Online Security

© 2007 NetSol Technologies, Inc. All rights reserved 1

Session TwoOnline Security, Threats &

Countermeasures

© 2007 NetSol Technologies, Inc. All rights reserved 2

Online Security, Threats & Countermeasures E-Mails Messengers Communities Maps / GPS

3

Preventing Password from Hacking

© 2007 NetSol Technologies, Inc. All rights reserved 4

Preventing Password from Hacking

Your password should be like your Toothbrush, how?

Choose a good password Use the password everyday Don’t share your password with anyone Change your password regularly

© 2007 NetSol Technologies, Inc. All rights reserved 5

Preventing Password from Hacking (Cont…) Attacks

Brute Force AttacksDictionary AttacksPassword GuessingScriptsMan-in-the-middle attacksSocial EngineeringShoulder Surfing / Video RecordingSpy-ware/Key LoggersKeyboard Interceptor

© 2007 NetSol Technologies, Inc. All rights reserved 6

Preventing Password from Hacking (Cont…)Controls which should be managed properly:

Length Legibility Life Last passwords’ history Limited attempts Lockout duration Log of failed attempts Limited Login time Logon banner Last username Last successful logon

© 2007 NetSol Technologies, Inc. All rights reserved 7

Preventing Password from Hacking (Cont…)Password/Pin should include: Upper-and lowercase letters Numbers (e.g. replace s with 5) And special characters (e.g. replace a with @) More words or first letter of each word of sentencePassword/Pin should NOT be: User Name/mother’s name Country / City Name etc. Date/year of birth Digits of Phone No. Dictionary Words Saved/Written anywhereShould be different for different accounts

© 2007 NetSol Technologies, Inc. All rights reserved 8

Preventing Password from Hacking(Cont…) Protocols sending password as plain text:

File Transfer Protocol (FTP) Password Authentication Protocol (PAP)

Sites accepting password as plain text? Which don’t offer SSL protocol

How can we know about SSL protocol? Yellow Lock icon on browser

Hacker Profiling Project (HPP) isecom.org

9

Avoiding Viruses & Worms

© 2007 NetSol Technologies, Inc. All rights reserved 10

Avoiding Viruses & Worms

Prevention is better than cure Vaccination. Vaccine?

E.g. Antivirus program

© 2007 NetSol Technologies, Inc. All rights reserved 11

Avoiding Viruses & Worms (Cont...)

Types of Malicious Code: Viruses Worms Trojan Horses Hoaxes Logic Bombs Malicious Applets Trap Doors Hidden Code DOS Attacks Zombies / BotNets

© 2007 NetSol Technologies, Inc. All rights reserved 12

Trojan Horse

© 2007 NetSol Technologies, Inc. All rights reserved 13

Avoiding Viruses & Worms (Cont...)

Sources of Viruses & Worms Removable Medium Local Area Networks World Wide Web Wireless Network E-mail File Sharing

© 2007 NetSol Technologies, Inc. All rights reserved 14

Avoiding Viruses & Worms (Cont...)

Preventive Measures Keep removable medium Read-only Permissions of shared media Lock Hard Disk Boot Sector (from BIOS) Admin mode vs. normal user mode Software Firewall Backup Periodically

© 2007 NetSol Technologies, Inc. All rights reserved 15

Avoiding Viruses & Worms (Cont...)

Preventive Measures for Mobile Phones: Sure about the consequences of ‘Yes’ btn. Destroy unknown MMS messages Unknown Bluetooth Connections

© 2007 NetSol Technologies, Inc. All rights reserved 16Source: http://www.antiphishing.org

© 2007 NetSol Technologies, Inc. All rights reserved 17Source: http://www.antiphishing.org

© 2007 NetSol Technologies, Inc. All rights reserved 18

Avoiding Viruses & Worms (Cont...)

