DIYTP 2009

INTRODUCTION TO CYBERCRIME AND SECURITY

What is Cybercrime?
Using the Internet to commit a crime.
Identity Theft Hacking

Viruses

Facilitation of traditional criminal activity

Stalking

Stealing information
Child Pornography

Cybercrime Components
Computers
Cell Phones PDAs Game Consoles

High-Profile Cybercrimerelated Cases

TJ Maxx data breach
45 million credit and debit card numbers stolen

Kwame Kilpatrick
Cell phone text messages

BTK Serial Killer Kevin Mitnick

Computer Security
Confidentiality
Only those authorized to view information

Integrity
Information is correct and hasnt been altered by

unauthorized users or software

Availability
Data is accessible to authorized users

Computer Security

Figure 1.0 CIA Triangle

Computer Security - Threats

Malware
Software that has a malicious purpose Viruses Trojan horse Spyware

Computer Security - Threats

Intrusions
Any attempt to gain unauthorized access to a

system Cracking Hacking Social Engineering War-driving

Computer Security - Threats

Denial-of-Service (DOS)
Prevention of legitimate access to systems Also Distributed-Denial-of-Service (DDoS)

Different types: Ping-of-Death Teardrop Smurf SYN

Computer Security - Threats

Figure 1.1 DoS and DDoS Models

Computer Security - Terminology

People
Hackers White Hat Good guys. Report hacks/vulnerabilities to appropriate people. Black Hat Only interested in personal goals, regardless of impact. Gray Hat Somewhere in between.

Computer Security - Terminology

Script Kiddies
Someone that calls themselves a hacker but

really isnt

Ethical Hacker
Someone hired to hack a system to find

vulnerabilities and report on them. Also called a sneaker

Computer Security - Terminology

Security Devices
Firewall Barrier between network and the outside world.

Proxy server Sits between users and server. Two main functions are to improve performance and filter requests.
Intrusion Detection Systems (IDS) Monitors network traffic for suspicious activity.

Computer Security - Terminology

Activities
Phreaking Breaking into telephone systems (used in conjunction with war-dialing) Authentication Determines whether credentials are authorized to access a resource Auditing Reviewing logs, records, or procedures for compliance with standards

Computer Security - Careers

Information Security Analyst

US National Average Salary

Figure 1.2 Median salary courtesy cbsalary.com

Computer Security Certifications

Entry-level
Security+

http://www.comptia.org/certifications/listed/security.a spx CIW Security Analyst www.ciwcertified.com

Intermediate
MSCE Security

http://www.microsoft.com/learning/en/us/certification /mcse.aspx#tab3

Professional
CISSP www.isc2.org SANS www.sans.org

Computer Security - Education

Community-college
Washtenaw Community College Computer Systems Security http://www4.wccnet.edu/academicinfo/creditofferin gs/programs/degree.php?code=APCSS Computer Forensics http://www4.wccnet.edu/academicinfo/creditofferin gs/programs/degree.php?code=APDRAD

Computer Security - Education

4-Year College
Eastern Michigan University Information Assurance
Applied Network Cryptography Management

http://www.emich.edu/ia/undergraduate.html