Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtualisation in Education: Information Security Lab in Your Pocket Alexandre Karlov, JINR 02.10.2015 1.

Published byGabriel Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtualisation in Education: Information Security Lab in Your Pocket Alexandre Karlov, JINR 02.10.2015 1."— Presentation transcript:

1 Virtualisation in Education: Information Security Lab in Your Pocket Alexandre Karlov, JINR 02.10.2015 1

2 The international community and cyber criminals Theft of money and racket Industrial espionage and sabotage Cyber attacks to the state organizations 2

3 Facts (1) 2013: Hackers have stolen in Russia and the CIS (Commonwealth of Independent States) $ 2.5 billion, 10% of Russian banks were attacked Carbanak: Trojan -> Banks had lost $1 billion for the last few years (Sept 2015) A new front in cybercrime – stock markets: A powerful insider data theft scheme was discovered in USA; it allowed getting hundred million dollars by trading on the sensitive internal corporative information (Aug 2015) Hacking the website of the US Tax Service: $50 million > 100 thousand people were concerned (Aug 2015) 3

4 Facts (2) “Stuxnet” was a very sophisticated cyber attack against the Iranian nuclear programme. SCADA (Supervisory Control and Data Acquisition) software from Siemens was infected and a full control over PLCs (programmable logic controllers), responsible for the rotational speed of the uranium enrichment centrifuges was obtained. Variation of the rotational speed of the centrifuges over the month put out them of action and made useless. Metallurgical plant in Germany: Attackers were able to not only get access to the plant control system, but put it out of operation, causing significant damage to the company. First, hackers took control of the email of the factory workers by sending them letters with phishing links. Through e- mail employees, hackers gained access to the enterprise network, and then – to the entire control system of the plant 4

5 Facts (3) Confidential data of 1,500 US military personal (email addresses, passwords in an unencrypted form, place of work, phone numbers, etc.) were stolen (Aug 2015). The intrusion to Pentagon affected about 4,000 military and civilian personnel who work there (July 2015) Stealing personal data of millions of Americans in the cyber attacks on the US Office of Personnel Management, OPM. Hacking OPM allowed to compromise the data on special operations and employees of several intelligence agencies, including the CIA and the NSA (Sept 2015). 5

6 Fact (4) - July 2015 6

7 Facts (5) - July 2015 7

8 Shortage of information security skills By 2019 there will 6 Million security professionals needed 8

9 Complexity of IT and its impact on Education IT industry becoming more complex and fast moving Students must learn faster Professional education plays a more important role You never stop learning 9

10 In computing, a Virtual Machine (VM) is an emulation of a particular computer system on a real (or hypothetical) computer 10

11 Benefits of VMs Improve utilisation - More users can have an access to the given common resources (from 5-15% to 60-80%) Minimize Downtime - If one VM crashes, simply switch to another one (migration without interruption) More security - one VM under attack vill not effect other VMs

12 Importance of Information Security Education Risk = Prob (Threat exploits a Vulnerability) X Impact You can estimate the impact fairly well for you situation How do you estimate the Probability ? How do you become aware of vulnerabilities and ways of exploiting them ? Training by trying different attacks and exploiting vulnerabilities 12

13 Perfect times for education How do you perform education in information security ? How do you learn about exploiting vulnerabilities in infrastructure and software without spending to much time? You can simulate an entire company’s network, a data centre, a website etc. on your own portable computer Computer security is fundamentally a practitioner’s art, and that requires every day practice 13

14 Possible configuration 14

15 Typical setup All components can be on one physical host (laptop) With products such as VMWare complex network topologies can be created 15

16 Learning Infrastructure Your environment will depend on your learning goal If you are just starting learning, download: Kali linux for your attacking machine - www.kali.orgwww.kali.org A linux distribution with all necessary security tools already installed, vast amount of information available on the web Metasploitable - a vulnerably machine from www.offensive-security.com/metasploit- unleashed/requirements/ ) and deploy it on your VM environmentwww.offensive-security.com/metasploit- unleashed/requirements/ NETinVM - a whole vulnerable network from (http://informatica.uv.es/~carlos/docencia/netinvm/)http://informatica.uv.es/~carlos/docencia/netinvm/ Vulnhub - www.vulnhub.com - a website where users are uploading their own vulnerable VMs and ‘challenging other users to break themwww.vulnhub.com 16

17 Further ways of learning and education Thanks to virtualisation many websites are proposing online security challenges to teach web security, reverse engineering, forensics, cryptography and system hardening Some examples: www.root-me.org, securityoverride.org, www.hackthissite.org, w3challs.com, www.try2hack.nlwww.root-me.orgsecurityoverride.org www.hackthissite.orgw3challs.comwww.try2hack.nl Digital « battlefields » where teams compete agains each other - Capture the Flag competitions (CTFs) Great way to learn and keep your information security skill sharp 17

18 18

19 Thank you ! Questions ? 19

Download ppt "Virtualisation in Education: Information Security Lab in Your Pocket Alexandre Karlov, JINR 02.10.2015 1."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
4 Information Security.

4 Information Security.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Cyber-Warfare: The Future is Now!

Cyber-Warfare: The Future is Now!
Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.

Trust, Safety, & Reliability Part 2 MALICE. Malware Malware: short for “malicious software” Hackers: people who write and deploy malware Worm: program.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Protecting Customer Websites and Web Applications Web Application Security.

Protecting Customer Websites and Web Applications Web Application Security.
Maritime Cyber Risks – What is real, what is fiction?

Maritime Cyber Risks – What is real, what is fiction?
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
A sophisticated Malware Arpit Singh CPSC 420

A sophisticated Malware Arpit Singh CPSC 420
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google