cyber security awareness training v1.4 next · • broad threats • individual hackers •...

1

Cyber Security Awareness Training

Nazmul KhanNazmul@next-asia.com – Oct 2017

2

nazmul.khan@planet1world.comnazmul.khan@planet1world.comnazmul.khan@planet1world.comnazmul.khan@planet1world.com

thenazmulkhanthenazmulkhanthenazmulkhanthenazmulkhan

mnazmulmnazmulmnazmulmnazmul

96364740963647409636474096364740

Nazmul Khan

// Work Experience Jun/2015 Jun/2015 Jun/2015 Jun/2015 ––––Jul/2016 Jul/2016 Jul/2016 Jul/2016 BTBTBTBT, Malaysia , Malaysia , Malaysia , Malaysia

Technical Support Manger, AMEATechnical Support Manger, AMEATechnical Support Manger, AMEATechnical Support Manger, AMEA

Feb/2012 Feb/2012 Feb/2012 Feb/2012 ––––Jun/2015Jun/2015Jun/2015Jun/2015 BTBTBTBT, Singapore, Singapore, Singapore, Singapore

Technical Account Manager, APACTechnical Account Manager, APACTechnical Account Manager, APACTechnical Account Manager, APAC

Jun/Jun/Jun/Jun/2008 2008 2008 2008 ––––Feb/Feb/Feb/Feb/2012201220122012 Orange Orange Orange Orange Business Services, SingaporeBusiness Services, SingaporeBusiness Services, SingaporeBusiness Services, Singapore

Technical Account ManagerTechnical Account ManagerTechnical Account ManagerTechnical Account Manager

Aug/2007 Aug/2007 Aug/2007 Aug/2007 ––––Jun/2008Jun/2008Jun/2008Jun/2008 FujistuFujistuFujistuFujistu Asia Asia Asia Asia PtePtePtePte Ltd, SingaporeLtd, SingaporeLtd, SingaporeLtd, Singapore

Snr System EngineerSnr System EngineerSnr System EngineerSnr System Engineer

Nov/2006 Nov/2006 Nov/2006 Nov/2006 ––––Aug/2006Aug/2006Aug/2006Aug/2006 Sun Sun Sun Sun Microsystems, SingaporeMicrosystems, SingaporeMicrosystems, SingaporeMicrosystems, Singapore

System Support Engineer System Support Engineer System Support Engineer System Support Engineer

Feb/2006 Feb/2006 Feb/2006 Feb/2006 ––––Nov/2006Nov/2006Nov/2006Nov/2006 BanglalinkBanglalinkBanglalinkBanglalink GSM, BangladeshGSM, BangladeshGSM, BangladeshGSM, Bangladesh

System Support Engineer System Support Engineer System Support Engineer System Support Engineer

Jun/Jun/Jun/Jun/2003 2003 2003 2003 ––––Feb/Feb/Feb/Feb/2006200620062006 AamraAamraAamraAamra Technologies, BangladeshTechnologies, BangladeshTechnologies, BangladeshTechnologies, Bangladesh

System Support Engineer System Support Engineer System Support Engineer System Support Engineer

// Education

2017 2017 2017 2017 –––– 2018201820182018 MBAMBAMBAMBA Murdoch Murdoch Murdoch Murdoch University, AustraliaUniversity, AustraliaUniversity, AustraliaUniversity, Australia

2011 2011 2011 2011 –––– 2011201120112011 ITIL v3ITIL v3ITIL v3ITIL v3 Global Global Global Global Certification Institute, SG Certification Institute, SG Certification Institute, SG Certification Institute, SG

1999 1999 1999 1999 –––– 2003200320032003 B.ScienceB.ScienceB.ScienceB.Science National National National National University, BangladeshUniversity, BangladeshUniversity, BangladeshUniversity, Bangladesh

// Professional Certification� Oracle Certified PreOracle Certified PreOracle Certified PreOracle Certified Pre----sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.

� Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support.

� Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).

� AlcatelAlcatelAlcatelAlcatel----Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).

� ITIL V3 foundation certified (ITILITIL V3 foundation certified (ITILITIL V3 foundation certified (ITILITIL V3 foundation certified (ITIL----IT infrastructure library).IT infrastructure library).IT infrastructure library).IT infrastructure library).

� EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.

� Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.

� IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).

