-
DIYTP 2009
-
What is Cybercrime?Using the Internet to commit a crime.Identity
TheftHackingVirusesFacilitation of traditional criminal
activityStalkingStealing informationChild Pornography
-
Cybercrime ComponentsComputers
Cell Phones
PDAs
Game Consoles
-
High-Profile Cybercrime-related Cases
TJ Maxx data breach45 million credit and debit card numbers
stolenKwame KilpatrickCell phone text messagesBTK Serial
KillerKevin Mitnick
-
Computer SecurityConfidentialityOnly those authorized to view
information
IntegrityInformation is correct and hasnt been altered by
unauthorized users or software
AvailabilityData is accessible to authorized users
-
Computer SecurityFigure 1.0 CIA Triangle
-
Computer Security - Threats
MalwareSoftware that has a malicious purposeVirusesTrojan
horseSpyware
-
Computer Security - Threats
IntrusionsAny attempt to gain unauthorized access to a
systemCrackingHackingSocial EngineeringWar-driving
-
Computer Security - ThreatsDenial-of-Service (DOS)Prevention of
legitimate access to systemsAlso Distributed-Denial-of-Service
(DDoS)Different types:Ping-of-DeathTeardropSmurfSYN
-
Computer Security - ThreatsFigure 1.1 DoS and DDoS Models
-
Computer Security - TerminologyPeopleHackersWhite Hat Good guys.
Report hacks/vulnerabilities to appropriate people.Black Hat Only
interested in personal goals, regardless of impact.Gray Hat
Somewhere in between.
-
Computer Security - TerminologyScript KiddiesSomeone that calls
themselves a hacker but really isnt
Ethical HackerSomeone hired to hack a system to find
vulnerabilities and report on them.Also called a sneaker
-
Computer Security - TerminologySecurity DevicesFirewallBarrier
between network and the outside world.Proxy serverSits between
users and server. Two main functions are to improve performance and
filter requests.Intrusion Detection Systems (IDS) Monitors network
traffic for suspicious activity.
-
Computer Security - TerminologyActivitiesPhreakingBreaking into
telephone systems (used in conjunction with
war-dialing)AuthenticationDetermines whether credentials are
authorized to access a resourceAuditingReviewing logs, records, or
procedures for compliance with standards
-
Computer Security - CareersInformation Security AnalystUS
National Average Salary
Figure 1.2 Median salary courtesy cbsalary.com
-
Computer Security - CertificationsEntry-levelSecurity+
http://www.comptia.org/certifications/listed/security.aspxCIW
Security Analyst www.ciwcertified.comIntermediateMSCE Security
http://www.microsoft.com/learning/en/us/certification/mcse.aspx#tab3ProfessionalCISSP
www.isc2.orgSANS www.sans.org
-
Computer Security - EducationCommunity-collegeWashtenaw
Community College Computer Systems Security
http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APCSSComputer
Forensics
http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APDRAD
-
Computer Security - Education4-Year CollegeEastern Michigan
UniversityInformation
AssuranceAppliedNetworkCryptographyManagementhttp://www.emich.edu/ia/undergraduate.html
-
*
