Post on 28-Dec-2015
Electronic Security
WELCOME-About us
What we're going to talk to you about:
Why Systems are Attacked
Malware
Firewall Security
Computer System Safety
Hacking and Cracking
Cryptography
Packet Sniffers
Future Security Threats
Speed of Electronic Attacks
Don't be the tree in the lightning fast electronic world!!!
Don't get Zapped:Can be lighting fastCan go unnoticedCan be devastating
Electronic Attacks
Why Do People Attack Electronic Systems?
Every attack has a certain target
• Network Devices
• Hosts
• Applications
• Operating Systems
• People
Why Do People Attack Electronic Systems?
• Most attacks attempt to steal data and access unauthorized information
• Some attacks are designed to access computer systems without approval and authorization
• Some attacks are designed to restrict overall access to data or destroy a computer systemo Denial of Service (DOS) Attack
• To access other computers through an already compromised computer
• To omit or alter data and sensitive information
Top 5 Most Popular Websites
1
23
4
5
Malicious Software (Malware)
• Viruses • Worms• Wabbits • Trojans• Spyware • Backdoors• Exploits • Rootkits• Keyloggers • Dialers• URL Injectors• Adware
Websites Most Likely to Contain Malware
"The general belief is that sites thatpromote criminal activity—such assites selling illegal pharmaceuticals
or counterfeit luxury goods—are mostlikely to host malware. Our data reveals
the truth of this outdated notion, asweb malware encounters are typically
not the by-product of “bad” sites intoday’s threat landscape."
- 2013 Cisco Annual Security Report
Websites Most Likely to Contain Malware
• Business and industry sites are one of the top three categories visited when a malware encounter occurred
• Hidden in online ads that are distributed to legitimate websites
• "Malvertising" has significantly increased since 2011
• Malicious advertising can impact any website
• The United States retains the top ranking in 2012 for most malware encounters
Malware Prevention
1. Always be alert with your computer2. Set Internet browser for download notification3. Install a trusted anti-virus and keep it updated4. Install a pop-up blocker5. Use an email program that includes spam guard6. Do not download software or programs from unknown sites7. Be alert and cautious when sharing or trading files and
programs with friends and family8. Disable cookies on your Internet browser9. Read the fine print when downloading programs10.Never click on Web-Links, copy paste them in
a. Shadowops.net VS Shadowops.com11.Download a personal firewall
Firewall Security
What is a firewall?
http://www.youtube.com/watch?v=6UtiQwCX2wU
Firewall Security
"A firewall is a system designed to prevent unauthorized access to or from a private network."
• Most modern operating systems and home network gateway routers come with optional firewalls built in
• Is considered a first line of defense
• It is also important to customize your firewall to not allow access of any programs to the fire wall, and not allow your firewall access to any programs
Firewall Security
Types of Firewall Techniques
• Packet Filtering
• Circuit-Level Gateway Implementation
• Acting as a Proxy Server
• Web Application Firewall
Is there a 100% safe computer system?
NO!!!-----------------------------
1) Computers connected to any network can be compromised2) Computers connected to the Internet can be compromised3) Devices can be taken to an OFF-LINE computer to get data4) Computers and devices can be physically taken
How do you keep your computer secure?
Physical Barriers: some examples include walls, doors, and glass
Securing Computer Systems
Man Traps prevent unauthorized access to areas
Securing Computer Systems
Keycards help to prevent access to unauthorized personnel, as well as help computers recognize authorized personnel
Most Keycards have:
• Smartchip
• Picture ID
• Hashed Passcode
Securing Computer Systems
HackingHackers get information or access to computers by making or using
computer software.
Most attacks originate from freeware or software that is free to users.
Some hackers can find new exploits in software by making their own attacks or finding new weaknesses in software. These types of attacks are called zero day attacks.
Expert/Elite Hackers develop software and find previously unknown exploits in software.
Unskilled Hackers use software already written and use known exploits in software.
Hacking and Cracking
Hacking and Cracking
CrackingFocuses on finding passwords
or reverse engineering them. Offline cracking is usually done against hashed files that contain passwords.
Cryptography-Protects confidentiality of information
-Protects the integrity of information
-Protects the availability of information to people with proper keys
-Confirms the sender of information
-It can enforce non-repudiation (Prevents the "I never got that")
Cryptography
Symmetric Cryptographic Algorithms-1 key to rule them all
Asymmetric Cryptographic Algorithms
Cryptography
- 4 key system
Packet SniffersMonitors and tracks incoming and outgoing packets TCP/IP information
New Security Threats
Cars1) Internal car systems can be compromised by mp3's and mp4's that contain malware
2) PDA's, Cell phones, and PAD's connect to cars create vulnerabilities
New Security Threats
Houses
New houses have electronic access systems, as well as central controlled computer systems
New Security Threats
New TechnologiesNew Technologies can pose risks that are yet
unknown
QUESTIONS
Referenceshttp://www.networkworld.com/news/2007/100407-web-site-vulnerabilities.htmlhttp://en.wikipedia.org/wiki/Computer_insecurity#Reasonshttp://www.youtube.com/watch?v=qdD5-woi_oshttps://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2013_ASR.pdfhttp://www.technewsdaily.com/16537-8-tips-secure-computer.htmlhttp://www.abestweb.com/forums/panda-software-317/different-types-malware-65416.htmlhttp://kb.iu.edu/data/aoru.htmlhttp://www.ehow.com/how_2004222_malware-download-prevent.html
Principles of Information Security By: Michael E. Whitman, Herbert J. Mattord 4th EditionSecurity + Guide to Network Security Fundamentals By: Mark Ciampa, Ph.D. 4th Edition