scary security stories be aware, beware who are you ?

20
Scary Security Scary Security Stories be aware, Stories be aware, beware beware Who Are You ? Who Are You ? Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM

Upload: tahir

Post on 08-Feb-2016

20 views

Category:

Documents


0 download

DESCRIPTION

Scary Security Stories be aware, beware Who Are You ?. Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM. Questions. Use the Internet? Use on-line banking, pay bills on-line? Have kids using the internet? Know anyone who has been a target? Think you have already been a target? - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Scary Security Stories be aware, beware Who Are You ?

Scary Security Stories be Scary Security Stories be aware, bewareaware, beware

Who Are You ?Who Are You ?

Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM

Page 2: Scary Security Stories be aware, beware Who Are You ?

QuestionsQuestions

Use the Internet?Use the Internet?Use on-line banking, pay bills on-line?Use on-line banking, pay bills on-line?Have kids using the internet?Have kids using the internet?Know anyone who has been a target? Know anyone who has been a target? Think you have already been a target? Think you have already been a target? Does your computer seem possessed?Does your computer seem possessed?

Page 3: Scary Security Stories be aware, beware Who Are You ?

AgendaAgenda

What Information are the bad guys afterWhat Information are the bad guys afterWhat bad things can happen to youWhat bad things can happen to youHow they get your informationHow they get your informationHow to prevent becoming a victim How to prevent becoming a victim How to recognize if your information has How to recognize if your information has been stolenbeen stolenWhat to do if you are a victimWhat to do if you are a victim

Page 4: Scary Security Stories be aware, beware Who Are You ?

What are they looking for?What are they looking for?

Social Security NumberSocial Security NumberMother’s maiden nameMother’s maiden nameBirth dateBirth dateBilling AddressesBilling AddressesEmail AddressesEmail AddressesAccount NumbersAccount NumbersPasswordsPasswords

Page 5: Scary Security Stories be aware, beware Who Are You ?

How is your information abusedHow is your information abused

Physical (offline) theft used for: Physical (offline) theft used for: New Account FraudNew Account Fraud Check ForgeryCheck Forgery

Information stolen on-line used for: Information stolen on-line used for: Unauthorized checking account transfersUnauthorized checking account transfers Stolen credit card purchasesStolen credit card purchases Illegal credit card advancesIllegal credit card advances Acquiring other services in your nameAcquiring other services in your name Cyberstalking and CyberharassmentCyberstalking and Cyberharassment

Page 6: Scary Security Stories be aware, beware Who Are You ?

How they get Your InformationHow they get Your Information

Stealing your mail and dumpster divingStealing your mail and dumpster divingPhishingPhishingInternet scamsInternet scamsSpywareSpywarePublic Computers and NetworksPublic Computers and NetworksInadequate computer securityInadequate computer securityYou actually give it themYou actually give it them

Page 7: Scary Security Stories be aware, beware Who Are You ?

Stealing your mail and Dumpster Stealing your mail and Dumpster DivingDiving

Get a shredderGet a shredderUse a post office boxUse a post office boxPay attention to missing mailPay attention to missing mail

DUMPSTER.MOVDUMPSTER.MOV

Page 8: Scary Security Stories be aware, beware Who Are You ?

Oracle chief defends Microsoft snoopingOracle chief defends Microsoft snooping By Wylie Wong By Wylie Wong Staff Writer, CNET News.comStaff Writer, CNET News.comJune 28, 2000, 3:10 PM PTJune 28, 2000, 3:10 PM PT

Oracle chief executive Larry Ellison today defended Oracle chief executive Larry Ellison today defended his company's decision to hire detectives to his company's decision to hire detectives to investigate two research groups that supported investigate two research groups that supported Microsoft during the antitrust trial. Microsoft during the antitrust trial. Oracle hired Investigative Group International to Oracle hired Investigative Group International to probe two research organizations, the probe two research organizations, the Independence Institute and the National Taxpayers Independence Institute and the National Taxpayers Union. The company sought to verify links between Union. The company sought to verify links between Microsoft and the organizations during its antitrust Microsoft and the organizations during its antitrust trial--and even tried to buy trash from another trial--and even tried to buy trash from another research group with close ties to Microsoft. research group with close ties to Microsoft. Oracle told Bloomberg News today it discovered Oracle told Bloomberg News today it discovered that the two organizations were misrepresenting that the two organizations were misrepresenting themselves as independent advocacy groups when themselves as independent advocacy groups when they were in fact funded by Microsoft. Oracle said they were in fact funded by Microsoft. Oracle said the company hired the detective agency because the company hired the detective agency because the organizations were releasing studies supporting the organizations were releasing studies supporting Microsoft during the antitrust trial. The financial ties Microsoft during the antitrust trial. The financial ties between the organizations were reported by The between the organizations were reported by The Wall Street Journal and The Washington Post.Wall Street Journal and The Washington Post.

