This page intentionally left blank
|
|
- Jeremy Patrick
- 5 years ago
- Views:
Transcription
1
2 This page intentionally left blank
3 270 CHAPTER 4 E-commerce Security and Payment Systems many open communication ports that can be used, and indeed are designed to be used, by external computers to send and receive messages. The port typically attacked is TCP port 445. However, given their complexity and design objectives, all operating systems and application software, including Linux and Macintosh, have vulnerabilities. Social Network Security Issues Social networks like Facebook, Twitter, and LinkedIn provide a rich and rewarding environment for hackers. Viruses, site takeovers, identity theft, malware-loaded apps, click hijacking, phishing, and spam are all found on social networks (US-CERT, 2011). For instance, in 2011, hackers defaced Pfizer s Facebook page, took over the Twitter accounts of both USA Today and NBC News, and stole millions of LinkedIn passwords (Sophos, 2012). The Ramnit worm stole account information from more than 45,000 Facebook users. By sneaking in among our friends, hackers can masquerade as friends and dupe users into scams. Social network firms have thus far been relatively poor policemen because they have failed to aggressively weed out accounts that send visitors to malware sites (unlike Google, which maintains a list of known malware sites and patrols its search results looking for links to malware sites). Social networks are open: anyone can set up a personal page, even criminals. Most attacks are social engineering attacks that tempt visitors to click on links that sound reasonable. Social apps downloaded either from the social network or a foreign site are not certified by the social network to be clean of malware. It s clicker beware. Mobile Platform Security Issues The explosion in mobile devices has broadened opportunities for hackers. Mobile users are filling their devices with personal and financial information, making them excellent targets for hackers. In general, mobile devices face all the same risks as any Internet device as well as some new risks associated with wireless network security. While most PC users are aware their computers and Web sites may be hacked and contain malware, most cell phone users believe their cell phone is as secure as a traditional landline phone. As with social network members, mobile users are prone to think they are in a shared, trustworthy environment. Mobile cell phone malware was developed as early as 2004 with Cabir, a Bluetooth worm affecting Symbian operating systems (Nokia phones) and causing the phone to continuously seek out other Bluetooth-enabled devices, quickly draining the battery. More recently, Ike4e.B appeared on jailbroken iphones, turning the phones into botnetcontrolled devices. An iphone in Europe could be hacked by an iphone in the United States, and all its private data sent to a server in Poland. Ike4e.B established the feasibility of cell phone botnets. Many if not most apps written for Android phones have poor protection for user information, and Google removed more than 100 malicious apps from the Android Market in 2011 (Sophos, 2012). The first malicious iphone app was also discovered and removed from the itunes Store. And it is not just rogue applications that are dangerous, but also popular legitimate applications that simply have little protection from hackers (Kolesnikov-Jessup, 2011; US-CERT 2010). Via Forensics, a mobile security firm in Chicago, found in a study of 50 popular iphone apps that only three had adequate protection for usernames, passwords, and other sensitive
4 Technology Solutions 271 data. Servers of mobile service providers like AT&T and Verizon are also vulnerable. In 2011, two computer hackers were arrested for allegedly breaking into AT&T s servers to gather addresses and other personal information of about 120,000 users of Apple s ipad, including corporate chiefs, U.S. government officials, and Hollywood moguls. The hackers did not use the information (Bray, 2011). Vishing attacks target gullible cell phone users with verbal messages to call a certain number and, for example, donate money to starving children in Haiti. Smishing attacks exploit SMS messages. Compromised text messages can contain and Web site addresses that can lead the innocent user to a malware site. A small number of downloaded apps from app stores have also contained malware. Madware innocentlooking apps that contain adware that launches pop-up ads and text messages on your mobile device is also becoming an increasing problem. Read the Insight on Technology case, Think Your Smartphone Is Secure? for a further discussion of some of the issues surrounding smartphone security. Cloud Security Issues The move of so many Internet services into the cloud also raises security risks. From an infrastructure standpoint, DDoS attacks threaten the availability of cloud services on which more and more companies are relying. Safeguarding data being maintained in a cloud environment is also a major concern. For example, researchers identified several ways data could be accessed without authorization on Dropbox, which offers a popular cloud file-sharing service. Dropbox has also experienced several security snafus, including leaving all of its users files publicly accessible for four hours in June 2011 due to a software bug, the discovery of a security hole in its ios app which allowed anyone with physical access to the phone to copy login credentials, and the theft of usernames and passwords in August To combat some of these issues, Dropbox has implemented a number of measures, including two-factor authentication, which relies on two separate elements something you know, such as a password, coupled with a separately generated code. Around the same time, a hack into writer Mat Honan s Apple icloud account using social engineering tactics allowed the hackers to wipe everything from his Mac computer, iphone, and ipad, which were linked to the cloud service, as well as take over his Twitter and Gmail accounts (Honan, 2012). These incidents highlight the risks involved as devices, identities, and data become more and more interconnected in the cloud. 