Presentation on theme: "CYBER SECURITY 101 TOPICS Past Present and Future Vulnerability, Attack, Defense – Network – Password – Social Engineering – Design."— Presentation transcript:
CYBER SECURITY 101
TOPICS Past Present and Future Vulnerability, Attack, Defense – Network – Password – Social Engineering – Design Resources
The First Virus
In 1969 the first message was sent on the pre- cursor to the ARPANET a precursor to the modern internet.
In 1971 the creeper virus was created. It replicated itself across the ARPANET and installed on the local system displaying the message. “IM THE CREEPER. CATCH ME IF YOU CAN”. Another programmer wrote a program “REAPER” to seek out and destroy the CREEPER virus.
In December 2013 Microsoft moved to take down the ZeroAccess botnet comprised of ~ 3 million infected computers.
Hard Drive Size: 500 GB GB = Giga Byte Giga = 1.0 E 9 = Billion = 1000 million Byte = 8 bits = Memory to store ~ 1 character “a” Bit = Binary digit = 1 or 0 Nibble = 4 bits or half a byte MP3 Size: 3.5 MB MB = Mega Byte Mega = 1.0 E 6 = Million = 1000 thousand SCALE Trojan: 100 KB KB = Kilo Byte = 1.0 E 3 = thousand
VIRUS A self replicating program installs itself in another program. not necessarily malicious Harm may result due to its method of infection Memory in a computer is a approximate thing. Viruses exploit this to infect a program. empty space in memory blocks Compress a program to make room Delete parts of program and insert its code Dispersal amongst many files using multiple methods.
MUTATION Viruses, Trojans and worms can infect each other May be accidental or intentional Popular viruses may be exploited by other virus writers. May work in tandem or conflict. Exploit the same flaw Exploit resultant flaws Delete and replace existing infection Ex. Cholera/CTX is the cholera virus infected with the CTX mass mailing worm. Mutations are rarely viable, but still a threat. Doubly so since they present an additional challenge of detection, and malfunction.
TROJAN HORSE non replicating uses subterfuge to infect Usually not destructive in and of themselves, Tend to open backdoors for more malicious programs monitoring Remote control Stealing personal information Key logging Vectors attachment in a free program to download movies Fake AV pop up May perform as advertised or appear to fail to do anything
ZEUS / SPYEYE There was a crackdown on ZEUS/SPYEYE in It was used to steal information from NASA, Bank of America, CISCO, Amazon. Easy to install User friendly Difficult to attribute
Worms Self replicating propagate by exploiting vulnerabilities open network ports, flaws in software design. Incidental cost due to transmission method consumes excessive bandwidth while searching for new targets This suspicious traffic makes it easier to spot
grey area There’s some overlap in the definition of different types of malware. The distinction doesn’t really matter since the goal is to prevent infection and keep your system secure. No system is perfect but there’s a great deal the average user can do to thwart attackers and protect themselves. Social engineering is a big part of malware. If you encounter a fake AV program, or PHISHING attempt it is intentionally alarmist. It covers most your screen with a flashing dire warning and counters racking the total number of infections found. Spear phishing is becoming more common too. It’s hard to avoid putting information out there as a public institution. Encountering a Cyber threat is inevitable, but most attempts are fairly transparent.
Vitek Boden : Machony shire, Australia In 2001 millions of tons of sewage were dumped into natural parks by the Queensland waste management system. At first they thought it was a malfunction but after the problem persisted they realized they were subject to an cyber attack. The stations had remotely controllable nodes and they noticed a pattern of the attacks and setup a sting capturing 49 year old Vitek Boden in his car with a laptop and some propriety hardware for the accessing sewage systems controls.
Lulsec: Was a group of hackers who gained notoriety in 2011 for a series of high profile attacks against corporations. Most members were caught after their leader outted himself to an FBI informant and assisted in there capture.
