cyber security awareness training v1.4 next · • broad threats • individual hackers •...
TRANSCRIPT
2
[email protected]@[email protected]@planet1world.com
thenazmulkhanthenazmulkhanthenazmulkhanthenazmulkhan
mnazmulmnazmulmnazmulmnazmul
96364740963647409636474096364740
Nazmul Khan
// Work Experience Jun/2015 Jun/2015 Jun/2015 Jun/2015 ––––Jul/2016 Jul/2016 Jul/2016 Jul/2016 BTBTBTBT, Malaysia , Malaysia , Malaysia , Malaysia
Technical Support Manger, AMEATechnical Support Manger, AMEATechnical Support Manger, AMEATechnical Support Manger, AMEA
Feb/2012 Feb/2012 Feb/2012 Feb/2012 ––––Jun/2015Jun/2015Jun/2015Jun/2015 BTBTBTBT, Singapore, Singapore, Singapore, Singapore
Technical Account Manager, APACTechnical Account Manager, APACTechnical Account Manager, APACTechnical Account Manager, APAC
Jun/Jun/Jun/Jun/2008 2008 2008 2008 ––––Feb/Feb/Feb/Feb/2012201220122012 Orange Orange Orange Orange Business Services, SingaporeBusiness Services, SingaporeBusiness Services, SingaporeBusiness Services, Singapore
Technical Account ManagerTechnical Account ManagerTechnical Account ManagerTechnical Account Manager
Aug/2007 Aug/2007 Aug/2007 Aug/2007 ––––Jun/2008Jun/2008Jun/2008Jun/2008 FujistuFujistuFujistuFujistu Asia Asia Asia Asia PtePtePtePte Ltd, SingaporeLtd, SingaporeLtd, SingaporeLtd, Singapore
Snr System EngineerSnr System EngineerSnr System EngineerSnr System Engineer
Nov/2006 Nov/2006 Nov/2006 Nov/2006 ––––Aug/2006Aug/2006Aug/2006Aug/2006 Sun Sun Sun Sun Microsystems, SingaporeMicrosystems, SingaporeMicrosystems, SingaporeMicrosystems, Singapore
System Support Engineer System Support Engineer System Support Engineer System Support Engineer
Feb/2006 Feb/2006 Feb/2006 Feb/2006 ––––Nov/2006Nov/2006Nov/2006Nov/2006 BanglalinkBanglalinkBanglalinkBanglalink GSM, BangladeshGSM, BangladeshGSM, BangladeshGSM, Bangladesh
System Support Engineer System Support Engineer System Support Engineer System Support Engineer
Jun/Jun/Jun/Jun/2003 2003 2003 2003 ––––Feb/Feb/Feb/Feb/2006200620062006 AamraAamraAamraAamra Technologies, BangladeshTechnologies, BangladeshTechnologies, BangladeshTechnologies, Bangladesh
System Support Engineer System Support Engineer System Support Engineer System Support Engineer
// Education
2017 2017 2017 2017 –––– 2018201820182018 MBAMBAMBAMBA Murdoch Murdoch Murdoch Murdoch University, AustraliaUniversity, AustraliaUniversity, AustraliaUniversity, Australia
2011 2011 2011 2011 –––– 2011201120112011 ITIL v3ITIL v3ITIL v3ITIL v3 Global Global Global Global Certification Institute, SG Certification Institute, SG Certification Institute, SG Certification Institute, SG
1999 1999 1999 1999 –––– 2003200320032003 B.ScienceB.ScienceB.ScienceB.Science National National National National University, BangladeshUniversity, BangladeshUniversity, BangladeshUniversity, Bangladesh
// Professional Certification� Oracle Certified PreOracle Certified PreOracle Certified PreOracle Certified Pre----sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.sales, Solaris OS System, Network & Security Admin.
� Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support. Sun Certified System Engineer (PE4) for Sun System Support.
� Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).Microsoft Certified Technology Specialties for Server Virtualization (MCTS).
� AlcatelAlcatelAlcatelAlcatel----Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).Lucent Certified System Expert for VitalQIP Solution (ACSE).
� ITIL V3 foundation certified (ITILITIL V3 foundation certified (ITILITIL V3 foundation certified (ITILITIL V3 foundation certified (ITIL----IT infrastructure library).IT infrastructure library).IT infrastructure library).IT infrastructure library).
� EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.EMC Certified Proven Professional for Data Domain Storage.
� Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.Cisco Certified UCS Support & Implementation Specialist.
� IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).IBM Certified Qradar Associate Administrator (SIEM).
