Embed Size (px)
Citation preview
Who am I?Who am I?
• Well over 30 years in telecom• 26 years in the Naval Air Reserve
• Top Secret clearance• Responsible for proper operation of all in‐flightResponsible for proper operation of all in flight communication and navigation equipment
• Former Central Region Adtran, AFC Territory Sales ManagerL ti b f th MNTA d NDTA i ti• Long time member of the MNTA and NDTA organizations
• Project manager – County oif Sacramento telecom project• Visiting faculty at DePaul University in Chicago• Founder of SimpleTel, Inc. – manufacturer’s representative
The ABC’s fof
Id tit Th ftIdentity TheftPart One in a multi‐part series of overviews on DisasterPart One in a multi part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery
Objectives
• Security Overview
• Define “identity theft”
• Evaluate criminal methodologies• Evaluate criminal methodologies
• Consider “protective” solutionsConsider protective solutions
During the 2nd half of 2008, g ,70 of the top 100 websites were found to have beenwere found to have been compromised or contained links to malicious siteslinks to malicious sites.
Interesting information…• 25 million new strains of malware are presented in just one year• 23 new malware samples per minute• Banker trojans make up 66% of all malware• 95% of the bits and bytes sent across the• 95% of the bits and bytes sent across the internet consists of “unstructured” data
• PDFPDF• JPG/GIF• MPEG
SOURCE: Infoweek TechWeb Webcast of 2/17/2010
Interesting information (cont)…The most alarming sources of malware attacks come from:
• Social Networking @ 31%
• Web sites @ 29%
• Email @ 17%
SOURCE: Infoweek TechWeb Webcast of 2/17/2010
Interesting information (cont)…• Facebook receives 15 million requests for service PER SECOND
• 49 % of companies polled allow their staff to access Facebookto access Facebook
What happens hen FacebookWhat happens when Facebookbecomes a tool of evil people
SOURCE: Infoweek TechWeb Webcast of 2/17/2010
Potential Threat Vectors…
• Social networks
• Web site attacks on browsers
• Email accounts
Social networks
• Wireless access points
“ ” f h i“Vectors” of choice…
A new site to watch (or not)…• Reported in Sunday’s New York Times
CHATROULETTE
Only three months old and has grown toOnly three months old and has grown to tens of thousands of users
A recent Oracle survey…• Security threats are poorly understood
• 33% of those polled stated identity theft was a potential barrier to online purchasing
• 42% were worried that personal details might be interceptedmight be intercepted
• 30% stated they didn’t trust web site security measures
Fringe sites…
The problems only p yoccur after the user decides to click the
link!
Id tit Th ftIdentity Theft
Identity theft in its simplest y pform is the compromise and use of your personal datause of your personal data
for the purpose of committing a fraudulentcommitting a fraudulent
act.
• It isn’t about credit card receipts
• It doesn’t always come from those li i d di d i i iunsolicited credit card company invitations
• It doesn’t happen from people looking• It doesn t happen from people looking over your shoulder at the ATM
What they want…• DOB• SSN/National ID number/• Online banking information• Email address and passwords• Mailing address• Telephone number
• Access to your bank accounts
Why they do it…Access to your bank accounts
• Access to your credit card accountsy
• Use of your personal data to secure credit
• Use of your personal data to obtain• Use of your personal data to obtain fraudulent identification papers
CriminalCriminal Methodologiesg
Cybercrime today has solid roots in Romania, Bulgaria and Russia.
Their “take” amounts to hundreds of thousands of dollars per day.
• IP Address• Email AddressEmail Address• Facebook
How they do it…• Overt “hacking”
• Malware
• Key loggers• Key loggers
• Phishing/scam emailsg/
Hacking• Remote access of private areas of the company• Remote access of private areas of the company server environment
Primarily access over the web1) access into the company home page2) access into sensitive files areas
• Unlawful or malicious removal of sensitive information
Internal/local accessInternal/local access 1) USB drives2) CD burners)3) Rogue wireless devices
Three forms of “malware”“malware”…• TrojansTrojans
• Worms
• Viruses
How malware propagates…“botnet” is a term associated primarily with the negative aspects of malware distribution, thoughnegative aspects of malware distribution, though botnets are often used in research as a collection of computers all working simultaneously on a given problem.