// SkillsProfessional SkillsMicrosoft OfficeMicrosoft OfficeMicrosoft OfficeMicrosoft Office

Windows ServerWindows ServerWindows ServerWindows Server

Sun SolarisSun SolarisSun SolarisSun Solaris

Red Hat LinuxRed Hat LinuxRed Hat LinuxRed Hat Linux

Sun ClusterSun ClusterSun ClusterSun Cluster

Veritas NetBackupVeritas NetBackupVeritas NetBackupVeritas NetBackup

Tape Library/VTLTape Library/VTLTape Library/VTLTape Library/VTL

Personal SkillsOrganizationOrganizationOrganizationOrganization

CommunicationCommunicationCommunicationCommunication

Team Management Team Management Team Management Team Management

Project ManagementProject ManagementProject ManagementProject Management

Problem SolvingProblem SolvingProblem SolvingProblem Solving

Service ReportingService ReportingService ReportingService Reporting

// Achievements2013201320132013 BT Role Model AwardBT Role Model AwardBT Role Model AwardBT Role Model Award BT BT BT BT SingaporeSingaporeSingaporeSingapore

2010201020102010 Best Manage Service AwardBest Manage Service AwardBest Manage Service AwardBest Manage Service Award EMCSingaporeEMCSingaporeEMCSingaporeEMCSingapore

// Volunteers Work

National ICT National ICT National ICT National ICT Volunteer Volunteer Volunteer Volunteer Singapore InfoSingapore InfoSingapore InfoSingapore Info----com com com com Development Authority (IDA)Development Authority (IDA)Development Authority (IDA)Development Authority (IDA)

Ambassador /VolunteerAmbassador /VolunteerAmbassador /VolunteerAmbassador /Volunteer Singapore Singapore Singapore Singapore Sports Council ( Active SG)Sports Council ( Active SG)Sports Council ( Active SG)Sports Council ( Active SG)

International VolunteerInternational VolunteerInternational VolunteerInternational Volunteer SDI SDI SDI SDI Academy, SingaporeAcademy, SingaporeAcademy, SingaporeAcademy, Singapore

4

Recent Cyber Attack News

Wannacry

5

Attackers break through conventional safeguards every dayData Breaches are Costly

$4 Maverage cost of a data breachaverage time to identify data breach

201 days

20141B+ records breached

2015Healthcare mega-

breaches

20164B+ records breached

6

ADVANCED ATTACKS INSIDERS NEW INNOVATIONS COMPLIANCE

From…

• Broad threats• Individual hackers

• Disgruntled employees

• Technology and linear driven security strategy

• Checking the box• PCI compliance

To…

• Targeted and organized crime (i.e., ransomware)

• Outsiders and partnersbecoming insiders

• Agile security that moves with the business

• Continuous risk analysis• GDPR

Security drivers are evolving

Cybercrime will become a

$2.1 trillion problem by 2019

2016 insider attacks were

58 percent42% outsider attacks

By 2020, there will be

20.8 billionconnected “things”

GDPR fines can cost

billionsfor large global companies

7

Traditional security practices are unsustainable

MILLION unfilled security positions by 20201.5

85 security tools from 45 vendors

PERCENT of CEOs are reluctant to share incident information externally68

8

Three key Solution Segments

Security Events Intelligence Management

Advance SecurityTraditional Security

9

Key Security Segments

Real Time Threat Intelligence

Firewall/IPS/UTM/URL/ Web Isolation

IdentityManagement/

2F/Access Control

Encryption/DLP/MDM

VA/PAN / Patch Management

Antivirus/Anti-malware

Centralized Logging

Network Security

Web Gateway

Email Gateway

Email Security

Network IPS

Cyber Threat Management (DDoS)

Privileged Identity Management

WirelessSecurity (AirDefence)

Network Access Control (NAC)

Endpoint (SEPM) Protection

DLP (BitLocker)

2-FactorAuthentication

Case Study: Manage Security Services

Symantec

Symantec

SingTel

KEPM

IBM Proventia

ForeScout

Symantec Motorola

Microsoft

RSA

CyberArk

Malware Protection Trend Micro

Under Cu Care

Under SI Care

Under Vendor Care

Legend:

Public Cloud Infrastructure

Security

Email Gateway

Email ServerWeb ServerApplication ServerDatabase Server

WAF

Network Monitoring

Privileged Identity

Management

SSL VPN

Web

Gateway

Email

Security

2-Fcator

Authentication

Endpoint Detection

Authentication

Malware Protection

Deep Security

DLP

Infra Network diagram

Checkpoint-T2

ASA-T1

Wireless SecurityAir Defence

DDoS ProtectionNAC

IPS

Server

Platform

Storage

Storage Monitoring

Database Monitoring

ITSM

Application Monitoring

Web Isolation SOC

Case Study: GIC ThreatStream (Anomali )

ThreatStream® provides the leading enterprise class Threat Intelligence Platform, combining comprehensive threat data collection, prioritization, and analytics with secure collaboration in a vetted community.

