Scavenger Hunt Week 13
Scavenger Hunt Week 13 ISM 3004
Popular in Computing in Business Environment
Popular in Business
verified elite notetaker
This 9 page Class Notes was uploaded by Ashby Strauch on Saturday November 21, 2015. The Class Notes belongs to ISM 3004 at University of Florida taught by Dr. Olson in Fall 2015. Since its upload, it has received 52 views. For similar materials see Computing in Business Environment in Business at University of Florida.
Reviews for Scavenger Hunt Week 13
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/21/15
Scavenger Hunt Week 13 Information Security part 2 Unit 1 The Attack 1301Malware Introduction I What is malware 0 Bad software I Intended to I Disable computer systems I Disrupt operations I Steal data 0 Like software 0 Must be executed to have any impact I Payloads characteristics of the following o Keylogger I Once malware is running on your computer it will monitor every keystroke that you make on your computer and then send it back to the hacker s website 0 Bot I Remote control I Allows cyber criminal to do anything with your machine I It is still useable to you I You have no idea malware is in the background I They can send control commands to your machine and it does it on the background 0 Ransomware I Execute the maleware 9 begins encrypting all the data on your computer with a password I Can t open any of your files I It tells you to send money or you will never see your data again I Types of systems targeted by malware 0 Risk posed by fraudulent banking mobile apps I Can steal your information I Predominantly an android threat 0 Computers I Windows I Mac I Linux I What are CAPTCHAs How are they able to prevent software from completing online forms 0 those scrambled character images meant to thwart things like automated account setup or ticket buying quotCrypto Wall article from Cyberheist News I CryptoWall is an example of what type of malware payload o Ransomware I What is the real cost of CryptoWall to organizations who are compromised by it o The real cost is not the ransom it is the downtime caused by data not being accessible and IT overtime hours to fix things and sometimes whole departments sitting on their hands I What s the FBI s advice to those organizations 0 If you don t have a backup it is best to pay those cyber criminal organizations because the ransomware is that good I What organization is behind CryptoWall o CryptoLocker 1302Trojans I How do Trojans fool a user into executing them Think Trojan Horse Social Engineering Greeks trick Trojans into opening their gates and the Greeks attacked the Trojans at night Hidden threat No need for vulnerabilities Greeks tried for a decade to get into the walls of Troy it succeeded because the inhabitants opened the gates and dragged it into the city themselves I Do Trojans rely on software vulnerabilities to compromise a system 0 NO I Not looking for a weakness in your software looking for a weakness in human character 0 Promise of something that is good funny amusing to draw in user I Links in email I Email attachments I Web USB flash I Once the user opens the program it s game over 0 Hidden malware I Utility software I Game I Bogus software updates 1303Viruses and Worms I Viruses self replicating malware o How do viruses and host files relate How do viruses propagate I Hides itself inside host file I Various file types I That virus starts executing in computer memory and looks for computer hard drive for files it could infect it inserts a file of itself into the program I The program can still run but it now has a copy of the virus program 0 The hope is that you will give a copy to one of your colleagues I It goes through their computer and infects their stuff I Worst case scenario virus inflects a computer in a computer network I Can infects everyone s machine in a company I Worms stand alone malware 0 Do worms rely on host files I No infected host file I No quotuseful program 0 How do worms propagate Are vulnerabilities required I Selfpropagating via network I Once it is one your computer it looks for ways that it can get onto other computers in your network I Exploits vulnerabilities to invade systems I Generate negative payload 1304Email and Info Security I How is email used to distribute malware 0 Email is ubiquitous everyone uses it I Great channel for spreading malware 0 Can distribute as I Attachments I Links 0 Once malware is on your computer it can reach your contacts and send an email as you that distributes malware I In 2014 nearly 25 of the URLs received via email are unsolicited malicious links I Phishing o What is phishing What s its goal I A scam by which an e mail user is duped into revealing personal or confidential information which the scammer can use illicitly o How is phishing accomplished I From address I Authentic lookinggraphics I Graphics are authentic often steal from websites I Authentic lookinglink I Just text It means nothing I Need to know what is behind the real link 0 What is spoofing I Pretending to be someone you really aren t I The address appears to