security - the new black
DESCRIPTION
I made this presentation for a non-IT audience in a telecom services provider in Southeast Asia. The idea was to introduce them to information security and some of the common mistakes people make online. It had to be a non-technical presentation. This is more of an education presentation than a tech one. Something I have found working for me is stripping the slides of all corporate imagery (company issued templates) even though I suspect someone is going to take exception with my approach one of these days. I have left out the 2nd part of the presentation which talks about Reputation Based Security. I can deliver it to you in a room but it can't be put up on the WWW.TRANSCRIPT
1
THE
NEW
BLACK
3It’s déjà vu All Over Again
4
5
The Network Is The Computer
6
7
8
.com
9
The Return Of The WWW
10
SECURITY
IS
PLASMA
HOT
AGAIN!
11
12
If You’re Going To Risk Going To Jail…
…It Might As Well Be For Money.
$$$$$$$$$$$$$
$$$$$$$$$$$$$
13
14
Rank Item %age Range of Prices
1 Credit cards 28% $1 - $30
2 Bank accounts 24% $10 - $125
3 Email accounts 8% $5 - $12
4 Email addresses 5% $5 -$10/MB
5 Credit card dumps 4% No specified prices
6 R57 & C99 shells 3% $2 - $5
7 Full identity 3% $3 - $20
8 Mailers 3% $1 - $5
9 Attack toolkits 3% $5 - $20 or $120/month
10 Cash-out services 2% 50% - 70%Symantec Intelligence Quarterly April-June 2010
Doesn’t Pay ???Crime
15
16Bot Networks
The Walking Dead
17
Master Controller
C&C Servers
Suckers
18
Rent-A-Bot
Denial Of
Service
Spam
Phishing
PPI
PPI
PPI
PPI
PPI
PPI
PPI
PPI
$49.95
PPI: Pay Per Install
Two Week Sales Leaders
Source: Brian Krebs, Security Fix, Washington Post, 3/16/2009
“Some of the biggest earners made more
than $330,000 a month in
commissions.”
PPI10 cents per installation
50-90% of profit
23
How End Users Get Infected
Clicking on a email linkVisiting high risk sites
ObviousClicking link at trusted site
Not Obvious
Clicking link at trusted site
Not Obvious
Just visiting a trusted site
Scary!
Stupid You & I
24
1st Line Of Defense: Common Sense
2nd Line Of Defense: Your AV
3 Components of Every Single AV Product on Earth
25
Scans files and executes repairs
Signatures and repair instructions
Name Fingerprint
Devil…
Death
11010101010101
00011101010101
Killer
UI, bells-and-whistles and alerts
26
27
28
29
30
31
32
33
34
35
36
Global2.cssLogo.gif
A Web Page is a set of files & images
N360stor.gif
Index.jsp
Buyo.jsp
Pca.gif
Threatcon.gif
Index.htmlSymantec.jsRecentnews.gif
42
What Beyond Today’s Signature-Based AV???
Switch to Reputation Based Security presn.
43
http://www.psdgraphics.com/icons/black-laptop-icon/http://www.psdgraphics.com/icons/psd-white-laptop-icon/http://dottech.org/tipsntricks/4932http://penciltool.deviantart.com/http://thedailyblonde.com/2009/07/would-you-like-fries-with-that/http://www.mannythemovieguy.com/index.php?m=01&y=09&entry=entry090130-030249http://www.freakingnews.com/Roadside-Breakdown-Pictures-55104.asphttp://gertiecranker.blogspot.com/2009/09/rip-associations-off-stage.html http://sohowww.nascom.nasa.gov/gallery/images/eit001.html http://exceptionsnoted.wordpress.com/2010/01/ http://noiseatniagara.com/DThorp/SpenceDiamonds/home.html http://www.greenlionlawncare.com/payment.html http://visualartmsc.blogspot.com/ http://www.gamespot.com/pages/unions/forums/show_msgs.php?topic_id=24526800&union_id=1027 http://www.blind.org.ph/wayshelp/bancnet.html http://usedbooksblog.com/blog/2008/12/ http://www.freeiconsweb.com/Mac_server_icons.html http://chrissygardner.blogspot.com/http://www.flickr.com/photos/sammorar/2926615695/
Acknowledgements