Beruflich Dokumente
Kultur Dokumente
AND SECURITY
A.Hari Chandana (Created On 15-09-2014)
What is Cybercrime?
Using the Internet to commit a crime.
Identity Theft
Hacking
Viruses
Facilitation of traditional criminal activity
Stalking
Stealing information
Child Pornography
Cybercrime Components
Computers
Cell Phones
PDAs
Game Consoles
High-Profile Cybercrime-
related Cases
TJ Maxx data breach
45 million credit and debit card numbers stolen
Kwame Kilpatrick
Cell phone text messages
BTK Serial Killer
Kevin Mitnick
Computer Security
Confidentiality
Only those authorized to view information
Integrity
Information is correct and hasnt been altered by
unauthorized users or software
Availability
Data is accessible to authorized users
Computer Security
Figure 1.0 CIA Triangle
Computer Security - Threats
Malware
Software that has a malicious purpose
Viruses
Trojan horse
Spyware
Computer Security - Threats
Intrusions
Any attempt to gain unauthorized access to a
system
Cracking
Hacking
Social Engineering
War-driving
Computer Security - Threats
Denial-of-Service (DOS)
Prevention of legitimate access to systems
Also Distributed-Denial-of-Service (DDoS)
Different types:
Ping-of-Death
Teardrop
Smurf
SYN
Computer Security - Threats
Figure 1.1 DoS and DDoS Models
Computer Security - Terminology
People
Hackers
White Hat Good guys. Report hacks/vulnerabilities
to appropriate people.
Black Hat Only interested in personal goals,
regardless of impact.
Gray Hat Somewhere in between.
Computer Security - Terminology
Script Kiddies
Someone that calls themselves a hacker but
really isnt
Ethical Hacker
Someone hired to hack a system to find
vulnerabilities and report on them.
Also called a sneaker
Computer Security - Terminology
Security Devices
Firewall
Barrier between network and the outside world.
Proxy server
Sits between users and server. Two main functions
are to improve performance and filter requests.
Intrusion Detection Systems (IDS)
Monitors network traffic for suspicious activity.
Computer Security - Terminology
Activities
Phreaking
Breaking into telephone systems (used in
conjunction with war-dialing)
Authentication
Determines whether credentials are authorized to
access a resource
Auditing
Reviewing logs, records, or procedures for
compliance with standards
Computer Security - Careers
Information Security Analyst
US National Average Salary
Figure 1.2 Median salary courtesy cbsalary.com
Computer Security -
Certifications
Entry-level
Security+
http://www.comptia.org/certifications/listed/security.a
spx
CIW Security Analyst www.ciwcertified.com
Intermediate
MSCE Security
http://www.microsoft.com/learning/en/us/certification
/mcse.aspx#tab3
Professional
CISSP www.isc2.org
SANS www.sans.org
Thank you