computer security 101
Post on 27-Jan-2017
107 Views
Preview:
TRANSCRIPT
khairulmizam@upm.edu.my
ECC4703: Computer Security
Khairulmizam Samsudin, Ph.D.
khairulmizam@upm.edu.my
ECC4703: Computer SecurityPlain and Simple
Khairulmizam Samsudin, Ph.D.
khairulmizam@upm.edu.my
Presentation Contents
1. Awareness test for audience2. Scenario related to security incident3. Definition of computer related term4. What to do in the event of attack5. Statistics on computer crime6. News related to computer security7. Laws and regulation related to computer
usage
3
khairulmizam@upm.edu.my
Learning outcome
At the end of this talk, audience will
1. be aware of computer security risk at home and in the workplace
2. be able to identify common computer security issues
3. follow best computer security practice4. have the knowledge to handle computer
security incident
4
khairulmizam@upm.edu.my
Computer attack
5
khairulmizam@upm.edu.my 6
khairulmizam@upm.edu.my
Scenario #1
Reference:https://goo.gl/2FWWAf 7
From: UPM Email Administrator [mailto:admin@email.upm.edu.my]Sent: 12 May 2016 8:51amTo: khairulmizam@upm.edu.mySubject: Email Storage Warning
Dear Dr. Khairulmizam Samsudin,
Your mailbox is almost full.
Please reduce your mailbox size by email deletion. Click here to reduce size automatically
khairulmizam@upm.edu.my
Scenario #1 (Cont…)
8
khairulmizam@upm.edu.my
Scenario #1 (Cont…)
9
khairulmizam@upm.edu.my
Scenario #1 (Cont…)
10
khairulmizam@upm.edu.my 11
Scenario #1: Phising Attack
Definition: attempt to acquire sensitive information by masquerading as a trustworthy entity in electronic communication.Variation: bank account, monetary reward, over credit, using other communication medium, etc
Reference:https://goo.gl/lygRnT
khairulmizam@upm.edu.my
Scenario #1
12
khairulmizam@upm.edu.my
Scenario #1
13
khairulmizam@upm.edu.my
Scenario #1: To do
14
To Do● Verify the URL address● Use HTTPS (if available)● Enable anti-virus
‘secure browsing’ feature
● Update OS and anti-virus regularly
khairulmizam@upm.edu.my
The Internet of Things
Reference:http://device.is/1dwxcL1 15
khairulmizam@upm.edu.my 16
News
khairulmizam@upm.edu.my 17
Computer Network Architecture
khairulmizam@upm.edu.my
99%18
of all computer security incidents involve human error - “IBM”
Reference:http://goo.gl/2cIkZc
khairulmizam@upm.edu.my 19
khairulmizam@upm.edu.my
This talk is not about...
How to…
● e-Punch from outside UPM?
● How to crack application or games?
● How to obtain password of protected WiFi?
● How to top-up SmartTAG for free?
● How to <illegal activity> ?
20
khairulmizam@upm.edu.my 21Reference:http://goo.gl/c5leyU
The usual suspect
khairulmizam@upm.edu.my 22Reference:http://goo.gl/8I6lbm
The unusual suspect
khairulmizam@upm.edu.my
Motivation
23Reference:http://goo.gl/ILfLkr
khairulmizam@upm.edu.my 24
khairulmizam@upm.edu.my
Oversharing
Reference:https://goo.gl/hyuCTD 25
khairulmizam@upm.edu.my
RM 1.6billion
26
Losses from cybercrime in 2012 - “PDRM”
khairulmizam@upm.edu.my 27
Method
khairulmizam@upm.edu.my 28
khairulmizam@upm.edu.my
Law and Regulation1. Akta Jenayah Komputer 1997 (Akta 563)2. Akta Komunikasi dan Multimedia 1998 (Akta
588)3. Akta Harta Intelek (Paten dan Hakcipta)4. Arahan Teknologi Maklumat 2007 (Akta 680)5. Akta Perlindungan Data Peribadi 2010 (Akta
709)6. Kaedah-Kaedah Universiti Putra Malaysia
(Teknologi Maklumat Dan Komunikasi) 20137. Garis Panduan Keselamatan Teknologi
Maklumat dan Komunikasi (GPKTMK), UPM 201429
khairulmizam@upm.edu.my 30
khairulmizam@upm.edu.my 31
khairulmizam@upm.edu.my 32
khairulmizam@upm.edu.my
Awareness Test #1: Computer/Smartphone
1. I know how to install and uninstall software
2. I pay my utility bill online
3. I know how to configure WiFi
4. I know how to hook up all the computer cables
5. I can format and reinstall OS on my computer
33
khairulmizam@upm.edu.my
Scenario #2
34
khairulmizam@upm.edu.my
Scenario #2
35
khairulmizam@upm.edu.my
Scenario #2 (Cont…)
36
khairulmizam@upm.edu.my 37
Scenario #2: Hoax, Chain letter, Faxlore, etc
Definition: a message that attempts to convince the recipient to distribute copies of the letter and then pass them on to as many recipients as possible.Variation: children in need, petitions, false warnings, monetary rewards, urban legends, superstitions
khairulmizam@upm.edu.my
Scenario #2: Law and Regulation
38Akta Komunikasi dan Multimedia 1998 (Akta 588)
khairulmizam@upm.edu.my
Scenario #2: Law and Regulation
39Akta Komunikasi dan Multimedia 1998 (Akta 588)
khairulmizam@upm.edu.my
Scenario #2: To do
40
khairulmizam@upm.edu.my 41
khairulmizam@upm.edu.my
Scenario #2: News Y2K Bug
42
khairulmizam@upm.edu.my
Scenario #2: News Y2K Bug
43
khairulmizam@upm.edu.my
Scenario #2: News Y2K Bug
44
khairulmizam@upm.edu.my
Scenario #2: News
45
khairulmizam@upm.edu.my
Scenario #2: Law and Regulation
46
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
khairulmizam@upm.edu.my
Scenario #2: News Putin lying?
