Cybersecurity and Your Computer: What's At Risk and What Can You Do?

Transcription

1 Cybersecurity and Your Computer: What's At Risk and What Can You Do? Gary C. Kessler Embry- Riddle Aeronau2cal University March

2 Beep Beep 2 Overview What is on your computer? Why does your computer macer in the Big Picture? Financial applica2ons for your computer Including your smartphone! What can your bank do? What can you do? 3 2

3 The Scope of the Problem , Gary C. Kessler , Gary C. Kessler 5 3

4 What's At Risk? What might be found on your computer? Private communica2ons Medical records Financial records Personal and student informa2on The risks? Iden2ty theo/fraud Disclosure of private informa2on Your computer as storage of illegal materials Your computer used to acack others 6 A Day in the Life 7 4

5 All Users Affect Cri2cal Infrastructure May 5th, hours of Sasser sta2s2cs at one small VT company 70,296 acack acempts 15,582 different acackers 99.8% from DSL/cable/dial users Sasser hit cirical mass within 8 minutes of ini2al launch Compare to the Jerusalem virus that took 3 years! Affected flights, shipping, and banking systems Unprotected life expectancy of a Windows computer on the Internet is <10 minutes And it takes >30 minutes to download all of the patches on a new computer

6

7

8

9 16 Dilbert, 8/12/

10 ACacks on the Financial Sector September 2012 ACacks on U.S. financial sector aoer release of Innocence of Muslims "movie" Islamist group Izz ad- Din al- Qassam Cyber Fighters, a military wing of Hamas, claims credit Targets include BofA, HSBC, JP Morgan Chase, PNC Bank, U.S. Bank, Wells Fargo Harbinger of a new form of Advanced Persistent Threat But that is another talk... h?p:// 18 And Yet

11 Mobile Banking Apps Real- 2me mobile banking introduced c Google removes Android e- banking apps in early 2010 due to security concerns But that was then and this is now... More than 2,500 mobile banking apps for Android and ios opera2ng systems More than 70% of smartphone users do some form of personal banking online 20 So, What Can We do? 21 11

12 Safe Banking Applica2ons Banks today are required to provide some form of strong security for online banking applica2ons Strong security not regulated Methods include: Computer registra2on (e.g., hardware address) Two- factor authen2ca2on User hardware token Out- of- band authen2ca2on (e.g., one- 2me password via SMS or e- mail) Mutual authen2ca2on 22 Mutual Authen2ca2on Not my real authentication phrase! 23 12

13 Secure Your Compu2ng Plaporm The situa2on is not hopeless!!! User awareness and educa2on are key!!! 1. Protect against malicious sooware (malware) and external acacks a. Use an2- virus sooware (even on a Mac!) b. Employ firewall sooware and/or hardware c. Employ malware- detec2on sooware 2. Be careful when online a. Think before opening acachments b. Think before clicking on a link in an e- mail c. Think carefully before sending personal data in an e- mail d. Be careful where you go online and use vendors that prac2ce safe compu2ng 3. System maintenance a. Keep system patches current b. Make backups on a regular and frequent basis c. Protect wireless networks d. Password- protect your computer and smartphone

14 It's Like Herding Fish , Gary C. Kessler 26 Some Par2ng Thoughts... "Whoever thinks his problem can be solved using [technology] doesn't understand his problem and doesn't understand [technology]." (GCK, paraphrasing a quote about cryptography that Roger Needham and Butler Lampson attribute to each other.) "Security is a process, not a product." Schneier) (Bruce "There are no secure sites on the Internet, only vigilant ones." (Scott O. Bradner) , Gary C. Kessler 27 14

15 Author Contact Informa2on Gary C. Kessler, Ph.D., CCE, CISSP EMBRY- RIDDLE AERONAUTICAL UNIVERSITY 600 S. Clyde Morris Blvd. Daytona Beach, FL mobile: office: e- mail: Skype: gary.c.kessler h0p:// h0p:// 28 Ques2ons? Comments? Queries? 29 15