The Key Features are:• Detect aggregates and de-duplicates threat data from 160+ public, private, and proprietary Anomali AI• Machine learning - Algorithms scale to accommodate thousands of IOCs per minute across your environment• Collaboration & Community - Securely connects security researchers within and across teams in trusted circles to cooperate on effective cyber defence strategies • Correlate and integrate – Turns data into actionable information: SIEM rules, reports, and dashboards Advantages • Analyzes and Pinpoint IOCs allowing to search for a specific indicator type over any time range, and drill-down into details • Eliminates unnecessary, duplicative and irrelevant indicators - before they enter customer infrastructure • Integrates with your SIEM and other parts of security architecture like FireEye, Cisco, BlueCoat, CheckPoint, etc

Case Study: SP FireEye (MPS)

FireEye cyber security products combat today's advanced persistent threats (APTs). As an integral piece of an Adaptive Defense strategy, state-of-the-art network security offerings protect against cyber attacks that bypass traditional signature-based tools such as antivirus software, next-generation firewalls, and sandbox tools.

The whole solution consist of FireEye FX, NX, CM & ETP

The Key Features are:• Real-Time Monitoring against zero-day and advanced stealth malware attacks without requiring new signature updates• On-Premise analysis of advanced malware with no Personal Identifiable Information (PII) that will be sent out.• Purpose-built, hardened hypervisor with built-in countermeasures against advanced malware evasion techniques such as Virtual Machine detection, Sleep API calls and keystrokes/mouse movement• Numerous parallel execution environments

Case Study: Singapore Pool (APM & NPM)

Riverbed Steel Central and Gigamon solution provide SPPL the capability to perform deep network analysis and measure/monitor the application response time. It also provide the ability to perform metrics correlation on Network latency, loss rate, any measuring value.

This solution provide details analysis of:� Measures “stopwatch” times for applications and web pages and provides immediate notification of performance changes� Identifies where problem delays occur, network, server, or application� Traces every transaction through the back end and stores it for real-time and historical analysis� Enables seamless drill down into specific transactions (server, line of code)� Correlates multiple metrics to identify causal relationships

16

agenda

Section 1

Section 2

Section 3

Section 4

Section 5

Section 6

What is Cybersecurity & Safety?

What is Hacking? Who are the Hacker?

Best Practices to avoid these threats

Identifying Security Compromises

Leading Threats and know them

Understanding Cyber Threat & Terms

17

What is Cybersecurity & Safety?

Security: We must protect our computers and data in the same way that we secure the doors to our homes.

Safety: We must behave in ways that protect us against risks and threats that come with technology.

17

18

Importance of Cybersecurity

� The internet allows an hacker to work from anywhere.

� Risks caused by poor security knowledge and practice:

� According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:

� Web Browser

� IM Clients

� Web Applications

� Excessive User Rights

19

What is Hacking

Black HatsMainstream hackers.Hack systems for theirown personal reasons,usually causing damageto the systems the breakinto.

White HatsOpposite to black hats,they only try to hacksystems which they havepermission to, reportingthe weaknesses andfixing them. Usually gethired or employed bycompanies to test theirsecurity

Grey HatsCombination of both,might break into systemswithout permission, butwill not cause anydamage to thesesystems. They usuallynotify systems adminabout the weakness theyfind.

20

Know the Hacker

20

1. Script Kiddies – Unsophisticated computer users who know how to execute programs.

2. White Hat – Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. Most White Hat hackers hold a college degree in IT security and certified in hacking career.

3. Black Hat – Also known as Crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information.

4. Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information, yet they don’t help people for good.

5. Green Hat –They’re often flamed by the hacker community for asking many basic questions. They care about hacking and strive to become full-blown hackers once they know what to do.

6. Red Hat – These are the vigilantes of the hacker world. They’re like White Hats in that they halt Black Hats. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer.

7. Blue Hat – If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who’ve them angry. Most Blue Hats are n00bz, but like the Script Kiddies, they have no desire to learn.

21

Understanding Cyber Threat & Terms

What we should know?

� Data Privacy

� Spyware & Adware

� SPAM & SPIM

� Phishing

� Passwords/2F

� Social Engineering

� Email & Chat Services

� Securing PC/Data Backups

Why Security?

� Liability

� Privacy Concerns

� Identity Theft

� Resource Violations

� Reputation Protection

� Meet Expectations

� Laws & Regulations

Understanding Threats

� What is valuable?

� What is vulnerable?

� What can we do to mitigate threats?

� What can we do to prepare ourselves?

Keep Sensitive Data Private

� NRIC/Login ID/Passport

� Drivers license number

� Passwords and PIN’s

� Banking information

22

Leading Threats

22

Viruses

Worms

Trojan Horses / Logic Bombs

Social Engineering

Rootkits

Botnets / Zombies

Ransomware

23

Viruses

� A virus itself a program, file, or disk. When the program is executed, the virus activates and replicates itself.

� The virus may be benign or malignant but executes its payload at some point.

