1. Self Defense For Cybersecurity
What's Happening Inside The
Firewall
Jack Drooger – Hagerstown Community College

2. Buzzword Bingo
• Dumpster diving
• Script Kiddie
• Shoulder surfing
• Whaling
• Hacking
• Vishing
• DoS attack

3. Objectives
• Examine how organizations are comprised –
scenarios that put assets at risk
• Identify traditional fixes for computer security
risks that you can’t live without
• Vulnerabilities that disrupt the best laid plans
of mice and IT men
• When in doubt, back it up
• Home computing – what’s at risk?

4. Security Breach Scenarios
• Company: RSA Security
• Date: March, 2011
• Breach: Data theft
• Estimated cost: $66 Million

5. Avenues of Attack
• Specific targets
– Chosen based on attacker’s motivation
– Not reliant on target system’s hardware and
software
• Targets of opportunity
– Systems with hardware or software vulnerable to
a specific exploit
– Often lacking current security patches

6. The Steps in an Attack
1. Conducting reconnaissance
2. Scanning
3. Researching vulnerabilities
4. Performing the attack
5. Creating a backdoor
6. Covering tracks

7. Traditional Fixes for Security Risks
• Firewalls
• Intrusion Detection/Prevention Systems
• Anti-virus Software
• Anti-Spyware and Malware Software
• Email Scanning
• Anti-phishing Protection

8. Security Breach Scenarios
• Company: Stratfor Global Intelligence
• Date: December, 2011
• Breach: website defacement and data theft

9. People
A Security Problem?

10. Social Engineering
• Technique in which the attacker uses
deceptive practices
– Convince someone to divulge information they
normally would not divulge.
– Convince someone to do something they normally
wouldn’t do
• Why social engineering is successful
– People desire to be helpful
– People desire to avoid confrontation

11. The Famous Nigerian Scam

12. Phishing
• Type of social engineering
– Attacker masquerades as a trusted entity
– Typically sent to a large group of random users via
e-mail or instant messenger
• Typically used to obtain
– Usernames, passwords, credit card numbers, and
details of the user’s bank accounts
• Preys on users
– PayPal, eBay, major banks, and brokerage firms

13. Phishing Sample - Easy to Spot

14. Phishing Sample - Camouflaged

15. Phishing Sample - Revealed

16. Recognizing Phishing
• Analyze any e-mails received asking for
personal information carefully
• Organizations need to educate their employees
– Never send e-mails asking for personal information
– Never request passwords
• Watch for technical or grammatical errors
• Strange URL address

17. Security Breach Scenarios
• Company: Global Payments
• Date: April 2012
• Breach: Theft of card information
• Cost: Visa dropping company as provider

18. Importance of Passwords
• Gateway externally and internally to resources
• Major goal of cybercrime is to capture
passwords

19. Use Passwords to Advantage
• Choose strong passwords
– At least 8 characters long
– Mix letters and numbers
– Add an uppercase letter
– Use non-alpha characters
Don’t share
• Example 1 your passwords
– Bad: flintstone with others!!
– Better: Fl1nst0ne=

20. Use Passwords to Advantage
• Example 2
 Jack be nimble, Jack be quick
 Jack jumped over the candlestick
Becomes: Jbn,JbqJjotc
• Need to write a password down?
– Keep in a secure place
– Use password encryption products

21. Life is Short
Back it Up

22. Protecting Your Home Computer
• Common target of cybercriminals
• Personal data
– Tax records, banking information, and lists of
contacts
– Family archive of photos, documents, and other
sentimental items
• Protect your family’s privacy and decrease
your odds of a cyberattack

23. For more information about the Institute and
Cybersecurity training at HCC, see us online at:
www.hagerstowncc.edu/cyber