1. 1. Security In Internet BankingChiheb chebbiChiheb-chebbi@outlook,11fr
2. 2. Cyber risks: A severe and present danger everything is under attackThe annual cost ofcybercrime to the globaleconomy ranges from$375 billion to as muchas $575 billion22
3. 3. The number of stolenCredit card information hasIncreased by 48%Cyber Threat intelligence ReportFirst Quarter 2014Credit card informationTheft via Point of Salesinfections haveIncreased by 700%The number of userIDand password theftshas increasedBy 410%Incidents and financial impacts continue to grow33
4. 4. Who is a Hacker ?Intelligent individualswith excellentcomputer skills withthe ability to createand explorecomputers softwareand HardwareFor somehackers,hacking is ahobby to see howmany computers theycan compromiseTheir intention caneither be to gainknowledge or to pokearound to do illegalthings 44
5. 5. Hacker Classes :BBllaacckk HHaattss GGrreeyy HHaattss WWhhiittee HHaattssIndividuals withextraordinarycomputing skills,Restoring to maliciousor destructiveactivities and alsoknown as CrackersIndividuals professinghacker skills and usingthem for defensivepurposes and are alsoknown as SecurityAnalystsIndividuals who workboth offensively anddefensively at varioustimes55
6. 6. Hacking PhasesRReeccoonnnnaaiissssaannccee SSccaannnniinngg GainingAccessMaintaining AccessClearingTracks66
7. 7. Attacker Password Cracking:Vulnerable SystemPassword Cracking techniques are used torecover passwords from computer systemsAttackers use password cracking techniques togain unauthorized access to the vulnerablesystem77
8. 8. Password Cracking Techniques:DictionaryAttacksBrute ForcingAttacksHHyybbrriidd AAttttaacckkssA dictionary file isloaded into thecracking applicationthat runs against useraccountsThe program triesevery combination ofcaracters until thepassword is brokenLike a dictionaryattack but adds somenumbers and symbolsto the words88
9. 9. SyllableAttacksRule-BasedAttacksPassword Cracking Techniques:It is the combinationof both brute forceattack and thedictionary attackThis attack is usedwhen the attackergets some informationabout the password99
10. 10. Malwares:Is a program that record user sinteraction with the computer andinternet without the user s knowledge.Spyware:Trojan: It is a program in wich the maliciouscode is contained inside apparentlyharmless programming or data1100
11. 11. Malwares:Is a self-replicating program thatproduces its own code by attachingcopies of itself into other executablecodeVirus:Keylogger is a hardware or softwaredevice which monitors every keystroke,screen shots, chats etc typed on thecomputer.Keylogger:1111
12. 12. 1122
13. 13. Total notificationsof attemptedinfections bybanking malware:1,387,0801133
14. 14. Social Engineering:Social Engineering is the art of convincing peopleto reveal confidential information1144
15. 15. Computer-based Social Engineering:Phishing Phishing is the attempt to acquire sensitiveinformation such as usernames, passwords,and credit card details (and sometimes,indirectly, money) by masquerading as a trustworthyentity in an electronic communication 1155
16. 16. Computer-based Social Engineering:1166
17. 17. The overallnumber ofanti-phishingnotifications:19,659,6281177
18. 18. What is a Denial of service attack?In a Denial of service attack (DoS) attackers flood a victim system withNon-legitimate service requests or traffic to overload its resourcesAttack TrafficNormal Traffic1188
19. 19. What are Destributed Denial of service attacks?A DDoS attack involves a multitude of compromised systemsattacking a singel targetTo launch a Ddos attack,an attacker usesBotnets and attacks a single system1199
20. 20. DDoS Attack Tool: LOIC2200
21. 21. What are Botnets ?Botnets are software applications that run aytomated tasksOver the internet and perform simple repetitive tasksA Botnet is a huge network of compromised systems 2211
22. 22. 2222
23. 23. What is SQL injection?SQL injection is a technique used to take advantage of non-validatedInput vulnerabilities to pass SQL commands through a web AppFor execution by a backend database2233
24. 24. 2244
25. 25. How to Defend against ccyybbeerr AAttttaacckkss??2255
26. 26. Intrusion Detection Systems (IDS)An intusion detection system gathers and analyszesinformation from withinA computer or a network to identify the possibleviolation of security policyincluding Unauthorized access as well as misuse2266
27. 27. 2277
28. 28. FirewallsFirewall is a hardware or software or combined of both designedTo prevent unauthorized access to or from private networkIt is a placed at the gateway between the two networks which is usuallya private Network and a public network such as the internet2288
29. 29. HoneypotHoneypot is an information system resource that is expresslySet up to attract and trap people who attemp to penetrateAn organization networkA honeypot can be used to log access attempts o those portsIncluding the attackers keystrokes,This could send early warningsOf a more concerned attack2299
30. 30. CryptographyCryptography is the conversion of Data into a scrambled code thatIs decrypted and sent across a private or public network3300
31. 31. Types of Cryptography:SymmetricEncryptionAsymmetricEncryptionHHaasshh FFuunnccttiioonnUses the samekey forencryption asthey do fordecryptionUses differentencryption keys forencryption anddecryption(publicand private key)Uses no key forencryption anddecryption3311
32. 32. Public Key infrastructure(PKI)PKI is a set of harware,software,people,policies,and procedures requiredTo Create, Manage , distribute, use,and store digital certificates3322
33. 33. 3333
34. 34. 3344
35. 35. Thank you for your attention !!!AndDont Try this at Home !!!3355
36. 36. 3366