be from a legitimate sender o Magnitude of the problem I HUGE problem I Largest crime on the internet 0 Tips for avoiding phishing scams I Be suspicious of urgent requests I Be suspicious of requests for personal information I Go ahead and check with the companycal them I Don t use contact info on the phish attempt I Don t use links in an email I How is spearphishing different from phishing 0 Target and Method I Research the target I Go after that target with dedication carefully crafted email I Make it look like you are the real person who would be sending the email I Personalized o Nicknames 0 Habits preferences 0 Recent purchases 0 Recent promotions orjob changes I Maximize that the highvalue victim will take the bait quotCEO Fraud article from the Krebs on Security blog I What is quotCEO Fraud How does it work 0 Known variously as CEO fraud and the business email compromise this swindle is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and or businesses that regularly perform wire transfer payments In January 2015 the FBI warned that cyber thieves stole nearly 215 million from businesses in the previous 14 months through such scams which start when crooks spoof or hijack the email accounts of business executives or employees I The article suggests that CEO fraud works because email is quotinherently insecure 1305Web Browsing and Malware I Compromised Websites 0 What vulnerabilities are exploited I quotGo where the target is I Vulnerable environment I Vulnerable web servers I Vulnerable browsers and plugins I Can happen on legitimate sites I Site compromised I Malware loaded I Visitors victimized o What user action is required I Visit compromised site click on link I Malware downloaded and executed o What is Malvertising I Malware in ads I Driveby Downloads 0 What are they I No interaction required I Just open the page and you are infected o What vulnerabilities are exploited I Exploits client vulnerabilities I Operating system I Web browser I Browser plug in o What user action is required I The only user action that is required is visiting the site I Avoid websites that can be considered dangerous like file sharing websites I Rogue security software Fake detection of malware Animation simulating activity May prevents user uninstalling May block real anti malware Create problems then detect OOOOO Ransomware makes you pay to delete it 1306Denial of Service I What is the vulnerability being exploited in a Denial of Service DoS attack 0 Heavy reliance on servers I E commerce business online I Communications I Enterprise applications make business more efficient 0 Capacity I Servers have a maximum capacity 9 could crash I Exceeding maximums problems I How does a DoS attack work What is the impact of a DoS attack 0 Overwhelm the victim with service requests 0 Deny service to regular customers I Attack consumes all normally available server capacity I Nothing left for regular customers I Regular customers frustrated go somewhere else one the internet to spend their money 0 quotThe straw that broke the camel s back I Distributed Denial of Service DDoS how does this differ from a normal DoS attack 0 Same basic idea of denial of service the attack is distributed from many different areas at the same time o Botnet of zombies I Malware of victim called zombies I Malware can command and control the network and wake up the zombies to send them a command I MUCH HARDER TO BLOCK AND STOP I Cyber criminals can rent out the services I How serious a problem is DDoS 0 Very significant and growing problem 0 What percentage of companies in a 2013 survey were hit by 50 DDoS attacks per month I 11 Unit 2 Defense 1307 Defense I Defense in depth how does the castle metaphor apply to information security 0 Multilayered defenses o A castle makes it so that is hard to penetrate it many different defenses 0 Information security needs multi layered defense I Risk assessment what is the purpose What steps are involved 0 Identify if something is critical to the ongoing success of the organization I List IT assets I Assign value I Identify threats I Assign cost to replace I Determine acceptable downtime I Human vulnerabilities how to address them 0 Education and awareness training I quotAn ounce of prevention is worth a pound of cure I UF I IT security awareness day I Faculty and staff training courses 0 HR Practices I Hiring good background checks to make sure you don t hire the wrong people I Good exit procedures I Eliminate accounts and their access 0 Software defenses I Endpoint protection I Patching eliminate vulnerabilities in client software I Antimalware stop from infecting machines I Firewall stop undesired traffic I Network I Firewall stop undesired traffic I Intrusion detection monitor all traffic going in and coming out of website looking for sequence of packets that are indicative of IT security attacks when it detects those it notifies IT people does not take action Technological solutions to technological vulnerabilities for each of the following be able to briefly describe what it is and how it improves your