Upload
muhammad-faisal-naqvi-cissp-cisa-ambci-itil-isms-la-n-master
View
130
Download
0
Embed Size (px)
Citation preview
© 2007 NetSol Technologies, Inc. All rights reserved 1
Session TwoOnline Security, Threats &
Countermeasures
© 2007 NetSol Technologies, Inc. All rights reserved 2
Online Security, Threats & Countermeasures E-Mails Messengers Communities Maps / GPS
3
Preventing Password from Hacking
© 2007 NetSol Technologies, Inc. All rights reserved 4
Preventing Password from Hacking
Your password should be like your Toothbrush, how?
Choose a good password Use the password everyday Don’t share your password with anyone Change your password regularly
© 2007 NetSol Technologies, Inc. All rights reserved 5
Preventing Password from Hacking (Cont…) Attacks
Brute Force AttacksDictionary AttacksPassword GuessingScriptsMan-in-the-middle attacksSocial EngineeringShoulder Surfing / Video RecordingSpy-ware/Key LoggersKeyboard Interceptor
© 2007 NetSol Technologies, Inc. All rights reserved 6
Preventing Password from Hacking (Cont…)Controls which should be managed properly:
Length Legibility Life Last passwords’ history Limited attempts Lockout duration Log of failed attempts Limited Login time Logon banner Last username Last successful logon
© 2007 NetSol Technologies, Inc. All rights reserved 7
Preventing Password from Hacking (Cont…)Password/Pin should include: Upper-and lowercase letters Numbers (e.g. replace s with 5) And special characters (e.g. replace a with @) More words or first letter of each word of sentencePassword/Pin should NOT be: User Name/mother’s name Country / City Name etc. Date/year of birth Digits of Phone No. Dictionary Words Saved/Written anywhereShould be different for different accounts
© 2007 NetSol Technologies, Inc. All rights reserved 8
Preventing Password from Hacking(Cont…) Protocols sending password as plain text:
File Transfer Protocol (FTP) Password Authentication Protocol (PAP)
Sites accepting password as plain text? Which don’t offer SSL protocol
How can we know about SSL protocol? Yellow Lock icon on browser
Hacker Profiling Project (HPP) isecom.org
9
Avoiding Viruses & Worms
© 2007 NetSol Technologies, Inc. All rights reserved 10
Avoiding Viruses & Worms
Prevention is better than cure Vaccination. Vaccine?
E.g. Antivirus program
© 2007 NetSol Technologies, Inc. All rights reserved 11
Avoiding Viruses & Worms (Cont...)
Types of Malicious Code: Viruses Worms Trojan Horses Hoaxes Logic Bombs Malicious Applets Trap Doors Hidden Code DOS Attacks Zombies / BotNets
© 2007 NetSol Technologies, Inc. All rights reserved 12
Trojan Horse
© 2007 NetSol Technologies, Inc. All rights reserved 13
Avoiding Viruses & Worms (Cont...)
Sources of Viruses & Worms Removable Medium Local Area Networks World Wide Web Wireless Network E-mail File Sharing
© 2007 NetSol Technologies, Inc. All rights reserved 14
Avoiding Viruses & Worms (Cont...)
Preventive Measures Keep removable medium Read-only Permissions of shared media Lock Hard Disk Boot Sector (from BIOS) Admin mode vs. normal user mode Software Firewall Backup Periodically
© 2007 NetSol Technologies, Inc. All rights reserved 15
Avoiding Viruses & Worms (Cont...)
Preventive Measures for Mobile Phones: Sure about the consequences of ‘Yes’ btn. Destroy unknown MMS messages Unknown Bluetooth Connections
© 2007 NetSol Technologies, Inc. All rights reserved 16Source: http://www.antiphishing.org
© 2007 NetSol Technologies, Inc. All rights reserved 17Source: http://www.antiphishing.org
© 2007 NetSol Technologies, Inc. All rights reserved 18
Avoiding Viruses & Worms (Cont...)
