This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
|
|
- Duane Morrison
- 8 years ago
- Views:
Transcription
1 The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit com To invite Jim Stickley to speak at your next event, him at or call his cell at
2 The Hidden Risks Of Mobile Applications Presented by Jim Stickley
3 Today Android now has over 1 million apps with Apple close behind With the entire world moving to mobile devices, hackers are shifting their focus
4 Mobile Technology Installing malicious apps
5 Hacking mobile technology Applications require permissions to access certain information In many cases the permissions are necessary to allow the application to perform properly While mobile devices will warn you about the permissions i required, do people really pay attention?
6 6
7 7
8 8
9 Purpose of this attack Test 1 See how many people would download and install my app even though it required access to everything Pull address off phone Because Android uses gmail, often multiple address will be added to phone Pull phone number and mobile carrier
10 10
11 11
12 Hacking mobile technology Permissions I required Your Personal Information (Read contact data, Write contact data) Network Communication (Allows the application to accept cloud to device messages from applications service, full internet access) Storage (Modify / Delete SD Storage) Phone Calls (modify phone state, read phone state and identity) System Tools (Automatically start at boot, Prevent phone from sleeping, write sync settings) Your Messages (Read SMS or MMS, Receive SMS, Read Gmail including sending and deleting mail) Services that cost you money (Send SMS Messages)
13 Results Over 1300 downloads in 3 month period Received over addresses Applications remained in contact with my server during this time Never reported as suspicious Never received notice to discontinue application Averaged 3 stars on feedback
14 What does this mean? People are willing to install an app even if the permissions i have access to things not needed d to function properly Often people will not be aware of the permissions required because they scroll off the screen If I wanted to create a malicious app that would need people to allow all permissions, that will not be an issue
15 Mobile Technology Hacking online accounts
16 Hacking online accounts Mobile apps can be designed to manage: , text messages, photos, contacts, etc. Malicious apps could be designed to capture this same data. Could look legitimate to Google and Apple Probably could be used to gain access to online accounts
17 Purpose of this attack Test 2 Using the same app originally created to test permission, modify the app to have the ability to be malicious Attempt to steal online account login credentials (Login & Password) via the app Because the app is now malicious, only test on friends and family
18 Hacking mobile technology User installs Gmail counter app After the app is installed, it simply retrieves addresses from phone and sends them to the hacker
19 Hacking mobile technology What can you do with an address?
20 Hacking mobile technology Hacker sends forgot password and or forgot User ID request to all major online applications using acquired addresses
21 Hacking mobile technology Hacker sends forgot password and or forgot User ID request to all major online applications using acquired addresses
22 Forgot password? RBKYHU
23 Forgot password? RBKYHU
24 Hacking mobile technology Online applications send temporary password or User ID back to address
25 Hacking mobile technology Online applications send temporary password or User ID back to address
26 Hacking mobile technology Mobile App checks for messages from defined d list of online applications
27 Hacking mobile technology Any s that match password requests are forwarded d to hacker
28 Hacking mobile technology Any s that match password requests are forwarded d to hacker
29 Hacking mobile technology
30 Hacking mobile technology ******** ********
31 Hacking mobile technology
32 Hacking mobile technology Hacker now has the login ( address) for the account and a link to a temporary password Problem: Real owner of account might see containing i forgot password request
33 Hacking mobile technology Hacker now has the login ( address) for the account and a link to a temporary password Problem: Real owner of account might see containing i forgot password request
34 Hacking mobile technology Mobile App designed to delete the original i after it forwards to hacker
35 Hacking mobile technology Hacker now has temporary passwords for all accounts Hacker can now login to accounts using address and temporary password Hacker can change settings, order items online, etc. Until real user attempts t to login to hijacked account, hacker has full access
36 Results Loaded malicious app onto 20 mobile devices These people all agreed to let me hack them Able to change the password on over 100 online applications Able to gain access to online banking accounts through multifactor
37 Results Can also be used to gain real passwords
38 38
39 39
40 40
41 How risky is it? Hacker has complete access to Hacker has complete access to text messages Send and receive Hacker has ability to access numerous accounts Hacker has ability to learn your password
