Post on 17-Dec-2015
transcript
Other useful information about the presentation
ECE 6612Kyle Koza
Georgia Tech CyberSecurity
What do you think we do?
What do you think the bad guys want?
Your email accountFor phishingSend spam
Your access to journal articles Your paycheck
How do we protect the Institute?
Education and Awareness Intrusion Detection (and Prevention) Vulnerability Scanning Incident Response Policy and Compliance Things come up…
Phishing: What is it?
Phishing is a fraudulent activity that attempts to acquire sensitive information such as usernames, passwords and credit card numbers by masquerading as a trustworthy and legitimate entity
SCAM
Phishing: Why does the scam work?
Users are trusting of technology (especially email). Users get a LOT of email and move quickly. Bad guys are convincing. Bad guys use your lack of knowledge to their benefit. Bad guys only have to be right one time. You have
to be right every time.
What can you believe about an email?
From Name
Date / Time
From Address
Message
Links
What can you believe about an email?
From Name
Date / Time
From Address
Message
Links
Verify a message in 3 easy steps
1. Check the web address (URL)
3. When in doubt, stop and ask!!
2. Watch for red flags / trust your gut
Desktop/Laptop: Verify the Link
Hover your mouse over the link until the real link pops up.
Browser: Verify the Link
Hover your mouse over the link; check the bottom of the screen
Mobile: Verify the Link
Hold the link with your thumb until the real link pops up.
Identify the real domain
https://www.gatech.edu/login/index.html
https://www.gatech.edu/login/index.html
https://www.gatech.edu/login/index.html
https://www.gatech.edu/login/index.htmllast two words,
before first single slash
iTunes Email: Is it Phishing?
iTunes Phishing
http://account.verification.ituns.com
UPS Email: Is it Phishing?
UPS Phishing
http://ups.packagetracking.trackyourpkg.com
Georgia Tech Phish
Georgia Tech Phish
http://www.mamami.webspace.virginmedia.com/gatech/gatech.edu.htm
Red FlagsNote: Red flags would indicate a possible problem. The lack of red flags does not validate a message.
Email contains: information contrary to what you know is truemisspellings / improper grammara request to click on links / attachmentsa sense of urgencyan appeal to greed or feara request for sensitive dataa link to non-Georgia Tech websites asking for your GT account information
The bad guys want:
Your email accountFor phishingSend spam
Your access to journal articles Your paycheck
Logging and Network Analysis
Logging Authentication System events and host intrusion detection IDS/IPS Alerts
Network Analysis Firewall events Netflow Packet capture DNS queries Network Antimalware
SIEM
Security Information and Event ManagementConsolidateCorrelateSearchStoreAct
Correlate
Logins across different geographic locationsHaversine formula
Firewall DeniesDarknetsMultiple Firewalls
Firewalls
600+ firewallsBorder firewallFirewall in front of each VLAN
TypesPacket filteringStatefulNext-Gen (Application)
Intrusion Detection and Prevention
IPS (Active)Cisco IPSFireEyeOSSEC
IDS (Passive)FireEyeSuricataDamballa
Problems with Security Systems?
Base-Rate Fallacy Alert overload Cost
Vulnerability Scanning
QualysNessusOpenVASNexpose
Rolling scans of our entire network Send vulnerability reports to IT staff Clean scans required to manage firewall
Antimalware
HostDefense in depthMicrosoft SCEPMalwareBytes
NetworkFireEyeDamballaSuricata
Incident Response
Sometimes things go wrong…
Prevent Detect Contain Eradicate Recover
Phishing Quiz
Situation:
You received an email. In a hurry, you clicked the link. You were taken to a webpage. You must now decide whether or not to proceed.
Gone Phishing?https://login.gatech.edu/cas/login
OK to Proceed? YES!
Gone Phishing?https://highereducation.gt.edu.hied.com/login
OK to Proceed? NO!
X
Gone Phishing?http://login.gt.gatech.edu
OK to Proceed? NO!
X
Gone Phishing?https://loginpage.dept.gatech.edu
OK to Proceed? MAYBE…. When in doubt.. ASK!
Username:_____________________ Password:_____________________
[SUBMIT]?