3. Objectives
• Examine how organizations are comprised –
scenarios that put assets at risk
• Identify traditional fixes for computer security
risks that you can’t live without
• Vulnerabilities that disrupt the best laid plans
of mice and IT men
• When in doubt, back it up
• Home computing – what’s at risk?
5. Avenues of Attack
• Specific targets
– Chosen based on attacker’s motivation
– Not reliant on target system’s hardware and
software
• Targets of opportunity
– Systems with hardware or software vulnerable to
a specific exploit
– Often lacking current security patches
6. The Steps in an Attack
1. Conducting reconnaissance
2. Scanning
3. Researching vulnerabilities
4. Performing the attack
5. Creating a backdoor
6. Covering tracks
7. Traditional Fixes for Security Risks
• Firewalls
• Intrusion Detection/Prevention Systems
• Anti-virus Software
• Anti-Spyware and Malware Software
• Email Scanning
• Anti-phishing Protection
8. Security Breach Scenarios
• Company: Stratfor Global Intelligence
• Date: December, 2011
• Breach: website defacement and data theft
10. Social Engineering
• Technique in which the attacker uses
deceptive practices
– Convince someone to divulge information they
normally would not divulge.
– Convince someone to do something they normally
wouldn’t do
• Why social engineering is successful
– People desire to be helpful
– People desire to avoid confrontation
12. Phishing
• Type of social engineering
– Attacker masquerades as a trusted entity
– Typically sent to a large group of random users via
e-mail or instant messenger
• Typically used to obtain
– Usernames, passwords, credit card numbers, and
details of the user’s bank accounts
• Preys on users
– PayPal, eBay, major banks, and brokerage firms
16. Recognizing Phishing
• Analyze any e-mails received asking for
personal information carefully
• Organizations need to educate their employees
– Never send e-mails asking for personal information
– Never request passwords
• Watch for technical or grammatical errors
• Strange URL address
17. Security Breach Scenarios
• Company: Global Payments
• Date: April 2012
• Breach: Theft of card information
• Cost: Visa dropping company as provider
18. Importance of Passwords
• Gateway externally and internally to resources
• Major goal of cybercrime is to capture
passwords
19. Use Passwords to Advantage
• Choose strong passwords
– At least 8 characters long
– Mix letters and numbers
– Add an uppercase letter
– Use non-alpha characters
Don’t share
• Example 1 your passwords
– Bad: flintstone with others!!
– Better: Fl1nst0ne=
20. Use Passwords to Advantage
• Example 2
Jack be nimble, Jack be quick
Jack jumped over the candlestick
Becomes: Jbn,JbqJjotc
• Need to write a password down?
– Keep in a secure place
– Use password encryption products
22. Protecting Your Home Computer
• Common target of cybercriminals
• Personal data
– Tax records, banking information, and lists of
contacts
– Family archive of photos, documents, and other
sentimental items
• Protect your family’s privacy and decrease
your odds of a cyberattack
23. For more information about the Institute and
Cybersecurity training at HCC, see us online at:
www.hagerstowncc.edu/cyber