47
khairulmizam@upm.edu.my
Awareness Test #2: Security
1. I know how to scan for virus/malware
2. I password protect my computer/smartphone
3. I have 8 character password with 1 capital
letter, 1 symbol and 1 number
4. I update my computer OS and software frequently
5. I use a non-administrator user account on my
computer
48
khairulmizam@upm.edu.my 49Reference:http://goo.gl/2JBIrc
khairulmizam@upm.edu.my
Scenario #3
Reference:https://goo.gl/2FWWAf 50
khairulmizam@upm.edu.my
Scenario #3: or worst
Reference:https://goo.gl/2FWWAf 51
khairulmizam@upm.edu.my
Scenario #3 (Cont…)
52
khairulmizam@upm.edu.my
Scenario #3: Law and Regulation (Cont…)
53
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
khairulmizam@upm.edu.my
Scenario #3: To do
54
To Do● Do not use the same password● Do not share password and be
sure no one watches ● Use ‘incognito’ mode if you
are using public computer● Lock or log off everytime ● Use biometric password (if
possible)● Update OS and anti-virus
regularly
khairulmizam@upm.edu.my 55
khairulmizam@upm.edu.my
A computer
56Reference:http://goo.gl/iebAjE
khairulmizam@upm.edu.my 57
Awareness Test #3: What is a computer?
khairulmizam@upm.edu.my 58
Awareness Test #2: What is a computer?
khairulmizam@upm.edu.my 59
News
khairulmizam@upm.edu.my 60
News: Car hacking
… two researchers managed to take
control of an unaltered vehicle’s
electronically controlled subsystems
(radio, AC, wipers, transmission,
steering, even brakes) from afar,
using the Internet connection its
entertainment system makes through
Sprint’s cellular network … - “IEEE
Spectrum”
khairulmizam@upm.edu.my
What is Computer Security?
61Reference:http://goo.gl/uoFnoo
khairulmizam@upm.edu.my
News: Worst case scenario
62
khairulmizam@upm.edu.my 63
Definition: Computer Security in UPM
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
khairulmizam@upm.edu.my 64
InformationDefinition: Computer Security in UPM
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
khairulmizam@upm.edu.my 65
khairulmizam@upm.edu.my 66
khairulmizam@upm.edu.my
Scenario #4
Reference:https://goo.gl/2FWWAf 67
Ring ring ring...Caller: Hi Jenny, this is Smith from
Accounting Department. Can you email me the latest quaterly report?
Jenny: Ok...
khairulmizam@upm.edu.my
Scenario #4
68
Ring ring ring...Caller: Hi Jenny, this is Smith from
Accounting Department. Can you email me the latest quaterly report?
Jenny: Ok...
khairulmizam@upm.edu.my 69
Scenario #2: Social Engineering
Definition: an attack that relies heavily on human interaction and involves tricking people into breaking security procedures.Variation: call from IT, reset password, install a software, click a link, etc
khairulmizam@upm.edu.my
Scenario #4: Law and Regulation
70
Garis Panduan Keselamatan Teknologi Maklumat dan Komunikasi (GPKTMK), UPM 2014
khairulmizam@upm.edu.my
Scenario #4: To do
71
● Slow down● Research the facts● Never provide confidential
information to unknown source (i.e. email)
● Beware of any downloads and links
● Update OS and anti-virus regularly
khairulmizam@upm.edu.my 72
News: Looking for a job?
khairulmizam@upm.edu.my
What to do if you are a victim?
73
1. Disconnect from network2. Inform online account
provider3. Report to authority4. Get help
khairulmizam@upm.edu.my 74
99%of Malaysian use Facebook while on the throne
Reference:http://goo.gl/q20oWc
khairulmizam@upm.edu.my
Scenario #5
75
khairulmizam@upm.edu.my
Scenario #5: Man-in-the-middle attack
76
Definition: an attacker secretly relays and alters the communication between two parties who believe they are directly communicating with each other..
Reference:http://goo.gl/22mq8V
khairulmizam@upm.edu.my
Scenario #5
77
khairulmizam@upm.edu.my
Scenario #5: To do & Not to do
78
To Do● Avoid using public Wi-Fi
(if possible)● Avoid entering passwords
when using public Wi-Fi connections
● Use HTTPS or VPN if you need to enter passwords
khairulmizam@upm.edu.my 79
khairulmizam@upm.edu.my
Additional tips
80
● Only download from trusted sources
● Only install trusted software
● Use a decent web browser
khairulmizam@upm.edu.my 81
top related