42 How risky is it? Extremely important to have unique password at every site Not always easy to remember Simple solution
43 What can you do? Pay attention to permissions Even if the application has been downloaded / installed thousands of times, it doesn t guarantee it s secure When in doubt, don t install the application Password no longer working is a red flag
44 What can you do? How do I know what permissions my apps have? Android Apple
45 Mobile Technology Attacking the network
46 When phones attack Can a mobile device be used for hacking? Android is Linux based Written in Java with all the normal sockets Supports C code Supports native Libraries In theory you could use an Android device for hacking
47 Purpose of this attack Test 3 Crash server on network RDP Remote Code Execution Vulnerability Published March 2012 (MS12-020) Used for remote code execution and denial of service attacks
48 When phones attack Target system Windows 2008 Server Attack software RDPKill4Android Video
49 This is the title text box
50 When phones attack What happened? Android device has access to network via Wi-Fi Android device was able to connect to Windows computer Android device was able to send denial of service code via RDP Windows 2008 server crashed with blue screen
51 When phones attack What does this mean? Mobile devices can be used to attack computers on the local network via a Wi-Fi connection
52 When phones attack Why stop there? If an app on a phone can cause a windows machine to crash, what else could it do?
53 Mobile Technology Hacking a computer
54 Purpose of this attack Test 4 Create a malicious app that could take over a desktop computer App would be designed to look like Wi-Fi speed tester Because app only requires permission i to access network via Wi-Fi, the only permission required will be expected by user
55 When phones attack Can this really be done? Video
56 56
57 When phones attack What just happened?
58 When phones attack 58
59 When phones attack Mobile device port scans network for vulnerable systems 59
60 When phones attack App finds a computer vulnerable to RPD MS exploit
61 When phones attack App installs malware on vulnerable system
62 When phones attack Mobile device no longer required to exploit system
63 When phones attack Mobile device no longer required to exploit system
64 When phones attack Exploited computer connects to hacker server allowing remote communication
65 When phones attack Hacker site uploads additional tools and sends commands for exploited computer to execute
66 When phones attack How bad is it? Complete compromise of any un-patched systems on network Internal networks often less secure then external facing networks Remote access with the ability to install and execute code Ability to record the screen, webcam and keyboard entries Full access to contents on the hard drive and launch point for additional network attacks
67 When phones attack What does this mean? If you allow mobile devices on your network, they can put your entire network at risk
68 When phones attack Just how bad could it get?
69 Mobile Technology Automated hacking
70 Automated hacking Many of the new attacks are focused on exploiting vulnerabilities in the browser IT security staff will often place desktops behind proxy servers designed d to protect t against viruses and other outside attacks Adobe Acrobat and Flash exploits Internal desktops and servers are often missing critical patches
71 Automated hacking If a hacker is on the internal network, they could exploit these vulnerabilities Mobile devices give hackers the ability to bypass firewall protection ti Malware placed on system designed to automate an attack could cause serious damage
72 Targeting corporate America Test 4 Steal complete financial institution member database Video
73 73
74 What is at risk? Complete download of ALL customer information Name Address Phone Number Birthday Social Security Number Account Number Mothers Maiden Name Debit / Credit Card number & Exp Financial Institution IP address
75 What does this mean? Hackers can attack your organization without even knowing you exist via malicious i apps Your network can be hacked and all confidential data on the database stolen in minutes Hackers can attack your network while not at their computers When the attack is over, your network shows no obvious signs a breach took place
76 Conservative damages estimate 2% of 16,000 = 320 financial institutions exploited 10, members / customers at a financial institution $ stolen from each member / customer Calculation: 320*10,000*100 = Total Damages: $320,000,000
77 Your future Manual hacking is an outdated practice Organization attacks will become fully automated What used to take days or months will now take just minutes BYOD bypassed firewall and places hackers directly on internal network
78 What can you do? Awareness Training / Education Comprehensive Security Policies Limit Internet Access Monitor Network Risks / Vulnerabilities Personal Firewalls, Anti Virus Intrusion Detection / Prevention
