1 / 108

From The 1981 book,  School, Work and Play (World of Tomorrow)

However, there is one kind of crime which may exist in the future - computer crime. Instead of mugging people in the streets or robbing houses, tomorrow's criminal may try to steal money from banks and other organizations by using a computer.

july
Download Presentation

From The 1981 book,  School, Work and Play (World of Tomorrow)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. However, there is one kind of crime which may exist in the future - computer crime. Instead of mugging people in the streets or robbing houses, tomorrow's criminal may try to steal money from banks and other organizations by using a computer. … it is very difficult to carry out a successful robbery by computer. Many computers have secret codes to prevent anyone but their owners from operating them. As computers are used more and more, it is likely that computer crime will become increasingly difficult to carry out. From The 1981 book, School, Work and Play (World of Tomorrow)

  2. IT Security For Libraries Blake Carver – blake@lishost.org http://lisnews.org/security/ Intro

  3. Intro

  4. Security is two different things: It's a feelingIt's a realityBruce Schneier - TedxPSU Intro

  5. Fear! Uncertainty! Doubt! Intro

  6. "Anonymous is a handful of geniuses...surrounded by a legion of idiots"Cole Stryker Intro

  7. Intro

  8. CriminalsActivistsGovernment Agents Intro

  9. Where Are They Working? • Web Sites • Web Servers • Home Computers • Mobile Devices • Social Networks • Search Engines • Advertising • Email Intro

  10. What Are They Doing? Man In The Middle Attacks Trojans Privilege Escalations DNS Changes Arbitrary File Downloads Cross Site Request Forgery Remote Stack Buffer Overflow Worms Heap Overflows Blended Threats Malvertising Arbitrary Command Execution Address Bar Spoofing Crimevertising Keyloggers File Overwrite Format Strings Shell Uploads Malware Spyware Local Stack Buffer Overflow Advanced Persistent Threats Data Exfiltration Data Aggregation Attacks Remote Code Execution Code Injections Scareware SQL Injections Information Disclosures Denial Of Service Array Integer Overflows Stack Pointer Underflow Null Byte Injection Backdoors Tojan-Downloaders HTTP Parameter Pollution Viruses Cross Site Scripting Cookie Disclosures Forced Tweet Local File Inclusions Rootkits Man In The Browser Attacks Remote Code Injection Adware DNS Poisoning Buffer Overflows Directory Traversals Open Redirection Remote Command Executions Frankenmalware Intro

  11. What Are They Using? lethic s_torpig darkmailer Dofoil FakeCheck Sefnit Phoenix Rimecud Incognito SpyEye CoinMiner ClickPotato Zwangi FakeRean Bleeding Life Hotbar Citadel Siberia fivetoone Ramnit Conedex IRCBot Cycbot Eleonore Alureon ZeuS Blacole Alureon Camec Sirefef GameVance SEO Sploit SpyZeus Poison Intoxicated Onescan FineTop Taterf Taterf MSIL bobax Conficker grum OpenCandy Sality SideTab CrimePack PlayBryte cutwail Pdfjsc sendsafe gheg maazben Intro

  12. Malware Incorporated • There’s an APP for that! • Matured, Diversified and Dangerous • Hard to reach • They conduct business anonymously Intro

  13. Examples *Thanks to Brian Krebs for sharing screenshots: krebsonsecurity.com And to Dr. Mark Vriesenga, BAE systems Intro

  14. What Are They After? • PINs • Passwords • Credit Cards • Bank Accounts • Computers • Usernames • Contact Lists • Emails • Phone Numbers Intro

  15. Intro

  16. Personal information is the currency of the underground economy Intro

  17. The Era Of Steal Everything Intro

  18. There is no such thing as a secure computer Intro

  19. Passwords • Staying Safe At Home & Away • Desktops & Laptops • Email • Browsers • Wi-Fi • Social Media • Mobile Devices • Security In Libraries • Biggest Mistakes • Practical Policies • Server Side Security Intro – Next - Passwords

  20. Passwords Reuse Weak Passwords

  21. Passwords Are Like Bubblegum... • Best When Fresh • Should Be Used Once • Should Not Be Shared • Make A Mess When Left Lying Around • Easy To Steal NativeIntelligence.com Passwords

