Presentation is loading. Please wait.

Presentation is loading. Please wait.

Other useful information about the presentation ECE 6612 Kyle Koza.

Published byOphelia Hudson Modified over 9 years ago

Similar presentations

Presentation on theme: "Other useful information about the presentation ECE 6612 Kyle Koza."— Presentation transcript:

1 Other useful information about the presentation ECE 6612 Kyle Koza

2 Georgia Tech CyberSecurity  What do you think we do?

3 What do you think the bad guys want?  Your email account For phishing Send spam  Your access to journal articles  Your paycheck

4 How do we protect the Institute?  Education and Awareness  Intrusion Detection (and Prevention)  Vulnerability Scanning  Incident Response  Policy and Compliance  Things come up…

5 Phishing: What is it? Phishing is a fraudulent activity that attempts to acquire sensitive information such as usernames, passwords and credit card numbers by masquerading as a trustworthy and legitimate entity

6 Phishing: Why does the scam work?  Users are trusting of technology (especially email).  Users get a LOT of email and move quickly.  Bad guys are convincing.  Bad guys use your lack of knowledge to their benefit.  Bad guys only have to be right one time. You have to be right every time.

7 What can you believe about an email? From Name Date / Time From Address Message Links

8 What can you believe about an email? From Name Date / Time From Address Message Links

9 Verify a message in 3 easy steps 1. Check the web address (URL) 3. When in doubt, stop and ask!! 2. Watch for red flags / trust your gut

10 Desktop/Laptop: Verify the Link Hover your mouse over the link until the real link pops up.

11 Browser: Verify the Link Hover your mouse over the link; check the bottom of the screen

12 Mobile: Verify the Link Hold the link with your thumb until the real link pops up.

13 Identify the real domain https://www.gatech.edu/login/index.html last two words, before first single slash

14 iTunes Email: Is it Phishing?

15 iTunes Phishing http://account.verification.ituns.com

16 UPS Email: Is it Phishing?

17 UPS Phishing http://ups.packagetracking.trackyourpkg.com

18 Georgia Tech Phish

19 http://www.mamami.webspace.virginmedia.com/gatec h/gatech.edu.htm

20 Red Flags Note: Red flags would indicate a possible problem. The lack of red flags does not validate a message. Email contains: information contrary to what you know is true misspellings / improper grammar a request to click on links / attachments a sense of urgency an appeal to greed or fear a request for sensitive data a link to non-Georgia Tech websites asking for your GT account information

21 The bad guys want:  Your email account For phishing Send spam  Your access to journal articles  Your paycheck

22 Logging and Network Analysis  Logging Authentication System events and host intrusion detection IDS/IPS Alerts  Network Analysis Firewall events Netflow Packet capture DNS queries Network Antimalware

23 SIEM  Security Information and Event Management Consolidate Correlate Search Store Act

24 Correlate  Logins across different geographic locations Haversine formula  Firewall Denies Darknets Multiple Firewalls

25 Firewalls  600+ firewalls Border firewall Firewall in front of each VLAN  Types Packet filtering Stateful Next-Gen (Application)

26 Intrusion Detection and Prevention  IPS (Active) Cisco IPS FireEye OSSEC  IDS (Passive) FireEye Suricata Damballa

27 Problems with Security Systems?  Base-Rate Fallacy  Alert overload  Cost

28 Vulnerability Scanning  Qualys Nessus OpenVAS Nexpose  Rolling scans of our entire network  Send vulnerability reports to IT staff  Clean scans required to manage firewall

29 Antimalware  Host Defense in depth Microsoft SCEP MalwareBytes  Network FireEye Damballa Suricata

30 Incident Response  Sometimes things go wrong…  Prevent  Detect  Contain  Eradicate  Recover

31 Phishing Quiz

32 Situation: You received an email. In a hurry, you clicked the link. You were taken to a webpage. You must now decide whether or not to proceed.

33 Gone Phishing? https://login.gatech.edu/cas/login OK to Proceed?YES!

34 Gone Phishing? https://highereducation.gt.edu.hied.com/login OK to Proceed?NO!

35 Gone Phishing? http://login.gt.gatech.edu OK to Proceed?NO!

36 Gone Phishing? https://loginpage.dept.gatech.edu OK to Proceed?MAYBE…. When in doubt.. ASK! Username:_____________________ Password:_____________________ [SUBMIT]

Download ppt "Other useful information about the presentation ECE 6612 Kyle Koza."

Similar presentations

HINARI – Accessing Articles: Problems and Solutions.

HINARI – Accessing Articles: Problems and Solutions.
HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.
The results for this search are displayed in the Summary format with a total of 3808 citations.

The results for this search are displayed in the Summary format with a total of 3808 citations.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Security Guidelines and Management

Security Guidelines and Management
How It Applies In A Virtual World

How It Applies In A Virtual World
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
Information Security Phishing Update CTC

Information Security Phishing Update CTC

Similar presentations

Ads by Google