Cybercrime: - PowerPoint PPT Presentation

1 / 62
About This Presentation
Title:

Cybercrime:

Description:

????????????????????????????????????????. ????????????????????(ThaiCERT) ... Backdoor. Bluebug activate phone to initiate call or send/read SMS ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 63
Provided by: NL62
Category:

less

Transcript and Presenter's Notes

Title: Cybercrime:


1

Cybercrime ????????????????????????
????????? ??.????? ???????????? ?????????????????
??????????????????????? ????????????????????(ThaiC
ERT) ?????????????????????????????????????????????
?????
  • THNIC
  • 8/3/07

2
???????????????
  • ???????????????????????????????????????????????
  • ??????????????????????????????????????? IT
    Security ????????????????
  • ??????????????????????????????????????????????????
    ??????????????????????

3
???????????????????????????????????
  • ??????????????????????????????????????????????????
    ??????????????????????????????????
    ??????????????????????????????????
    ??????????????????????????????????????????????????
    ????
  • ??????????????????????????????????????????????
    ????????????????????? ???????????????????????????
    ????????????????? ?????????????????????????????
    ????????
  • ?????????????????????????????????????????????????
    ??????????????????? ???? ??????????????????????
    ??????????????? ????
  • ?????????????? (V.D.O on Demand)
  • ???????? (IP-TV)
  • ???????????? (E-Learning)
  • Wi-max
  • ?????????????????????????????????????

4
FBI Cybersecurity is priority No.3
5
Security technologies used by your organization
6
Which types of computer security incidents has
your organization detected within the last 12
months?
7
Has your organizationexperienced unauthorized
access to computer systems within the last 12
months?
8
What approximate dollar cost would you assign to
the following types of incidents within the last
12 months?
9
If your organization has experienced a computer
security incident within the last 12 months,
which actions did your organization take?
10
?????????????????????
11
?????????????????????????????
12
??????????????????
13
DSI
14
CIA
15
www.cabinet-thaigov.go.th
16
A-net, O-net.and NO-NET
17
???????????????
  • ???????????????????????????????????????????????
  • ??????????????????????????????????????? IT
    Security ????????????????
  • ??????????????????????????????????????????????????
    ??????????????????????

18
?????????? mail
19
?????????? mail
20
PHISHING
  • ??? ????????????????????????????????-???? (Email
    Spoofing)
  • ?????????????????????? ???????????????????????????
    ??????-???????????????????????????????????????????
    ????????????

21
?????? 1 ??????????-?????????????????????????????
Citibank ???????????????????????????????
???????????? link ??????????
22
?????? 2 ??????????????????????? Citibank ???
link ???????????? ??-????????????????????
?????????????
23
?????? 3 ?????????????????????????????????????????
???????????????????????????
24
?????? 4 ???????????? pop-up ???????????????
Citibank
25
?????? 6 ?????????????????????????????????????????
????????????
26
??????????????
27
??????????????
28
Google Best Friend of Hacker
  • http//www.linuxexposed.com/Articles/Hacking/Googl
    e-A-Hackers-Best-Friend.html
  • Google ??????????????
  • ????????????????
  • Email addresses
  • ????????????????????????????????????
  • ?????? ???????????????????????????????????????

29
"???" filetypexls
30
Wireless Technologies Big Picture
Satellite Network
Internet Backbone
  • Wireless Metropolitan Area Network (WMAN)
  • WiMAX
  • 2G,3G Cellular Network
  • GSM, GPRS, WCDMA, cdma2000
  • Wireless Local Area Network (WLAN)
  • Wi-Fi
  • Wireless Personal Area Network (WPAN)
  • Bluetooth, Zigbee

31
Wi-Fi Security Trends
  • Wi-Fi todays trend for wireless internet access
  • Home, SME
  • Private and Government Enterprises
  • Universities
  • Public hotspots (i.e., hotels, airports, coffee
    shops)
  • Most Wi-Fi installations are insecure

32
Wi-Fi Security Why it matter?
  • International concerns
  • Access point ? Wireless Hub
  • Difficult to trace attackers
  • Low cost hacking equipment
  • Typical insecure WLAN deployments
  • Lack of user/admin security awareness
  • Technology limitations vulnerabilities

33
Wi-Fi Security Threats
  • Unauthorized access
  • Data sniffing
  • Denial of service
  • Man-in-the-middle attack

34
Bluetooth Security Threats
  • Bluetooth is designed to offer cable replacement
    in a short range (i.e., Hand-free, Earphone)
  • Threats
  • SNARF unauthorized access through bluetooth to
    steal personal information
  • Backdoor
  • Bluebug activate phone to initiate call or
    send/read SMS
  • Solutions Patch the system, Close Bluetooth when
    not use.

