information security - a discussion
DESCRIPTION
A presentation to discuss information securities and responsibilities of individual to keep it safe. This specific presentation was contributed by many people. Each of the different area has its own author. I have planned and coordinated with them to compile it into a group presentation.TRANSCRIPT
![Page 1: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/1.jpg)
![Page 2: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/2.jpg)
technology
technology
Information Information SecuritySecurity High-Tech eraHigh-Tech erainin
protect
protect
us ?
us ?
cancan anyany
![Page 3: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/3.jpg)
Our empirical observations ... Antibody grows only after we suffer.
Medicine is invented always after the bacteria is discovered.
Same with the Computer viruses
They are invented first before there is any anti-virus.
3
![Page 4: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/4.jpg)
Rock Solid Security ...Rock Solid Security ...
by : Eduardo Seguraby : Eduardo Segura
HUH !!!!!!HUH !!!!!!
![Page 5: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/5.jpg)
It was broken within 2 days !!!!
QuickTime™ and aH.264 decompressor
are needed to see this picture.
“Secure” database server ????
![Page 6: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/6.jpg)
“Secure” telephone
network ????
(Jan 1991) First hacker arrest: MArk Abene (a.k.a. Phiber Optik)
![Page 7: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/7.jpg)
“Secure” internet
backbone ????
(May 1998)... in testimony before congress L0pht Hacker group claimed that they can bring down the internet
![Page 8: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/8.jpg)
“Secure” distribution
media (DVD,
1997) ????
(Oct 1999) DeCSS is released, a closed source Windows-only application for DVD ripping
![Page 9: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/9.jpg)
Thank You ...Thank You ...
![Page 10: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/10.jpg)
Threats in day-to-day
life
Threats in day-to-day
life
by : Eric Soby : Eric So
![Page 11: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/11.jpg)
Losing personal privacy over the internet
Losing information from laptop or memory drive
Media copyright issue all over the world, e.g. Youtube, DVD copy
Disadvantage - Technology for daily life
![Page 12: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/12.jpg)
Satellite Missions
High resolution photography (IMINT) e.g. monitoring weather and making maps
Communications eavesdropping (SIGINT)
Covert communications
Enforcement of nuclear test bans (see National Technical Means)
Detection of missile launches
Spy Satellite . . .
![Page 13: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/13.jpg)
GPS Surveillance --Turn a cell phone into a surveillance device provided by Accutracking (http://www.accutracking.com/)
Mass surveillance – domestic telephone call, Traffic camera and commercial records.
Surveillance
![Page 14: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/14.jpg)
Pudding Media is offering a service uses voice-recognition software to find tens of thousands of key words in a user's conversation to trigger ads that are shown on the user's screen.
Conversation may have been monitored
Privacy for free VOIP
![Page 15: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/15.jpg)
Same password used over multiple sites.
Personal Profile can be brought up from any administrator.
Contact information may be sold to other advertisement company or partners as a online properties before 2000.
E-commerce
![Page 16: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/16.jpg)
Using the Vision 20/20 POM Offender Locator to identify:
Missing Person
Tracking
The vision 20/20
US Computer EmergencySex Offender LocatorWeatherTrace your missing pet
![Page 17: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/17.jpg)
Thank You ...Thank You ...
![Page 18: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/18.jpg)
Open Wi-FiOpen Wi-Fi
by : Kiran Patilby : Kiran Patil
Yahoo!!!!Yahoo!!!!
![Page 19: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/19.jpg)
Internet
VoIP
Phone access
Game
consumer electronic device connectivity.
Wi-Fi ... the future wave
![Page 20: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/20.jpg)
War driving ... used to detect WiFi and collect information to decide which one to attack.
Wi-Fi ...hacking tools
![Page 21: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/21.jpg)
Wi-Fi ...hacking tools
![Page 22: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/22.jpg)
Evil Twin
Attack at two Miami Marshall's stores : TJX Breach SEPTEMBER 25, 2007
Hijacking a Macbook in 60 Seconds or Less
Hacking using Open Wi-Fi
![Page 23: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/23.jpg)
Enable WPA
Change the SSID from the default.
Enable Mac Address Filtering in your Access Point
Restrict the range of available IP addresses that your router will allow to connect
Wi-Fi ... What should be done ?
![Page 24: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/24.jpg)
Always make sure you are connecting to right network.
Avoid Open Wi-Fi if absolutely not sure about it.
Do not assume that hackers will not target you ... sometimes they do it just for fun.
Set up a software firewall (such as Zone Alarm) on each computer.
Enable logs on your router
Wi-Fi ... What should be done ?
![Page 25: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/25.jpg)
Thank You ...Thank You ...
![Page 26: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/26.jpg)
PhishingPhishing
by : Pantesh Shahby : Pantesh Shah
![Page 27: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/27.jpg)
From Wikipedia
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication
Phishing ... what’s that ?
