Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-security and Encryption © Sergeant Paul Johnstone LLB MLitt Garda Bureau of Fraud Investigation.

Published byAnn Richard Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber-security and Encryption © Sergeant Paul Johnstone LLB MLitt Garda Bureau of Fraud Investigation."— Presentation transcript:

1 Cyber-security and Encryption © Sergeant Paul Johnstone LLB MLitt Garda Bureau of Fraud Investigation

2 What is Encryption? Encryption is an electronic method used to protect the integrity of devices, data and communications by scrambling the contents preventing its use by persons who don't have the decryption code needed to unscramble it again. Conversion of electronic data into another form (ciphertext) which is not readable without an appropriate key.

3 Development of encryption Later Encryption used Symmetric method – same key (algorithm/cipher) to lock and unlock Later Encryption used Symmetric method – same key (algorithm/cipher) to lock and unlock Enigma Machine used a group of selected rotors used to replace selected letters. The rotors are replaced periodically Enigma Machine used a group of selected rotors used to replace selected letters. The rotors are replaced periodically Ancient encryption replaced letters by known numbers Ancient encryption replaced letters by known numbers Modern Encryption using ASymmetric method – public to lock and private key to unlock data Modern Encryption using ASymmetric method – public to lock and private key to unlock data

4 Why is it important? Secure data and information exchange – authorised use Prevents data loss or manipulation – internal and external* Enables secure browsing - WiFi Enables secure access to emails and content Legal and ethical obligation to protect sensitive data Protects client and YOU Censure from Professional Bodies Censure from Political or Governmental Bodies – DPC etc Prevents Civil claim by clients Prevents reputational damage Its available and relatively easy to use

5 Problems with Encryption Problems with Encryption some 1) 1) Slows down browsing and file exchange as the file is transferred encrypted and then decrypted at the other end. 2) 2) If you forget the decryption key the data is lost. If you lose the device, the data is lost 3) 3) Which one to use – large number of suppliers 4) 4) Not secure from attack – SQL injection or Java Exploit 5) 5) Human Error – is it totally secure?* 6) 6) Applications with access to encrypted data can be infected with sniffing malware etc 7) 7) The can be cracked by reverse engineering or... Truecrypt

6 Types of Encryption 1. Whole Disk encryption 2. Partition Encryption 3. Volume Encryption 4. Folder Encryption 5. File Encryption 6. Mobile Data Encryption 7. E-mail Encryption 8 Application Encryption

7 Security of Devices Offline devices – not on internal network Offline devices – not on internal network

8 Security of Devices Online networks Online networks Wired Wired Wireless WirelessHome

9 Encryption Examples PGP – Communications/files/email PGP – Communications/files/email FileVault II – MAC Devices FileVault II – MAC Devices BitLocker – Windows Devices BitLocker – Windows Devices VeraCrypt – Disks/volumes/files/systems VeraCrypt – Disks/volumes/files/systems GPG (GNU Privacy Guard)- files/folders GPG (GNU Privacy Guard)- files/folders BestCrypt – Files/Folders BestCrypt – Files/Folders TrueCrypt - now compromised TrueCrypt - now compromised Encryption to 256bit. ‘Unbreakable’. Can upgrade to 512 Military. Encryption to 256bit. ‘Unbreakable’. Can upgrade to 512 Military.

10 When needed? Devices Stolen Devices Stolen Network compromised or hacked Network compromised or hacked Insecure networks – open wifi etc Insecure networks – open wifi etc Media lost Media lost BYOD BYOD Email intrusion – malware Email intrusion – malware Data sent to wrong recipient Data sent to wrong recipient

11 Level Needed No correct answer - Depends on No correct answer - Depends on a. The data b. Your needs c. The risks – real or perceived

12 Policies on Encryption i. Law Society – Ireland & UK ii. HSE – Ireland iii. Bar Council UK iv. NUI Galway v. An Garda Síochána – secure access and mobile devices vi. Government Departments – mobile device data vii. Etc...... viii. Your policy should be your policy