4.3 Technology Solutions At first glance, it might seem like there is not much that can be done about the onslaught of security breaches on the Internet. Reviewing the security threats in the previous section, it is clear that the threats to e-commerce are very real, potentially devastating for individuals, businesses, and entire nations, and likely to be increasing in intensity along with the growth in e-commerce. But in fact a great deal of progress has been made by private security firms, corporate and home users, network administrators, technology firms, and government agencies. There are two lines of defense:
5 272 CHAPTER 4 E-commerce Security and Payment Systems Insight on Technology Think Your Smartphone Is Secure? So far, there have been few publicly identified, large-scale, smartphone security breaches. In 2012, the biggest security danger facing smartphone users is that they will lose their phone. In reality, all of the personal and corporate data stored on the device, as well as access to corporate data on remote servers, are at risk. In many Wall Street firms, losing your company phone means you lose your job. Still, criminals find stealing financial and personal data from PCs much easier and more lucrative than attacking cell phones. But with smartphones outselling PCs in 2012, and with smartphones increasingly being used as payment devices, they are likely to become a major avenue of malware. Have you ever purchased anti-virus software for your smartphone? Probably not. Many users believe their iphones and Androids are unlikely to be hacked because Apple and Google are protecting them from malware apps, and that the carriers like Verizon and AT&T can keep the cell phone network clean from malware just as they do the land-line phone system. Telephone systems are closed and therefore not subject to the kinds of attacks that occur on the open Internet. To date, there has not been a major smartphone hack resulting in millions of dollars in losses, or the breach of millions of credit cards, or the breach of national security, but just because it has not happened yet doesn t mean that it won t. With 116 million smartphone users in the United States, 122 million people accessing the Internet from mobile devices, business firms increasingly switching their employees to the mobile platform, consumers using their phones for financial transactions and even paying bills, the size and richness of the smartphone target for hackers is growing. The smartphone ecosystem is a very large target today, and rich with potential criminal opportunities. Users of smartphones download and open files with their browsers, and send and receive financial, personal, and commercial information. Hackers can do to a smartphone just about anything they can do to any Internet device: request malicious files without user intervention, delete files, transmit files, install programs running in the background that can monitor user actions, and potentially convert the smartphone into a robot that can be used in a botnet to send and text messages to anyone. Apps are one avenue for potential security breaches. Apple, Google, and RIM (BlackBerry) now offer over 1.25 million apps collectively. Apple claims that it examines each and every app to ensure that it plays by Apple s itunes rules, but risks remain. Most of the known cases that occurred thus far have involved jailbroken phones. The first iphone app confirmed to have embedded malware made it past Apple into the itunes store in July However, security company Kaspersky expects the iphone to face an onslaught of malware within the next year. Apple itunes app rules make some user information available to all apps by default, including the user s GPS position and name. However, a rogue app could easily do much more. Nicolas Seriot, a Swiss researcher, built a test app called SpyPhone that was capable of tracking users and all their activities, then transmitting this data to remote servers, all without (continued)
6 Technology Solutions 273 user knowledge. The app harvested geolocation data, passwords, address book entries, and account information. Apple removed the app once it was identified. That this proof-ofconcept app was accepted by the itunes staff of reviewers suggests Apple cannot effectively review new apps prior to their use. Thousands of apps arrive each week. Security on the Android platform is much less under the control of Google because it has an open app model. As a result, the Android has been the primary smartphone target, and instances of malware on the Android platform have reportedly increased by 400%. Google does not review any of the apps for the Android platform but instead relies on technical hurdles to limit the impact of malicious code, as well as user and security expert feedback. Google apps run in a sandbox, where they cannot affect one another or manipulate device features without user permission. Android apps can use any personal information found on a Droid phone but they must also inform the user what each app is capable of doing, and what personal data it requires. Google removes from its official Android Market any apps that break its rules against malicious activity. One problem: users may not pay attention to permission requests and simply click Yes when asked to grant permissions. Apple s iphone does not inform users what information apps are using, but does restrict the information that can be collected by any app. Google can perform a remote wipe of offending apps from all Droid phones without user intervention. This is a wonderful capability, but is itself a security threat if hackers gain access to