// SkillsProfessional SkillsMicrosoft OfficeMicrosoft OfficeMicrosoft OfficeMicrosoft Office
Windows ServerWindows ServerWindows ServerWindows Server
Sun SolarisSun SolarisSun SolarisSun Solaris
Red Hat LinuxRed Hat LinuxRed Hat LinuxRed Hat Linux
Sun ClusterSun ClusterSun ClusterSun Cluster
Veritas NetBackupVeritas NetBackupVeritas NetBackupVeritas NetBackup
Tape Library/VTLTape Library/VTLTape Library/VTLTape Library/VTL
Personal SkillsOrganizationOrganizationOrganizationOrganization
CommunicationCommunicationCommunicationCommunication
Team Management Team Management Team Management Team Management
Project ManagementProject ManagementProject ManagementProject Management
Problem SolvingProblem SolvingProblem SolvingProblem Solving
Service ReportingService ReportingService ReportingService Reporting
// Achievements2013201320132013 BT Role Model AwardBT Role Model AwardBT Role Model AwardBT Role Model Award BT BT BT BT SingaporeSingaporeSingaporeSingapore
2010201020102010 Best Manage Service AwardBest Manage Service AwardBest Manage Service AwardBest Manage Service Award EMCSingaporeEMCSingaporeEMCSingaporeEMCSingapore
// Volunteers Work
National ICT National ICT National ICT National ICT Volunteer Volunteer Volunteer Volunteer Singapore InfoSingapore InfoSingapore InfoSingapore Info----com com com com Development Authority (IDA)Development Authority (IDA)Development Authority (IDA)Development Authority (IDA)
Ambassador /VolunteerAmbassador /VolunteerAmbassador /VolunteerAmbassador /Volunteer Singapore Singapore Singapore Singapore Sports Council ( Active SG)Sports Council ( Active SG)Sports Council ( Active SG)Sports Council ( Active SG)
International VolunteerInternational VolunteerInternational VolunteerInternational Volunteer SDI SDI SDI SDI Academy, SingaporeAcademy, SingaporeAcademy, SingaporeAcademy, Singapore
4
Recent Cyber Attack News
Wannacry
5
Attackers break through conventional safeguards every dayData Breaches are Costly
$4 Maverage cost of a data breachaverage time to identify data breach
201 days
20141B+ records breached
2015Healthcare mega-
breaches
20164B+ records breached
6
ADVANCED ATTACKS INSIDERS NEW INNOVATIONS COMPLIANCE
From…
• Broad threats• Individual hackers
• Disgruntled employees
• Technology and linear driven security strategy
• Checking the box• PCI compliance
To…
• Targeted and organized crime (i.e., ransomware)
• Outsiders and partnersbecoming insiders
• Agile security that moves with the business
• Continuous risk analysis• GDPR
Security drivers are evolving
Cybercrime will become a
$2.1 trillion problem by 2019
2016 insider attacks were
58 percent42% outsider attacks
By 2020, there will be
20.8 billionconnected “things”
GDPR fines can cost
billionsfor large global companies
7
Traditional security practices are unsustainable
MILLION unfilled security positions by 20201.5
85 security tools from 45 vendors
PERCENT of CEOs are reluctant to share incident information externally68
8
Three key Solution Segments
Security Events Intelligence Management
Advance SecurityTraditional Security
9
Key Security Segments
Real Time Threat Intelligence
Firewall/IPS/UTM/URL/ Web Isolation
IdentityManagement/
2F/Access Control
Encryption/DLP/MDM
VA/PAN / Patch Management
Antivirus/Anti-malware
Centralized Logging
Network Security
Web Gateway
Email Gateway
Email Security
Network IPS
Cyber Threat Management (DDoS)
Privileged Identity Management
WirelessSecurity (AirDefence)
Network Access Control (NAC)
Endpoint (SEPM) Protection
DLP (BitLocker)
2-FactorAuthentication
Case Study: Manage Security Services
Symantec
Symantec
SingTel
KEPM
IBM Proventia
ForeScout
Symantec Motorola
Microsoft
RSA
CyberArk
Malware Protection Trend Micro
Under Cu Care
Under SI Care
Under Vendor Care
Legend:
Public Cloud Infrastructure
Security
Email Gateway
Email ServerWeb ServerApplication ServerDatabase Server
WAF
Network Monitoring
Privileged Identity
Management
SSL VPN
Web
Gateway
Security
2-Fcator
Authentication
Endpoint Detection
Authentication
Malware Protection
Deep Security
DLP
Infra Network diagram
Checkpoint-T2
ASA-T1
Wireless SecurityAir Defence
DDoS ProtectionNAC
IPS
Server
Platform
Storage
Storage Monitoring
Database Monitoring
ITSM
Application Monitoring
Web Isolation SOC
Case Study: GIC ThreatStream (Anomali )
ThreatStream® provides the leading enterprise class Threat Intelligence Platform, combining comprehensive threat data collection, prioritization, and analytics with secure collaboration in a vetted community.
