1 / 0

Network Security

Network Security. Stuxnet and Target. Announcements. Review Assignment for Assessment 2 (due Monday) Assessment 2 – next Wednesday Reminders: Network Design due the last week of classes Technology Paper and Presentation due the day of the final ~10 minute presntation

adie
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security

    Stuxnet and Target
  2. Announcements Review Assignment for Assessment 2 (due Monday) Assessment 2 – next Wednesday Reminders: Network Design due the last week of classes Technology Paper and Presentation due the day of the final ~10 minute presntation paper guidelines and grading rubric are on my website 2
  3. STUXNET
  4. Stuxnet What was it? How did it spread and how far? What are the impilications?
  5. STUXNET – How it Worked
  6. Stuxnet Precursors: What should we do now?
  7. Target – What Happened?
  8. Target – How did it happen?
  9. Target – How could it have been stopped?
  10. Target – Modern Day Hacking
  11. Security Discussion TJ Maxx RSA Epsilon Gawker Wikileaks HB Gary 11
  12. 11.1 Corporate Security: TJ Maxx War-Driving to seek vulnerabilities in wireless networks Breaches took place all the way back to 2005 Albert Gonzalez was mastermind 2005 -2007 sold as many as 170 million ATM/Credit Card #s Typically used SQL injection to launch packet sniffing Now serving 20 years in a federal prison
  13. 11.1 Corporate Security: RSA Security companies are often the target of many hackers. Another case of phishing emails to get into the company Excel Spreadsheet had a Zero-day exploit Exploit took advantage of Adobe Flash allowing them to install a remote administration tool Used remote admin tool to get deeper information
  14. 11.1 Corporate Security: Epsilon Occurred earlier this year Primary purpose for stealing Phishing – maquerading as a trustworthy entity to gain access to information Form of Social Engineering Carried out by email spoofing
  15. 11.1 Passwords: Gawker Hack After hack, the Wall Street Journal Examine a number of passwords (188,279) and here are some of the most commonly found: password qwerty letmein trustno1 passw0rd Can anyone guess the most commonly used?
  16. 11.1 Corporate Security: Higher Ed Threats Mobile Devices Social Media Viruses (hilarious video attack through FB) Virtualization Embedded devices (number of devices connected to the network) Consumerization of IT (personal devices for organizational use)
  17. 11.1 Corporate Security: Wikileaks Exposed major security flaws in the US government Not standardized across agencies No user restrictions on copying data Minimal monitoring of users accessing sensitive data Recently, new measures are in place to alleviate problems. Bradley Manning trial begins December 16th
  18. 11.1 Corporate Security: HB Gary Found a flaw in content management system Used an SQL Injection to gain access Numerous issues with the system allowed hackers to obtain two passwords: the CEO (Aaron Barr) and COO (Ted Vera) Key takeaway: passwords! Don’t use short, easily deciphered Use different passwords for different accounts
More Related