001.itsecurity bcp v1
-
Upload
mohammad-ashfaqur-rahman -
Category
Engineering
-
view
182 -
download
0
Transcript of 001.itsecurity bcp v1
![Page 1: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/1.jpg)
Introduction to Cyber Security
Presented by
Mohammad Ashfaqur RahmanCompliance Professional
www.linkedin.com/in/ashfaqsaphal
![Page 2: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/2.jpg)
Objective
● Concept of IT Security● Information Security Terminologies● Hacker and Attack● Trends of attack● Perspective Bangladesh
![Page 3: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/3.jpg)
Information
● 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’
– Ref : BS ISO 27002:2005
● ‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’
– Ref : BS ISO 27002:2005
![Page 4: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/4.jpg)
Information
● Creation● Transmit● Store● Lost – Corrupt – Destroy – Stolen● Paper based● Verbal
![Page 5: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/5.jpg)
Security
● “The quality or state of being secure—to be free from danger”
● A successful organization should have multiple layers of security in place:
– Physical security– Personal security– Operations security– Communications security– Network security– Information security
![Page 6: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/6.jpg)
Information Security
● The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information
● Information Security is also known as Cyber Security– Also written as Cybersecurity– Security of
• Information System• Network
![Page 7: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/7.jpg)
History
● Old Caesar Cipher● IT Security concept invoked immediately after the first
mainframes were developed ● Groups developing code-breaking computations during
World War II created the first modern computers– Introduction of turing machine
● WikiLeaks, Anonymous, Lulzsec– Bangladesh Cyber Army– Bangladesh Black Hat Hackers
![Page 8: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/8.jpg)
Compromised System
● "Compromised" is a nice way of saying that someone or something has maliciously broken into your computer without your knowledge or permission.
● It means that you can't trust the integrity of any file (program, document, spreadsheet, image, etc.) on your computer.
● can't find out what's been done to your computer files● an exact "before" copy to compare them with
![Page 9: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/9.jpg)
Impact of Compromisation
● Personal– Lost of personal sensitive data : Identity theft– Social harrasment : Social account / mail hack– Financial loss : Credit Card / Online Banking
● Organizational– Loss of customer confidence : cusotomer data
loss– Financial Losses : Lost of confidential data– Damaged Reputation : loss of good will
![Page 10: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/10.jpg)
Impact of Compromisation
● Social– Unrest Situation– Harassment– Child Pornography
![Page 11: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/11.jpg)
The Hacker● A hacker is someone who
– seeks and exploits weaknesses in a– computer system or – computer network.
● A hacker is someone who likes to tinker with electronics or computer systems : finding ways to make them do what they do better, or do things they weren't intended to do
![Page 12: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/12.jpg)
The Hacker● Hackers may be motivated by a multitude of reasons, such
as – Profit– Protest– Challenge– Enjoyment– to evaluate those weaknesses to assist in
removing them.
