0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.

Slides:



Advertisements
Similar presentations
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Advertisements

Challenges of Identity Fraud Chris Voice, VP Technology.
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.
E-banking.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Iron Key and Portable Drive Security Zakary Littlefield.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Threats to I.T Internet security By Cameron Mundy.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Securing Information Systems
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Internet Security for Small & Medium Business Week 6
IT security By Tilly Gerlack.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
“Stronger” Web Authentication: A Security Review Cory Scott.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Ch9QQ T F 1.Hacking is an example of unauthorized access. T F 2.A Trojan horse is a type of malware that masquerades as another type of program. T F 3.A.
INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Awicaksi E-Commerce Security & Payment System E-Commerce.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Transaction Generators: Root Kits for Web By: Collin Jackson, Dan Bonch, John Mitchell Presented by Jeff Wheeler.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Millions of Dollars Lost. MAN IN THE BROWSER. TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
 77.4% of the perpetrators are male.  50% live in one of the following states: California, New York, Florida, Texas, and Washington.  55.4% complainants.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Personal spaces.
Types of Cyber Crimes Phishing - is a scam to steal your online username and password. Phishing attacks work by tricking you into entering your username.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Webroot Antivirus offers a hassle-free scan option and helps which prevent your important data and system from the virus and malware attack.
Computer Security.
Implementing Client Security on Windows 2000 and Windows XP Level 150
PLANNING A SECURE BASELINE INSTALLATION
Security in mobile technologies
Presentation transcript:

0

1

WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized party I prefer dealing with people I do not want to pay a fee I do not find online banking valuable %10%20%30%40%50%60% ©Javelin Strategy and Research, August 2008

Identity Fraud – Evolution and Solutions

Agenda  Attack vectors –Phishing –Man-in-the-middle (MITM) attacks –Malware  Solutions –One-time passwords –Transaction signatures –Endpoint assessment  Summary 4

Phishing 5

Pharming 6 User Website Fake Website Attacker DNS Server (Local or ISP)

Smishing 7

Vishing 8

Smishing Phishing Vishing Pharming User Website Fake Website Attacker DNS Server (Local or ISP) PHISHING

10 Two factor authentication  Something the user has  Strengths –Compromised user credentials less valuable for attacker –Break down the traditional economic model of phishing attacks

11 Types of one-time-passwords  Counter-based one-time passwords  Time-based one-time passwords  Challenge-based one-time passwords  Mutual authentication one-time passwords  Out-of-Band one-time passwords

OATH (Open Authentication)  A group of technology and industry leaders –60+ members –Open and royalty-free specifications –Promote interoperability  Benefits –Standardization drives down cost –Prevents “vendor lock-in”

MITM / MITB attacks 13 Man-in-the-middle attack End-User “John” 1. “John”, “psd” Browser NetBanking Server Banking Trojan 2. OTP 3. $500 to Bob 1. “John”, “pswd” 2. OTP 3. $500 to Bob 1. “John”, “pswd” 2. OTP 3. $5000 to Bill End-User’s Computer Man-in-the-browser attack Web Server End-User MITM

Transaction Signing Soft Tokens  Signature = cryptographic Message Authentication Code 14 On Internet Banking On the software token Enter Account no Enter Amount Generate Signature afcbff100 Seal Transaction with Signature afcbff100 Transaction signature stored in Audit Log for verification

Risk levels (NIST SP ) 15 Minimal High Medium Low KBA OTP PKI OOB

16 Security Industry in 2001 Security Industry in 2011

17 Trojans / Malware

Endpoint Assessment  Endpoint Security Assessment  Session Clean-Up 18 POLICY Personal Firewall Anti-Virus Spyware Patches Inventory Device using File Scan Process Scan Registry Scan OS Scan Compare device scan with access policy SCANCOMPARE Allow Partial Pass Decline

19 Summary  Sophistication of identity fraud schemes is increasing  Authentication deployments are converging to: –Hybrid solutions: >1 authentication method per end-user –Risk-based authentication –Endpoint security assessment  Choose a technology that –Does not lock you in –Provides entire solution – from authentication to endpoint assessment to abolishment

Questions and Answers Mobile:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.