The Key Features are:• Detect aggregates and de-duplicates threat data from 160+ public, private, and proprietary Anomali AI• Machine learning - Algorithms scale to accommodate thousands of IOCs per minute across your environment• Collaboration & Community - Securely connects security researchers within and across teams in trusted circles to cooperate on effective cyber defence strategies • Correlate and integrate – Turns data into actionable information: SIEM rules, reports, and dashboards Advantages • Analyzes and Pinpoint IOCs allowing to search for a specific indicator type over any time range, and drill-down into details • Eliminates unnecessary, duplicative and irrelevant indicators - before they enter customer infrastructure • Integrates with your SIEM and other parts of security architecture like FireEye, Cisco, BlueCoat, CheckPoint, etc
Case Study: SP FireEye (MPS)
FireEye cyber security products combat today's advanced persistent threats (APTs). As an integral piece of an Adaptive Defense strategy, state-of-the-art network security offerings protect against cyber attacks that bypass traditional signature-based tools such as antivirus software, next-generation firewalls, and sandbox tools.
The whole solution consist of FireEye FX, NX, CM & ETP
The Key Features are:• Real-Time Monitoring against zero-day and advanced stealth malware attacks without requiring new signature updates• On-Premise analysis of advanced malware with no Personal Identifiable Information (PII) that will be sent out.• Purpose-built, hardened hypervisor with built-in countermeasures against advanced malware evasion techniques such as Virtual Machine detection, Sleep API calls and keystrokes/mouse movement• Numerous parallel execution environments
Case Study: Singapore Pool (APM & NPM)
Riverbed Steel Central and Gigamon solution provide SPPL the capability to perform deep network analysis and measure/monitor the application response time. It also provide the ability to perform metrics correlation on Network latency, loss rate, any measuring value.
This solution provide details analysis of:� Measures “stopwatch” times for applications and web pages and provides immediate notification of performance changes� Identifies where problem delays occur, network, server, or application� Traces every transaction through the back end and stores it for real-time and historical analysis� Enables seamless drill down into specific transactions (server, line of code)� Correlates multiple metrics to identify causal relationships
16
agenda
Section 1
Section 2
Section 3
Section 4
Section 5
Section 6
What is Cybersecurity & Safety?
What is Hacking? Who are the Hacker?
Best Practices to avoid these threats
Identifying Security Compromises
Leading Threats and know them
Understanding Cyber Threat & Terms
17
What is Cybersecurity & Safety?
Security: We must protect our computers and data in the same way that we secure the doors to our homes.
Safety: We must behave in ways that protect us against risks and threats that come with technology.
17
18
Importance of Cybersecurity
� The internet allows an hacker to work from anywhere.
� Risks caused by poor security knowledge and practice:
� According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:
� Web Browser
� IM Clients
� Web Applications
� Excessive User Rights
19
What is Hacking
Black HatsMainstream hackers.Hack systems for theirown personal reasons,usually causing damageto the systems the breakinto.
White HatsOpposite to black hats,they only try to hacksystems which they havepermission to, reportingthe weaknesses andfixing them. Usually gethired or employed bycompanies to test theirsecurity
Grey HatsCombination of both,might break into systemswithout permission, butwill not cause anydamage to thesesystems. They usuallynotify systems adminabout the weakness theyfind.
20
Know the Hacker
20
1. Script Kiddies – Unsophisticated computer users who know how to execute programs.
2. White Hat – Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. Most White Hat hackers hold a college degree in IT security and certified in hacking career.
3. Black Hat – Also known as Crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information.
4. Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information, yet they don’t help people for good.
5. Green Hat –They’re often flamed by the hacker community for asking many basic questions. They care about hacking and strive to become full-blown hackers once they know what to do.
6. Red Hat – These are the vigilantes of the hacker world. They’re like White Hats in that they halt Black Hats. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses, DoSing and accessing his/her computer.
7. Blue Hat – If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who’ve them angry. Most Blue Hats are n00bz, but like the Script Kiddies, they have no desire to learn.
21
Understanding Cyber Threat & Terms
What we should know?
� Data Privacy
� Spyware & Adware
� SPAM & SPIM
� Phishing
� Passwords/2F
� Social Engineering
� Email & Chat Services
� Securing PC/Data Backups
Why Security?
� Liability
� Privacy Concerns
� Identity Theft
� Resource Violations
� Reputation Protection
� Meet Expectations
� Laws & Regulations
Understanding Threats
� What is valuable?
� What is vulnerable?
� What can we do to mitigate threats?
� What can we do to prepare ourselves?
Keep Sensitive Data Private
� NRIC/Login ID/Passport
� Drivers license number
� Passwords and PIN’s
� Banking information
22
Leading Threats
22
Viruses
Worms
Trojan Horses / Logic Bombs
Social Engineering
Rootkits
Botnets / Zombies
Ransomware
23
Viruses
� A virus itself a program, file, or disk. When the program is executed, the virus activates and replicates itself.
