• Rootkit
  • Password Cracking
  • Georgia Data Breach Notification Law
  • Identifying Security Compromises
  • Security Awareness Primer PowerPoint Presentation




    Download 7,53 Mb.
    bet3/6
    Sana13.05.2024
    Hajmi7,53 Mb.
    #228915
    1   2   3   4   5   6
    Bog'liq
    USG Security Awareness Primer

    Botnet

    • A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.
    • The compromised computers are called zombies.

    Man In The Middle Attack

    • An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server.

    Rootkit

    • Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.
    • May enable:
      • Easy access for the hacker (and others)into the enterprise
      • Keystroke logger
    • Eliminates evidence of break-in.
    • Modifies the operating system.

    Backdoor entry
    Keystroke Logger
    Hidden user

    Password Cracking

    Dictionary Attack and Brute Force


    Pattern

    Calculation

    Result

    Time to Guess
    (2.6x1018 tries/month)

    Personal Info: interests, relatives

    20

    Manual 5 minutes

    Social Engineering

    1

    Manual 2 minutes

    American Dictionary

    80,000

    < 1 second

    4 chars: lower case alpha

    264

    5x105

    8 chars: lower case alpha

    268

    2x1011

    8 chars: alpha

    528

    5x1013

    8 chars: alphanumeric

    628

    2x1014

    3.4 min.

    8 chars alphanumeric +10

    728

    7x1014

    12 min.

    8 chars: all keyboard

    958

    7x1015

    2 hours

    12 chars: alphanumeric

    6212

    3x1021

    96 years

    12 chars: alphanumeric + 10

    7212

    2x1022

    500 years

    12 chars: all keyboard

    9512

    5x1023

    16 chars: alphanumeric

    6216

    5x1028

    Georgia Data Breach Notification Law

    O.C.G.A. §§10-1-910, -911, -912

    • An unauthorized acquisition of electronic data that compromises the security, confidentiality or integrity of “personal information.”
    • Personal Information
      • Social Security Number.
      • Driver’s license or state ID number.
      • Information permitting access to personal accounts.
      • Account passwords or PIN numbers or access codes.
      • Any of the above in connection with a person’s name if the information is sufficient to perform identity theft against the individual.

    Identifying Security Compromises

    • Symptoms:
      • Antivirus software detects a problem.
      • Disk space disappears unexpectedly.
      • Pop-ups suddenly appear, sometimes selling security software.
      • Files or transactions appear that should not be there.
      • The computer slows down to a crawl.
      • Unusual messages, sounds, or displays on your monitor.
      • Stolen laptop: 1 stolen every 53 seconds; 97% never recovered.
      • The mouse pointer moves by itself.
      • The computer spontaneously shuts down or reboots.
      • Often unrecognized or ignored problems.

    Download 7,53 Mb.
    1   2   3   4   5   6




    Download 7,53 Mb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa



    Security Awareness Primer PowerPoint Presentation

    Download 7,53 Mb.