“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

The ABC’s of Identity Theft Part One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Firewalls and Intrusion Detection Systems
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Introduction to Honeypot, Botnet, and Security Measurement
FIREWALL Mạng máy tính nâng cao-V1.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
BotNet Detection Techniques By Shreyas Sali
Honeypot and Intrusion Detection System
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Role Of Network IDS in Network Perimeter Defense.
Cybersecurity Test Review Introduction to Digital Technology.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
E-Commerce & Bank Security By: Mark Reed COSC 480.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Securing Information Systems
Securing Information Systems
Security Unit 1 Business skills for e-commerce
WIRELESS INTRUSION DETECTION SYTEMS
Koji Nakao, Dai Arisue NICT, Japan
Cyber Security Zafar Sadik
Done by… Hanoof Al-Khaldi Information Assurance
Chapter 7: Identifying Advanced Attacks
Common Methods Used to Commit Computer Crimes
Instructor Materials Chapter 7 Network Security
Wireless Network Security
Virtual Private Networks
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Securing Information Systems
Today’s Risk. Today’s Solutions. Cyber security and
Risk of the Internet At Home
Building a Security Operations Center
Information Security Session October 24, 2005
ISMS Information Security Management System
Reconnaissance Report Trillium Technologies
The University of Adelaide, School of Computer Science
Computers in Society 12/1/2018.
Chapter 4: Protecting the Organization
HOW DO I KEEP MY COMPUTER SAFE?
Implementing Client Security on Windows 2000 and Windows XP Level 150
Cyber security and Computer Misuse
Security in mobile technologies
Wireless Spoofing Attacks on Mobile Devices
Marcial Quinones-Cardona
Protection Mechanisms in Security Management
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves Lew Wagner, CPP, CISSP ASIS International Information Technology Security Council lew.wagner@comcast.net Copyright August 22, 2007

What? Me worry? Correlation Wireless Intrusion Detection Firewall Content Mgmt Anti-Virus Scanning Tools AirSnort Bots Kismet MetaSploit Phishing War Driving DDoS

Introduction Purpose Threats to Information Systems Reactive Security Case Studies Reactive Security Proactive Security Conclusion

Purpose Inform - Provide you with hacker and identity theft threats, safeguards, and examples To help you analyze and make more informed decisions on: Current in-place reactive and proactive security environments and Detecting and planning for dynamic threats to your network and systems Author’s identification of security industry vendor products is for instructional purposes only

Security Threats

MetaSploit - Uber Hacking Tool

Bots Bots and botnets – series of “zombied” (compromised hosts) used by hackers who remotely control them for denial of service and other illegal activities Detection is getting harder to achieve as these hackers are creating ways to disguise “mother ship” controller PC’s SD.BOT and all its variants are a prevalent example of this category

Denial of Service (DoS) DoS attacks – a victim’s external IP addresses and ports are flooded with thousands of half open connections thereby tying up that port from being used by legitimate users and customers Distributed DoS (DDoS) attacks used hundred and thousands of slaved “zombie” PCs to flood a large victim’s multiple internet sites and ports thereby preventing the victim from communicating over the internet. Often used as a threat if the victim doesn’t pay a ransom or by competing companies/ countries to hurt other entities economically

Phishing Phishing attackers host content (either via email or a website) to lure unwitting users into divulging personal information that can then be used by the attacker to fraudulently use (identity theft) The stolen personal identity information can be used to either purchase goods and services under the victim’s name or take out funds from the victim's account. Such phishing web sites are made to look like actual business site (e.g., Wells Fargo or eBay) They are mostly financial web sites that are spoofed

Phishing (Cont.) Source: http://atlas.arbor.net/summary/phishing?out=csv

Phishing (Cont.) Phishing is the act of sending an email The Consumer Reports National Research Center estimated people lost $630 million in the last two years in phishing scams. Most anti-phishing browsers are ineffective (Source: Schecter, Dhamija, Ozment, Fischer; The Emperor’s New Security Indicators - An evaluation of website authentication and the effect of role playing on usability studies, joint Harvard & MIT white paper, May 20-23, 2007 in Oakland, California at 2007 IEEE Symposium on Security and Privacy)

KISMET-Wireless Sniffer

Yagi Wireless Directional Antennae

Reactive Security Tools

Firewall Reporter-Firewall

Checkpoint-Firewall

Snort - Network Intrusion Detection Snort Network IDS (NIDS) server just behind firewall Logged Events “snap-shotted” (73,453 events in 24 hr period) All observed traffic coming from firewall (inside interface) into organization All observed traffic coming from inside organization out to the firewall

48 Security Event Types

Sample BASE Report

Attacks by Class

Most Common Attacks

Symantec-Anti-Virus

Proactive Security Tools

Tipping Point - Network Intrusion Prevention

AirDefense-Wireless Security

WCS-Wireless Control System

AppDetective-Spotting Database Weaknesses

WebInspect-Internet

Correlation Analysis Putting it all together Compromising “trusted” connection systems Threats from all vectors As seen by multitude of security sensors Too many single reporting devices to look at each individually and see “big picture” “If this even, and this event, and that event, then the correlated impact is this”

Correlation Analysis

Conclusion Technical threats to your infrastructure are pervasive and frequent Simply installing a firewall and an antivirus solution is not enough Extensive correlation of large quantities of security data is needed. Dynamic defense in depth is needed to detect, assess, and mitigate today’s multi-vector attacks.

Contact Information Lew Wagner: Pres & CEO, Dynamic Defense In Depth, Inc. lew.wagner@comcast.net (E-Mail) (317) 502-1667 (Cell Phone)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.