Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jacky Altal. T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO –

Published byJordan Dison Modified over 9 years ago

Similar presentations

Presentation on theme: "Jacky Altal. T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO –"— Presentation transcript:

1 Jacky Altal

2 T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO – Client Side Attacks

3  The Hacker Terminology Layer I  The best of the best  Ability to find Vulnerabilities  Ability to write exploit code and tools to override security measures Layer II  IT Savvy  Ability to write scripts  Understand vulnerability and how they work Layer III  Script Kiddie  Ability to download tools from the internet  Don’t have knowledge or willing to understand technology

4 Cyber Attacks  Cyber attacks accompany physical attac ks (Stuxnet)  Cyber attacks are increasing in volume, sophistication, and coordination  Cyber attacks are attracted to high-value targets (Sony, stratfort, Special Forces, CIA, FBI etc.)

5 Cyber Attacks

6

7

8

9

10

11

12 Physical Conflicts and Cyber Att acks  The Pakistan/India Conflict  The Israel/(Palestinian, Turkish) Conflict  The Former Republic of Yugoslavia (FRY)/NATO Conflict in Kosovo  The U.S. – China Surveillance Plane Incident  The Turkish/France Conflict

13 Cyber Threats Against users, system administrators, hardware and software manufacturers. Against documentation which includes confidential user information for hardware and software, administrative procedures, and policy documents, supplies that include paper and even printer cartridges  A cyber threats is an intended or unintended illegal activity, an unavoidable or inadvertent event that has the potential or could lead to unpredictable, unintended, and adverse consequences on a cyberspace resource. 

14  Most cyber attacks can be put in one of the following categories: Natural or Inadvertent attack – including things like accidents originating from natural disaster like fire, floods, windstorms, and they usually occur very quickly without warning, and are beyond human capacity, often causing serious damage Human blunders, errors, and omissions – including things like unintentional human actions Intentional Threats like illegal or criminal acts from either insiders or outsiders, recreational hackers, and criminal

15  Types of e-attacks: Penetration Attack Type -involves breaking into a system using known security vulnerabilities to gain access to any cyberspace resource – ○ There is steady growth of these attacks – see the CERT Denial of Service Attacks – they affect the system through diminishing the system’s ability to function, capable of bringing a system down without destroying its resources.

16  Motives of E-attacks Revenge Joke/Hoax/Prank The Hacker's Ethics Terrorism Political and Military Espionage Business ( Competition) Espionage Hate (national origin, gender, and race) Personal gain/Fame/Fun/Notoriety Ignorance

17  Potential Cyber Attacks Unauthorized Intrusions Defacements Domain Name Server Attacks Distributed Denial of Service Attacks Computer Worms – Zeus, Stuxnet Routing Operations Critical Infrastructures Compound Attacks

18  Critical Infrastructures Critical infrastructures include gas, power, water, b anking and finance, transportation, communications All dependent to some degree on information systems Insider threat - specialized skills Network attack – default passwords, unprotected device, un updated system.

19  Topography of Attacks One-to-One One-to-Many Many-to-One Many-to-Many  Analysis of the motives and reasons why such attacks occur.  Study the most current security threats.

20  Vulnerability Types  Computer based Poor passwords Lack of appropriate protection/or improperly configured protection  Network based Unprotected or unnecessary open entry points  Personnel based Temporary/staff firings Disgruntled personnel Lack of training  Facility based Servers in unprotected areas Inadequate security policies

21  DEMO – Client Side Attack

22  The dark net / dark side of the internet

23

24

25

26

27 How to handle cyber threat  System-Aware Cyber Security Architecture Addresses supply chain and insider threats Embedded into the system to be protected Includes physical systems as well as information systems  Requires system engineering support tools for evaluating architectures factors  To facilitate reusability requires establishment of candidate Design Pattern Templates and initiation of a design library Security Design System Impact Analyses

28 THANKS FOR LISTENNING jacky@altalsec.com

Download ppt "Jacky Altal. T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO –"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.

Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Ethical and Social...J.M.Kizza 1 Module 9: Computer Crimes Introduction History of Computer Crimes Computer Systems Attacks Motives Costs and Social Consequences.

Ethical and Social...J.M.Kizza 1 Module 9: Computer Crimes Introduction History of Computer Crimes Computer Systems Attacks Motives Costs and Social Consequences.
Computer Crimes Chapter 9. Definition  Illegal act that involves a computer system or computer-related system  Telephone, microwave, satellite telecommunications.

Computer Crimes Chapter 9. Definition  Illegal act that involves a computer system or computer-related system  Telephone, microwave, satellite telecommunications.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google