  22. Passwords

  23. What Have We Learned From Breaches? • Passwords Are Reused • Passwords Are Weak Passwords

  24. What Makes a Good Password? • Uniqueness • Complexity • Length • Strength • Memorableness Passwords

  25. World’s Best Password Policy! • Be at least 32 characters in length. • Contain all of the following 4 character types: • Uppercase letters  (ABCDEFGHIJKLMNOPQRSTUVWXYZ) • Lowercase letters  (abcdefghijklmnopqrstuvwxyz) • Symbols  (,./’~<?;:”[]{}\|!@#$%^&*()_=-+) • Numbers (0123456789) • Not be similar to or contain any portion of your name or login name • Not contain English words that are longer than 4 letters • Not begin or end with a number • Not be the same as any of the previous 78 passwords in the password history • Be changed at least once every 12 days • NOT Use a sequence of keys on the keyboard, such as QWERTY or 12345 • NOT Use information about yourself, family members, friends or pets. This includes (in whole or in part) names, birthdates, nicknames, addresses, phone numbers • NOT Use words associated with your occupation or hobbies • NOT Use words associated with popular culture, such as song titles, names of sports teams, etc. • NOT Be reused for multiple accounts Passwords

  26. O9q[#*FjJ9kds7HJ&^4&!@&$#s(6@GFK Passwords

  27. Simple Things Make a Strong Password • Some Letters – UPPER and lower case • Maybe some numbers • Maybe a something else (*%$@!-+=) • DO Make it as l o n gas you can • Do notreuse it on multiple sites Passwords

  28. What Makes a Bad Password • Default Passwords • Dictionary and Common Words • Predictable Patterns • Passwords From Password Lists • Obvious Personal Details Passwords

  29. Should You Change All Your Passwords Every X # of Months? • Email? • Bank Account? • Network? • Server? • Router? • Facebook & Twitter? • Library Web Site? • LISNews? Passwords

  30. What Can Sysadmins Do? • Don’t allow bruteforcing • Encrypt and Salt Passwords • Allow Large Passwords • Allow Large Character Sets Passwords

  31. Assume Your Password Will Be Stolen Passwords

  32. Nobody – nobody – is immune from getting hacked Passwords

  33. Have your accounts been compromised? https://www.pwnedlist.com/ Passwords – Next – Staying Safe Online

  34. Staying Safe Online At Home(And Away) Patches Trust Passwords Staying Safe Online

  35. Staying Safe Online

  36. How Do You Know If You Are Infected? You Don’t • Sudden slowness • Change in behavior • Odd sounds or beeps • Random Popups • Unwelcome images • Disappearing files • Random error messages • Fans Spinning Wildly • Programs start unexpectedly • Your firewall yells at you • Odd emails FROM you • Freezes • Your browser behaves funny Staying Safe Online

  37. Your antivirus software is a seat belt – nota force field.- Alfred Huger Staying Safe Online

  38. Desktops & Laptops • Keep everythingpatched / updated • Don’t Trust anything • Links / Downloads / Emails • Backup your stuff! Staying Safe Online

  39. If I took your laptop/iPad right now....What would I have access to? Staying Safe Online

  40. Laptops • Prey / LoJack • Passwords • Sign Out & Do NOT Save Form Data Staying Safe Online

  41. Carry A SafeNot A Suitcase Staying Safe Online

  42. Email • Don’t trust anything • Don’t leave yourself logged in • 2 Factor Authentication • Passwords Staying Safe Online

  43. Email Blended Threats • 新 任 经 理 全 面 管 理 技能提 升 • Fwd: Scan from a Hewlett-Packard ScanJet 38061 • Airline Itineraries • Banks / Credit Cards • Order Confirmations • Better Business Bureau complaints (BBB) • UPS / FedEX Delivery Notifications Staying Safe Online

  44. 35% 2% 20% 35% 4% Staying Safe Online

  45. Staying Safe Online

  46. Browsers • Keep Everything Updated • Know Your Settings • Phishing & Malware Detection - Turned ON • Software Security & Auto / Silent Patching - Turned ON • A Few Recommended Plugins: • Something to Limit JavaScript • Something to Force HTTPS • Something to Block Ads Staying Safe Online

  47. Firefox Collusion Staying Safe Online

  48. Wi-Fi • Passworded & Encrypted • MAC & DHCP • Firmware Updates • Off Never Trust Public Wi-Fi Staying Safe Online

  49. Social Media • Understand and adjust your privacy settings • Use HTTPS • Be skeptical of everything • especially ANYONE asking you for money Staying Safe Online

  50. Social Media Common Threats • YOU HAVE TO SEE THIS • Free iPhone 5! • New Apps • Celebrity / Current Event • Twitter @s Hidden behind URL Shortners Staying Safe Online

More Related