One Support WebsiteOne Support Website
One Pharmacy
One Merchant AccountBillions of Messages
10-15 Unique Site Designs
10,000’s Message Variants
1,000’s URLs100’s Web
Servers
100,000’s Zombies
Spotting malware activity…• Malware morphs
IRC ffi i h• IRC traffic increases across the common ports
• Increases in antivirus file changes• Increases in antivirus file changes
• Outbound SMTP traffic increases
• Host file modification
Key Loggers
Beware!
These executables have the ability to record ALL your password entries and then send them off to aentries and then send them off to a specific address without you knowing it.knowing it.
“Phishing” and scam emails
Emails that solicit the recipient to divulge key information in order to gain access to specific data.
What looks “innocent” really isn’t.really isn t. Would you provide thisprovide this information
to a stranger?
So, do you think this looks official and legitimate?legitimate?
The problems onlyThe problems only occur when the user decides to click the
link!
ProtectionProtection Optionsp
10 typical security mistakes…• Sending sensitive date in an unencrypted e‐mail• Using “security” questions whose answers are easily discoveredeasily discovered• Imposing password restrictions that are too strict• Letting vendors define “good security”• Underestimating req ired sec rit e pertise• Underestimating required security expertise• Underestimating the importance of review• Overestimating the importance of secrecy• Requiring easily forged identification• Unnecessarily reinventing the wheel• Giving up the means of your security in exchangeGiving up the means of your security in exchange for a feeling of security
10 Wi fi i f R d W i i• Turn off the wi‐fi clients when not in use
10 Wi‐fi tips for Road Warrioirs …
• Verify that the SSID actually represents the provider’s wi‐fi network• Make sure that a software firewall is running onMake sure that a software firewall is running on your laptop• Disable Window’s file and printer sharing• Avoid sensitive online transactions when using• Avoid sensitive online transactions when using open wi‐fi networks• Keep you laptop’s OS up to date• Secure any personal, banking, or credit card details• Use secure and anonymous web surfing techniques• Use VPN technology when necessaryUse VPN technology when necessary• Use remote access applications for security
Anti‐virus update…• Symantec (Norton) will leave the business
• McAfee is strengthening its position
• Kaspersky Labs could be the next best
EMC/RSA i i i h j• EMC/RSA is winning huge projects
• Sendio Barracuda Red Condor AVG etc• Sendio, Barracuda, Red Condor, AVG, etc…
Protection methods…• Firewall
• Resident Antivirus app Individual
• Spyware/Malware app
• Endpoint sec rit• Endpoint security
• ForensicsCorporate
Forensics
Firewalls…
Whitelisting and Blacklisting
Firewalls…
Resident antivirus protection…• SPAM filtering/elimination• BOT/Malware detectionBOT/Malware detection• Cookies, Adware, etc…
Filtering by Contact DBFiltering by content
Spybot . . . “bot” detection & elimination
Secunia . . . One method is not enough
Endpoint security is used to
t lcontrol, secure and monitor allmonitor all methods of data transfer
Using the “cloud”…
The solution can be on i i th “ l d”premise or in the “cloud”…
• Premise‐based solutionsPremise based solutions
• Cloud‐based solutions
Your individual solution requires a “blended” approach…blended approach…• Your firewall• Some sort of hardware or software “monitor”
Your corporate solution requires aYour corporate solution requires a “blended” approach as well…• Your firewall• Some sort of hardware or software “monitor”• Endpoint security with forensics
The problems onlyThe problems only occur when the useroccur when the user decides to click the
link!
Business Continuity and
Disaster RecoveryDisaster RecoveryPart Two in a multi‐part series of overviews on DisasterPart Two in a multi part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery
Compliance: HIPAA, HITECH, PCI,
Sarbanes OxleySarbanes-OxleyPart Three in a multi‐part series of overviews on DisasterPart Three in a multi part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery
Larry PyrzSimpleTel, Inc.SimpleTel, Inc.
www.simpletel.biz
773‐728‐3315Larry Pyrz@larrypyrz@larrypyrzLarry Pyrz