13 Security of Communications SMS and emails messages are susceptible to intercept SMS and emails messages are susceptible to intercept Open WiFi in cafe or hotel etc – phone seeks and connects Open WiFi in cafe or hotel etc – phone seeks and connects Hacker uses laptop with WAP running and stronger signal that WiFi in premises. Hacker uses laptop with WAP running and stronger signal that WiFi in premises. My device will automatically seek the stronger signal and connect My device will automatically seek the stronger signal and connect I send message over internet using phone and WiFi I send message over internet using phone and WiFi Hacker sets his network to reject MMS (secure messaging) Hacker sets his network to reject MMS (secure messaging) My network reverts to SMS plain text messaging My network reverts to SMS plain text messaging Hacker has my messages and attachments and if he connects malware to phone – he has access to my account etc... Hacker has my messages and attachments and if he connects malware to phone – he has access to my account etc...

14 Home Networks Connected to home WiFi network - secure Connected to home WiFi network - secure Previously connected to open WiFi Previously connected to open WiFi Car outside war-driving with strong open WiFi Car outside war-driving with strong open WiFi Device connects to stronger open signal Device connects to stronger open signal Access to computer, malware injection, contents etc Access to computer, malware injection, contents etc Disable WiFi scanning when at home and encrypt Disable WiFi scanning when at home and encrypt

15 People One of the most significant risks of data loss

16 User Mistakes Simple Passwords Simple Passwords Password Sharing Password abuse/theft Same password used for Same password used for everything everything

17 Network/Data Intrusions Memory stick manipulation Memory stick manipulation Stick dropped outside Stick dropped outside Connected to network Connected to network Second pin removed Second pin removed Windows machines = keyboard Windows machines = keyboard Malware = full access Malware = full access BYOD – not good policy BYOD – not good policy

18 Online security Accessing from public WiFi – credentials captured and email accessed Accessing from public WiFi – credentials captured and email accessed Opening insecure attachments Opening insecure attachments Browser History – site running awstats: captures visits, IP logs and activity on site*. Browser History – site running awstats: captures visits, IP logs and activity on site*.

19 Social Media Apart from recognised risks – spamming, cyberbullying, personation, trolling etc.... Apart from recognised risks – spamming, cyberbullying, personation, trolling etc.... Know your friends Know your friends Beware of profiles that stay logged in* Beware of profiles that stay logged in*

20 Online Passwords Search on Pastebin.com for ‘barrister’ Search on Pastebin.com for ‘barrister’

21 Passwords contd...

22 Identifying threats Know your system Know your system Know your users Know your users Know your devices Know your devices Use encryption Use encryption Use secure email Use secure email Vary and change passwords Vary and change passwords Unknown source – DELETE Unknown source – DELETE Disable WiFi scanning after connection Disable WiFi scanning after connection

23 Security Security is your concern – its your data Security is your concern – its your data Its as secure as you make it Its as secure as you make it Antivirus, malware protection, passwords Antivirus, malware protection, passwords System intrusion testing and updates System intrusion testing and updates Intrusion detection software Intrusion detection software If in doubt consult IT specialists If in doubt consult IT specialists Grant Thornton – Ritz - Critical Data – Mazars - Mandiant – RMS – Espion – Ward Solutions – eSentire – Digicore - etc

24 Homework If you have a website run the following Google tests against it at home If you have a website run the following Google tests against it at home ‘ filetype:docs site:pauljohnstone.ie’ ‘info:pauljohnstone.ie’ Is there access to a private members area on a publically accessible system? – subject to interception. Is there access to a private members area on a publically accessible system? – subject to interception. Is your internal network and internet access through same machine? – subject to interception Is your internal network and internet access through same machine? – subject to interception Is your WiFi open – www.wigle.net maps open wireless networks Is your WiFi open – www.wigle.net maps open wireless networkswww.wigle.net

25 Sgt Paul Johnstone Computer Crime Investigation Unit An Garda Síochána Harcourt Street Dublin 2 D02 PT89 Tel: +353 1 6663796 Mob: +363 86 8281889 Email: paul.j.johnstone@garda.ie paul.j.johnstone@garda.ie

Download ppt "Cyber-security and Encryption © Sergeant Paul Johnstone LLB MLitt Garda Bureau of Fraud Investigation."

Similar presentations

Intermediate 2 Computing

Intermediate 2 Computing
Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Breaking Trust On The Internet

Breaking Trust On The Internet
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.

By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Similar presentations

Ads by Google