This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Size: px
Start display at page:

Download "This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit."

Transcription

1 The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit com To invite Jim Stickley to speak at your next event, him at or call his cell at

2 The Hidden Risks Of Mobile Applications Presented by Jim Stickley

3 Today Android now has over 1 million apps with Apple close behind With the entire world moving to mobile devices, hackers are shifting their focus

4 Mobile Technology Installing malicious apps

5 Hacking mobile technology Applications require permissions to access certain information In many cases the permissions are necessary to allow the application to perform properly While mobile devices will warn you about the permissions i required, do people really pay attention?

6 6

7 7

8 8

9 Purpose of this attack Test 1 See how many people would download and install my app even though it required access to everything Pull address off phone Because Android uses gmail, often multiple address will be added to phone Pull phone number and mobile carrier

10 10

11 11

12 Hacking mobile technology Permissions I required Your Personal Information (Read contact data, Write contact data) Network Communication (Allows the application to accept cloud to device messages from applications service, full internet access) Storage (Modify / Delete SD Storage) Phone Calls (modify phone state, read phone state and identity) System Tools (Automatically start at boot, Prevent phone from sleeping, write sync settings) Your Messages (Read SMS or MMS, Receive SMS, Read Gmail including sending and deleting mail) Services that cost you money (Send SMS Messages)

13 Results Over 1300 downloads in 3 month period Received over addresses Applications remained in contact with my server during this time Never reported as suspicious Never received notice to discontinue application Averaged 3 stars on feedback

14 What does this mean? People are willing to install an app even if the permissions i have access to things not needed d to function properly Often people will not be aware of the permissions required because they scroll off the screen If I wanted to create a malicious app that would need people to allow all permissions, that will not be an issue

15 Mobile Technology Hacking online accounts

16 Hacking online accounts Mobile apps can be designed to manage: , text messages, photos, contacts, etc. Malicious apps could be designed to capture this same data. Could look legitimate to Google and Apple Probably could be used to gain access to online accounts

17 Purpose of this attack Test 2 Using the same app originally created to test permission, modify the app to have the ability to be malicious Attempt to steal online account login credentials (Login & Password) via the app Because the app is now malicious, only test on friends and family

18 Hacking mobile technology User installs Gmail counter app After the app is installed, it simply retrieves addresses from phone and sends them to the hacker

19 Hacking mobile technology What can you do with an address?

20 Hacking mobile technology Hacker sends forgot password and or forgot User ID request to all major online applications using acquired addresses

21 Hacking mobile technology Hacker sends forgot password and or forgot User ID request to all major online applications using acquired addresses

22 Forgot password? RBKYHU

23 Forgot password? RBKYHU

24 Hacking mobile technology Online applications send temporary password or User ID back to address

25 Hacking mobile technology Online applications send temporary password or User ID back to address

26 Hacking mobile technology Mobile App checks for messages from defined d list of online applications

27 Hacking mobile technology Any s that match password requests are forwarded d to hacker

28 Hacking mobile technology Any s that match password requests are forwarded d to hacker

29 Hacking mobile technology

30 Hacking mobile technology ******** ********

31 Hacking mobile technology

32 Hacking mobile technology Hacker now has the login ( address) for the account and a link to a temporary password Problem: Real owner of account might see containing i forgot password request

33 Hacking mobile technology Hacker now has the login ( address) for the account and a link to a temporary password Problem: Real owner of account might see containing i forgot password request

34 Hacking mobile technology Mobile App designed to delete the original i after it forwards to hacker

35 Hacking mobile technology Hacker now has temporary passwords for all accounts Hacker can now login to accounts using address and temporary password Hacker can change settings, order items online, etc. Until real user attempts t to login to hijacked account, hacker has full access

36 Results Loaded malicious app onto 20 mobile devices These people all agreed to let me hack them Able to change the password on over 100 online applications Able to gain access to online banking accounts through multifactor

37 Results Can also be used to gain real passwords

38 38

39 39

40 40

41 How risky is it? Hacker has complete access to Hacker has complete access to text messages Send and receive Hacker has ability to access numerous accounts Hacker has ability to learn your password

42 How risky is it? Extremely important to have unique password at every site Not always easy to remember Simple solution

43 What can you do? Pay attention to permissions Even if the application has been downloaded / installed thousands of times, it doesn t guarantee it s secure When in doubt, don t install the application Password no longer working is a red flag

