38th Cyberspace Readiness Squadron

AMSC FM Training Symposium

Cyber Security

Alex Roosma, 1st Lt, USAF6 March 2014

UNCLASSIFIED//FOUO

Overview

• Real-world cyber attacks• Hacker methodology• How to protect yourself and others• Resources• Questions

2

UNCLASSIFIED//FOUO

Real-World Examples

Recent High Profile Breaches:• Adobe user passwords• Target • US Dept of Energy• LivingSocial• Snowden Leaks• New York Times• AHMC Hospitals Breach

3

UNCLASSIFIED//FOUO

Hacker Motivations

Motivations for network attacks:

• Money – Selling financial, personal or corporate information

• Fame – Kevin Mitnick

• Ideology – Edward Snowden, Anonymous

4

UNCLASSIFIED//FOUO

Attack Vectors

• Social Engineering• Fraudulent Website• Phishing• Malicious Code• Insider Threat

5

UNCLASSIFIED//FOUO

Anatomy of an Attack

Reconnaissance

Scanning

Exploit

Keeping Access

Covering Tracks6

UNCLASSIFIED//FOUO

How to protect yourself and others

• Be aware of attack vectors• Phishing• Social Engineering• Email Attachment Malware• Websites (just because you can get to a site at work doesn’t

guarantee its safety)

• Secure your password• Not guessable from your social media profile• Employ a password manager

• Secure Personal Identifiable Information (PII)• Keep data at rest encrypted• Encrypt email messages or use AMRDEC SAFE:

https://safe.amrdec.army.mil/safe/

7

UNCLASSIFIED//FOUO

Resources

http://www.staysafeonline.org/

http://www.getnetwise.org/

http://www.onguardonline.gov/

http://www.ikeepsafe.org/

8

UNCLASSIFIED//FOUO

Questions

9

?