for 2013, as
seen by McAfee
 Mobile threats
Mobile worm infections could go on a shopping spree in 2013 -- once embedded in a
smartphone or tablet after a dodgy download, they'll purchase malicious apps and do
their stealing through near-field communications (NFC) technology, McAfee says. NFC
and other "tap and pay" mechanisms could also make it easier for our phones to become
infiltrated. McAfee suggests that "bump and infect" scenarios will become more common
in order to steal money and that these kinds of malware will be most commonly found in
densely populated areas including airports and malls.
 In addition, mobile malware that prevents your smartphone or tablet from updating
security software is expected to rise.
 Build your own ransomware
McAfee predicts that ransomware "kits" designed around mobile technology will rise, allowing people
without advanced programming skills to be able to more easily attempt to extort money out of the
general public, especially through the Windows PC platform, which saw reported attacks triple in 2012.
Ransomware differs from backdoors, keyloggers or Trojans as it "locks" a system, leaving users without
the means to access their data or system. This is where the malicious software comes in; pay up or
potentially lose your data.

seen by McAfee
 Attacks focused on new platforms
The report suggests that we will see a "rapid development" in ways to attack both
Microsoft'snew Windows 8 platform and HTML5, a standard for Web-based applications.
Rootkits, the use of bootkit techniques and attacks which target master boot records, the
BIOS and volume boot records are expected to diversify and evolve. Windows 8 platform is
expected to be targeted through malware as well as phishing techniques. McAfee warns that
platform upgrades will not necessarily protect your system, although it is deemed more
secure that previous versions.
 An increase in large-scale attacks
According to the firm, large scale attacks reminiscent of Stuxnet or Flame, designed to destroy infrastructure
rather than based on purely financial gain, will firmly take hold in 2013. Used in order to cripple
businesses, steal intellectual property and simply cause as much damage as possible, large-scale hacktivism
can be devastating for businesses that are often vulnerable to the simplest methods, such as distributed
denial-of-service (DDoS) attacks.

seen by McAfee
 Snowshoes and spam
In addition to an increase in attacks based on botnets, "shoeshoe" spamming of
legitimate products available online, made through numerous IP addresses, is expected
to be a cyberattack trend in 2013. Well-known businesses can fall prey to shady
marketing companies that promise e-mail address lists of potential customers, and
blatant spamming still goes unchecked.
 Hacking as a service
Hacking "as a service" is expected to rise, mainly due to the rise of invitation-only and fee-
paying professional hacker forums available to only those who have guarantors to ensure their
authenticity. Based on e-commerce shopping cart models, it is expected that anonymity will be
maintained through anonymous payment methods including Liberty Reserve.
 The decline of Anonymous, but a rise in
extreme hacktivism
McAfee argues that a lack of structure and organization in the hacking collective referred to as Anonymous has
impacted the idea's reputation. Misinformation, false claims and hacking for the simple joy of it may result in the
collective's political claims taking a beating. As a result, success and fame will decline -- but higher-level
professional hacking groups may take up the slack, and promote a rise in military, religious, political and
"extreme" campaign attacks.


 (
‘‘ ’’)





 Last update 13/06/2013

No.1

,

No.
USB ,
, Last update 13/06/2013

No.
CD ,


No.
CD/USB
,
,

No.
USB
CD, USB ,

No.
[ ]
Windows Update
Safety & Security
http://www.microsoft.com/securitity/
Windows Update

No. ( Pass
  
ABC123
ABC123
?

No.
(
Virus )
ID

No.
FAX
FAX
FAX
!!!
To
!!!!

No.
( E-mails )
TO, CC, BCC

No.
( E-
mails )

No.
「
」

No.
!
!

Part III

( User Account )
.
(
User Account )

Notebook, Desktop

MAC Address

.
2

3 
: USB
, Storage Device, External Hard Drive, Floppy disk

password .

.

.

4


Password
Screen Saver


5 
,

 ,

:
Hup, Switch, Bridge, Router Access point
.
Network Network

6 
:
scan port, sniffer, hacker .
 , , ,
,
.

7 
: , ,

Share file .
 IP Address
.


IP Address, Bridging, Routing
Internet Traffic
Proxy, DHCP Server, Bridge Router
.

8
 :
MS Excel, MS Powerpoint
:
1.
,

.pdf .
2.

.

9
 Software
.

.

10
 Sofware
.

11
 Internet

.
LTC
Network (
Billing ,
Accounting
, POS … ) ADSL , WIFI
, HSPA …

12  E-mail account

.
xxxxxxxx@laotel.com
xxxxxxxx@ltc.laotel.com

13  E-mail Internet
Posters .

14
:
(
Application System ),
.
.

15
Share files
.

16

.

17 
Password
Poster
.

18


Antivirus/Anti-Spyware IT
.
.
Update
Virus (Virus Definition)
.
 E-
mail, USB Storage Device External
Hard Drive
Antivirus Copy Transfer
. Last update 13/06/2013

 Password Server
Network

Password 06

.
 Default Password
Application

.

06 Password
Server NetworkLast update 13/06/2013

20 
 Server
Network
Authentication logs, Web
Server Logs, Mail Server
logs, File Server logs
, Remote access
Logs,
( Application
logs )
( Login-
Logout logs )
( Login Attempts )
commandline
firewall logs
3

21  Server

Port service
.
 Server
Antivirus /
Anti-Spyware

.
 Server
Server

Backup,

22  Remote Access /
Administration

Secure Channels
: SSH VPN
.


Remote
Access
System
Administrator


23

patch
(system software)
DBMS web
server
.

Firewall
.

:
◦
.
◦ .
◦
.

24

parameter
parameter
.
.
 (tools)

25
◦
( Operating System ) ,
( Application
System )
.
◦
:

.
 ( Media ).
 ( Copy ). Last update 13/06/2013

26
 ( log book )
.

1
.

.


27

( computer
operator )
- ,
,

28
•
.
•
, , Hard disk ,
(CPU)
(capacity) .
•
Billing , OCS , Internet .

29

supplier,
Third party Outsource
.

Development System

.
 Supplier, Third party Outsource

2

30

,
.
:
 ( Stickly Confidential )

31
◦
( storage ) , ( input ) ,
(operate) (output)
(distributed database)
.
◦

32
 /

:
, Flowchart , Software Supplier

.


.
 Last update 13/06/2013

33

Recycle.


2048 bit RSA
DSS.
 Encrypt

34
◦
, ,
.
◦
(emergency
change)
.
◦
.
◦
(
electronic transaction email )

35
◦
( operation )
( security ) (
functionality ) .
◦
.
◦
(develop environment)
(promotion environment)

36
◦
.
◦ (security)
(availability )
.
◦

37
◦
.
◦
.
◦
, ,
, Last update 13/06/2013

Traning security 2013

Recommended

Recommended

More Related Content

What's hot

What's hot (6)

Similar to Traning security 2013

Similar to Traning security 2013 (20)

Recently uploaded

Recently uploaded (20)

Traning security 2013