79 What can you do? Even if the application has been downloaded / installed dthousands of ftimes, itd doesn t guarantee it s secure When in doubt, don t install the application Patch all computers on local network, even computers that generally do not connect to the Internet
80 Mobile Technology Dangers of Wireless access points
81 Wireless access points Wireless access points are everywhere Hotels Airports Coffee Shops Malls Parks Apartments Business complexes Some are free, some charge
82 Wireless access points People seem focused on one security of the device itself Insecure Access points Flaws in wep Launch point for malicious attacks Easy to attack home users Easy to monitor traffic on local networks
83 Wireless access points There are other security concerns that are often overlooked Gaining access to confidential information through wireless Video
84 84
85 Wireless access points Other risks beyond just credit card Many mobile apps do not verify SSL connections or even communicate securely Used to monitor all transactions Record Passwords Online Banking Purchases
86 What can you do? Awareness training Be careful what apps you use while on insecure wireless access points When in doubt, use carrier service instead of Wi-Fi
87 Manage BYOD Risk Top 5 Issues
88 Manage BYOD Risk Issue 1: Users installing unapproved apps Organizations need to designate approved apps Apps that store login credentials on cloud sites need security review of the cloud provider Be very suspicious about apps from unofficial sources, which is relatively easy to enable on most Android devices Most Mobile Device Management (MDM) platforms let you publish a list of approved apps to devices, restricting users from installing any app they like
89 Manage BYOD Risk Issue 2: Users sharing devices Strict polices should be implemented that prohibit sharing devices. Often parents will share tablets with their kids. Never assume the device connecting to the network is being operated by the approved user. Approve only by login credentials, not hardware. MAC address can be spoofed
90 Manage BYOD Risk Issue 3: Browsing malicious web sites People forget that phisihng scams can happen through mobile devices Criminals target mobile devices via and txt messages with the goal of gaining i login credentials MDM platforms support whitelisting approved websites or implementing more advanced anti-phishing filters Mobile devices required to connect through corporate VPNs can also be limited through web proxy servers
91 Manage BYOD Risk Issue 4: Users losing devices & employees quitting Make sure you have a defined procedure in place when a device is lost or stolen or an employee quits MDM solutions can quickly wipe devices remotely Apple s icloud can also be used to wipe devices remotely Android requires third party apps for remote wipe
92 Manage BYOD Risk Issue 5: Network monitoring When users use public networks, the information passed on their phones could be monitored Employees should only connect to corporate wi-fi access points and those that they directly control Some MDM solutions can be setup to block wi-fi access
93 In the end
94 In the end Mobile devices will continue to become more integrated into the work place Organizations need to make sure they are conducting risk assessments, creating policies i and auditing their procedures to ensure their networks remain secure Because mobile technology is rapidly changing, organizations should have scheduled reviews of the existing policies to make sure they remain relevant and effective
95 In the end Every organization must deal with Governance, Risk and Compliance (GRC) If you have not properly defined the risk in your organization, it is impossible ibl to understand d the controls required to protect your most valuable assets If your not continually updating and redefining the risks as your organization changes, you will fail at managing your security Without a centralized solution, maintaining all aspects of the GRC program is unlikely
96 GRC Simplified - Need a self-contained solution that integrates all functional areas necessary to manage an on-going risk-based information security program Risk Policy Vulnerability Training Vendor Audit Compliance Incident Response Business Impact tanalysis Business Continuity Planning Process Reporting
97 GRC Simplified - Need a self-contained solution that integrates all functional areas necessary to manage an on-going risk-based information security program Risk Policy Vulnerability Training Vendor Audit Compliance Incident Response Business Impact tanalysis Business Continuity Planning Process Reporting
98 TraceSecurity Inc. Comprehensive Security Assessments Risk Assessments Penetration Testing IT Audits Vendor Management Comprehensive Regulation Compliance Review Online Banking Application Testing Remote and Onsite Social Engineering Policy Development and Review Training (Onsite / Online) Employee & Customer twitter.com/tracesecurity twitter.com/jimstickley
99 99
100 Security Education Solution Enjoyed this presentation? The Stickley on Security online training solution allows you to bring Stickley to your organization and customers through comprehensive online security training i videos. Visit to learn more!