Preventive Measures for E-mail & WWW Spoofed e-mail address Unexpected attachments .exe, .com, .cmd, .vbs, .js, .scr, .bat, .reg etc. attachments Macros of documents “amazon.com/skdjfhskjdfskgf/ws” and

“amazon.com.skdjfhskjdfskgf.ws” DNS Poisoning Multilingual domain name. MSN.com, ΜSΝ.com

© 2007 NetSol Technologies, Inc. All rights reserved 19

Avoiding Viruses & Worms (Cont...)Multilingual

© 2007 NetSol Technologies, Inc. All rights reserved 20

© 2007 NetSol Technologies, Inc. All rights reserved 21

Antivirus Types

Signature based Behavior based Software based Hardware based

22

Protecting Identity

© 2007 NetSol Technologies, Inc. All rights reserved 23

Protecting Identity

© 2007 NetSol Technologies, Inc. All rights reserved 24

Protecting Identity (Cont…)

© 2007 NetSol Technologies, Inc. All rights reserved 25

Protecting Identity (Cont…)

© 2007 NetSol Technologies, Inc. All rights reserved 26

Protecting Identity (Cont…)

© 2007 NetSol Technologies, Inc. All rights reserved 27

Protecting Identity (Cont…) Disclosing your Account/Credit Card (CC) Info.

on e-mail / Phone Debit card v. Credit card for E-payment Photocopies of Cards Use CC Only with “yellow lock” website Keep your CC/ATM receipts Mother’s maiden name Selling your computer/mobile Having used computer/mobile

© 2007 NetSol Technologies, Inc. All rights reserved 28

Protecting Identity (Cont…)

CC with photo CC Statement Security Your Letterbox Shred, to avoid dumpster diving Warnings/information by the Browser Websites of illegal software / cracks etc. Cracked / Illegally patched software Phishing

© 2007 NetSol Technologies, Inc. All rights reserved 29

Guidelines by SBP (7 pages)

Source: http://www.sbp.org.pk/psd/2006/CardHolders_Guide_URDU.pdf

© 2007 NetSol Technologies, Inc. All rights reserved 30

© 2007 NetSol Technologies, Inc. All rights reserved 31

© 2007 NetSol Technologies, Inc. All rights reserved 32

© 2007 NetSol Technologies, Inc. All rights reserved 33Source: http://www.antiphishing.org

© 2007 NetSol Technologies, Inc. All rights reserved 34Source: http://www.antiphishing.org

© 2007 NetSol Technologies, Inc. All rights reserved 35

Most Targeted Industry Sectors

Source: http://www.antiphishing.org

© 2007 NetSol Technologies, Inc. All rights reserved 36

Protecting Identity (Cont…)

Aprox.10 million Identity thefts/year in USA 19 people/minute Becoming no.1 crime after drug trafficking Left in cabs of London during 6 months:

4973 Laptops5939 Pocket PCs.63135 Mobile phones

Source: East California University, www.ecu.edu

© 2007 NetSol Technologies, Inc. All rights reserved 37

Protecting Identity (Cont…)

Technical Countermeasures: Encryption Digital certificate, Pvt. Pub. Key pair Authenticity of Identity Digital Signature Secure Private Key Two factor authentication Secure Socket Layer (SSL)

© 2007 NetSol Technologies, Inc. All rights reserved 38

© 2007 NetSol Technologies, Inc. All rights reserved 39

© 2007 NetSol Technologies, Inc. All rights reserved 40

© 2007 NetSol Technologies, Inc. All rights reserved 41

Protecting Identity (Cont…)

Frauds: Certificate issued by an un trusted party Expired Certificate Certificate of someone else’s Site

© 2007 NetSol Technologies, Inc. All rights reserved 42

© 2007 NetSol Technologies, Inc. All rights reserved 43

© 2007 NetSol Technologies, Inc. All rights reserved 44

© 2007 NetSol Technologies, Inc. All rights reserved 45

Protecting Identity (Cont…)

© 2007 NetSol Technologies, Inc. All rights reserved 46

?

© 2007 NetSol Technologies, Inc. All rights reserved 47

Thank You