Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA

LittleOrange Internet Security an Endpoint Security Appliance.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Our Digital World Second Edition

Security for Seniors SeniorNet Help Desk

Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.

Securing Information Systems

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Threats and vulnerabilities

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Protecting Your Computer & Your Information

Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

IS Network and Telecommunications Risks Chapter Six.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Ch 8: Managing Risk CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide Darril Gibson Last modified

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Computer Skills and Applications Computer Security.

Computer Security By Duncan Hall.

Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

MIS323 – Business Telecommunications Chapter 10 Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Security Operations Chapter 11 Part 3 Pages 1279 to 1309.

October 28, 2015 Cyber Security Awareness Update.

Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.

CompTIA Security+ Study Guide (SY0-401) Chapter 9: Malware, Vulnerabilities, and Threats.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

[blank page for bug work-around]

Securing Information Systems

Seminar On Ethical Hacking Submitted To: Submitted By:

Network Security Fundamentals

Systems Security Keywords Protecting Systems

Penetration Testing following OWASP

Protect Your Computer Against Harmful Attacks!

Teaching Computing to GCSE

Introduction to Security: Modern Network Security Threats

Unit 11 Task #1 Read the unit specification and create a glossary which defines each of the words / terms you don’t know.

Risk of the Internet At Home

Cybersecurity Strategy

David J. Carter, CISO Commonwealth Office of Technology

Cybersecurity ATD Scenario conclusion

Networking for Home and Small Businesses – Chapter 8

Networking for Home and Small Businesses – Chapter 8

WJEC GCSE Computer Science

Networking for Home and Small Businesses – Chapter 8

Presentation transcript:

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security Landscape Threat Actors Motives Tools & Techniques Information Security Evolution Defending Against Today’s Threats

Changing Landscape THENNOW So what has changed over the past 30 years?

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Threat Actors  Script Kiddies  Insiders  Competitors  Hacktivists  Organized Crime  State Sponsors

Motives  Prestige  Financial / Competitive  Political  Ideological  Military Who are the Actors?  Script Kiddies  Hacktivists

Motives  Prestige  Financial / Competitive  Political  Ideological  Military Who are the Actors?  Insiders  Competitors  Organized Crime

Motives  Prestige  Financial / Competitive  Political  Ideological  Military Who are the Actors?  Hacktivists  State Sponsors

Motives  Prestige  Financial / Competitive  Political  Ideological  Military Who are the Actors?  Hacktivists  Insiders

Motives  Prestige  Financial / Competitive  Political  Ideological  Military Who are the Actors?  State Sponsors

Tools

Network Scanners  Nmap  Nessus Password Crackers  THC Hydra  John the Ripper Network Sniffers  Wireshark  Aircrack App/DB Scanners  ZAP  W3af  WebReaver  Arachni  SQL Map Linux Distros  Kali  BackTrack Exploit Frameworks  Metasploit  BeEF  Cain & Abel Browser Proxies  Burp  Fiddler

Tools Malware  Virus – Requires user interaction to spread  Worms – Does not require user interaction  Trojans – Disguised as legit program  Spyware – Tracks activities / Steals Info  Rootkits – Hide from security software  Exploit Kits – Toolkit to automate exploitation  Ransomware – Encrypts files / holds for ransom

Techniques Attack Techniques  Social Engineering  Password (brute force/cracking/default)  Traffic Sniffing / Man-in-the-Middle  Distributed Denial of Service (DDoS)  Web App (SQL Injection, Cross-Site Scripting)  Watering Holes  Phishing / Spear Phishing  Advanced Persistent Threats (APTs)  Evasion/Obfuscation

Default Password Attack

Phishing Attack

Spear Phishing Attack

Security Function Evolution IT Administrator Network Security Engineer IT Auditor Chief Info Security Officer Penetration Tester IT Forensics Engineer App Security Engineer Security Awareness Officer Board of Supervisors

Defending Against Today’s Threats Program Governance Risk Assessment Security Controls Vulnerability & Patch Mgmt. SDLC Awareness & Training Monitoring & Response DRP / BCP

How to Protect Yourself Apply security patches (O/S and apps) Install & update Anti-Virus software Web Site Protection ( OpenDNS / McAfee Site Advisor ) Use two-factor authentication for logins Don’t use the same passwords for all sites Don’t click on web links or attachments in s

Department of Public Works Erick Weber Khaled Tawfik