Date post: | 14-Apr-2017 |
Category: |
Education |
Upload: | mostafa-elgamala |
View: | 287 times |
Download: | 0 times |
Introduction to securityDr. Mostafa Elgamala
RHCE-MCSA-CCNA-CCAI-CSCU-PMP-ITIL-IBDL
Security importanceAlgerian ministry of defense subjected to 3500
attempt daily.Hacking on UAV in south Korea.Hacking on Boshahr Nuclear reactor in Iran.Electric failure in USA due to cyber attack.Thieving of subscriber data of ashley madison, AT&T,
T mobile US. Thieving of 55000 username/password from Twitter.Nasa hacking.
Hacking scope1 -Planted medical devices hacking
2 -Automobiles hacking
3 -Computer hacking
4 -Network devices hacking
5 -UAV hacking
6 -Industrial devices hacking
.……Any software based device is vulnerable .
Cyber attack (online attack)- Why
On line criminals for money ( i.e bank accounts)
On line criminals for opinions and protest (anonymous)
Governments against its citizensFor fun
ResultsFinancial loss (AT&T)Identity theftLoss of trustData loss/theft (ashley madiso , T mobile)Misuse of computer resources.
Levels f security
User securityApplication securitySystem securityNetwork securityPhysical security
System securityVirusWorms(network) BackdoorTrojans (79% of malware)Key loggerLogic bombSpy warePassword cracking (brute force, dictionary
attack, shoulder surfing, social engineering)Zombie (bot)
Statistics (Sophos & F5)250000 virus every day (315000 Kaspersky)30,000 hacked site every day99 % from people fail to implement the basic
security procedures25% of malware is caught by antivirus50% of malware designed to bypass security
defenses82% of security problems from internal
Famous viruses1986 – Brain – Baset & Amgad Farouk1987 – chirstmas tree worm-slowing1988 – morris worm – 10% of internet PC
6000-100M$1998 – Chernobyl – erase MBR2000 – I love you worm –file editing-10% of
internet PC-(5-10 B$)2008 – Conficker worm –slowing and steal
data-15 million windows servers2010 – Stuxnet – scada systems – Boshaar -
Iran
Guidelines for windowsStrong passwordLock the system when not in useApply software patchesUse windows firewallHide files/foldersDisable unnecessary servicesUse NTFSImplement malware protection
Identity theftPersonal information
NamesAddressesBirth dateTelephone numberPassport numberSocial security numberCredit card number
How attacker steal identity?Physical methods:
Stealing (computer, mobile, wallets)Social engineering (people trust)Skimming: steal credit no. by special storage.
Internet methodsPhishing : pretend to be financial institution site or email.
Key loggers: may be by TrojansHacking: compromise user O.S , user sniffers, etc.
Social EngineeringArt of convincing people to reveal
confidential information from peopleHuman based method:
LayingEavesdropping Shoulder surfingDumpster diving
Computer based methodChain letter: free money or giftHoax letter: warning from virusesPop-up window: ask for informationFake website: to know your info.
MeasuresComplex passwordDisable auto loginNot post sensitive/personal informationBe careful clicking links in messages
(fake sites)
Social networking security
Cyber bullying: spreading rumors, threating, harassments.Be careful about what is posted on
internetIgnore the bullyDocument all conversationsContact local authorities
Mobile devices securityMobile malware: conversations listener,
wipe-out info. ,monitor your actions.Application vulnerabilitiesLost or stolen devices
Measure proceduresPatching mobile platforms and
applicationsUse power-on authenticationBackupUse mobile phone anti-virusEncrypt your dataSecure Bluetooth
Avoid mobile device theftAvoid lending mobile phoneDo not talk while walking/driving Do not leave mobile in a carTurn off ringerRecord IMEI (*#06#)Use anti-theft s/w to remotely wipe the
data & make the device unusableCancel SIM
Network security typesNetwork sniffersDenial of service (DOS)DNS poisoning (DNS spoofing)Wireless securityMan-in-the-middle attackSql injection
EncryptionPlain textCipher textEncryption keyEncryption types (symmetric /
asymmetric / hash function)Encryption standard (DES / AES)
Security awareness is the first step for your
security
Thanks