44 What can you do? How do I know what permissions my apps have? Android Apple

45 Mobile Technology Attacking the network

46 When phones attack Can a mobile device be used for hacking? Android is Linux based Written in Java with all the normal sockets Supports C code Supports native Libraries In theory you could use an Android device for hacking

47 Purpose of this attack Test 3 Crash server on network RDP Remote Code Execution Vulnerability Published March 2012 (MS12-020) Used for remote code execution and denial of service attacks

48 When phones attack Target system Windows 2008 Server Attack software RDPKill4Android Video

49 This is the title text box

50 When phones attack What happened? Android device has access to network via Wi-Fi Android device was able to connect to Windows computer Android device was able to send denial of service code via RDP Windows 2008 server crashed with blue screen

51 When phones attack What does this mean? Mobile devices can be used to attack computers on the local network via a Wi-Fi connection

52 When phones attack Why stop there? If an app on a phone can cause a windows machine to crash, what else could it do?

53 Mobile Technology Hacking a computer

54 Purpose of this attack Test 4 Create a malicious app that could take over a desktop computer App would be designed to look like Wi-Fi speed tester Because app only requires permission i to access network via Wi-Fi, the only permission required will be expected by user

55 When phones attack Can this really be done? Video

56 56

57 When phones attack What just happened?

58 When phones attack 58

59 When phones attack Mobile device port scans network for vulnerable systems 59

60 When phones attack App finds a computer vulnerable to RPD MS exploit

61 When phones attack App installs malware on vulnerable system

62 When phones attack Mobile device no longer required to exploit system

63 When phones attack Mobile device no longer required to exploit system

64 When phones attack Exploited computer connects to hacker server allowing remote communication

65 When phones attack Hacker site uploads additional tools and sends commands for exploited computer to execute

66 When phones attack How bad is it? Complete compromise of any un-patched systems on network Internal networks often less secure then external facing networks Remote access with the ability to install and execute code Ability to record the screen, webcam and keyboard entries Full access to contents on the hard drive and launch point for additional network attacks

67 When phones attack What does this mean? If you allow mobile devices on your network, they can put your entire network at risk

68 When phones attack Just how bad could it get?

69 Mobile Technology Automated hacking

70 Automated hacking Many of the new attacks are focused on exploiting vulnerabilities in the browser IT security staff will often place desktops behind proxy servers designed d to protect t against viruses and other outside attacks Adobe Acrobat and Flash exploits Internal desktops and servers are often missing critical patches

71 Automated hacking If a hacker is on the internal network, they could exploit these vulnerabilities Mobile devices give hackers the ability to bypass firewall protection ti Malware placed on system designed to automate an attack could cause serious damage

72 Targeting corporate America Test 4 Steal complete financial institution member database Video

73 73

74 What is at risk? Complete download of ALL customer information Name Address Phone Number Birthday Social Security Number Account Number Mothers Maiden Name Debit / Credit Card number & Exp Financial Institution IP address

75 What does this mean? Hackers can attack your organization without even knowing you exist via malicious i apps Your network can be hacked and all confidential data on the database stolen in minutes Hackers can attack your network while not at their computers When the attack is over, your network shows no obvious signs a breach took place

76 Conservative damages estimate 2% of 16,000 = 320 financial institutions exploited 10, members / customers at a financial institution $ stolen from each member / customer Calculation: 320*10,000*100 = Total Damages: $320,000,000

77 Your future Manual hacking is an outdated practice Organization attacks will become fully automated What used to take days or months will now take just minutes BYOD bypassed firewall and places hackers directly on internal network

78 What can you do? Awareness Training / Education Comprehensive Security Policies Limit Internet Access Monitor Network Risks / Vulnerabilities Personal Firewalls, Anti Virus Intrusion Detection / Prevention

79 What can you do? Even if the application has been downloaded / installed dthousands of ftimes, itd doesn t guarantee it s secure When in doubt, don t install the application Patch all computers on local network, even computers that generally do not connect to the Internet

80 Mobile Technology Dangers of Wireless access points

81 Wireless access points Wireless access points are everywhere Hotels Airports Coffee Shops Malls Parks Apartments Business complexes Some are free, some charge

82 Wireless access points People seem focused on one security of the device itself Insecure Access points Flaws in wep Launch point for malicious attacks Easy to attack home users Easy to monitor traffic on local networks

83 Wireless access points There are other security concerns that are often overlooked Gaining access to confidential information through wireless Video

84 84

85 Wireless access points Other risks beyond just credit card Many mobile apps do not verify SSL connections or even communicate securely Used to monitor all transactions Record Passwords Online Banking Purchases

