Other useful information about the presentation

ECE 6612Kyle Koza

Georgia Tech CyberSecurity

What do you think we do?

What do you think the bad guys want?

Your email accountFor phishingSend spam

Your access to journal articles Your paycheck

How do we protect the Institute?

Education and Awareness Intrusion Detection (and Prevention) Vulnerability Scanning Incident Response Policy and Compliance Things come up…

Phishing: What is it?

Phishing is a fraudulent activity that attempts to acquire sensitive information such as usernames, passwords and credit card numbers by masquerading as a trustworthy and legitimate entity

Email

SCAM

Phishing: Why does the scam work?

Users are trusting of technology (especially email). Users get a LOT of email and move quickly. Bad guys are convincing. Bad guys use your lack of knowledge to their benefit. Bad guys only have to be right one time. You have

to be right every time.

What can you believe about an email?

From Name

Date / Time

From Address

Message

Links

What can you believe about an email?

From Name

Date / Time

From Address

Message

Links

Verify a message in 3 easy steps

1. Check the web address (URL)

3. When in doubt, stop and ask!!

2. Watch for red flags / trust your gut

Desktop/Laptop: Verify the Link

Hover your mouse over the link until the real link pops up.

Browser: Verify the Link

Hover your mouse over the link; check the bottom of the screen

Mobile: Verify the Link

Hold the link with your thumb until the real link pops up.

Identify the real domain

https://www.gatech.edu/login/index.html

https://www.gatech.edu/login/index.html

https://www.gatech.edu/login/index.html

https://www.gatech.edu/login/index.htmllast two words,

before first single slash

iTunes Email: Is it Phishing?

iTunes Phishing

http://account.verification.ituns.com

UPS Email: Is it Phishing?

UPS Phishing

http://ups.packagetracking.trackyourpkg.com

Georgia Tech Phish

Georgia Tech Phish

http://www.mamami.webspace.virginmedia.com/gatech/gatech.edu.htm

Red FlagsNote: Red flags would indicate a possible problem. The lack of red flags does not validate a message.

Email contains: information contrary to what you know is truemisspellings / improper grammara request to click on links / attachmentsa sense of urgencyan appeal to greed or feara request for sensitive dataa link to non-Georgia Tech websites asking for your GT account information

The bad guys want:

Your email accountFor phishingSend spam

Your access to journal articles Your paycheck

Logging and Network Analysis

Logging Authentication System events and host intrusion detection IDS/IPS Alerts

Network Analysis Firewall events Netflow Packet capture DNS queries Network Antimalware

SIEM

Security Information and Event ManagementConsolidateCorrelateSearchStoreAct

Correlate

Logins across different geographic locationsHaversine formula

Firewall DeniesDarknetsMultiple Firewalls

Firewalls

600+ firewallsBorder firewallFirewall in front of each VLAN

TypesPacket filteringStatefulNext-Gen (Application)

Intrusion Detection and Prevention

IPS (Active)Cisco IPSFireEyeOSSEC

IDS (Passive)FireEyeSuricataDamballa

Problems with Security Systems?

Base-Rate Fallacy Alert overload Cost

Vulnerability Scanning

QualysNessusOpenVASNexpose

Rolling scans of our entire network Send vulnerability reports to IT staff Clean scans required to manage firewall

Antimalware

HostDefense in depthMicrosoft SCEPMalwareBytes

NetworkFireEyeDamballaSuricata

Incident Response

Sometimes things go wrong…

Prevent Detect Contain Eradicate Recover

Phishing Quiz

Situation:

You received an email. In a hurry, you clicked the link. You were taken to a webpage. You must now decide whether or not to proceed.

Gone Phishing?https://login.gatech.edu/cas/login

OK to Proceed? YES!

Gone Phishing?https://highereducation.gt.edu.hied.com/login

OK to Proceed? NO!

X

Gone Phishing?http://login.gt.gatech.edu

OK to Proceed? NO!

X

Gone Phishing?https://loginpage.dept.gatech.edu

OK to Proceed? MAYBE…. When in doubt.. ASK!

Username:_____________________ Password:_____________________

[SUBMIT]?