210 likes | 394 Views
DIYTP 2009. Introduction to Cybercrime and Security. What is Cybercrime?. Using the Internet to commit a crime. Identity Theft Hacking Viruses Facilitation of traditional criminal activity Stalking Stealing information Child Pornography. Cybercrime Components. Computers Cell Phones
E N D
DIYTP 2009 Introduction to Cybercrime and Security
What is Cybercrime? • Using the Internet to commit a crime. • Identity Theft • Hacking • Viruses • Facilitation of traditional criminal activity • Stalking • Stealing information • Child Pornography
Cybercrime Components • Computers • Cell Phones • PDA’s • Game Consoles
High-Profile Cybercrime-related Cases • TJ Maxx data breach • 45 million credit and debit card numbers stolen • Kwame Kilpatrick • Cell phone text messages • BTK Serial Killer • Kevin Mitnick
Computer Security • Confidentiality • Only those authorized to view information • Integrity • Information is correct and hasn’t been altered by unauthorized users or software • Availability • Data is accessible to authorized users
Computer Security Figure 1.0 – CIA Triangle
Computer Security - Threats • Malware • Software that has a malicious purpose • Viruses • Trojan horse • Spyware
Computer Security - Threats • Intrusions • Any attempt to gain unauthorized access to a system • Cracking • Hacking • Social Engineering • War-driving
Computer Security - Threats • Denial-of-Service (DOS) • Prevention of legitimate access to systems • Also Distributed-Denial-of-Service (DDoS) • Different types: • Ping-of-Death • Teardrop • Smurf • SYN
Computer Security - Threats Figure 1.1 – DoS and DDoS Models
Computer Security - Terminology • People • Hackers • White Hat – Good guys. Report hacks/vulnerabilities to appropriate people. • Black Hat – Only interested in personal goals, regardless of impact. • Gray Hat – Somewhere in between.
Computer Security - Terminology • Script Kiddies • Someone that calls themselves a ‘hacker’ but really isn’t • Ethical Hacker • Someone hired to hack a system to find vulnerabilities and report on them. • Also called a ‘sneaker’
Computer Security - Terminology • Security Devices • Firewall • Barrier between network and the outside world. • Proxy server • Sits between users and server. Two main functions are to improve performance and filter requests. • Intrusion Detection Systems (IDS) • Monitors network traffic for suspicious activity.
Computer Security - Terminology • Activities • Phreaking • Breaking into telephone systems (used in conjunction with war-dialing) • Authentication • Determines whether credentials are authorized to access a resource • Auditing • Reviewing logs, records, or procedures for compliance with standards
Computer Security - Careers • Information Security Analyst US National Average Salary Figure 1.2 – Median salary courtesy cbsalary.com
Computer Security - Certifications • Entry-level • Security+ http://www.comptia.org/certifications/listed/security.aspx • CIW Security Analyst www.ciwcertified.com • Intermediate • MSCE Security http://www.microsoft.com/learning/en/us/certification/mcse.aspx#tab3 • Professional • CISSP www.isc2.org • SANS www.sans.org
Computer Security - Education • Community-college • Washtenaw Community College • Computer Systems Security http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APCSS • Computer Forensics http://www4.wccnet.edu/academicinfo/creditofferings/programs/degree.php?code=APDRAD
Computer Security - Education • 4-Year College • Eastern Michigan University • Information Assurance • Applied • Network • Cryptography • Management • http://www.emich.edu/ia/undergraduate.html