Presentation is loading. Please wait.

Presentation is loading. Please wait.

When Things Go Wrong The Results of Losing your Common Sense By: Barak Engel, CISSP Principal, Engel & Associates ISACA May 2006.

Published byMadeline Tyler Modified over 8 years ago

Similar presentations

Presentation on theme: "When Things Go Wrong The Results of Losing your Common Sense By: Barak Engel, CISSP Principal, Engel & Associates ISACA May 2006."— Presentation transcript:

1 When Things Go Wrong The Results of Losing your Common Sense By: Barak Engel, CISSP Principal, Engel & Associates ISACA May 2006

2 What will we talk about?  The theory –Approaches –The role of the individual user –The gap  The practice –Common and pervasive risk areas Email (Viruses, Phishing and other diseases) Web Browsing (“the free mug”) Wireless connectivity (War Driving)  Filling the gap

3 In Theory…  Security controls… –Can be standardized –Can be applied uniformly –Can be identified and defined in advance –Can have their efficacy analyzed/determined –Can be audited  Hidden assumptions –Level of accuracy –The issue of scale –Statistical equality of cost

4 The individual user  Users… –Represent the largest install base –Completely lack standards –Cannot be controlled centrally (or otherwise) –Are only predictable in their unpredictability –Cannot be redesigned –Are all of us  In the knowledge society, employees own the tools AND the means of production –Peter Drucker, 1994

5 The gap  Knowledge –The awareness problem Would this be useful to you?this –The issue of relevancy –Cross-contamination  Motivation –The role of open-source and freeware  Least Effort and the path of least resistance

6 Common Risk Area – Email  Public email service providers

7 Phishing for Fun and Profit

8 Anatomy of a Phishing Attempt.1  Email from a trusted source

9 Anatomy of a Phishing Attempt.2  “Clean” headers – and no virus

10 Anatomy of a Phishing Attempt.3  Email text certainly looks odd  Exploring deeper, we find…

11 Anatomy of a Phishing Attempt.4  Analyzing the ASCII code: –Source: http://%36%36%2E%31%32%33%2E%32%30 %33%2E%31%35%32:%38%37/%63%69%74 /%69%6E%64%65%78%2E%68%74%6D –Target: 66.123.203.152:87/cit/index.htm

12 Anatomy of a Phishing Attempt.5  And that leads us… …Absolutely nowhere

13 Could the average user have figured this out?  Common sense must be “calibrated”!  Heard warnings  Wording is slightly awkward  Underlying text is weird  Has logo and a “legit” email address  Proper english  Maybe needed? And it comes from IT anyway  Virus-free (cross- contamination)

14 Email – right or privilege?  Corporate email can be controlled… –…but not so private email  Controls –Updated anti virus (FW: AVG) –Encryption (FW: PGP) –Secure email client (FW: Thunderbird) –Spam blocker (FW: Spambayes)  Motivation –Identity Theft

15 A cryptic code? 042103580, 062360749, 095073645, 128036045, 135016629, 141186941, 165167999, 165187999, 165207999, 165227999, 165247999, 189092294, 212097694, 212099999, 306302348, 308125070, 468288779, 549241889

16 Web Browsing  To whom are you giving your personally identifiable information and why?

17

18

19 The Tradeshow Participant.1

20 The Tradeshow Participant.2  Oh, look, protected access!  What are those files, I wonder?

21 The Tradeshow Participant.3

22 The Tradeshow Participant.4  Hey! They paid less than we did!

23 The Tradeshow Participant.5  Some information can be more useful… …to certain people.

24 Information can end up anywhere

25 Web Browsing – Tool of Production  Browsing habits are learned at home – not at work  Web-based research is efficient and highly valuable  Monitoring web access provides rapidly diminishing return

26 Good Habits in Browsing  Some better habits are easy to acquire: –“Understanding” SSL –Different browser (FW: Firefox) –Limiting (personal) exposure –The concept of lying –Fighting spyware (FW: Spybot S&D, Spyware Blaster/Guard, Windows Defender) –Password Management (Keypass)  Motivation –Identity Theft –Online Predators

27 Mrs. Hilda Schrader Whitcher  078051120  Actual SSN of E.H.Ferree ’ s Treasurer Douglas Patterson ’ s secretary  An insert in wallets sold at Woolworth  Used by over 40,000 people

28 Wireless Connectivity  A new attack vector  “Invisible” infrastructure  KISS –But only in basic mode  Highly distributed

29 Is the network a free-for-all?  The story of an afternoon visit to 7-11

30 Wireless Behavior  Explain basic concepts –defaults Network name (SSID) Channel Beaconing –Encryption –MAC filtering  Motivation –Personal information (…Identity Theft) –Job Security

31 Users = The X-Factor*  Common sense can be taught  It’s all about motivation –Close and personal  Hidden assumption –People generally have good intentions  We are all users!  * (and that’s not a bad thing)

32 Thank You! http://www.engelassociates.net/ barak@engelassociates.net (888) 509 3561

Download ppt "When Things Go Wrong The Results of Losing your Common Sense By: Barak Engel, CISSP Principal, Engel & Associates ISACA May 2006."

Similar presentations

Spyware: Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising.

Spyware: Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Nathan J. Gibson, CISSP-CISM-CCNA-MCSA. Virus Trojans Worms Spyware BotNets Social Engineering Thieves Hackers Sexual predators Harassers.

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA. Virus Trojans Worms Spyware BotNets Social Engineering Thieves Hackers Sexual predators Harassers.
SPYWARE Presented by The State Security Office November 17, 2004.

SPYWARE Presented by The State Security Office November 17, 2004.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Use computer and internet safely Dave Dai 2008. Computer security Malware Virus: a program that copies itself and infect a computer without permission.

Use computer and internet safely Dave Dai Computer security Malware Virus: a program that copies itself and infect a computer without permission.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Similar presentations

Ads by Google