� In order to recover or prevent virus attacks:� Avoid potentially unreliable websites/emails.� Enable OS System Restore.� Use and maintain anti-virus software.� Re-install operating system.

24

Worms

24

Independent program that replicates itself and sends copies from computer to computer across network connections.

Upon arrival, the worm may be activated to replicate.

To JoeTo AnnTo Bob

Email List:

Joe@gmail.com

Ann@yahoo.com

Bob@u.edu

25

Logic Bombs and Trojan Horses

25

Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons.

Examples:

Software which malfunctions if maintenance fee is not paid.

Employee triggers a database erase when he is fired.

Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system.

Download a game: It may be fun but contains hidden code that gathers personal

information without your knowledge.

26

Social Engineering

26

Manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems.

Phone Call:Phone Call:Phone Call:Phone Call:

This is John,

the System

Administrator.

What is your

password?

Email:Email:Email:Email:

ABC Bank has

noticed a

problem with

your account…In Person:In Person:In Person:In Person:

What ethnicity

are you? Your

mother’s

maiden name?and have

some

lovely

software

patches!

I have come

to repair

your

machine…

27

Phishing: Counterfeit Email

27

A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail.

28

Pharming: Counterfeit Web Pages

28

The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner.The counterfeit web page looks like the real thing

Extracts account information

MisspelledMisspelled

Wiping

over, but

not clicking

the link

may reveal

a different

address.

Wiping

over, but

not clicking

the link

may reveal

a different

address.

With whom?With whom?

Copyright

date is old

Copyright

date is old

29

Botnet

29

� A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.

� The compromised computers are called zombies.

30

Rootkit

30

� Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.

� May enable:� Easy access for the hacker (and

others)into the enterprise� Keystroke logger

� Eliminates evidence of break-in.� Modifies the operating system.

31

Identifying Security Compromises

31

� Common Symptoms:� Antivirus software detects a problem.� Disk space disappears unexpectedly.

� Pop-ups suddenly appear, sometimes selling security software.

� Files or transactions appear that should not be there.� The computer slows down to a crawl.� Unusual messages, sounds, or displays on your monitor.� The mouse pointer moves by itself.� The computer spontaneously shuts down or reboots.� Often unrecognized or ignored problems.

32

Malware detection

32

• Spyware symptoms:• Changes to your browser homepage/start page.• Ending up on a strange site when conducting a search.• System-based firewall is turned off automatically.• Lots of network activity while not particularly active.• Excessive pop-up windows.• New icons, programs, favorites which you did not add.• Frequent firewall alerts about unknown programs

when trying to access the Internet.• Poor system performance.

33

Best Practices to avoid these threats

uses multiple layers of defense to address technical, personnel and operational issues.

User Account Controls

34

Anti-virus and Anti-spyware Software

34

• Install and maintain anti-virus and anti-spyware software.

• Be sure to keep anti-virus software updated.

• Contact your Technology Support Professional for assistance.

35

Host-based Firewalls

35

• A firewall acts as a barrier between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents many hacker connections to your computer.

36

Protect your Operating System

36

� Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.

� The Windows Update feature built into Windows can be set up to automatically download and install updates.

� Apple provides regular updates to its operating system and software applications. � Apply Apple updates using the App Store application.

37

Use Strong Passwords

Make passwords easy to remember but hard to guess

� USG standards:

� Be at least ten characters in length

� Must contain characters from at least two of the following four types of characters:

– English upper case (A-Z) | English lower case (a-z)

– Numbers (0-9) | Special characters ($, !, %, ^, …)

� Must not contain the name or birthday � Keep passwords safe� Change them often� Don’t share or reuse passwords� Two-factor authentication“LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS”

Now add complexity the standard requires:

– L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed

38

Avoid Social Engineering and Malicious

Software�Do not open email attachments unless you are

expecting the email with the attachment and you trust the sender.

�Do not click on links in emails unless you are absolutely sure of their validity.

�Only visit and/or download software from web pages you trust.

38

39

Avoid Stupid Hacker Tricks

� Be sure to have a good firewall or pop-up blocker installed.

� Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.

� Never click “yes,” “accept” or even “cancel.”

� Infected USB drives are often left unattended by hackers in public places.

39

40

Secure Business Transactions

40

� Always use secure browser to do online activities.� Frequently delete temp files, cookies, history, saved

passwords etc.

https://

Symbol indicating

enhanced security

41

Backup Important Information

41

� No security measure is 100% reliable.� Even the best hardware fails.� What information is important to you?� Do you have latest backup?

42

Any questions

43

Thank you

Dahn-keeShukran

������

Xie xie

DêkujiTak

Terima kasih

Kiitos

Merci

Danke Efharisto

Toda

Kamsa hamnida

SukriaGrazie

Gracias

AsanteObrigado

DhanyawadKöszönöm

44