Upload
rishabh-aggarwal
View
5
Download
0
Embed Size (px)
DESCRIPTION
vhgcgc
Citation preview
DIYTP 2009
What is Cybercrime?Using the Internet to commit a crime.Identity TheftHackingVirusesFacilitation of traditional criminal activityStalkingStealing informationChild Pornography
Cybercrime ComponentsComputers
Cell Phones
PDAs
Game Consoles
High-Profile Cybercrime-related Cases
TJ Maxx data breach45 million credit and debit card numbers stolenKwame KilpatrickCell phone text messagesBTK Serial KillerKevin Mitnick
Computer SecurityConfidentialityOnly those authorized to view information
IntegrityInformation is correct and hasnt been altered by unauthorized users or software
AvailabilityData is accessible to authorized users
Computer SecurityFigure 1.0 CIA Triangle
Computer Security - Threats
MalwareSoftware that has a malicious purposeVirusesTrojan horseSpyware
Computer Security - Threats
IntrusionsAny attempt to gain unauthorized access to a systemCrackingHackingSocial EngineeringWar-driving
Computer Security - ThreatsDenial-of-Service (DOS)Prevention of legitimate access to systemsAlso Distributed-Denial-of-Service (DDoS)Different types:Ping-of-DeathTeardropSmurfSYN
Computer Security - ThreatsFigure 1.1 DoS and DDoS Models
Computer Security - TerminologyPeopleHackersWhite Hat Good guys. Report hacks/vulnerabilities to appropriate people.Black Hat Only interested in personal goals, regardless of impact.Gray Hat Somewhere in between.
Computer Security - TerminologyScript KiddiesSomeone that calls themselves a hacker but really isnt
Ethical HackerSomeone hired to hack a system to find vulnerabilities and report on them.Also called a sneaker
Computer Security - TerminologySecurity DevicesFirewallBarrier between network and the outside world.Proxy serverSits between users and server. Two main functions are to improve performance and filter requests.Intrusion Detection Systems (IDS) Monitors network traffic for suspicious activity.
Computer Security - TerminologyActivitiesPhreakingBreaking into telephone systems (used in conjunction with war-dialing)AuthenticationDetermines whether credentials are authorized to access a resourceAuditingReviewing logs, records, or procedures for compliance with standards
Computer Security - CareersInformation Security AnalystUS National Average Salary
Figure 1.2 Median salary courtesy cbsalary.com
Computer Security - CertificationsEntry-levelSecurity+ http://www.comptia.org/certifications/listed/security.aspxCIW Security Analyst www.ciwcertified.comIntermediateMSCE Security http://www.microsoft.com/learning/en/us/certification/mcse.aspx#tab3ProfessionalCISSP www.isc2.orgSANS www.sans.org
Computer Security - EducationCommunity-collegeWashtenaw Community College Computer Systems Security http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APCSSComputer Forensics http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APDRAD
Computer Security - Education4-Year CollegeEastern Michigan UniversityInformation AssuranceAppliedNetworkCryptographyManagementhttp://www.emich.edu/ia/undergraduate.html
*