the remote wipe capability at Google. In one incident, Google pulled down dozens of mobile banking apps made by a developer called 09Droid. The apps claimed to give users access to their accounts at many banks throughout the world. In fact, the apps were unable to connect users to any bank, and were removed before they could do much harm. Google does take preventive steps to reduce malware apps such as vetting the backgrounds of developers, and requiring developers to register with its Google Wallet payment service (both to encourage users to pay for apps using their service but also to force developers to reveal their identities and financial information). Beyond the threat of rogue apps, smartphones of all stripes are susceptible to browser-based malware that takes advantage of vulnerabilities in all browsers. In addition, most smartphones, including the iphone, permit the manufacturers to remotely download configuration files to update operating systems and security protections. Unfortunately, flaws in the public key encryption procedures that permit remote server access to iphones have been discovered, raising further questions about the security of such operations. Some commentators dismiss these concerns as more hype than reality. But reality may be catching up with the hype. SOURCES: iphone Malware: Spam App Find and Call Invades App Store, by Zach Epstein, BGR.com, July 5, 2012; iphone Malware: Kaspersky Expects Apple s ios to be Under Attack by Next Year, by Sara Gates, Huffington Post, May 15, 2012; Android, Apple Face Growing Cyberattacks, by Byron Acohido, USA Today, June 3, 2011; Security to Ward Off Crime on Phones, by Riva Richmond, New York Times, February 23, 2011; AT&T Plans Smartphone Security Service for 2012, John Stankey, AT&T Enterprise CTO, interview May 16, 2012; Smartphone Security Follies: A Brief History, by Brad Reed, Network World, April 18, 2011; Experts: Android, iphone Security Different But Matched, by Elinor Mills, CNET News, July 1, 2010; Apple Security Breach Gives Complete Access to Your iphone, by Jesus Diaz, Gizmodo.com, August 3, 2010; iphone Certificate Flaws, iphone PKI Kandling flaws, by Cryptopath.com, January 2010.
7 274 CHAPTER 4 E-commerce Security and Payment Systems Figure 4.5 TOOLS AVAILABLE TO ACHIEVE SITE SECURITY There are a number of tools available to achieve site security. Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. The purpose of encryption is (a) to secure stored information and (b) to secure information transmisencryption the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. The purpose of encryption is (a) to secure stored information and (b) to secure information transmission cipher text text that has been encrypted and thus cannot be read by anyone other than the sender and the receiver technology solutions and policy solutions. In this section, we consider some technology solutions, and in the following section, we look at some policy solutions that work. The first line of defense against the wide variety of security threats to an e-commerce site is a set of tools that can make it difficult for outsiders to invade or destroy a site. Figure 4.5 illustrates the major tools available to achieve site security. Protecting Internet Communications Because e-commerce transactions must flow over the public Internet, and therefore involve thousands of routers and servers through which the transaction packets flow, security experts believe the greatest security threats occur at the level of Internet communications. This is very different from a private network where a dedicated communication line is established between two parties. A number of tools are available to protect the security of Internet communications, the most basic of which is message encryption. Encryption
Security Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationUnderstanding Security Threats in the Cyber World. Beth Chancellor, Chief Information Security Officer
Understanding Security Threats in the Cyber World Beth Chancellor, Chief Information Security Officer Agenda Phishing Credit Card Fraud & Identity Theft Cloud Services Social Networking Wireless Phishing
More informationInformation Security. CS526 Topic 1
Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket
More informationPresented by: Islanders Bank
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why it s important Provide information about Dept. Homeland Security Cybersecurity Campaigns:
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More informationCHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals
CHECK POINT Mobile Security Revolutionized [Restricted] ONLY for designated groups and individuals 2014 Check Point Software Technologies Ltd. 1 Rapidly Expanding Mobile Threats MOBILE THREATS are ESCALATING
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationIt s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions
It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect
More informationWin the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business
Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business Takeaways Cyber-criminals are using emails & social engineering to infiltrate your network Your team
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More informationINFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!
INFOCOMM SEC RITY is INCOMPLETE WITHOUT Be aware, responsible secure! U HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD FASTEN UP!
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationKnow the Risks. Protect Yourself. Protect Your Business.
Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationEnterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch
10/2014 Creation date: 31.10.2014 Author: Vlastimil Turzík, Edward Plch Content Content... 2 Introduction... 4 Interesting Articles... 4 95% of companies challenged by BYOD security... 4 ios... 4 Vulnerability...
