Download - Cyber crime
INTRODUCTION
TO CYBERCRIME AND SECURITY
BY PANKAJ R. KUMAWAT
WHAT IS CYBERCRIME?
• USING THE INTERNET TO COMMIT A CRIME.
• IDENTITY THEFT
• HACKING
• VIRUSES
• FACILITATION OF TRADITIONAL CRIMINAL ACTIVITY
• STALKING
• STEALING INFORMATION
• CHILD PORNOGRAPHY
CYBERCRIME COMPONENTS• COMPUTERS
• CELL PHONES
• PDA’S
• GAME CONSOLES
HIGH-PROFILE CYBERCRIME-RELATED CASES
• TJ MAXX DATA BREACH
• 45 MILLION CREDIT AND DEBIT CARD NUMBERS STOLEN
• KWAME KILPATRICK
• CELL PHONE TEXT MESSAGES
• BTK SERIAL KILLER
• KEVIN MITNICK
COMPUTER SECURITY
• CONFIDENTIALITY
• ONLY THOSE AUTHORIZED TO VIEW INFORMATION
• INTEGRITY
• INFORMATION IS CORRECT AND HASN’T BEEN ALTERED BY UNAUTHORIZED USERS OR SOFTWARE
• AVAILABILITY
• DATA IS ACCESSIBLE TO AUTHORIZED USERS
COMPUTER SECURITY
Figure 1.0 – CIA Triangle
COMPUTER SECURITY - THREATS
• MALWARE
• SOFTWARE THAT HAS A MALICIOUS PURPOSE
• VIRUSES
• TROJAN HORSE
• SPYWARE
COMPUTER SECURITY - THREATS• INTRUSIONS
• ANY ATTEMPT TO GAIN UNAUTHORIZED ACCESS TO A SYSTEM
• CRACKING
• HACKING
• SOCIAL ENGINEERING
• WAR-DRIVING
COMPUTER SECURITY - THREATS• DENIAL-OF-SERVICE (DOS)
• PREVENTION OF LEGITIMATE ACCESS TO SYSTEMS
• ALSO DISTRIBUTED-DENIAL-OF-SERVICE (DDOS)
• DIFFERENT TYPES:
• PING-OF-DEATH
• TEARDROP
• SMURF
• SYN
COMPUTER SECURITY - THREATS
Figure 1.1 – DoS and DDoS Models
COMPUTER SECURITY - TERMINOLOGY
• PEOPLE
• HACKERS
• WHITE HAT – GOOD GUYS. REPORT HACKS/VULNERABILITIES TO APPROPRIATE PEOPLE.
• BLACK HAT – ONLY INTERESTED IN PERSONAL GOALS, REGARDLESS OF IMPACT.
• GRAY HAT – SOMEWHERE IN BETWEEN.
COMPUTER SECURITY - TERMINOLOGY
• SCRIPT KIDDIES
• SOMEONE THAT CALLS THEMSELVES A ‘HACKER’ BUT REALLY ISN’T
• ETHICAL HACKER
• SOMEONE HIRED TO HACK A SYSTEM TO FIND VULNERABILITIES AND REPORT ON THEM.
• ALSO CALLED A ‘SNEAKER’
COMPUTER SECURITY - TERMINOLOGY
• SECURITY DEVICES
• FIREWALL
• BARRIER BETWEEN NETWORK AND THE OUTSIDE WORLD.
• PROXY SERVER
• SITS BETWEEN USERS AND SERVER. TWO MAIN FUNCTIONS ARE TO IMPROVE PERFORMANCE AND FILTER REQUESTS.
• INTRUSION DETECTION SYSTEMS (IDS)
• MONITORS NETWORK TRAFFIC FOR SUSPICIOUS ACTIVITY.
COMPUTER SECURITY - TERMINOLOGY
• ACTIVITIES
• PHREAKING
• BREAKING INTO TELEPHONE SYSTEMS (USED IN CONJUNCTION WITH WAR-DIALING)
• AUTHENTICATION
• DETERMINES WHETHER CREDENTIALS ARE AUTHORIZED TO ACCESS A RESOURCE
• AUDITING
• REVIEWING LOGS, RECORDS, OR PROCEDURES FOR COMPLIANCE WITH STANDARDS
COMPUTER SECURITY - CAREERS
• INFORMATION SECURITY ANALYST
US NATIONAL AVERAGE SALARY
Figure 1.2 – Median salary courtesy cbsalary.com
COMPUTER SECURITY - CERTIFICATIONS• ENTRY-LEVEL
• SECURITY+ HTTP://WWW.COMPTIA.ORG/CERTIFICATIONS/LISTED/SECURITY.ASPX
• CIW SECURITY ANALYST WWW.CIWCERTIFIED.COM
• INTERMEDIATE
• MSCE SECURITY HTTP://WWW.MICROSOFT.COM/LEARNING/EN/US/CERTIFICATION/MCSE.ASPX#TAB3
• PROFESSIONAL
• CISSP WWW.ISC2.ORG
• SANS WWW.SANS.ORG
COMPUTER SECURITY - EDUCATION
• COMMUNITY-COLLEGE
• WASHTENAW COMMUNITY COLLEGE
• COMPUTER SYSTEMS SECURITY HTTP://WWW4.WCCNET.EDU/ACADEMICINFO/CREDITOFFERINGS/PROGRAMS/DEGREE.PHP?CODE=APCSS
• COMPUTER FORENSICS HTTP://WWW4.WCCNET.EDU/ACADEMICINFO/CREDITOFFERINGS/PROGRAMS/DEGREE.PHP?CODE=APDRAD
COMPUTER SECURITY - EDUCATION
• 4-YEAR COLLEGE
• EASTERN MICHIGAN UNIVERSITY
• INFORMATION ASSURANCE
• APPLIED
• NETWORK
• CRYPTOGRAPHY
• MANAGEMENT
• HTTP://WWW.EMICH.EDU/IA/UNDERGRADUATE.HTML
Any Queries ????
THANK YOU !!THANK YOU !!