Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t."— Presentation transcript:

1 Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t want to acknowledge that they have been broken in to No reliable reporting mechanism Games people play in estimating loss of time/productivity

2 Assessing the Threat How much money is lost due to cyber crimes? –Best report is the Annual CSI/FBI study

3 What is at Risk? Data Time Money Confidentiality (data disclosure) Resource availability

4 Why is there a Risk? Buggy Code Clueless Users –Should not blame users for not being experts Malicious Users –Systems should be user-proof, when possible Poor Administration Rise in sophistication of hacker tools –Root kits, nice GUI’s

5 Why is there a Risk? Poor implementation/choice of a cipher –How WEP (Wired Equivalent Privacy) implemented the RC4 cipher –Bad choice for WEP to use a stream cipher Poor implementation of design choices by programmers –Early versions of Netscape used a bad random number generator –Poor choices made when designing WEP BUGS, BUGS, BUGS….. –Buffer overflows, file permissions, Microsoft, etc

6 Categories of Risk Data vulnerabilities –Can the data be manipulated? Deleted? Software vulnerabilities –Does the software have bugs? –Is there any buffer overflows? –Can it execute code your not aware of? Physical-system vulnerabilities –Is your key systems behind lock and key? –What about a power loss/surge? –Fire?

7 Categories of Risk Transmission Vulnerabilities –Internet attacks –The gardener? –Sniffer –Traffic

8 Internet Attack Methods Password-based attacks –Guess the password –Brute force –Crack Network-snooping –See clear text; passwords, credit card numbers, protocols Trusted System Attacks –Exploit security that is based on trust.

9 Internet Attack Methods IP Spoofing –Assuming the identity of another computer A client connects to your machine instead of the server –Man in the middle Assume the identity of two computers at once Act as the server for the client Act as the client for the sever Become a relay of all data between the client and the server –Session Hijacking Redirect all data from the server to your machine

10 Internet Attack Methods Technology Exploits –Knowledge that certain combination of packets or requests causes known errors Shared Library Exploits –Replacing libraries that allows the attacker to access systems or sends data out. Social Engineering –Assume the identity of someone important and request access.

11 Security Management Security is primarily a management issue not a technology issue! –Because technology is only as good as the: Procedures Diligence of following the procedures Enforcement of the procedures

12 Security Management Management must have a comprehensive approach to security –Security is an Asymmetrical warfare Attackers only need 1 vulnerability to get in. So all aspects of security must be looked at –There must be multiple levels of security Management can’t rely on one security measure to assume a secure environment. –One firewall in not enough –VPN – only as secure as the laptop the employee takes home! –Management must have security audits Outside firms should be hired to “attack” the company to find vulnerabilities not know about.

13 Security Management There are three paths to protection –All must be followed to assure protection –And it must be done continually!! Policy Ex: Allow access only to specific web servers Technology Firewall, Hardened Web server, etc… Procedures Who can make changes? What access is allowed? Testing Try to get into a system Protection

Download ppt "Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t."

Similar presentations

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou.

THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Similar presentations

Ads by Google