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationObjectives. What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer
1 Objectives What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer 2 What is Cloud Computing? Not single, agreed upon definition exists yet,
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationThe Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager
The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager Mobility -we have come a long way and where is it going? Image: Word Press Mobility To achieve mobility, two
More informationSecurity Awareness. ITS Security Training. Fall 2015
Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data
More informationSmartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices
Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Page 1 Global Threat Center Exploit Research and Development
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationTahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
More informationIs your data secure?
You re not as safe as you think Think for a moment: Where do you keep information about your congregants or donors? In an Excel file on someone s desktop computer? An Access database housed on your laptop?
More informationThe Mobile Malware Problem
The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de Introduction Security Evangelist at G Data: Privately
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationPatrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS
Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS I want you to take home four points Understand Educate Collaborate Prepare It s a great
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationThe Truth About Enterprise Mobile Security Products
The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationProtecting your Identity, Computer and Property
Cyber Security and Self Defense Protecting your Identity, Computer and Property Part 1: There are sharks in the water! Author: Neil Rosenberg, neil@vectorr.com Top Ten Famous Last Words: 1. Identity theft
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationThe Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats
The Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats John Burke Principal Research Analyst Nemertes Research www.nemertes.com Agenda About Nemertes
More informationKaren McDowell, Ph.D., GCIH Information Security, Policy, and Records Office (ISPRO) karenm@virginia.edu June 2013 ANATOMY OF A HACK
Karen McDowell, Ph.D., GCIH Information Security, Policy, and Records Office (ISPRO) karenm@virginia.edu June 2013 ANATOMY OF A HACK Step 1: Do Reconnaissance Successful hackers are excellent researchers,
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationWelcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationSuccessful Mobile Deployments Require Robust Security
By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity
More informationAlmost 400 million people 1 fall victim to cybercrime every year.
400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked
More information2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE
2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE WHO ARE WE? 12 years of local Tech, Training and Website services Service the 4 areas of life Regularly
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationIntroduction to Cyber Security
Mark R. Herring Attorney General Commonwealth of Virginia Office of the Attorney General 900 East Main Street Richmond, Virginia 23219 (804) 786-2071 (Telephone) (804) 786-1991 (Facsimile) Introduction
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationExchange ActiveSync (EAS)
Exchange ActiveSync (EAS) EAS allows for the synchronization of email, contacts, calendar, tasks and notes from an Exchange email server to a mobile device. Configuring and Connecting ios devices (iphone,
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationEnterprise Mobility Report 08/2015. Creation date: 8.9.2015. Vlastimil Turzík
08/2015 Creation date: 8.9.2015 Author: Vlastimil Turzík Content Content... 2 Introduction... 3 ios... 3... 3 ios vulnerability targets corporate data... 3 Versions: 8.4.1... 3 Android... 4... 4 Android
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationCSUF Tech Day 2015. Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu
CSUF Tech Day 2015 Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu Agenda Introduction Large scale data breaches: 2014 and beyond Email based attacks:
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More information7 Simple Smartphone Privacy Tips:
7 Simple Smartphone Privacy Tips: An Exclusive White Paper for Deluxe Customers by John Sileo CT22JSWP Most business people think of their smartphone as a highly critical and necessary tool in running
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationThe Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
More informationDIGITAL LIFE E-GUIDE How to Protect your Smartphone
A DIGITAL LIFE E-GUIDE How to Protect your Smartphone It s been said that information is the new currency. 1 Carrying a smartphone nowadays is like having a second wallet. Instead of containing money
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More informationMobile for B2B: Security Considerations. August 2011 Tom Millard & Rob Hurst
Mobile for B2B: Security Considerations 1 Page Mobile for B2B Security Considerations August 2011 Tom Millard & Rob Hurst Mobile for B2B: Security Considerations 2 Page Intro Mobile for B2B Series This
More informationMobile Banking. Click To Begin
Mobile Banking Click To Begin Click On Your Type Of Phone iphone Please select the method you would like to use for accessing your account from the options below: APP (Downloadable Application from itunes)
More informationSecuring your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank
Securing your Mobile Environment Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank These things are everywhere These things are everywhere These things are everywhere These things are everywhere
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationStopping zombies, botnets and other email- and web-borne threats
Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationSmartphone Vulnerabilities Securing your personal and business data
Smartphone Vulnerabilities Securing your personal and business data June 2010 SECURING YOUR PERSONAL AND BUSINESS DATA The use of smartphones in business is increasingly becoming ubiquitous due to the
More information