Page 9: Scary Security Stories be aware, beware Who Are You ?

PhishingPhishing

Rapidly spreadingRapidly spreadingVictims are more prone to fraudVictims are more prone to fraud

Page 10: Scary Security Stories be aware, beware Who Are You ?

PhishingPhishingSample E-mailSample E-mail Below is a sample of a fraudulent e-mail that's been sent to  Below is a sample of a fraudulent e-mail that's been sent to Citibank customers. It purports to be from Citibank, but it is not. Its intent is Citibank customers. It purports to be from Citibank, but it is not. Its intent is to get you to enter sensitive information about your account and to then use to get you to enter sensitive information about your account and to then use this information to commit fraud.this information to commit fraud.

Page 11: Scary Security Stories be aware, beware Who Are You ?

Internet scamsInternet scams

Page 12: Scary Security Stories be aware, beware Who Are You ?

Spyware and AdwareSpyware and Adware

Gets in through kids down loading games, Gets in through kids down loading games, music off the Web.music off the Web.Keyboard loggersKeyboard loggers

Page 13: Scary Security Stories be aware, beware Who Are You ?

Public Computers & NetworksPublic Computers & Networks

KiosksKiosksWireless Hot spotsWireless Hot spots

Page 14: Scary Security Stories be aware, beware Who Are You ?

Inadequate Computer SecurityInadequate Computer Security

Worms and virusesWorms and virusesDoes your computer seem possessed?Does your computer seem possessed?

Page 15: Scary Security Stories be aware, beware Who Are You ?

Fizzer Worm Is on the MoveFizzer Worm Is on the MoveThe Fizzer worm continued to spread rapidly late The Fizzer worm continued to spread rapidly late Monday afternoon as anti-virus experts raced to Monday afternoon as anti-virus experts raced to analyze the code of what they called one of the more analyze the code of what they called one of the more complex worms in recent memory. complex worms in recent memory. The worm is 200kB of code spaghetti, containing The worm is 200kB of code spaghetti, containing backdoors, code droppers, attack agents, key loggers backdoors, code droppers, attack agents, key loggers and even a small Web server. Fizzer includes an IRC and even a small Web server. Fizzer includes an IRC bot that attempts to connect to a number of different bot that attempts to connect to a number of different IRC servers and, once it establishes a connection, IRC servers and, once it establishes a connection, listens passively for further instructions. listens passively for further instructions.

The keystroke logger records every typed letter and The keystroke logger records every typed letter and saves the log in an encrypted file on the infected saves the log in an encrypted file on the infected machine. If the infected PC has the Kazaa file-sharing machine. If the infected PC has the Kazaa file-sharing program installed, Fizzer also has the ability to find the program installed, Fizzer also has the ability to find the default download location for Kazaa files and copy itself default download location for Kazaa files and copy itself to that folder. to that folder.

Page 16: Scary Security Stories be aware, beware Who Are You ?

Social EngineeringSocial Engineering

EULAsEULAsDon’t disclose any personal informationDon’t disclose any personal information PasswordsPasswords Your mothers maiden nameYour mothers maiden name

Page 17: Scary Security Stories be aware, beware Who Are You ?

How to Know if you’re in TroubleHow to Know if you’re in Trouble

Review your statements within the your Review your statements within the your account’s dispute period.account’s dispute period.Periodically check your credit report Periodically check your credit report through a Credit Bureaus such as through a Credit Bureaus such as EquifaxEquifax, , ExperianExperian, , TransUnionTransUnionYou get a call from a collection agentYou get a call from a collection agent

Page 18: Scary Security Stories be aware, beware Who Are You ?

What to do if You Are a VictimWhat to do if You Are a Victim

Contact all of your banking, credit card, Contact all of your banking, credit card, mortgage, etc. mortgage, etc. Contact the policeContact the policeReport it Report it to the Federal Trade Commissionto the Federal Trade CommissionPrepare an ID Theft Affidavit and Prepare an ID Theft Affidavit and Fraudulent Account StatementFraudulent Account Statement

Page 19: Scary Security Stories be aware, beware Who Are You ?

How to Protect YourselfHow to Protect Yourself

Two additional Brown Bag Sessions: Two additional Brown Bag Sessions: Securing Your Home ComputerSecuring Your Home Computer Configuring Your Home NetworkConfiguring Your Home Network

Wipe out the hard drive when disposing of Wipe out the hard drive when disposing of computers – computers – Active KillDisk Active KillDisk (Free)(Free) WipeDiskWipeDisk BCwipeBCwipe

Page 20: Scary Security Stories be aware, beware Who Are You ?

QuestionsQuestions