Date post: | 17-Feb-2017 |
Category: |
Documents |
Upload: | travis-good |
View: | 92 times |
Download: | 0 times |
CYBER SECURITY 101
AN INTRODUCTION TO INFOSEC
Travis Good
Introduction This session will provide you with
suggestions on how to protect your personal information and devices and what you need protection from
Topics:What is Cyber Security?ThreatsBest Practices & Protecting your identityWhat to look for and what to do if something
goes terribly wrong
What is Cyber Security? Cyber = Digital Protection of information systems from
theft or damage to the hardware, the software, and the information on them
Includes disruption or misdirection of the services they provide
What is a Cyber Crime? Illegal access Illegal Interception System Interference Data Interference Misuse of devices Fraud
Threats Malware Hackers Social Engineering Espionage
Malware Any software used to disrupt, gather
information, gain access, extort money, or display advertising
Viruses, Trojans, Spyware, Worms Often disguised as normal files Affects all systems – Windows, OS X,
Android, iOS
Malware - CryptoLocker
Hackers “Trespass” into computers or systems Use compromised computers to:
Send spam or virusesGather data
○ Credit Cards, SSNsGather credentialsSell access (botnets)
Hackers – BotNets BotNets are groups of
compromised computers Sold on black markets Often used in DDoS
attacks Average cost is $67
for 24 hours
Hackers - BotNets Distributed Denial of Service Attacks
disrupt services
Social Engineering Attacks that rely on human interaction Usually revolve around tricking people
into performing actions or divulging information
Most common attacks:Baiting – real-world Trojan HorseVishing – calls about a “virus”Phishing
Phishing Emails disguised as an official
notification Usually attempt to create a sense of
urgency Generally in search of credentials
Phishing
Espionage Governments
Classified documents & archivesStrategic plansCorruption
CorporationsTrade secretsR&D of new technologyFinancial data
Espionage Norse Attack Map
http://map.norsecorp.com/#/
High Profile Attacks Target Celebrity iCloud Ashley Madison Sony Stuxnet
Target Breach – 2013 Gained credentials via a Phishing
campaign on 3rd party HVAC firm Installed malware on thousands of POS
systems for 2 months 40 million credit and debit cards 70 million customer records 50% profit drop that quarter CEO and CIO resigned
Celebrity iCloud Breach - 2014 Weakness in iCloud’s API allowed
attackers to make unlimited login attempts
Brute-force tools were successful Attackers were able to download entire
backups without ever accessing victims’ iPhones
Backups included documents, contacts, texts, and pictures
Ashley Madison Breach - 2014 Hacktivists “Impact Team” attacked
because of moral/ethical reasons Believed to have gained entry from
former employee 32 million users’ account details dumped
online New websites built specifically to search
through data dump
Sony Breach - 2014 Attackers gained credentials from fake
Apple ID phishing emails Many high-level executives used same
passwords Once in, attackers spread across
network with new “Wiper” malware Attackers had access for more than a
year, stole 100 terabytes of data Connected to North Korean government
Stuxnet - 2009 Believed to be world’s first
“cyberweapon” with physical fallout Developed by US & Israeli governments Specialized worm developed to
sabotage Iranian nuclear program Targeted computer systems controlling
uranium centrifuges Destroyed over 1,000 centrifuges, set
back program by 2 years
Best Practices Install OS/Software Updates Run Anti-Virus Software Practice Good Password Management Turn On Personal Firewalls Know How To Spot a Phish
Install Updates 80% of exploit instances are crimes of
opportunity 70% of last year’s breaches exploited a
known vulnerability at least 1 year old Always Update Windows and OS X Commonly exploited programs:
JavaAdobe Flash PlayerIE & Safari
Automatic Updates - Windows
Automatic Updates – OS X
Run Anti-Virus Software Over 100,000 known variants of
malware across all operating systems Antivirus Firms give each variant a
unique identifier called a “signature” Antivirus programs detect programs
based on these signaturesRemove virusesQuarantine infected filesPrevents future infections
Antivirus Programs Avira
Mac and PC Sophos
Multiple computers from a single interface Malwarebytes Anti-Malware
Good second line of defense
Password Don’ts Never use your name Don’t use information about you
BirthdayPhone NumberLocation
Never give your password to anyone at any time
Don’t use the same password for multiple services
Password Do’s Long password that is easy to
rememberLength generally the most important factor
Use upper and lower case Use a symbol or a number Best method: use a short phrase or
sentenceInclude spaces and punctuation
Breaking Passwords Brute Force Attack
aaaaaa, aaaaab, etc.Thousands of tries per second
Dictionary AttackWord lists
Hybrid AttackDictionary + Brute Force
Password Strength “Buffalo!”
8 characters Upper & Lower case Special CharacterEasy to remember
Strong password?Let’s check
○ https://howsecureismypassword.net/
Password Strength “Buffalo!”
Password Strength “I love cold beer.”
17 charactersUpper & Lower case4 special charactersEasy to remember
Strong password?
Password Strength “I love cold beer.”
Further Protection Two-Factor Authentication
Combination of 2 forms of identification from separate categories
Most common method uses SMS codes
Two-Factor Authentication Most major sites now offer it as an
optional settingFacebookGmail, Yahoo, MicrosoftTwitterInstagramTumblrMost Banks
Turn On Personal Firewalls Protective barriers between computers
and the internet Hackers search the internet by sending
out pings and waiting for responses Stop your system from replying
Enabling Firewall - Windows
Enabling Firewall – OS X
What To Look For Know the signs of being compromised If you get an official notice of
compromise, take it seriously Pay attention to media reports Listen to your gut Know how systems and apps run
normally, take notice when they don’t
Know How to Spot a Phish
Did I Get Owned? Signs of compromise:
Computers○ Sudden appearance of popups○ System running very slow○ Browsers redirecting to weird pages○ Files corrupt, or simply won’t open○ Antivirus suddenly disappears or stops
working
Did I Get Owned? Signs of compromise:
Accounts○ Loss of access○ Strange activity
Unfamiliar sent itemsMessages disappearingRandom transactions
- Can be many small purchases or a few large transfers
Okay, I Got Owned. What to do if compromised:
Computer○ Disconnect from the internet immediately○ Run anti-virus scans with multiple products
Use another computer or recruit a friend○ If the scans find anything, clean and reboot○ If the scans don’t find anything, backup
personal files and restore to a previous OS version
System Restore - Windows
Time Machine – OS X
Okay, I Got Owned. What to do if compromised:
Accounts○ Reset passwords immediately
Start with emailIf email is compromised, reset all accounts
associated with it○ Regain access to hacked accounts
Most sites have means of reclaiming○ If account is banking related, contact bank
ASAP
Okay, I Got Owned. What to do if compromised:
Identity○ Contact all 3 major credit bureaus: Equifax,
Experian, and TransUnionOrder credit reportsFile initial fraud alert
○ Contact local police and report identity theft○ Request all new banking cards○ Closely monitor future monthly statements
and credit
To Summarize Cyber Security is critical
Reliance on technology will continue to increase
As security measures become more effective, so will the threats○ APTs
Information is a commodity
To Summarize Protecting yourself is your responsibility
Stay up to datePractice good password managementKeep your eye out for strange activityIf unsure, ask!
○ Google is your friend○ So am I
If compromised, act quickly