Network Security - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Network Security

Description:

The defendant had hijacked AOL's identity and was going to use it to steal ... The defendant's AOL look-alike Web page directed consumers to enter the numbers ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 17
Provided by: Secu1
Category:
Tags: aol | mail | network | security

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
  • Keeping your Online Identity Safe and Secure

2
Your Online IdentityReal-World Perspective
  • Today your identity online is as important as
    your physical identity
  • How the world sees and responds to you.
  • Losing of control of your email, User Id and/or
    passwords can be more destructive and damaging
    today than losing your wallet or purse.
  • Protecting this identity must become a priority
  • Threats to everyone's online identity continues
    to increase every year.

Source SANS Institute
3
Security Incidents Are on the Rise
  • 1988 - 6 Reports
  • 1991 406
  • 1994 2340
  • 1997 2,134
  • 2000 21,756
  • 2001 52,658
  • 2002 97,812
  • Projected 2003 149,652

Source CERT
4
Security Incidents
5
What are the Threats?
  • Threats to Personal Data
  • Unauthorized Use or Disclosure of Personal
    Financial Information
  • Alteration of passwords, records, addresses
  • Threats to Organizations
  • Misappropriation of Resources
  • Denial of Service
  • Destruction of Systems or Infrastructure

6
Creating more Secure Passwords
  • Observing the following rules when you create a
    password will help produce a more secure
    password
  • Create as long a password as you can
    remember--passwords that are longer are almost
    always much harder to crack than those that are
    short, four to six characters in length.
  • Passwords must never contain the user ID.
  • Passwords should not contain any simple pattern
    of letters or numbers such as "qwertyxx" or
    "xyz123xx.
  • Passwords should not include the user's own or a
    close friend's or relative's name, employee
    number, Social Security Number, birthdate,
    telephone number, or any information about him or
    her that the user believes could be readily
    learned or guessed.
  • Avoid common words in the news (including names
    of people, car makes, sports teams, cities, and
    so on)
  • Include numbers and special symbols in your
    password.(Passwords containing a nonnumeric
    letter or symbol in the first and last positions
    are very secure)

7
BCC Password Standards
  • Novell/Groupwise
  • Password must be 5-8 alpha/numeric characters
  • Passwords can be changed anytime you sign on.
  • Password should be changed in both Novell
    Groupwise. (Each program can have separate
    password however, this is not recommended)
  • Currently Novell/Groupwise passwords do not
    expire and there is no limit on sign-on attempts.

8
BCC Password Standards
  • Unisearch/NetSearch (Imaging System)
  • Password must be 6-8 alpha/numeric characters
  • Passwords can be changed anytime by using the
    original Netsearch sign-on screen.
  • Unisearch/NetSearch will force a Password change
    every 60 days.

9
Risks to your Online Identity
  • Phishing (Personal Identity Theft)
  • Spoofing (Website Identity Theft)

10
Phishing
  • Consumers are the target of an increasingly
    popular scam called "phishing," in which victims
    receive unsolicited, phony mass e-mails that try
    to lure them into revealing personal financial
    information. Often, the scammers pretend to be
    real companies, such as banks, credit card
    companies or Internet providers, and claim there
    has been a problem with billing or that the
    customer may have been a fraud victim.The
    message directs victims to click on a link to a
    fake Web site that looks just like the company's
    real one, where they are asked to type in
    personal information, such as Social Security
    numbers, mother's maiden name and bank and credit
    card numbers. The scam uses that information to
    steal identities and run up credit cards or order
    new ones.

11
Phishing Example
  • Posing as America Online, the con artist sent
    consumers e-mail messages claiming that there had
    been a problem with the billing of their AOL
    account. The e-mail warned consumers that if they
    didnt update their billing information, they
    risked losing their AOL accounts and Internet
    access. The message directed consumers to click
    on a hyperlink in the body of the e-mail to
    connect to the AOL Billing Center. When
    consumers clicked on the link they landed on a
    site that contained AOLs logo, AOLs type style,
    AOLs colors, and links to real AOL Web pages. It
    appeared to be AOLs Billing Center. But it
    wasnt. The defendant had hijacked AOLs identity
    and was going to use it to steal consumers
    identities.
  • The defendants AOL look-alike Web page directed
    consumers to enter the numbers from the credit
    card they had used to charge their AOL account.
    It then asked consumers to enter numbers from a
    new card to correct the problem. It also asked
    for consumers names, mothers maiden names,
    billing addresses, social security numbers, bank
    routing numbers, credit limits, personal
    identification numbers, and AOL screen names and
    passwords - the kind of data that would help the
    defendant plunder consumers credit and debit
    card accounts and assume their identity online.

12
Example of Phishing Email
  • February 1, 2004
  • Subject your access to bid or buy on Ebay has
    been restricted!
  • Dear Ebay member 12674539!
  • It has come to our attention that your account
    may be used by third party in a fraudulent
    activity with Ebay. as a result, your access to
    bid or buy on Ebay has been restricted. according
    to our site policy you will have to confirm that
    you are the real owner of the Ebay account by
    entering your credit card information.
  • please click on the link below to get to the Ebay
    security update page and complete the form that
    will appears. after that your account information
    will be verified and you will be redirected to
    the Ebay home page. thank you. ...

13
What can you do?
  • Be wary any email that directs you a website.
  • Never enter your financial information on a
    website were you have not entered the WWW address
    yourself.
  • Always make sure the site is secure before
    entering your credit card information

14
Secure Websites
15
Secure Websites
16
Questions?
Doug Kirby Information Technology Dkirby_at_broward.e
du
Write a Comment
User Comments (0)
About PowerShow.com