Security: Why do we Care

Transcript

1. Security Overview: Why Do We Care? Presented by Michael Biancardi

   for the UNT Cybersecurity Club

2. What is Security? • Security: “the quality or state of

   being secure, such as: freedom from danger, freedom from fear or anxiety” (Merriam-Webster) • Cybersecurity: “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” (Merriam- Webster) ◦ Alternatively: “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation” (NIST Computer Security Resource Center)

3. CIA Triad • CIA: Confidentiality, Integrity and Availability ◦ Confidentiality:

   “access to information, assets, etc. should be granted only on a need to know basis so that information which is only available to some should not be accessible by everyone” ◦ Integrity: “information is not tampered whenever it travels from source to destination or even stored at rest” ◦ Availability: “make sure that the services of an organization are available” ◦ InfoSec Institute • Non-repudiation is a similarly important concept ◦ “Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information” ◦ NIST CRSC

4. Why Should We Care? • As of 2015, cybercrime had

   cost the world $3 trillion. Additionally, this figure is expected to double by 2021 (Cybercrime Magazine). • More than half of all businesses in the US have reported being hacked (Insurance Journal). • This isn’t just a threat to corporate bottom lines, though. Real, everyday people can be affected. ◦ For instance, in Adobe’s 2013 data breach, over 3 million credit card records and login data for countless users was leaked. ◦ A 2014 eBay data breach leaked over 145 million user’s data, including names, addresses, dates of birth, and hashed passwords. ◦ Equifax’s 2017 hack leaked Social Security Numbers, birth dates, addresses, and some driver’s license numbers for over 147 million customers. ◦ CSO Online

5. Large-Scale Cyber Warfare • While businesses and individuals have historically

   been the targets of cyber attacks, things have escalated into the realm of cyber warfare in recent years. Many of these attacks target critical infrastructure and industrial control systems (ICS). • In a famous attack known as Stuxnet, computers operating nuclear power plants in Iran were targeted and hacked (probably by the US). From there, hackers were able to dismantle the power plant and render it useless (Wired). • A similar attack was conducted on Ukraine’s electricity system (Helpnet Security).

6. Not Just For Security Professionals • While security professionals obviously

   have to think about security, they’re not the only ones. • IT professionals must keep security in mind when setting up systems. ◦ Make sure routers and firewalls are configured properly, make sure user account access is set up securely, etc. • Software developers must keep security in mind when developing software. ◦ Make sure app isn’t vulnerable to SQL injection, XSS attacks, etc. • Everyone else must keep security in mind during day-to-day life. ◦ Anyone can be the victim of phishing and other social engineering attacks. ◦ In fact, humans are probably the weakest link in security (SANS Institute, Treasurers).

7. Domains of Security Different areas of security can be classified

   in different ways. For example, the eight CISSP Domains (InfoSec Institute): 1. Security and Risk Management 2. Asset Security 3. Security Engineering 4. Communications & Network Security 5. Identity & Access Management 6. Security Assessment & Testing 7. Security Operations 8. Software Development Security More Info

8. The Tools We Use • In the world of security,

   we use many different tools. ◦ We use nmap to scan network ports. ◦ We use Wireshark to analyze network traffic. ◦ We use hashcat to crack password hashes. ◦ We write scripts in Python, bash, etc. to automate tasks. ◦ We employ firewalls, IDS’s, IPS’s, etc. to secure our networks. ◦ We use access-control tools like Active Directory to manage user access. • Kali Linux is a Linux distro that comes with many security tools built-in. ◦ It’s common to run this as a VM so you don’t mess up your main OS.

9. Let’s Try Some Tools! • Let’s try an nmap scan.

   We can utilize scanme.nmap.org for practice. ◦ The command ‘nmap scanme.nmap.org’ performs a basic port scan, but there are more sophisticated options. ◦ For instance, the ‘-O’ flag scans for operating system information and the ‘-sV’ scans for version info. ◦ Examples • Let’s crack some password hashes with hashcat. ◦ We’ll be cracking some md5 hashes. ◦ The command ‘hashcat -m 0 -a 0 [target file] [dictionary file]’ will perform a dictionary attack on md5 hashes. ▪ The ‘--force’ option may be necessary. ◦ Hashcat can perform more sophisticated attacks as well. ◦ Hashcat Tutorial

10. What Do You Need To Know? • Security is about

    more than just knowing tools, though. You need to understand the underlying concepts and ideas in order to properly apply these tools. ◦ A general understanding of computers and computer systems is essential. ◦ You need to understand computer networking, how computers communicate. ◦ You should be comfortable with using cryptography. ◦ Knowing some scripting and programming is nice and often times even essential. ◦ Familiarity with databases is very useful. • Hands-on experience will help you tremendously ◦ There are many ways to get hands-on experience even without a security internship or job, like NCL • You also need soft skills; even if you know that something is insecure, you need to be able to communicate that to nontechnical people.

11. (Some) Cybersecurity Job Roles • Security Engineer: Performs security monitoring,

    security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response. Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements. • Penetration Tester: Not only scans for and identifies vulnerabilities, but exploits them to provide hard evidence that they are vulnerabilities. • Security Analyst: Analyzes and assesses vulnerabilities in the infrastructure, investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions. • Jobs also exist in malware analysis, application security, computer forensics, incident response, cryptography, etc. • See here for some more info.

12. Our Plans Moving Forward • Throughout the rest of the

    semester, we will be giving presentations, hosting guest speakers, and leading hands-on activities/demonstrations to help explore the world of cybersecurity and help us all gain some experience. ◦ We’re already in touch with several people from industry who are willing to come in and give talks • Today’s meeting gave a general overview, but we will be digging into more technical details in future meetings.

13. NCL • The National Cyber League, or NCL for short,

    is an online cybersecurity competition designed for students. • Players compete in a Pre-Season competition, an Individual Game, and a Team Game. ◦ Additionally, there is access to a practice “Gymnasium” before the competition begins • Players compete in Open Source Intelligence (OSINT), Log Analysis, Network Traffic Analysis, Cryptography, Scanning and Recon, Wireless Security, Password Cracking, Enumeration & Exploitation, and Web App Security.

14. More About NCL • NCL is a great way to

    get some hands-on security experience and learn more about security. • Challenges range from easy enough for a beginner to rather difficult. • Registration is only $35 and is open until October 2. • The Gymnasium opens September 14, and the Pre-Season begins October 12. • Check out https://nationalcyberleague.org to register and find out more. • Many of us competed last year and found it to be a great experience.

15. Officer Elections Next Week • Next week, we will be

    holding Officer elections. • Anyone may run for an Officer position, provided you meet university requirements regarding GPA, good standing, etc. • In order to run or vote, you must be registered as a member of the club on OrgSync • Officer Positions: ◦ President ◦ Vice President ◦ Treasurer ◦ Event Coordinator ◦ Outreach Manager ◦ Social Media Manager ◦ Webmaster

16. Other Stuff Moving Forward • We recently sent out a

    poll to determine which day and time is best for future meetings. Please fill out the poll if you have not already. ◦ Starting next week, we will likely be changing the meeting day and time based on the poll results. ◦ We will make an announcement about this. • If you have any suggestions of specific topics or activities you’d like to see us cover, feel free to share those with us. • Don’t forget to sign up for NCL!