86 What can you do? Awareness training Be careful what apps you use while on insecure wireless access points When in doubt, use carrier service instead of Wi-Fi

87 Manage BYOD Risk Top 5 Issues

88 Manage BYOD Risk Issue 1: Users installing unapproved apps Organizations need to designate approved apps Apps that store login credentials on cloud sites need security review of the cloud provider Be very suspicious about apps from unofficial sources, which is relatively easy to enable on most Android devices Most Mobile Device Management (MDM) platforms let you publish a list of approved apps to devices, restricting users from installing any app they like

89 Manage BYOD Risk Issue 2: Users sharing devices Strict polices should be implemented that prohibit sharing devices. Often parents will share tablets with their kids. Never assume the device connecting to the network is being operated by the approved user. Approve only by login credentials, not hardware. MAC address can be spoofed

90 Manage BYOD Risk Issue 3: Browsing malicious web sites People forget that phisihng scams can happen through mobile devices Criminals target mobile devices via and txt messages with the goal of gaining i login credentials MDM platforms support whitelisting approved websites or implementing more advanced anti-phishing filters Mobile devices required to connect through corporate VPNs can also be limited through web proxy servers

91 Manage BYOD Risk Issue 4: Users losing devices & employees quitting Make sure you have a defined procedure in place when a device is lost or stolen or an employee quits MDM solutions can quickly wipe devices remotely Apple s icloud can also be used to wipe devices remotely Android requires third party apps for remote wipe

92 Manage BYOD Risk Issue 5: Network monitoring When users use public networks, the information passed on their phones could be monitored Employees should only connect to corporate wi-fi access points and those that they directly control Some MDM solutions can be setup to block wi-fi access

93 In the end

94 In the end Mobile devices will continue to become more integrated into the work place Organizations need to make sure they are conducting risk assessments, creating policies i and auditing their procedures to ensure their networks remain secure Because mobile technology is rapidly changing, organizations should have scheduled reviews of the existing policies to make sure they remain relevant and effective

95 In the end Every organization must deal with Governance, Risk and Compliance (GRC) If you have not properly defined the risk in your organization, it is impossible ibl to understand d the controls required to protect your most valuable assets If your not continually updating and redefining the risks as your organization changes, you will fail at managing your security Without a centralized solution, maintaining all aspects of the GRC program is unlikely

96 GRC Simplified - Need a self-contained solution that integrates all functional areas necessary to manage an on-going risk-based information security program Risk Policy Vulnerability Training Vendor Audit Compliance Incident Response Business Impact tanalysis Business Continuity Planning Process Reporting

97 GRC Simplified - Need a self-contained solution that integrates all functional areas necessary to manage an on-going risk-based information security program Risk Policy Vulnerability Training Vendor Audit Compliance Incident Response Business Impact tanalysis Business Continuity Planning Process Reporting

98 TraceSecurity Inc. Comprehensive Security Assessments Risk Assessments Penetration Testing IT Audits Vendor Management Comprehensive Regulation Compliance Review Online Banking Application Testing Remote and Onsite Social Engineering Policy Development and Review Training (Onsite / Online) Employee & Customer twitter.com/tracesecurity twitter.com/jimstickley

99 99

100 Security Education Solution Enjoyed this presentation? The Stickley on Security online training solution allows you to bring Stickley to your organization and customers through comprehensive online security training i videos. Visit to learn more!

101 The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit com To invite Jim Stickley to speak at your next event, him at or call his cell at

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

Best Practices: Corporate Online Banking Security

Best Practices: Corporate Online Banking Security Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Security guide. small businesses and freelancers. Security guide 1

Security guide. small businesses and freelancers. Security guide 1 Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning

More information

MOBILE SECURITY: DON T FENCE ME IN

MOBILE SECURITY: DON T FENCE ME IN MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

Norton Mobile Security: How It Works

Norton Mobile Security: How It Works Norton Mobile Security: How It Works Table Of Contents Norton Mobile Features Buddy List...3 Call & Text Blocker...5 Sim Card Lock...6 Antiphishing Web Protection...7 Download Threat Protection...8 Mobile

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Use Bring-Your-Own-Device Programs Securely

Use Bring-Your-Own-Device Programs Securely Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out

More information

What you need to know to keep your computer safe on the Internet

What you need to know to keep your computer safe on the Internet What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Security Best Practices for Mobile Devices

Security Best Practices for Mobile Devices Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops)

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) 1. Purpose Banner encourages the business use of Mobile Devices by employees as productivity enhancement tools. The purpose of this

More information

General Security Best Practices

General Security Best Practices General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Sophistication of attacks will keep improving, especially APT and zero-day exploits FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

More information

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if

More information

Exactly the Same, but Different

Exactly the Same, but Different Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0 Agenda Define Mobile Device Security o o Similarities Differences Things you Should

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Are You A Sitting Duck?

