Computer Security I.

Slides:

Advertisements

Similar presentations

PEOPLE’S REPUBLIC OF HACKING By: Lani N, Ashley R, Michael R, Gregory R.

Advertisements

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

Windows Security and Rootkits Mike Willard January 2007.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Local Area Networks Part III. 2 Introduction Proper support of a local area network requires hardware, software, and miscellaneous support devices. A.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

E-Book Repository Solution By Tim Haynes. Contents What is an E-book Repository My Solution Components of My Solution Diagram of My Solution Threats and.

Protecting Customer Websites and Web Applications Web Application Security.

Andrew Martin - Information Security Specialist, CIBC

A Step Into The Computer Underground 1 “By Understanding The Enemy We Are Better Prepared To Defend Ourselves”

Theft at Target Leads Citi to Replace Debit Cards By NATHANIEL POPPER Citibank plans to reissue all customer debit cards involved in the data breach at.

Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.

Network Security Lewis R. Folkerth, P. E. Consumers Energy Energy Management Systems

Investigating Sophisticated Security Breaches Digital Forensics has proven tough in the age of sophisticated Intruders.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

BREAKING NEWS “Ebay Had 145 Million Personal Record’s Stolen in a Data Breach” “Target Credit Card Breach Affects 110 Million Americans” “Court Ventures.

MORE MONEY FOR CYBER- SECURITY?. CYBER SECURITY: A TICKING TIME BOMB? Richie Sabu G/T Independent Research Howard High School Mr. Brian Price, Advisor.

“2 million Facebook, Gmail and Twitter passwords stolen in massive hack”

INTRODUCTION & QUESTIONS.

15 years of Web Security © 2015 WhiteHat Security, Inc. Jeremiah Grossman Founder WhiteHat Security, Inc. The Rebellious Teenage Years.

Security Mindset Lesson Introduction Why is cyber security important?

5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.

By: Ted Worthington.  About TJ Max  Discovery  How the break in occurred  The Payment Card Industry-Data Security Standard  Lawsuit and Investigation.

Centre of Expertise - Security Securing your business against cybercrime Or surely we do not have anything to worry about...do we?

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

CyberSecurity What is it?

NewCo Logo Keystroke Guard The technology that everybody needs October 15 th, 2014.

October 28, 2015 Cyber Security Awareness Update.

SCADA NETWORK SECURITY BY LICET 4-AUG-12.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

AUTOMOBILE CYBER SECURITY David McPeak. EVOLUTION IN DESIGN/TECHNOLOGY.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

You’ve Been Hacked! What to do when your personal information has been compromised Paul T. Yoder, Information Systems Security Specialist.

WannaCry/WannaCrypt Ransomware

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

3.6 Fundamentals of cyber security

Gift Card Risk Mitigation – Presentation A

Common Methods Used to Commit Computer Crimes

Recommending a Security Strategy

CAS-002 Dumps PDF CompTIA Advanced Security Practitioner (CASP) CAS-002 Dumps CompTIA.

Conquering all phases of the attack lifecycle

MIS 5121: Real World Control Failure - TJX

Protecting our institutional and your personal data

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Forensics Week 11.

Today’s Risk. Today’s Solutions. Cyber security and

CIS 560 Education for Service-- snaptutorial.com.

CIS 560 Teaching Effectively-- snaptutorial.com

Nessus Vulnerability Scanning

Advanced Services Cyber Security 101 © ABB February, | Slide 1.

Networks Software.

Introduction to Systems Security

Information Systems for Health:

Cybercrime and Canadian Businesses

Looking to the Future MIS 689 Cyber Warfare Capstone.

How to keep the bad guys out and your data safe

MIS 5121: Real World Control Failures: USIS

Reverse engineering through full system simulations

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

6. Application Software Security

Cyber Security For Civil Engineering

Introduction to Networking Security

Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.