![Page 13: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/13.jpg)
Types of Hacker● White Hat
– Good Guys– Don't use their skills for illegal purposes– Computer Security experts and – help protect people from the Black Hats
![Page 14: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/14.jpg)
Types of Hacker● Black Hat
– Bad Guys– Use their skills maliciously for personal gain– Hack banks, steal credit cards, and deface
websites
![Page 15: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/15.jpg)
Types of Hacker● Grey hat
– combination of a Black Hat and a White Hat Hacker
– hack into a computer system for the sole purpose of notifying the administrator
![Page 16: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/16.jpg)
Hacker Hierarchy● Script kiddies
– Wannabe hackers– Have no hacking skills– use the tools developed by other hackers– No knowledge of what's happening behind the
scenes
![Page 17: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/17.jpg)
Hacker Hierarchy● Intermediate hackers
– know about computers, networks– enough programming and scripting knowledge– Use pre-developed well-known exploits
![Page 18: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/18.jpg)
Hacker Hierarchy● Elite Hackers
– skilled hackers– write hacker tools and exploits– break into systems and hide their tracks
![Page 19: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/19.jpg)
Other Terminologies● Neophyte
– Also known as "n00b", or "newbie" – is someone who is new to hacking or phreaking
and has almost no knowledge or experience● Blue hat
– someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed
![Page 20: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/20.jpg)
Other Terminologies
![Page 21: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/21.jpg)
Cyber-attack● any type of offensive maneuver● by individuals or whole organizations● targets computer information systems, infrastructures,
computer networks, and/or personal computer devices● Factors that involves
– Fear factor– Spectacular factor– Vulnerability factor
![Page 22: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/22.jpg)
Threat Trends● Cyber Crime
– Bad guys are mostly Eastern European although Asian groups are also active
– A complete service based economy supporting their activities
– Attacks are a mix of • social engineering and • technical attack
![Page 23: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/23.jpg)
Threat Trends● Hactivists
– WikiLeaks– Anonymous, Lulzsec– DDoS attacks– Data loss
• combination of hacking and insiders
![Page 24: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/24.jpg)
Threat Trends● Nation State
– Motivations• Espionage• Disruption• Targeting Government + Private Sector
![Page 25: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/25.jpg)
ICT Act 2006, Bangladesh
![Page 26: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/26.jpg)
Incident Trends, Bangladesh● According to bdCERT
![Page 27: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/27.jpg)
Incident Trends, Bangladesh● Site Defacement
– Site hacked by hacker group named Indishell, Sil3nt Hack3r, My@nm@r H4acK3rs Unit
– Government sites were targeted (.gov.bd)– Sites running on CMS are not fully patched and
inherently carrying bugs which is quite easy for the hacker to penetrate.
– Lack of proactive monitoring and enforcement of standards.
![Page 28: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/28.jpg)
Incident Trends, Bangladesh● Site Defacement
![Page 29: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/29.jpg)
Case Study – Network Hacking● Foot Printing● Port Scanning● Banner Grabbing● Searching for Vulnerabilities● Penetrating
![Page 30: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/30.jpg)
Case Study – Network Hacking● Foot Printing
– You see the company e-mails, address, names, when the domain was created, when the domain expires, the domain name servers, and more!
– A hacker can also take advantage of search engines to search sites for data
• "site : www:thetargetsite:com" this will display every page that Google has
![Page 31: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/31.jpg)
Case Study – Network Hacking● Port Scanning
– To detect the port's listening services on server's open ports so as to detect the vulnerabilities
– The Nmap Security Scanner is available for both Mac and Windows users:
• http://nmap.org/download.html
![Page 32: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/32.jpg)
Case Study – Network Hacking● Port Scanning
– To detect the port's listening services on server's open ports so as to detect the vulnerabilities
– The Nmap Security Scanner is available for both Mac and Windows users:
• http://nmap.org/download.html
![Page 33: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/33.jpg)
Case Study – Network Hacking● Banner Grabbing
– Telnet into service port To gure out what software and version of the service
– If you are using Windows Vista, then telnet is not installed by default, Use control panel – Programs and Features - Turn Windows features on or o - Telnet Client to install
– If you found port 21 (ie ftp) open, then telnet www.targetsite.com 21 to nd out FTP software
![Page 34: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/34.jpg)
Case Study – Network Hacking● Searching for Vulnerabilities
– Search a couple vulnerability databases for an exploit
– If there's an exploit available, run it against the server and take complete control
– Popular exploit databases are Milw0rm, SecurityFocus, osvdb
![Page 35: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/35.jpg)
Case Study – Network Hacking● Attacks
– Denial-of-Service(DoS)– Bu
er Overfow(BoF)
![Page 36: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/36.jpg)
Case Study – Network Hacking● Penetrating
– Running the exploits against the target and penetrating the server
– From PT Server – Multiple programming language
![Page 37: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/37.jpg)
Case Study – Network Hacking● Root Access
– Root kit deployment– Grab data
![Page 38: 001.itsecurity bcp v1](https://reader035.fdocuments.net/reader035/viewer/2022081517/5876fcb51a28abf3398b6841/html5/thumbnails/38.jpg)
It is your turn