Preventive Measures for E-mail & WWW Spoofed e-mail address Unexpected attachments .exe, .com, .cmd, .vbs, .js, .scr, .bat, .reg etc. attachments Macros of documents “amazon.com/skdjfhskjdfskgf/ws” and
“amazon.com.skdjfhskjdfskgf.ws” DNS Poisoning Multilingual domain name. MSN.com, ΜSΝ.com
© 2007 NetSol Technologies, Inc. All rights reserved 19
Avoiding Viruses & Worms (Cont...)Multilingual
© 2007 NetSol Technologies, Inc. All rights reserved 20
© 2007 NetSol Technologies, Inc. All rights reserved 21
Antivirus Types
Signature based Behavior based Software based Hardware based
22
Protecting Identity
© 2007 NetSol Technologies, Inc. All rights reserved 23
Protecting Identity
© 2007 NetSol Technologies, Inc. All rights reserved 24
Protecting Identity (Cont…)
© 2007 NetSol Technologies, Inc. All rights reserved 25
Protecting Identity (Cont…)
© 2007 NetSol Technologies, Inc. All rights reserved 26
Protecting Identity (Cont…)
© 2007 NetSol Technologies, Inc. All rights reserved 27
Protecting Identity (Cont…) Disclosing your Account/Credit Card (CC) Info.
on e-mail / Phone Debit card v. Credit card for E-payment Photocopies of Cards Use CC Only with “yellow lock” website Keep your CC/ATM receipts Mother’s maiden name Selling your computer/mobile Having used computer/mobile
© 2007 NetSol Technologies, Inc. All rights reserved 28
Protecting Identity (Cont…)
CC with photo CC Statement Security Your Letterbox Shred, to avoid dumpster diving Warnings/information by the Browser Websites of illegal software / cracks etc. Cracked / Illegally patched software Phishing
© 2007 NetSol Technologies, Inc. All rights reserved 29
Guidelines by SBP (7 pages)
Source: http://www.sbp.org.pk/psd/2006/CardHolders_Guide_URDU.pdf
© 2007 NetSol Technologies, Inc. All rights reserved 30
© 2007 NetSol Technologies, Inc. All rights reserved 31
© 2007 NetSol Technologies, Inc. All rights reserved 32
© 2007 NetSol Technologies, Inc. All rights reserved 33Source: http://www.antiphishing.org
© 2007 NetSol Technologies, Inc. All rights reserved 34Source: http://www.antiphishing.org
© 2007 NetSol Technologies, Inc. All rights reserved 35
Most Targeted Industry Sectors
Source: http://www.antiphishing.org
© 2007 NetSol Technologies, Inc. All rights reserved 36
Protecting Identity (Cont…)
Aprox.10 million Identity thefts/year in USA 19 people/minute Becoming no.1 crime after drug trafficking Left in cabs of London during 6 months:
4973 Laptops5939 Pocket PCs.63135 Mobile phones
Source: East California University, www.ecu.edu
© 2007 NetSol Technologies, Inc. All rights reserved 37
Protecting Identity (Cont…)
Technical Countermeasures: Encryption Digital certificate, Pvt. Pub. Key pair Authenticity of Identity Digital Signature Secure Private Key Two factor authentication Secure Socket Layer (SSL)
© 2007 NetSol Technologies, Inc. All rights reserved 38
© 2007 NetSol Technologies, Inc. All rights reserved 39
© 2007 NetSol Technologies, Inc. All rights reserved 40
© 2007 NetSol Technologies, Inc. All rights reserved 41
Protecting Identity (Cont…)
Frauds: Certificate issued by an un trusted party Expired Certificate Certificate of someone else’s Site
© 2007 NetSol Technologies, Inc. All rights reserved 42
© 2007 NetSol Technologies, Inc. All rights reserved 43
© 2007 NetSol Technologies, Inc. All rights reserved 44
© 2007 NetSol Technologies, Inc. All rights reserved 45
Protecting Identity (Cont…)
© 2007 NetSol Technologies, Inc. All rights reserved 46
?
© 2007 NetSol Technologies, Inc. All rights reserved 47
Thank You