Introduction to securityDr. Mostafa Elgamala

RHCE-MCSA-CCNA-CCAI-CSCU-PMP-ITIL-IBDL

Security importanceAlgerian ministry of defense subjected to 3500

attempt daily.Hacking on UAV in south Korea.Hacking on Boshahr Nuclear reactor in Iran.Electric failure in USA due to cyber attack.Thieving of subscriber data of ashley madison, AT&T,

T mobile US. Thieving of 55000 username/password from Twitter.Nasa hacking.

Hacking scope1 -Planted medical devices hacking

2 -Automobiles hacking

3 -Computer &Mobile hacking

4 -Network devices hacking

5 -UAV hacking

6 -Industrial devices hacking

.……Any software based device is vulnerable .

Cyber attack (online attack)- Why

On line criminals for money ( i.e bank accounts)

On line criminals for opinions and protest (anonymous)

Governments against its citizensFor fun

Levels f security

User securityApplication securitySystem securityNetwork securityPhysical security

System securityVirusWorms(network) BackdoorTrojans (79% of malware)Key loggerLogic bombSpy warePassword cracking (brute force, dictionary

attack, shoulder surfing, social engineering)Zombie (bot)

Statistics (Sophos & F5)250000 virus every day (315000 Kaspersky)30,000 hacked site every day99 % from people fail to implement the basic

security procedures25% of malware is caught by antivirus82% of security problems from internal

Famous viruses1986 – Brain – Baset & Amgad Farouk1988 – morris worm – 10% of internet PC

6000-100M$1998 – Chernobyl – erase MBR2000 – I love you worm –file editing-10% of

internet PC-(5-10 B$)2008 – Conficker worm –slowing and steal

data-15 million windows servers2010 – Stuxnet – scada systems – Boshaar -

Iran

Guidelines for windowsStrong passwordLock the system when not in useApply software patchesUse windows firewallHide files/foldersUse NTFSImplement malware protection

Identity theftPersonal information

NamesAddressesBirth dateTelephone numberPassport numberSocial security numberCredit card number

How attacker steal identity?Physical methods:

Stealing (computer, mobile, wallets)Social engineering (people trust)Pretexting: info from telephone companies of financial institutions.

Internet methodsPhishing : pretend to be financial institution site or email.

Key loggers: may be by TrojansHacking: compromise user O.S , user sniffers, etc.

Social EngineeringArt of convincing people to reveal

confidential information from peopleHuman based method:

LayingEavesdropping Shoulder surfingDumpster diving

Computer based methodChain letter: free money or giftHoax letter: warning from virusesFake website: to know your info.

MeasuresComplex passwordDisable auto loginNot post sensitive/personal informationBe careful clicking links in messages

(fake sites)

Mobile devices securityMobile malware: conversations listener,

wipe-out info. ,monitor your actions.Application vulnerabilitiesLost or stolen devices

Measure proceduresPatching mobile platforms and

applicationsUse power-on authenticationBackupUse mobile phone anti-virusEncrypt your dataSecure Bluetooth

Avoid mobile device theftAvoid lending mobile phoneDo not talk while walking/driving Turn off ringerRecord IMEI (*#06#)Use anti-theft S/W to remotely wipe the

data & make the device unusable.Cancel SIM

Network security typesNetwork sniffersDenial of service (DoS)DNS poisoning (DNS spoofing)Wireless securityMan-in-the-middle attackSql injection

EncryptionPlain textCipher textEncryption keyEncryption types (symmetric /

asymmetric / hash function)Encryption standard (DES / AES)

Security awareness is the first step for your

security

Thanks