DIYTP 2009

What is Cybercrime?
Using the Internet to commit a crime.
Identity Theft
Hacking
Viruses

Facilitation of traditional criminal

activity
Stalking
Stealing information
Child Pornography

Cybercrime Components
Computers
Cell Phones
PDAs
Game Consoles

High-Profile Cybercrimerelated Cases

TJ Maxx data breach
45 million credit and debit card numbers

stolen

Kwame Kilpatrick
Cell phone text messages

BTK Serial Killer

Kevin Mitnick

Computer Security
Confidentiality
Only those authorized to view information

Integrity
Information is correct and hasnt been

altered by unauthorized users or software

Availability
Data is accessible to authorized users

Computer Security

Figure 1.0 CIA Triangle

Computer Security Threats

Malware
Software that has a malicious purpose
Viruses
Trojan horse
Spyware

Computer Security Threats

Intrusions
Any attempt to gain unauthorized access

to a system
Cracking
Hacking
Social Engineering
War-driving

Computer Security Threats

Denial-of-Service (DOS)
Prevention of legitimate access to

systems
Also Distributed-Denial-of-Service
(DDoS)
Different types:
Ping-of-Death
Teardrop
Smurf
SYN

Computer Security Threats

Figure 1.1 DoS and DDoS Models

Computer Security Terminology

People
Hackers
White Hat Good guys. Report
hacks/vulnerabilities to appropriate
people.
Black Hat Only interested in personal
goals, regardless of impact.
Gray Hat Somewhere in between.

Computer Security Terminology

Script Kiddies
Someone that calls themselves a

hacker but really isnt

Ethical Hacker
Someone hired to hack a system to find

vulnerabilities and report on them.

Also called a sneaker

Computer Security Terminology

Security Devices
Firewall
Barrier between network and the outside
world.
Proxy server

Sits between users and server. Two main

functions are to improve performance and
filter requests.
Intrusion Detection Systems (IDS)
Monitors network traffic for suspicious
activity.

Computer Security Terminology

Activities
Phreaking
Breaking into telephone systems (used in
conjunction with war-dialing)
Authentication

Determines whether credentials are

authorized to access a resource
Auditing
Reviewing logs, records, or procedures for
compliance with standards

Computer Security Careers

Information Security Analyst

US National Average Salary

Figure 1.2 Median salary courtesy cbsalary.com

Computer Security Certifications

Entry-level
Security+

http://www.comptia.org/certifications/listed/se
curity.aspx
CIW Security Analyst
www.ciwcertified.com

Intermediate
MSCE Security

http://www.microsoft.com/learning/en/us/certi
fication/mcse.aspx#tab3

Professional
CISSP www.isc2.org
SANS www.sans.org

Computer Security Education

Community-college
Washtenaw Community College
Computer Systems Security
http://www4.wccnet.edu/academicinfo/cre
ditofferings/programs/degree.php?
code=APCSS
Computer Forensics
http://www4.wccnet.edu/academicinfo/cre
ditofferings/programs/degree.php?
code=APDRAD

Computer Security Education

4-Year College
Eastern Michigan University
Information Assurance

Applied
Network
Cryptography
Management

http://www.emich.edu/ia/undergraduate.ht
ml