35
???????????????
  • ???????????????????????????????????????????????
  • ??????????????????????????????????????? IT
    Security ????????????????
  • ??????????????????????????????????????????????????
    ??????????????????????

36
?????????????????????????????????????????????????
??????????????????????????????????????????????????
????????????? 8 ????? ??????
  • 1) ?????????? ??????? ???????????????????
  • 2) ?????????????? ????? ??? ?????
  • 3) ???????????? ??????? ????????? ????????????
    ?????????????
  • 4) ???????????? ????????? ????? ???????????????
  • 5) ??????????????????? ????????????????????????
  • 6) ????????????????????????
  • 7) ???????????????????????
  • 8) ????????????????? ?????????????????????????????
    ????

37
??????????????
  • ?????????????????????????
  • ?????????????????????????????? 10,000 ?? Low
  • ?????????????????????? 10,000 - 100,000 ??
    Moderate
  • ????????????????????????????? 100,000 ?? High
  • ???????????????????????????????????????????
  • ???????????????????????????????? ???????????? Low
  • ?????????? ???? ???? 1 ?? ???????????? Moderate
  • ????????????????? 1 ?? ???????????? High
  • ??????????????????????????????????????????
  • ????????????????????????????????????? 1 ???????
    ???????????? Low
  • ?????????????????????????????????????? ?????? 1
    100 ??????? ???????????? Moderate
  • ??????????????????????????????????????? 100
    ??????? ???????????? High
  • ??????????????????????????????????????????????????
    ??????
  • ???? ???????????????????????? Impact ??? 3
    parameter ???

38
  • ???????????????????????????????????
  • ????????????????????

39
???????????????????????????????????
  • ????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ??????????????????????????????????????????
    ??????????????????????????????????????????????????
    ???????? ???? ????????????????????????????????????
    ??????????????????????????????????????????????????
    ????????????????? ?????????????????
    ????????????????? ????? ??????????????????????????
    ?????????????????????????? ???????????????????????
    ??????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ????????????????? ????????????????????????????????
    ??????????????????????????????????????????????????
    ??????????????

40
???
41
???????????????????????????? (??????)
?????????????????????????????????????????? ?.?.
....
  • ?????????????????????????????
  • ????????????????? ????? 1
  • ???????????? ????? 2
  • ?????????????????? ????? 3
  • ??????????? ????? 4
  • ?????????????????????????????????????????? ????
    ? 5
  • ??????? ????? 6
  • ??????????? ????? 7
  • ???????????????????????????????????????
    ????? 8
  • ?????????????????? ????? 9
  • ???????????????????????????????????
    Critical Infrastructure ????? 10

42
??????????????????????????????????????????????
(??????) ?????????????????????????????????????????
? ?.?. ....
  • ????? 5 ????????????????????????????????????????
    ??
  • ???????????????????????????????????????
    ???????????????????????????????
    ??????????????????????????????????????????????????
    ???????????? ??????? ???????????????
    ??????????????????????????????????
    ??????????????????????????????????????????????????
    ?????? ?????????????????????

43
??????????????????????????????????????????????
(??????) ?????????????????????????????????????????
? ?.?. ....
  • ????? 7 ???????????
  • ????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ???????? (??????) ??????? ???????????????????????
    ?????????????????????????????????? ??????????? 7
    ????? ?????????????????????? ???????? ????? 8
    ??????????????????????????????????????????????????
    ?? ???????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ? ??????
  • ??????????????????? (Confidentiality )
    ??????????????????????????????????????????????????
    ?????????????????????????
  • ??????????????????? (Data Integrity)
    ??????????????????????????????????????????????????
    ?????????????????????????????????????????
  • ????????????????????????????????????????????????
    (Availability )

44
??????????????????????????????????????????????
(??????) ?????????????????????????????????????????
? ?.?. ....
  • ????? 8 ???????????????????????????????????????
  • ???????????????????????????????????????????????
    ???????????????????14?????? ????
    ??????????????????????????????????????????????????
    ?????????????????????????????????????????????????
    ??????????????????????????????????????????????????
    ??????????????????????????????????????????
    ???????????????????????????????????????
    ??????????????????????????????????????

