Tech Blast: Security

Tech Blast:Security

Michael SauersTech Rodeo

Doane College26-28 July 2012

Intro

Intro

Who do Ineed to

worryabout?

http://www.flickr.com/photos/12273378@N00/2547546709/

Where?

Intro


How?

Intro

Address Bar Spoofing

Advanced Persistent Threats

Adware

Arbitrary Command Execution

Arbitrary File Downloads

Array Integer OverflowsBackdoors

Blended Threats

Buffer Overflows

Code Injections

Cookie Disclosures

Cross Site Request Forgery

Cross Site Scripting

Data Aggregation Attacks

Data Exfiltration

Denial Of Service

Directory Traversals

DNS Changes

DNS Poisoning

File Overwrite

Forced Tweet

Format Strings

Frankenmalware

Heap Overflows

Information Disclosures

Keyloggers

Local File Inclusions

Local Stack Buffer Overflow

Malware

Man In The Browser Attacks

Man In The Middle Attacks

Null Byte Injection

Open Redirection

Privilege Escalations

Remote Code Injection

Remote Code Execution

Remote Command Executions

Remote Stack Buffer Overflow

Rootkits

Scareware

Shell UploadsSpyware

SQL Injections

Stack Pointer Underflow

Tojan-Downloaders

Trojans

Viruses

Worms

Malvertising

Crimevertising

HTTP Parameter Pollution

What?

Intro

Incognito

Blacole

SefnitPhoenix

Eleonore

Bleeding Life

SEO Sploit

CrimePack

Intoxicated

Siberia

IRCBot

Onescan

Hotbar

Zwangi

OpenCandy

GameVance

SideTab

FineTop

ClickPotato CoinMiner

AlureonCycbot

Alureon

Ramnit

SpyEye

Taterf

FakeRean

TaterfConficker

Rimecud

Sality Pdfjsc

Camec

Conedex

Poison

Sirefef

FakeCheck

MSIL

PlayBryte

Dofoil

Citadel

ZeuS

SpyZeus

cutwail

grum

lethic

bobax

fivetoone

darkmailer

maazbenghegsendsafe

s_torpig

RedKit

What Are They After?Intro

Personal information is the currency of the underground

economy.

Intro

Intro

Steal everything

Sort it out laterhttp://www.flickr.com/photos/36448457@N00/4521285655/

Intro

There’s no such thing as a secure computer!

Passwordshttp://www.flickr.com/photos/61577908@N00/4750110576/

Passwords http://www.flickr.com/photos/7447470@N06/3839085638/

What makes a good password?

Passwordshttp://www.flickr.com/photos/58442690@N00/2297872691/

Size matters!

Keep up-to-date!


Operating Systems

Browsers

Everything else

Mobile Devices

Anti-virus

How Do You KnowIf You’re Infected?

You don’t!

Your antivirus software is a seat belt, not a force field.-Alfred Huger

Only 1% of all cyberattacks are from

previously unknownthreats.

-Microsoft Report

Wi-Fi

Simple:If it’s yours, secure it!

If it’s not, don’t trust it!

Social Media

Understand and adjust your privacy

settings

Use HTTPS

Be skeptical of everything

• especially ANYONE asking you for money

Staying Safe Online

If I took your laptop/iPadright now....

What would I have access to?

Staying Safe Online

Security In Libraries

But We’re Just A Library…

83% of victims were

targets of opportunity

92% of attacks were

easy

85% of hacks were

found by a 3rd partyVerizon Data Breach Investigations Report – Fall 2011

IT Security For Libraries

Being bad is easy…

…Security is hard

http://www.flickr.com/photos/vrogy/511644410/

The attacker only needs to succeed once...

-Securosis blog


Common mistakes



Do something…Do anything!

What Does A LibraryNeed To Protect?


Public Access Computers

Inform your patrons:

• Make Sure You Log Out

• Don’t Access Sensitive Sites

• Beware of the "remember me" option

• Don't send personal or financial information via email

• Don't send personal or financial information over unsecure websites

Training



What do you see?

Server Security


Staying Current Schneier on Security : http://www.schneier.com/blog/

Naked Security – Sophos : http://nakedsecurity.sophos.com/

Security FAQs : http://www.security-faqs.com/

SANS Reading Room : http://www.sans.org/reading_room/

Security Now Podcast : http://grc.com/securitynow.htm

FinalThoughts

Thank you!

Michael SauersTechnology Innovation LibrarianNebraska Library [email protected]

Special thanks to Blake Carver of LISHost for allowing me to adapt his slides.http://lisnews.org/security/

Tech Blast: Security

Technology

Transcript of Tech Blast: Security