Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves

Published byBarbra Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves"— Presentation transcript:

1 “Can You See Me Now?” Shining the Light On Hackers & Identity Thieves
Lew Wagner, CPP, CISSP ASIS International Information Technology Security Council Copyright August 22, 2007

2 What? Me worry? Correlation Wireless Intrusion Detection Firewall
Content Mgmt Anti-Virus Scanning Tools AirSnort Bots Kismet MetaSploit Phishing War Driving DDoS

3 Introduction Purpose Threats to Information Systems Reactive Security
Case Studies Reactive Security Proactive Security Conclusion

4 Purpose Inform - Provide you with hacker and identity theft threats, safeguards, and examples To help you analyze and make more informed decisions on: Current in-place reactive and proactive security environments and Detecting and planning for dynamic threats to your network and systems Author’s identification of security industry vendor products is for instructional purposes only

5 Security Threats

6 MetaSploit - Uber Hacking Tool

7 Bots Bots and botnets – series of “zombied” (compromised hosts) used by hackers who remotely control them for denial of service and other illegal activities Detection is getting harder to achieve as these hackers are creating ways to disguise “mother ship” controller PC’s SD.BOT and all its variants are a prevalent example of this category

8 Denial of Service (DoS)
DoS attacks – a victim’s external IP addresses and ports are flooded with thousands of half open connections thereby tying up that port from being used by legitimate users and customers Distributed DoS (DDoS) attacks used hundred and thousands of slaved “zombie” PCs to flood a large victim’s multiple internet sites and ports thereby preventing the victim from communicating over the internet. Often used as a threat if the victim doesn’t pay a ransom or by competing companies/ countries to hurt other entities economically

9 Phishing Phishing attackers host content (either via or a website) to lure unwitting users into divulging personal information that can then be used by the attacker to fraudulently use (identity theft) The stolen personal identity information can be used to either purchase goods and services under the victim’s name or take out funds from the victim's account. Such phishing web sites are made to look like actual business site (e.g., Wells Fargo or eBay) They are mostly financial web sites that are spoofed

10 Phishing (Cont.) Source:

11 Phishing (Cont.) Phishing is the act of sending an email
The Consumer Reports National Research Center estimated people lost $630 million in the last two years in phishing scams. Most anti-phishing browsers are ineffective (Source: Schecter, Dhamija, Ozment, Fischer; The Emperor’s New Security Indicators - An evaluation of website authentication and the effect of role playing on usability studies, joint Harvard & MIT white paper, May 20-23, 2007 in Oakland, California at 2007 IEEE Symposium on Security and Privacy)

12 KISMET-Wireless Sniffer

13 Yagi Wireless Directional Antennae

14 Reactive Security Tools

15 Firewall Reporter-Firewall

16

17 Checkpoint-Firewall

18

19 Snort - Network Intrusion Detection
Snort Network IDS (NIDS) server just behind firewall Logged Events “snap-shotted” (73,453 events in 24 hr period) All observed traffic coming from firewall (inside interface) into organization All observed traffic coming from inside organization out to the firewall

20

21 48 Security Event Types

22 Sample BASE Report

23 Attacks by Class

24 Most Common Attacks

25 Symantec-Anti-Virus

26

27 Proactive Security Tools

28 Tipping Point - Network Intrusion Prevention

29

30

31

32 AirDefense-Wireless Security

33

34

35

36 WCS-Wireless Control System

37

38

39 AppDetective-Spotting Database Weaknesses

40

41

42 WebInspect-Internet

43

44

45

46 Correlation Analysis Putting it all together
Compromising “trusted” connection systems Threats from all vectors As seen by multitude of security sensors Too many single reporting devices to look at each individually and see “big picture” “If this even, and this event, and that event, then the correlated impact is this”

47 Correlation Analysis

48

49

50 Conclusion Technical threats to your infrastructure are pervasive and frequent Simply installing a firewall and an antivirus solution is not enough Extensive correlation of large quantities of security data is needed. Dynamic defense in depth is needed to detect, assess, and mitigate today’s multi-vector attacks.

51 Contact Information Lew Wagner: Pres & CEO, Dynamic Defense In Depth, Inc. ( ) (317) (Cell Phone)

Download ppt "“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The ABC’s of Identity Theft Part One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery.

The ABC’s of Identity Theft Part One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google