information security - a discussion
Post on 15-Jan-2015
2.521 Views
Preview:
DESCRIPTION
TRANSCRIPT
technology
technology
Information Information SecuritySecurity High-Tech eraHigh-Tech erainin
protect
protect
us ?
us ?
cancan anyany
Our empirical observations ... Antibody grows only after we suffer.
Medicine is invented always after the bacteria is discovered.
Same with the Computer viruses
They are invented first before there is any anti-virus.
3
Rock Solid Security ...Rock Solid Security ...
by : Eduardo Seguraby : Eduardo Segura
HUH !!!!!!HUH !!!!!!
It was broken within 2 days !!!!
QuickTime™ and aH.264 decompressor
are needed to see this picture.
“Secure” database server ????
“Secure” telephone
network ????
(Jan 1991) First hacker arrest: MArk Abene (a.k.a. Phiber Optik)
“Secure” internet
backbone ????
(May 1998)... in testimony before congress L0pht Hacker group claimed that they can bring down the internet
“Secure” distribution
media (DVD,
1997) ????
(Oct 1999) DeCSS is released, a closed source Windows-only application for DVD ripping
Thank You ...Thank You ...
Threats in day-to-day
life
Threats in day-to-day
life
by : Eric Soby : Eric So
Losing personal privacy over the internet
Losing information from laptop or memory drive
Media copyright issue all over the world, e.g. Youtube, DVD copy
Disadvantage - Technology for daily life
Satellite Missions
High resolution photography (IMINT) e.g. monitoring weather and making maps
Communications eavesdropping (SIGINT)
Covert communications
Enforcement of nuclear test bans (see National Technical Means)
Detection of missile launches
Spy Satellite . . .
GPS Surveillance --Turn a cell phone into a surveillance device provided by Accutracking (http://www.accutracking.com/)
Mass surveillance – domestic telephone call, Traffic camera and commercial records.
Surveillance
Pudding Media is offering a service uses voice-recognition software to find tens of thousands of key words in a user's conversation to trigger ads that are shown on the user's screen.
Conversation may have been monitored
Privacy for free VOIP
Same password used over multiple sites.
Personal Profile can be brought up from any administrator.
Contact information may be sold to other advertisement company or partners as a online properties before 2000.
E-commerce
Using the Vision 20/20 POM Offender Locator to identify:
Missing Person
Tracking
The vision 20/20
US Computer EmergencySex Offender LocatorWeatherTrace your missing pet
Thank You ...Thank You ...
Open Wi-FiOpen Wi-Fi
by : Kiran Patilby : Kiran Patil
Yahoo!!!!Yahoo!!!!
Internet
VoIP
Phone access
Game
consumer electronic device connectivity.
Wi-Fi ... the future wave
War driving ... used to detect WiFi and collect information to decide which one to attack.
Wi-Fi ...hacking tools
Wi-Fi ...hacking tools
Evil Twin
Attack at two Miami Marshall's stores : TJX Breach SEPTEMBER 25, 2007
Hijacking a Macbook in 60 Seconds or Less
Hacking using Open Wi-Fi
Enable WPA
Change the SSID from the default.
Enable Mac Address Filtering in your Access Point
Restrict the range of available IP addresses that your router will allow to connect
Wi-Fi ... What should be done ?
Always make sure you are connecting to right network.
Avoid Open Wi-Fi if absolutely not sure about it.
Do not assume that hackers will not target you ... sometimes they do it just for fun.
Set up a software firewall (such as Zone Alarm) on each computer.
Enable logs on your router
Wi-Fi ... What should be done ?
Thank You ...Thank You ...
PhishingPhishing
by : Pantesh Shahby : Pantesh Shah
From Wikipedia
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication
Phishing ... what’s that ?
Phishing ... an increasing problem
source : WikiPedia
Deceptive Phishing
Malware-Based Phishing
Keyloggers and Screenloggers
Session Hijacking
Web Trojans
Phishing ...multiple faces
Hosts File Poisoning
Data Theft
DNS-Based Phishing (“Pharming”).
Content-Injection Phishing
Man-in-the-Middle Phishing
Search Engine Phishing
Phishing ...one best(worst) example
Google’s anti-phising softwareAnti-phising tool bar in IEMany available anti-phising software
Phishing ... some protection technology
Be-suspicious about the e-mail asking for your private information.
Make sure that link you click brings you to legitimate web-site
Look out for poor spelling / grammar in official looking e-mail.
Do not fall for million dollars - money does not come as free
Phishing ...a few tips to protect ourselves
Thank You ...Thank You ...
Daily life Watch-outs
Daily life Watch-outs
by : Niketa Patelby : Niketa Patel
A lot of password cracking softwares are readily available on internet.
Modern technology enables hacker to try out password cracking guesses ( from common words to ancient language ) in a speed of light.
Account hacking can not only reveals private information, but also can be a gateway to install ‘Torjan Horse’ ( or ‘back door’ ) program to access our computer and data without us ever knowing about it.
Password security
To protect password
Need to make our password unique for each account
Need to change our password frequently
Need to keep our password secret
Password security
Email has become such a commonplace part of our lives that many of us forget just how insecure it can be. For instance:
Email generally travels across the Internet in an unencrypted form (plain,readable text) that anyone between the source and destination can read.
Email attachments are the most commonly used method for spreading worms, viruses and Trojan Horses. Infection can happen by clicking on something as innocent looking as a .jpg or .zip file.
Once an email has been sent, you have no control over what happens with it.
E-mail security
Never send your password in an email.
Be certain of an attachment's safety before opening it.
Never reply to unsolicited email
Never allow guests to use your account.
Beware: HTML messages are a common way for viruses and other hostile content to transmit themselves. Use caution when opening a HTML message from an unknown source. Most email tools allow you to read messages in plain-text format,which eliminates the risk
E-mail security- do’s & dont’s
Social Engineering
QuickTime™ and aH.264 decompressor
are needed to see this picture.
Social engineering uses the skills of the con artist ...
These "engineers" impersonate
computer administrators company officialsemployees of a partner company
Social Engineering
Social engineering is one of the most effective hacker exploits
no technology can defend against it.
Some surveys have shown that over 70% of people will divulge their password or other information under the right circumstances
Social Engineering
Thank You ...Thank You ...
Can any technology protect us ?
Can any technology protect us ?
Information Security in High-Tech era Information Security in High-Tech era
Our original quest . . .Our original quest . . .
what ever we have discussed so far is revolving around
us
Security is only as strong as its weakest linkwhich is again ...
Another empirical observation
us
http://www.theregister.co.uk/2007/03/19/diamond_blag/
http://www.theregister.co.uk/2007/04/17/chocolate_password_survey/
Two recent news . . .
22% IT professionals revealed their password with simple question
A further 42% of IT professionals revealed their password With social engineering technique.
39% said that they will tell IT department staff their password
32% said that they will tell their password to their boss.
More on this password survey ...
Technology may help us to build the strongest lock . . .
It is our responsibility to protect the key.
Our Conclusion ...
Thanks to Haroon Mahmood and Rich Brueckner of SUN Microsystems Inc. for sharing their creation on the ‘social engineering’ video clip.
Many of the the information and ‘clip arts’ presented here has been taken from the ‘Security Training’ documentation from SUN Microsystems Inc.
Acknowledgment
Discussion Session
. . .
Discussion Session
. . .
top related