AV : Antivirus They operate by scanning your system against there database of malware signatures. There’s no reason not to have one. They can be bothersome due to system resource consumption and permission conflicts but their settings can be tweaked to reduce their resource usage and when installing programs from a trusted source they can be disabled. Still they should be installed. Scans should be run at least weekly and virus definitions updated daily.
Firewall Controls network traffic flow. What programs can communicate on which ports, and filters incoming traffic. Stand alone equipment, and most O/S have one built in.
SPAM is such a problem that this is a de-facto feature of most mail clients and AV applications, but it’s worth noting. They can operate intelligently parsing mail based on algorithms ranging from strong to weak or in conjunction with whitelist/blacklist. Whitelisting is inclusive, you designate what domains, or addresses can pass through to your mailbox. Blacklist are exclusive, designating what domains or addresses cannot send mail to your mailbox. Spam Filters
System Permissions Operate using the lowest permission level possible. An infection operates with the same permissions it is running under. It’s possible to limit the scope of infections by using an account with standard permissions If your system is infected as an admin, your whole system is now vulnerable As a standard user it may be limited to that profile The default account created usually is an Administrator regardless of its name
Phishing is an attempt to gain access to credentials, account information, or funds directly. Usually they’re SPAMMed in bulk. Spear PHISHING is a target phishing attempt. The message will be tailored towards a specific group of users. In either case the same principles of avoidance apply.
Grammar Check the sender address. Mouse-over links If you get an from a vendor and you thinks it’s illegitimate. Just go to the site. Spotting Spam
Mobile Devices Increasingly targeted by cyber attackers They face the same threats as computers (viruses, worms, trojans, etc) Unsecure Apps Gather personal information Create security holes Embedded malware Anti Virus Apps
SpyGold.A Trojan Targets Android OS Forwards copies of txt messages and phone calls onto a remote server. Installs/Uninstalls apps Makes phone calls Sends TXTs Can operate at a bot
Cracking Passwords 3 General Methods Brute force: every possible password Dictionary: common passwords and iterations Capture: deciphering the encrypted password Spoofing an active session (also some combination of the three)
Password Policy Don’t use a common phrases or words Don’t use the same password in multiple places Make it Complex Change it occasionally Make it Easy to remember
Password Re-use Cascade – Attackers won’t stop at exploiting one account – Using different passwords prevents limits the scope of successful attacks Varying levels of encryption – Not every site stores passwords with the same level of security – Not every site needs a strong password Online Banking: Yes Candy Crush : No Candy Crush with saved credit card: Yes Open Sessions – After logging into a website a session is created – Attackers can bypass authentication by capturing this session information Don’t keep multiple tabs or windows open when accessing secure sites Logout when you’re finished working on a site Routinely clear internet history Avoid storing passwords in the browser
Creating a strong, easy to remember password Simple phrase: what day is it again? Remove spaces: whatdayisitagain? Capitol Letters: wHatdayisitagain? Numbers: wHatd7ayisitag4ain? Special Characters: wHatd7!ayisitag4ain? Extra letters wHatd7!ayisihtag4ain?
Final Word Explore your computer while it’s working so you’ll know when it’s not What accounts are on the machine? What permission levels do they have? What programs and services are running ? Start automatically ? What files (pictures, documents, etc) are important ? When was the last time you backed them up ? Are they backed up online and offline ? Is the online backup secure ? Antivirus program How up to date is the program ? Up to date Virus definitions ? Routine Scan schedule ? Firewall is running What programs are allowed through What internet browser(s) do you use ? Are they up to date ? What Plugins, Toolbars, Add-Ons does it have ? Are they from a trusted source ? Are they up to date ? Do they collect personal information and what ? What version of Adobe Reader Adobe Flash ActiveX or Plugin Java
Free AV Applications Wild list National Institute of Standard and Technology Department of Homeland Security https://www.us-cert.gov/ncas/tips https://www.dhs.gov/cybersecurity-tips Password Strength Checker https://www.microsoft.com/en-gb/security/pc-security/password- checker.aspx Sophos A-Z Threats trends/threatsaurus.aspx Resources