INTRODUCTION

TO CYBERCRIME AND SECURITY

BY PANKAJ R. KUMAWAT

WHAT IS CYBERCRIME?

• USING THE INTERNET TO COMMIT A CRIME.

• IDENTITY THEFT

• HACKING

• VIRUSES

• FACILITATION OF TRADITIONAL CRIMINAL ACTIVITY

• STALKING

• STEALING INFORMATION

• CHILD PORNOGRAPHY

CYBERCRIME COMPONENTS• COMPUTERS

• CELL PHONES

• PDA’S

• GAME CONSOLES

HIGH-PROFILE CYBERCRIME-RELATED CASES

• TJ MAXX DATA BREACH

• 45 MILLION CREDIT AND DEBIT CARD NUMBERS STOLEN

• KWAME KILPATRICK

• CELL PHONE TEXT MESSAGES

• BTK SERIAL KILLER

• KEVIN MITNICK

COMPUTER SECURITY

• CONFIDENTIALITY

• ONLY THOSE AUTHORIZED TO VIEW INFORMATION

• INTEGRITY

• INFORMATION IS CORRECT AND HASN’T BEEN ALTERED BY UNAUTHORIZED USERS OR SOFTWARE

• AVAILABILITY

• DATA IS ACCESSIBLE TO AUTHORIZED USERS

COMPUTER SECURITY

Figure 1.0 – CIA Triangle

COMPUTER SECURITY - THREATS

• MALWARE

• SOFTWARE THAT HAS A MALICIOUS PURPOSE

• VIRUSES

• TROJAN HORSE

• SPYWARE

COMPUTER SECURITY - THREATS• INTRUSIONS

• ANY ATTEMPT TO GAIN UNAUTHORIZED ACCESS TO A SYSTEM

• CRACKING

• HACKING

• SOCIAL ENGINEERING

• WAR-DRIVING

COMPUTER SECURITY - THREATS• DENIAL-OF-SERVICE (DOS)

• PREVENTION OF LEGITIMATE ACCESS TO SYSTEMS

• ALSO DISTRIBUTED-DENIAL-OF-SERVICE (DDOS)

• DIFFERENT TYPES:

• PING-OF-DEATH

• TEARDROP

• SMURF

• SYN

COMPUTER SECURITY - THREATS

Figure 1.1 – DoS and DDoS Models

COMPUTER SECURITY - TERMINOLOGY

• PEOPLE

• HACKERS

• WHITE HAT – GOOD GUYS. REPORT HACKS/VULNERABILITIES TO APPROPRIATE PEOPLE.

• BLACK HAT – ONLY INTERESTED IN PERSONAL GOALS, REGARDLESS OF IMPACT.

• GRAY HAT – SOMEWHERE IN BETWEEN.

COMPUTER SECURITY - TERMINOLOGY

• SCRIPT KIDDIES

• SOMEONE THAT CALLS THEMSELVES A ‘HACKER’ BUT REALLY ISN’T

• ETHICAL HACKER

• SOMEONE HIRED TO HACK A SYSTEM TO FIND VULNERABILITIES AND REPORT ON THEM.

• ALSO CALLED A ‘SNEAKER’

COMPUTER SECURITY - TERMINOLOGY

• SECURITY DEVICES

• FIREWALL

• BARRIER BETWEEN NETWORK AND THE OUTSIDE WORLD.

• PROXY SERVER

• SITS BETWEEN USERS AND SERVER. TWO MAIN FUNCTIONS ARE TO IMPROVE PERFORMANCE AND FILTER REQUESTS.

• INTRUSION DETECTION SYSTEMS (IDS)

• MONITORS NETWORK TRAFFIC FOR SUSPICIOUS ACTIVITY.

COMPUTER SECURITY - TERMINOLOGY

• ACTIVITIES

• PHREAKING

• BREAKING INTO TELEPHONE SYSTEMS (USED IN CONJUNCTION WITH WAR-DIALING)

• AUTHENTICATION

• DETERMINES WHETHER CREDENTIALS ARE AUTHORIZED TO ACCESS A RESOURCE

• AUDITING

• REVIEWING LOGS, RECORDS, OR PROCEDURES FOR COMPLIANCE WITH STANDARDS

COMPUTER SECURITY - CAREERS

• INFORMATION SECURITY ANALYST

US NATIONAL AVERAGE SALARY

Figure 1.2 – Median salary courtesy cbsalary.com

COMPUTER SECURITY - CERTIFICATIONS• ENTRY-LEVEL

• SECURITY+ HTTP://WWW.COMPTIA.ORG/CERTIFICATIONS/LISTED/SECURITY.ASPX

• CIW SECURITY ANALYST WWW.CIWCERTIFIED.COM

• INTERMEDIATE

• MSCE SECURITY HTTP://WWW.MICROSOFT.COM/LEARNING/EN/US/CERTIFICATION/MCSE.ASPX#TAB3

• PROFESSIONAL

• CISSP WWW.ISC2.ORG

• SANS WWW.SANS.ORG

COMPUTER SECURITY - EDUCATION

• COMMUNITY-COLLEGE

• WASHTENAW COMMUNITY COLLEGE

• COMPUTER SYSTEMS SECURITY HTTP://WWW4.WCCNET.EDU/ACADEMICINFO/CREDITOFFERINGS/PROGRAMS/DEGREE.PHP?CODE=APCSS

• COMPUTER FORENSICS HTTP://WWW4.WCCNET.EDU/ACADEMICINFO/CREDITOFFERINGS/PROGRAMS/DEGREE.PHP?CODE=APDRAD

COMPUTER SECURITY - EDUCATION

• 4-YEAR COLLEGE

• EASTERN MICHIGAN UNIVERSITY

• INFORMATION ASSURANCE

• APPLIED

• NETWORK

• CRYPTOGRAPHY

• MANAGEMENT

• HTTP://WWW.EMICH.EDU/IA/UNDERGRADUATE.HTML

Any Queries ????

THANK YOU !!THANK YOU !!