DIYTP 2009

What is Cybercrime?

Using the Internet to commit a crime. Identity Theft Hacking Viruses

Facilitation of traditional criminal activity Stalking Stealing information Child Pornography

Cybercrime Components

Computers

Cell Phones

PDA’s

Game Consoles

High-Profile Cybercrime-related Cases

TJ Maxx data breach 45 million credit and debit card numbers

stolen Kwame Kilpatrick

Cell phone text messages BTK Serial Killer Kevin Mitnick

Computer Security

Confidentiality Only those authorized to view information

Integrity Information is correct and hasn’t been

altered by unauthorized users or software

Availability Data is accessible to authorized users

Computer Security

Figure 1.0 – CIA Triangle

Computer Security - Threats

Malware Software that has a malicious purpose

Viruses Trojan horse Spyware

Computer Security - Threats

Intrusions Any attempt to gain unauthorized access

to a system Cracking Hacking Social Engineering War-driving

Computer Security - Threats Denial-of-Service (DOS)

Prevention of legitimate access to systems

Also Distributed-Denial-of-Service (DDoS)

Different types: Ping-of-Death Teardrop Smurf SYN

Computer Security - Threats

Figure 1.1 – DoS and DDoS Models

Computer Security - Terminology People

Hackers White Hat – Good guys. Report

hacks/vulnerabilities to appropriate people.

Black Hat – Only interested in personal goals, regardless of impact.

Gray Hat – Somewhere in between.

Computer Security - Terminology Script Kiddies

Someone that calls themselves a ‘hacker’ but really isn’t

Ethical Hacker Someone hired to hack a system to find

vulnerabilities and report on them. Also called a ‘sneaker’

Computer Security - Terminology Security Devices

Firewall Barrier between network and the outside

world. Proxy server

Sits between users and server. Two main functions are to improve performance and filter requests.

Intrusion Detection Systems (IDS) Monitors network traffic for suspicious

activity.

Computer Security - Terminology Activities

Phreaking Breaking into telephone systems (used in

conjunction with war-dialing) Authentication

Determines whether credentials are authorized to access a resource

Auditing Reviewing logs, records, or procedures for

compliance with standards

Computer Security - Careers Information Security Analyst

US National Average Salary

Figure 1.2 – Median salary courtesy cbsalary.com

Computer Security - Certifications Entry-level

Security+ http://www.comptia.org/certifications/listed/security.aspx

CIW Security Analyst www.ciwcertified.com

Intermediate MSCE Security

http://www.microsoft.com/learning/en/us/certification/mcse.aspx#tab3

Professional CISSP www.isc2.org SANS www.sans.org

Computer Security - Education Community-college

Washtenaw Community College Computer Systems Security

http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APCSS

Computer Forensics http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APDRAD

Computer Security - Education 4-Year College

Eastern Michigan University Information Assurance

Applied Network Cryptography Management

http://www.emich.edu/ia/undergraduate.html