company s information security 0 Quality Passwords combinations of uppercase and lowercase and numbers 0 Endpoint protection I Corporate endpoints I Inventory control I Hard drive encryption I BYOD and Mobile 0 Firewall 0 Intrusion detection 0 Access controls I Access Control Lists ACLs who has what access to which IT assets I Security rights I Principle of least privilege we have business IT for purpose of doing work give me the access that I need to do my job and nothing more I User given no more privilege than necessary to perform a job I Minimizes damage a bad apple can do I Role based access controls don t give access to a person give access to a role assign a person to that role 0 MultiFactor Authentication something that you know password and something you have greater level of confidence that the person logging in is really who they are I Ex Google has multifactor authenitication that requires a text message verification code when a login is attempted from a new device 0 Honeypots Gallaugher text only section 144 o Blacklists and Whitelists Gallaugher text only section 144 Physical vulnerabilities o What steps can be taken to protect I BYOD and mobile devices I Encryption I Mobile device management systems 0 Ability to enforce security on user s mobile device I USB flash drives I Hardware encryption I Ban them disable USb drive in corporate computers 0 What is DBAN How does it help with information security I Free program that will repeated write 1 s and 0 s on the last millimeter of a hard drive in varying combinations so that it wipes out all traces of your data from the magnetic material Disaster Recovery DR What are the elements of a disaster recovery plan 0 Data I Good back up systems 0 Business Continuance I Can continue even if main data center is not capable of being used DRSHe Acceptable Recovery Time I How long is it acceptable to take before you can return to normal operations Security Testing for each of the following What is it How does it help improve the security of your company s information 0 Need to make sure your plans work 0 Vulnerability Scan I Device within company that scans computers testing them for a broad range of potential vulnerabilities I Notify IT staff I Remediate and fix the problem I Repeat I Not punitive process just want to improve 0 Penetration Testing I Internal IT team I External security consultants I Social engineering and technological I Group of people that are hired to try to get through multi layered security system I Again not punitive not trying to get people in trouble just trying to make a strong security system 0 DR Testing I Perform restore and verify systems work I Simulated disasters on occasion How to Stop Gullible Employees article from Cyberheist News I The most prevalent successful threats rely on what vulnerability 0 Because the most prevalent successful threats rely on social engineering one way or another I What s the quotfastest and cheapest bang for your buck when it comes to information security 0 The fastest and cheapest bang for your buck is user education training to counteract those threats Unfortunately such programs tend to focus on scenarios users will never face or were prevalent 10 years ago Certainly most education programs fail to cover the malicious tactics an organization is fighting at a given time 1308Encryption I What s the goal of encryption 0 Ensure that a message is only read by the intended recipient 0 At least until the information is no longer useful to an unauthorized reader 0 Algorithm formula or set of steps for solving a particular problem I When encrypting you have a set of steps to encrypt the data I Substitution algorithm substitute letters I Vulnerable to cryptanalysis I No one really uses substation algorithm 0 Plain text original message not encrypted o Cipher text encrypted message I Key based Cryptography 0 Digital key like physical key to encrypt data I Lock encrypt encipher I Unlock decrypt decipher 0 Keys can be lost or stolen I Key security responsibility of owner I Key management 0 Key length impact on security and system performance I Complexity I Longer more secure I Longer also slower I Strong encryption should take a VERY long time to break 0 Asymmetric or Public Key Encryption I Symmetric key encryption only one key used to encrypt and used to decrypt I Both sender and recipient have the same key I Scalability and key transmission I What can the public key do Who should have it I Asymmetric can have two keys pair of keys I Can only be used to encrypt data I Cannot decrypt I What can the private key do Who should have it Only known to the recipient Decrypts messages from public key How is Public Key Encryption used 0 Protect web transactions 0 000 O SSL I Buying something online I Don t want anyone except who you are buying from to see your credit card information Secure HTTP Data encrypted between client and server Passwords Confidential data medical financial etc Email security 0 O Encryption Digital signatures identification authenticity
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'