Cybersecurity Awareness

Download Report

Transcript Cybersecurity Awareness

Cyber Security & Web Security
Awareness
Prepared by:
Pralove Tandukar
Aashis Sharma
CyberSecurity
• Protecting computers,
networks, programs and
data from unintended
or unauthorized access,
change or destruction.
Importance of cyber security
• Governments, military, corporations, financial
institutions, hospitals and other businesses
collect, process and store a great deal of
confidential information on computers and
transmit that data across networks to other
computers.
• With the growing volume and sophistication of
cyber attacks, ongoing attention is required to
protect sensitive business and personal
information, as well as safeguard national
security.
Cyber Crimes
• Hacking--Illegal
intrusion into a
computer system and or
network.
• Denial of Service Attack-Flooding the bandwith
on victim's network.
• Virus Dessimination-Deliberately
releasing/spreading a
computer virus
Cyber Crimes
• Vandalism--Damaging and
destroying data rather than
stealing.
• Cyber Terrorism-Internet terrorism
in terrorist activities,
including acts of deliberate,
large-scale disruption of
computer networks,
especially of personal
computers attached to the
Internet, by the means of
tools such as computer
viruses.
Cyber Crimes
• Software Piracy--illegal
copying, distribution, or use
of software.
• Email Spoofing--forgery of
an e-mail header so that the
message appears to have
originated from someone or
somewhere other than the
actual source.
• IP spoofing--trickery that
makes a message appear as
if it came from an
authorized IP address.
Cyber Crimes
•
Cyber Stalking: criminal practice where an
individual uses the Internet to systematically
harass or threaten someone.
•
This crime can be perpetrated through email,
social media, chat rooms, instant messaging
clients and any other online medium.
•
Social media, blogs, photo sharing sites and
many other commonly used online sharing
activities provide cyberstalkers with a wealth
of information that helps them plan their
harassment.
•
By collecting personal data (profile pages)
and making notes of frequented locations
(photo tags, blog posts), the cyberstalker can
begin to keeping tabs on an individual’s daily
life.
Cyber Threats
• Malware: an umbrella term
used to refer to a variety of
forms of hostile or intrusive
software,
including computer
viruses,worms, trojan
horses, spyware, adware, sc
areware, and other
malicious programs.
• Virus: A piece of software
that can replicate itself and
infect a computer without
the permission or
knowledge of the user.
Cyber Threats
• SPAM: is electronic junk email. The amount of spam
has now reached 90 billion messages a day
• SPIM: is spam sent via instant messaging systems such
as Yahoo! Messenger, MSN Messenger and ICQ.
• SPIT: is Spam over Internet Telephony. These are
unwanted, automatically-dialed, pre-recorded phone
calls using Voice over Internet Protocol (VoIP).
• Spyware: is software that is secretly installed on a
computer without the user’s consent. It monitors user
activity or interferes with user control over a personal
computer.
Cyber Threats
• KEYSTROKE LOGGING: A keylogger is a software
program that is installed on a computer, often by a
Trojan horse or virus. Keyloggers capture and record
user keystrokes. The data captured is then transmitted
to a remote computer.
• ADWARE: Adware is software which automatically
plays, displays, or downloads advertisements to a
computer.
• WORM: is a self-replicating, malicious software
program. By their replicating behavior, worms consume
bandwidth and can cause degraded network
performance.
Cyber Threats
• BOTNET: A Botnet (also
called a “zombie army”)
is a collection of
software robots, or
bots, that run
automated tasks over
the Internet.
Cyber Threats
• TROJAN HORSE: is a piece
of software which – like
the Trojan Horse of Greek
mythology – conceals a
payload (often malicious)
while appearing to
perform a legitimate
action.
• Trojan horses often install
“backdoor programs”
which allow hackers a
secret way into a
computer system.
• Blended Threat : is a threat that combines
different malicious components, such as a worm,
a Trojan horse and a virus. In this way, a blended
threat uses multiple techniques to attack and
propagate itself.
• Rootkit: is a stealthy type of software, typically
malicious, designed to hide the existence of
certain processes or programs from normal
methods of detection and enable continued
privileged access to a computer.
Social Engineering
• Social engineering is the
art of manipulating
people so they give up
confidential
information.
• It often involves tricking
people into breaking
normal security
procedures.
Prevention
• Antivirus and
Antispyware
• Firewall
• IPS/IDS
• Regularly Patch or
update your Operating
System.
Use Strong Password
• at least eight characters long.
• Does not contain your user name, real name,
or company name.
• Does not contain a complete word.
• Is significantly different from previous
passwords.
Hacker Vs Cracker
• Hacker: a hacker is
someone who seeks
and exploits weaknesse
s in a computer
system or computer
network.
• Cracker:
Malicious person who a
ttempts or breaks into
a secure computer
system, with
the intent of stealing or
destroying information
or disabling the system.
Hactivist
• cracker who defaces Web pages to bring