![Page 28: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/28.jpg)
Phishing ... an increasing problem
source : WikiPedia
![Page 29: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/29.jpg)
Deceptive Phishing
Malware-Based Phishing
Keyloggers and Screenloggers
Session Hijacking
Web Trojans
Phishing ...multiple faces
Hosts File Poisoning
Data Theft
DNS-Based Phishing (“Pharming”).
Content-Injection Phishing
Man-in-the-Middle Phishing
Search Engine Phishing
![Page 30: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/30.jpg)
Phishing ...one best(worst) example
![Page 31: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/31.jpg)
Google’s anti-phising softwareAnti-phising tool bar in IEMany available anti-phising software
Phishing ... some protection technology
![Page 32: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/32.jpg)
Be-suspicious about the e-mail asking for your private information.
Make sure that link you click brings you to legitimate web-site
Look out for poor spelling / grammar in official looking e-mail.
Do not fall for million dollars - money does not come as free
Phishing ...a few tips to protect ourselves
![Page 33: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/33.jpg)
Thank You ...Thank You ...
![Page 34: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/34.jpg)
Daily life Watch-outs
Daily life Watch-outs
by : Niketa Patelby : Niketa Patel
![Page 35: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/35.jpg)
A lot of password cracking softwares are readily available on internet.
Modern technology enables hacker to try out password cracking guesses ( from common words to ancient language ) in a speed of light.
Account hacking can not only reveals private information, but also can be a gateway to install ‘Torjan Horse’ ( or ‘back door’ ) program to access our computer and data without us ever knowing about it.
Password security
![Page 36: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/36.jpg)
To protect password
Need to make our password unique for each account
Need to change our password frequently
Need to keep our password secret
Password security
![Page 37: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/37.jpg)
Email has become such a commonplace part of our lives that many of us forget just how insecure it can be. For instance:
Email generally travels across the Internet in an unencrypted form (plain,readable text) that anyone between the source and destination can read.
Email attachments are the most commonly used method for spreading worms, viruses and Trojan Horses. Infection can happen by clicking on something as innocent looking as a .jpg or .zip file.
Once an email has been sent, you have no control over what happens with it.
E-mail security
![Page 38: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/38.jpg)
Never send your password in an email.
Be certain of an attachment's safety before opening it.
Never reply to unsolicited email
Never allow guests to use your account.
Beware: HTML messages are a common way for viruses and other hostile content to transmit themselves. Use caution when opening a HTML message from an unknown source. Most email tools allow you to read messages in plain-text format,which eliminates the risk
E-mail security- do’s & dont’s
![Page 39: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/39.jpg)
Social Engineering
QuickTime™ and aH.264 decompressor
are needed to see this picture.
![Page 40: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/40.jpg)
Social engineering uses the skills of the con artist ...
These "engineers" impersonate
computer administrators company officialsemployees of a partner company
Social Engineering
![Page 41: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/41.jpg)
Social engineering is one of the most effective hacker exploits
no technology can defend against it.
Some surveys have shown that over 70% of people will divulge their password or other information under the right circumstances
Social Engineering
![Page 42: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/42.jpg)
Thank You ...Thank You ...
![Page 43: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/43.jpg)
Can any technology protect us ?
Can any technology protect us ?
Information Security in High-Tech era Information Security in High-Tech era
Our original quest . . .Our original quest . . .
![Page 44: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/44.jpg)
what ever we have discussed so far is revolving around
us
![Page 45: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/45.jpg)
Security is only as strong as its weakest linkwhich is again ...
Another empirical observation
us
![Page 46: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/46.jpg)
http://www.theregister.co.uk/2007/03/19/diamond_blag/
http://www.theregister.co.uk/2007/04/17/chocolate_password_survey/
Two recent news . . .
![Page 48: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/48.jpg)
![Page 49: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/49.jpg)
22% IT professionals revealed their password with simple question
A further 42% of IT professionals revealed their password With social engineering technique.
39% said that they will tell IT department staff their password
32% said that they will tell their password to their boss.
More on this password survey ...
![Page 50: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/50.jpg)
Technology may help us to build the strongest lock . . .
It is our responsibility to protect the key.
Our Conclusion ...
![Page 51: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/51.jpg)
Thanks to Haroon Mahmood and Rich Brueckner of SUN Microsystems Inc. for sharing their creation on the ‘social engineering’ video clip.
Many of the the information and ‘clip arts’ presented here has been taken from the ‘Security Training’ documentation from SUN Microsystems Inc.
Acknowledgment
![Page 52: Information Security - A Discussion](https://reader037.vdocuments.mx/reader037/viewer/2022103110/54b6e0384a79599a1a8b462f/html5/thumbnails/52.jpg)
Discussion Session
. . .
Discussion Session
. . .