45
????? 8 ???????????????????????????????????????
(1/2)
  • (1) ????????????????????????????????????????????
    ?? (Security policy) (2) ????????????????????????
    ???????????????????????? ?????????????????????????
    ???????????????????????????????????????
    ??????????????? (Organisation of Information
    Security)
  • (3) ????????????????????????????????? (Asset
    Management) (4) ????????????????????????????????
    ???????????????? (Human resources security)
  • (5) ????????????????????????????????????????????
    ???? (Physical security)
  • (6) ????????????????????????????????????????????
    ??????????????????????????????????????????
    (Information system security)
  • (7) ????????????????????????????????????????????
    ????????????????????????????? (Communications and
    Operations Management)

46
????? 8 ???????????????????????????????????????
(2/2)
  • (8) ??????????????????? (Access Control)
  • (9) ???????? ???????? ??????????????????????????
    ?? (10) ?????????????????????????????????????????
    ????????????????????????????????????????????????
    (Information Security Incident Management)
  • (11) ???????????????????????????????????????????
    ?????????????
  • (?Business Continuity Management)
  • (12) ??????????????????????????????????????????
    (Compliance) (13) ??????????????????????????????
    ????????????????
  • (14) ??????????????????????????????????????
    ?????
  • ????????????????????????????????????????????????
    ???????????????????????????? ?????????????????????
    ????????????????? ????????????????????????????????
    ?????????????????????????

47
??????????????????????????????????????????????
(??????) ?????????????????????????????????????????
? ?.?. ....
  • ????? 9 ??????????????????
  • ???????????????????????????????????????????????
    ???????????????????????? 8 ??????????????????????
    ??????????????????????????????????????????????????
    ??????????????????????????????????
    ?????????????????????????????????????????
    ????????????????????????????????????????????????
    ?????????????? ISO 27001 ?????????????????????????
    ??????

48
??????????????????????????????????????????????
(??????) ?????????????????????????????????????????
? ?.?. ....
  • ????? 10 ???????????????????????????????????
    Critical Infrastructure
  • ??????????????????????????????????????????
    ?????????????????????? ???????????????????????????
    ????????????????????????????? 3 ????? ????????
    ???????? ????????? ??????????????
    ???????????????????? 4 ???? ??????
  • ?????????????????????????????
  • ???????????????????????????????????????????
  • ??????????????????????????????????????????
  • ??????????????????????????????????????????????????
    ??????
  • ???????????????????? Rating ????????????????????
    ?????????????????????????????????????????(Critical
    Infrastructure) ???????? ???????????????
    ??????????????? ????????????????????????? ???.
    ????? (?????) ??????? ???????????????????????????
    ??????????????????????????????????????????????????
    ?????????????????

49
Security ?????????????? ?
  • ???????????????? (Confidentiality)
  • ??????????????????????????? (Integrity)
  • ?????????????????? (Availability)
  • ????????????????? (Authentication)
  • ???????????????????????????????? (Authorization)
  • ????????????????????????????? (Non repudiation)

50
????????????????????????? ????????????????????????
???????
T
Technology
P
Process
P
People
51
Causes of Security Problem
  • Technology
  • Lack of security feature
  • Bug, hole, no patch
  • No standard
  • Hard to up-to-date
  • Process
  • Design for security
  • Role Responsibility
  • Audit, track
  • Disaster plans
  • Stay up-to-date
  • People
  • Lack of knowledge
  • Lack of commitment
  • Lack of good communication
  • Human error

52
?????????????
Firewall
Web-server
Database for binders (ODBC, JDBC, ADO, SQLNet)
Firewall
Web-application
Web Server IIS Netscape Apache
JSP
ASP
Web browser
Perl
C/C
53
Information Security Big Picture
y
t
i
l
a
I
i
n
t
t
n
e
e
g
d
r
i
i
f
t
n
y
ASSETS
o
C
Availability
54
????????? ?????????? ????????????
vulnerabilities
  • ???????????????????

????????????????????????
Treats
Treats
????????????????????????
??????????????????????
vulnerabilities
55
?????????????????????????????????????????????????
????????????(statement of applicable)
?????????????????? X
C.1.1 C.2.1 C.3.1 C.4.1 C.10.1 C.11.1 C.12.1
A.1.1 A.2.1 A.3.1 A.4.1 A.5.1 A.6.1 A.7.1 A.8.1 A.
9.1 A.10.1 A.11.1 A.12.1
B.1.1 B.6.1 B.7.1 B.8.1 B.9.1
A
???????(vulnerabilities)
B
C
?????????(threats)
56
????????????????
  • ??????????????? Security
  • ???????????????????????????? Security
  • ?????????????????? ??????? Security
  • ???????????????????????????????? Security

57
???????? Computer Security Policy ????????
Non-Technical Tool
Tool Availability
Technical Tool
CostPerformance
SecurityPolicy
58
?????????????????????????
CEO
59
??????????????????????? ThaiCERT
Alliances
60
????????? ThaiCERT
61
????????? ThaiCERT
URL http//www.thaicert.org
http//www.thaicert.nectec.or.th E-m
ail thaicert_at_nectec.or.thTelephone
0-2564-6868 Fax 0-2564-6871
62
...??????...
Thank you for your attention.
Write a Comment
User Comments (0)
About PowerShow.com