introduction to security
TRANSCRIPT
Introduction to securityDr. Mostafa Elgamala
RHCE-MCSA-CCNA-CCAI-CSCU-PMP-ITIL-IBDL
Security importanceAlgerian ministry of defense subjected to 3500
attempt daily.Hacking on UAV in south Korea.Hacking on Boshahr Nuclear reactor in Iran.Electric failure in USA due to cyber attack.Thieving of subscriber data of ashley madison, AT&T,
T mobile US. Thieving of 55000 username/password from Twitter.Nasa hacking.
Hacking scope1 -Planted medical devices hacking
2 -Automobiles hacking
3 -Computer &Mobile hacking
4 -Network devices hacking
5 -UAV hacking
6 -Industrial devices hacking
.……Any software based device is vulnerable .
Cyber attack (online attack)- Why
On line criminals for money ( i.e bank accounts)
On line criminals for opinions and protest (anonymous)
Governments against its citizensFor fun
Levels f security
User securityApplication securitySystem securityNetwork securityPhysical security
System securityVirusWorms(network) BackdoorTrojans (79% of malware)Key loggerLogic bombSpy warePassword cracking (brute force, dictionary
attack, shoulder surfing, social engineering)Zombie (bot)
Statistics (Sophos & F5)250000 virus every day (315000 Kaspersky)30,000 hacked site every day99 % from people fail to implement the basic
security procedures25% of malware is caught by antivirus82% of security problems from internal
Famous viruses1986 – Brain – Baset & Amgad Farouk1988 – morris worm – 10% of internet PC
6000-100M$1998 – Chernobyl – erase MBR2000 – I love you worm –file editing-10% of
internet PC-(5-10 B$)2008 – Conficker worm –slowing and steal
data-15 million windows servers2010 – Stuxnet – scada systems – Boshaar -
Iran
Guidelines for windowsStrong passwordLock the system when not in useApply software patchesUse windows firewallHide files/foldersUse NTFSImplement malware protection
Identity theftPersonal information
NamesAddressesBirth dateTelephone numberPassport numberSocial security numberCredit card number
How attacker steal identity?Physical methods:
Stealing (computer, mobile, wallets)Social engineering (people trust)Pretexting: info from telephone companies of financial institutions.
Internet methodsPhishing : pretend to be financial institution site or email.
Key loggers: may be by TrojansHacking: compromise user O.S , user sniffers, etc.
Social EngineeringArt of convincing people to reveal
confidential information from peopleHuman based method:
LayingEavesdropping Shoulder surfingDumpster diving
Computer based methodChain letter: free money or giftHoax letter: warning from virusesFake website: to know your info.
MeasuresComplex passwordDisable auto loginNot post sensitive/personal informationBe careful clicking links in messages
(fake sites)
Mobile devices securityMobile malware: conversations listener,
wipe-out info. ,monitor your actions.Application vulnerabilitiesLost or stolen devices
Measure proceduresPatching mobile platforms and
applicationsUse power-on authenticationBackupUse mobile phone anti-virusEncrypt your dataSecure Bluetooth
Avoid mobile device theftAvoid lending mobile phoneDo not talk while walking/driving Turn off ringerRecord IMEI (*#06#)Use anti-theft S/W to remotely wipe the
data & make the device unusable.Cancel SIM
Network security typesNetwork sniffersDenial of service (DoS)DNS poisoning (DNS spoofing)Wireless securityMan-in-the-middle attackSql injection
EncryptionPlain textCipher textEncryption keyEncryption types (symmetric /
asymmetric / hash function)Encryption standard (DES / AES)
Security awareness is the first step for your
security
Thanks