101 The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit com To invite Jim Stickley to speak at your next event, him at or call his cell at
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationIt s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions
It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationMobile Device Strategy
Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationCyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationAdministrator's Guide
Administrator's Guide Copyright SecureAnywhere Mobile Protection Administrator's Guide November, 2012 2012 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationS E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s
S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More informationExactly the Same, but Different
Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0 Agenda Define Mobile Device Security o o Similarities Differences Things you Should
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationBYOD and Your Business
BYOD and Your Business Learn about the BYOD trend, the risks associated with this trend, and how to successfully adopt BYOD while securing your network. Agenda The rise of BYOD Security risks associated
More informationUse Bring-Your-Own-Device Programs Securely
Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationAre You A Sitting Duck?
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
More informationHow users bypass your security!
How users bypass your security! IT Days Security issues 20 th November 2014 Tom Leclerc, Security Consultant SAGS - Security Audits and Governance Services, a Telindus Security department Classification:
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationSecurity Awareness. ITS Security Training. Fall 2015
Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationHigh Speed Internet - User Guide. Welcome to. your world.
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationEndUser Protection. Peter Skondro. Sophos
EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More information1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5
User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation
More informationFile Management. Digital Skills Training for Jobseekers
File Management Digital Skills Training for Jobseekers Goals for the class Learn the hardware components Learn what operating systems and software do How to create, move, rename and delete files and folders
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationMobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition
Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED 1 Background Traditionally, security has not been a high priority for e-learning; as such content was hosted and only accessible at the
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationAre free Android virus scanners any good?
Authors: Hendrik Pilz, Steffen Schindler Published: 10. November 2011 Version: 1.1 Copyright 2011 AV-TEST GmbH. All rights reserved. Postal address: Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0)
More informationLowanna College 2015 BYOD PROGRAM AGREEMENT. BYOD Program 2015. BYOD Student Agreement/Acceptable Use Policy/Online Services Policy
BYOD Program 2015 BYOD Student Agreement/Acceptable Use Policy/Online Services Policy The student and parent/guardian must carefully read the above contract before signing it. Any questions should be addressed
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationANDRA ZAHARIA MARCOM MANAGER
10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationSECURING YOUR REMOTE DESKTOP CONNECTION
White Paper SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY SECURE REMOTE ACCESS 2015 SecurityMetrics SECURING YOUR REMOTE DESKTOP CONNECTION 1 SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationHow to complete the Secure Internet Site Declaration (SISD) form
1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationPromoting Network Security (A Service Provider Perspective)
Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security
More informationInternet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.
Internet Quick Start Guide Get the most out of your Midco internet service with these handy instructions. 1 Contents Internet Security................................................................ 4
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More informationMobile Device Deployments-The Security Dangers of Technology on the Go
Mobile Device Deployments-The Security Dangers of Technology on the Go Presented by Mark Bell, PMP, CISSP, CISA, CHSS OM03 Friday, 10/25/2013 3:45 PM - 5:00 PM Mobile Device Deployments Is Your Organization
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationThe Incident Response Playbook for Android and ios
SESSION ID: AIR-W03R The Incident Response Playbook for Android and ios Andrew Hoog CEO and Co-founder NowSecure @ahoog42 @NowSecureMobile Andrew Hoog Author of three books Incident Response for Android
More informationEnterprise Security with mobilecho
Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come
More informationMobile Device Management Solution Hexnode MDM
Mobile Device Management Solution Hexnode MDM Frequently Asked Questions www.hexnode.com Frequently Asked Questions How is Hexnode MDM license calculated?...4 Which ports do I need to open for Hexnode
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationDeploying iphone and ipad Mobile Device Management
Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.
More informationFSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationPractical guide for secure Christmas shopping. Navid
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
More information