� The virus may be benign or malignant but executes its payload at some point.
� In order to recover or prevent virus attacks:� Avoid potentially unreliable websites/emails.� Enable OS System Restore.� Use and maintain anti-virus software.� Re-install operating system.
24
Worms
24
Independent program that replicates itself and sends copies from computer to computer across network connections.
Upon arrival, the worm may be activated to replicate.
To JoeTo AnnTo Bob
Email List:
25
Logic Bombs and Trojan Horses
25
Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons.
Examples:
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired.
Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system.
Download a game: It may be fun but contains hidden code that gathers personal
information without your knowledge.
26
Social Engineering
26
Manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems.
Phone Call:Phone Call:Phone Call:Phone Call:
This is John,
the System
Administrator.
What is your
password?
Email:Email:Email:Email:
ABC Bank has
noticed a
problem with
your account…In Person:In Person:In Person:In Person:
What ethnicity
are you? Your
mother’s
maiden name?and have
some
lovely
software
patches!
I have come
to repair
your
machine…
27
Phishing: Counterfeit Email
27
A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail.
28
Pharming: Counterfeit Web Pages
28
The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner.The counterfeit web page looks like the real thing
Extracts account information
MisspelledMisspelled
Wiping
over, but
not clicking
the link
may reveal
a different
address.
Wiping
over, but
not clicking
the link
may reveal
a different
address.
With whom?With whom?
Copyright
date is old
Copyright
date is old
29
Botnet
29
� A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.
� The compromised computers are called zombies.
30
Rootkit
30
� Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.
� May enable:� Easy access for the hacker (and
others)into the enterprise� Keystroke logger
� Eliminates evidence of break-in.� Modifies the operating system.
31
Identifying Security Compromises
31
� Common Symptoms:� Antivirus software detects a problem.� Disk space disappears unexpectedly.
� Pop-ups suddenly appear, sometimes selling security software.
� Files or transactions appear that should not be there.� The computer slows down to a crawl.� Unusual messages, sounds, or displays on your monitor.� The mouse pointer moves by itself.� The computer spontaneously shuts down or reboots.� Often unrecognized or ignored problems.
32
Malware detection
32
• Spyware symptoms:• Changes to your browser homepage/start page.• Ending up on a strange site when conducting a search.• System-based firewall is turned off automatically.• Lots of network activity while not particularly active.• Excessive pop-up windows.• New icons, programs, favorites which you did not add.• Frequent firewall alerts about unknown programs
when trying to access the Internet.• Poor system performance.
33
Best Practices to avoid these threats
uses multiple layers of defense to address technical, personnel and operational issues.
User Account Controls
34
Anti-virus and Anti-spyware Software
34
• Install and maintain anti-virus and anti-spyware software.
• Be sure to keep anti-virus software updated.
• Contact your Technology Support Professional for assistance.
35
Host-based Firewalls
35
• A firewall acts as a barrier between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents many hacker connections to your computer.
36
Protect your Operating System
36
� Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.
� The Windows Update feature built into Windows can be set up to automatically download and install updates.
� Apple provides regular updates to its operating system and software applications. � Apply Apple updates using the App Store application.
37
Use Strong Passwords
Make passwords easy to remember but hard to guess
� USG standards:
� Be at least ten characters in length
� Must contain characters from at least two of the following four types of characters:
– English upper case (A-Z) | English lower case (a-z)
– Numbers (0-9) | Special characters ($, !, %, ^, …)
� Must not contain the name or birthday � Keep passwords safe� Change them often� Don’t share or reuse passwords� Two-factor authentication“LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS”
Now add complexity the standard requires:
– L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed
38
Avoid Social Engineering and Malicious
Software�Do not open email attachments unless you are
expecting the email with the attachment and you trust the sender.
�Do not click on links in emails unless you are absolutely sure of their validity.
�Only visit and/or download software from web pages you trust.
38
39
Avoid Stupid Hacker Tricks
� Be sure to have a good firewall or pop-up blocker installed.
� Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.
� Never click “yes,” “accept” or even “cancel.”
� Infected USB drives are often left unattended by hackers in public places.
39
40
Secure Business Transactions
40
� Always use secure browser to do online activities.� Frequently delete temp files, cookies, history, saved
passwords etc.
https://
Symbol indicating
enhanced security
41
Backup Important Information
41
� No security measure is 100% reliable.� Even the best hardware fails.� What information is important to you?� Do you have latest backup?
42
Any questions
43
Thank you
Dahn-keeShukran
������
Xie xie
DêkujiTak
Terima kasih
Kiitos
Merci
Danke Efharisto
Toda
Kamsa hamnida
SukriaGrazie
Gracias
AsanteObrigado
DhanyawadKöszönöm
44