Presentation transcript:

Computer Security I

JOB: Security, IR, Forensics Required Skills: Experience in host forensics, windows/linux internals, vulnerability assessment (more than just running a tool but actually doing analysis of that data or manually gathering vulnerability analysis data via an innovative/custom method) and/or Computer Network Exploitation Performed analysis of host data at rest, forensic analysis of windows, UNIX, or mobile systems, and/or experience with file hashing and fuzzy file hashing Experience with industry standard system tools (Sysinternals suite for example) Performed analysis of code in memory, including analysis of RAM snapshots, Windows crash dump files, and/or UNIX kernel dumps Performed software reverse engineering to include use of code disassemblers (like IDAPro) and debugging unknown code (like Ollydbg) CS background (scripting/programming/development) are required

1+ years in 2 of the following: File Hashing and Fuzzy File Hashing (e.g. ssdeep, fciv, and md5deep) Commercial, open source tools for intrusion detection (e.g., Snort, BroIDS) Packet capture/evaluation (e.g. tcpdump, ethereal/wireshark, NOSEHAIR) Network mapping/discovery (e.g. nmap, TRICKLER) Industry standard system/network tools (e.g. netcat, netstat, traceroute, rpcinfo, nbtscan, snmpwalk, Sysinternals suite)

2+ years in 1 of the following: Development of exploits for Microsoft Windows operation systems Development of exploits for UNIX operating systems Development of exploits for personal computer device/mobile device operating systems (e.g. Andriod, Blackberry, IPhone, and IPad) Software Reverse Engineering to include use of code disassemblers (e.g. IDA Pro) and debugging unknown code (e.g. Ollydbg) Analysis of code in memory, including analysis of RAM snapshots, Windows crash dump files, and/or UNIX kernal dumps Implementing network with IPv6 protocols.

Recent Attacks/Breaches Bad, Bad, Bad

2014 – 40 Million Credit Cards NEW YORK (CNNMoney) The major hack of discount retailer Target that stole credit and debit card data from 40 million accounts was still reverberating several days later.

Target: Hackers stole vendor's credentials in credit card breach This month (January 2014), Target revealed that about 70 million customers were affected in the credit card data heist from its stores at the end of last year, double the previous estimates.

Home Depot Confirms Breach CC #s Already on Auction Home Depot confirms breach but stays mum as to size. Home supply retailer confirms card data stolen, likely starting in April. Could be larger than the Target breach 2013. Ars Technia

Credit Card Market Place Cybercrime Store rescator[dot]cc Lists Home Depot credit cards Lampeduza[dot]la rescator[dot]la kaddafi[dot]hk octavian[dot]sucheapdumps[dot]org cpro[dot]su vor[dot]cc. http://krebsonsecurity.com/2014/09/data-nearly-all-u-s-home-depot-stores-hit/

USIS Breach at US security contractor exposed at least 25,000 workers Summary: USIS, which performs background checks for the Department of Homeland Security, revealed that it was hacked earlier this month. The same company vetted Edward Snowden for the government. Update: Government To Drop Background Check Firm USIS

JPMorgan and Other Banks Struck by Hackers By NICOLE PERLROTH, NYT, AUG. 27, 2014 Photo Outside JPMorgan’s corporate headquarters in New York. The bank was one of at least five that suffered a coordinated cyberattack this month. Credit Andrew Burton/Getty Images

Russian Hackers Amass Over a Billion Internet Passwords Alex Holden of Hold Security said most of the targeted websites were still vulnerable. Credit Darren Hauck for The New York Times - 8/5/2014

Power Grid Attack Lightsout exploit kit

Cyber Intrusion Blamed for Hardware Failure at Water Utility A recent cyber attack on a city water utility in Illinois may have destroyed a pump and appears to be part of a larger intrusion at a U.S. software provider, new information suggests.

Remote Access to SCADA Systems

US power plants 'vulnerable to hacking' Power plants across the US and Canada could overheat, shut down or be caused to malfunction because of vulnerabilities that leave them open to hacking, according to new research. Alex Hern, 10/17/2013 The Guardian

Researchers Uncover Holes That Open Power Stations to Hacking “We found vulnerabilities in virtually all implementations [of the protocol],” Sistrunk said. “Some of them are worse than others.” By Kim Zetter 10.16.13 Wired