Are You A Sitting Duck? The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

Are free Android virus scanners any good?

Are free Android virus scanners any good? Authors: Hendrik Pilz, Steffen Schindler Published: 10. November 2011 Version: 1.1 Copyright 2011 AV-TEST GmbH. All rights reserved. Postal address: Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0)

More information

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

FSOEP Web Banking & Fraud: Corporate Treasury Attacks FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

Tutorial on Smartphone Security

Tutorial on Smartphone Security Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security

More information

EndUser Protection. Peter Skondro. Sophos

EndUser Protection. Peter Skondro. Sophos EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application

More information

Cyber Exploits: Improving Defenses Against Penetration Attempts

Cyber Exploits: Improving Defenses Against Penetration Attempts Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information

File Management. Digital Skills Training for Jobseekers

File Management. Digital Skills Training for Jobseekers File Management Digital Skills Training for Jobseekers Goals for the class Learn the hardware components Learn what operating systems and software do How to create, move, rename and delete files and folders

More information

Enterprise Security with mobilecho

Enterprise Security with mobilecho Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

BYOD and Your Business

BYOD and Your Business BYOD and Your Business Learn about the BYOD trend, the risks associated with this trend, and how to successfully adopt BYOD while securing your network. Agenda The rise of BYOD Security risks associated

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

Meet Drive. Find your files easily with Drive, and keep all your documents safe and secure.

Meet Drive. Find your files easily with Drive, and keep all your documents safe and secure. Meet Drive With Google Drive, you can store your files in the cloud, share them with your team members or external partners, and access the files from anywhere. Find your files easily with Drive, and keep

More information

Additional Security Considerations and Controls for Virtual Private Networks

Additional Security Considerations and Controls for Virtual Private Networks CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Security Awareness. ITS Security Training. Fall 2015

Security Awareness. ITS Security Training. Fall 2015 Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data

More information

Reviewer s Guide Kaspersky Internet Security for Mac

Reviewer s Guide Kaspersky Internet Security for Mac Reviewer s Guide Kaspersky Internet Security for Mac 1 Protection for Mac OS X The main window shows all key features such as Scan, Update, Safe Money, and Parental Control in a single place. The current

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5 User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

Spring Hill State Bank Mobile Banking FAQs

Spring Hill State Bank Mobile Banking FAQs Spring Hill State Bank Mobile Banking FAQs What is Mobile Banking? Mobile Banking enables you to access your account information using the Bank online banking website. You must first be enrolled as an

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

Mobile Device Deployments-The Security Dangers of Technology on the Go

Mobile Device Deployments-The Security Dangers of Technology on the Go Mobile Device Deployments-The Security Dangers of Technology on the Go Presented by Mark Bell, PMP, CISSP, CISA, CHSS OM03 Friday, 10/25/2013 3:45 PM - 5:00 PM Mobile Device Deployments Is Your Organization

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

The 10 myths of safe web browsing

The 10 myths of safe web browsing Are you suffering from misconceptions about safe web browsing? You might think you re being safe, but with a newly infected webpage discovered every few seconds, it s next to impossible to stay up to date

More information

Security Statement. I. Secure Your PC

Security Statement. I. Secure Your PC Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

Your Digital Dollars Online & Mobile Banking

Your Digital Dollars Online & Mobile Banking Your Digital Dollars Online & Mobile Banking There are a lot of benefits to being able to bank or make payments from just about anywhere, but it s important to know how to do these things safely. Understanding

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions. Internet Quick Start Guide Get the most out of your Midco internet service with these handy instructions. 1 Contents Internet Security................................................................ 4

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

TMCEC CYBER SECURITY TRAINING

TMCEC CYBER SECURITY TRAINING 1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.

More information

ANDRA ZAHARIA MARCOM MANAGER

ANDRA ZAHARIA MARCOM MANAGER 10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal

More information

Mac OS X Security Checklist:

Mac OS X Security Checklist: Mac OS X Security Checklist: Implementing the Center for Internet Security Benchmark for OS X Recommendations for securing Mac OS X The Center for Internet Security (CIS) benchmark for OS X is widely regarded

More information