attention to a political agenda or social cause.
Digital Signature:
• Digital Signature:is intended to solve the
problem of tampering and impersonation in
digital communications.
• Digital signatures can provide the added
assurances of evidence to origin, identity and
status of an electronic document, transaction
or message.
Digital signature
• is intended to solve the
problem of tampering
and impersonation in
digital communications.
• Digital signatures can
provide the added
assurances of evidence to
origin, identity and status
of an electronic
document, transaction or
message.
Web Security:
• Process by which
information, data,
computing equipments
are protected from
unintended or
unauthorized access,
change or destruction.
Security Measures applied in GIDC
• Access Control List(ACL) applied in Edge Border
Router(EBR)
• Network Firewall-Network security
system that controls the incoming and
outgoing network traffic based on
applied rule set.
Continue….
• Intrusion Prevention
System(IPS)-Network
security appliances that
monitor network
and/or system activities
for malicious activity
and attempt to stop and
report it.
Continue...
• AAA.
– AAA is a framework that defines the control of access
to network resourcessuch as those in Data Centers
(routers, switches, firewalls, servers, and so on).
• AAA provides three basic services:
– Authentication – proves that a user is who she or he
claims to be.
– Authorization- Defines what a user is allowed to do.
– Accounting – Consists of keeping records of user
activity.
Common Attacks
• DOS
– denial-of-service
– attempt to make a machine or network resource
unavailable to its intended users
• DDOS
– Distributed Denial of Service
– multiple compromised systems are used to target a
single system
• Unauthorized Access
Continue…..
• Viruses
• Remote File Inclusion
– attacker to include a remote file, usually through a script
• Sql Injection
– SQL query via the input data from the client to the application
– SQL Injection arises because the fields available for user input allow
SQL statements to pass through and query the database directly
• Cross-Site Scripting (XSS)
– type of injection, in which malicious scripts are injected into otherwise
benign and trusted web sites
– attacker uses a web application to send malicious code
• Cross-Site Request Forgery (CSRF)
– type of malicious exploit of a website whereby unauthorized
commands are transmitted from a user that the website trusts
Common cases at NITC
• SQL Injection
– consists of insertion or "injection" of a SQL query
via the input data from the client to the
application
SQL Injection
• SQL Injection can result in unwanted changes
in the site of the website.
Remote File Inclusion
• allows an attacker to include a remote file,
usually through a script
Cross-Site Scripting (XSS)
• XSS flaws occur whenever an application takes
untrusted data and sends it to a web browser
without proper validation or escaping
• XSS allows attackers to execute scripts in the
victim’s browser which can hijack user
sessions, deface web sites, or redirect the user
to malicious sites.
Cross-Site Scripting (XSS)
• The Scripts are inserted to the websites and
then they can be executed remotely whenever
required.
Prevention Of XSS
• XSS can only be prevented by carefully
sanitizing all input which is not known to be
secure
• All the values found via GET/ POST
parameters, Cookie data, All headers, etc
method must be checked for XSS attack
vectors, which come in many forms.
Unmanaged use of CMS
• Use of default template of open source CMS
like joomla, wordpress, etc.
• No timely update of CMS software.
• No use of any sort of firewalls in CMS.
• Use of Default username and password for the
admin panel.
• No proper management of file and folder
permissions.
Unmanaged use of CMS
• Use of default template of
open source CMS like
joomla, wordpress, etc.
• No timely update of CMS
software.
• No use of any sort of
firewalls in CMS.
• Use of Default username
and password for the admin
panel.
• No proper management of
file and folder permissions.
Common tips to make website secure
• Use of strong password.
– No use of dictionary passwords
like abc123 or admin123
– Non dictionary passwords with
numbers alphabets and
characters like
6Vz~92tE407L"0V
• Use of .htaccess
– help control how your visitors
interact with your website
– Used for prohibiting hotlinks,
rewriting URLs, creating
redirects, reconfiguring
account settings, etc .
• Use of Captcha for user
authentication/validation
Continued…..
• Double layer security for admin panel
– Through the use of Cpanel feature..
• Proper permissions of file and folder (755 for
folder and 644 for files)
Continued……
• Use of CMS firewalls if available (some listed below)
–
–
–
–
–
–
RS Firewall
Securitycheck Pro
OSE Anti-Virus™ for Joomla!
HTTPBL - Project Honeypot Blocklists
a
Marco's SQL Injection
Incapsula
• Regular update of the CMS and security models
• Discourage use of unauthorized plugins ( without proper
verification )
• Proper security of ftp, cpanel and Admin Panel passwords.
• Management of websites by authorized persons only.
Fishing = Fake Mail
• Phishing: a trustworthy
entity
asks via email for
sensitive
information such as SSN,
Credit card numbers,
login IDs or passwords.
Pharming = Fake Web Pages
A fake Facebook Page.
Always look for the URL to verify what Page is being browsed.
Questions???