COS30015 and COS80013Security IT and Internet Security J Hamlyn

Cos30015 and cos80013security it and internet

This preview shows page 10 - 15 out of 26 pages.

COS30015 and COS80013Security Aug-17 10 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 19 Slide 20 Credit card skimmers Used in some restaurants Extra hardware or built into EFTPOS terminals. - the-one-trick-to-use-to-protect-yourself#.kPPSP9dW5 See carder forums, Google “CVV2 dumps” Hardware made in China, South America for export. • Read Kingpin , Kevin Poulsen, Hachete (2011) IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 10
COS30015 and COS80013Security Aug-17 11 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 21 Slide 22 Air-gap security The idea is to prevent all forms on network intrusion. Only method of access is by physical access. RF, wi-fi – Screened rooms Lots of doors, locks, guards, dogs, monitoring (cameras, logs) Data ingress by keyboard (best) or CD-ROM (read- only) or USB (worst) Data egress is by screen (eyes only), print-out, blank CD-R (burnable), USB (worst) IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 11
COS30015 and COS80013Security Aug-17 12 Semi-Air-Gap • Used when monitoring critical infrastructure systems – Nuclear power – Dams – Gas – One-way network card LED -> phototransistor No return path Use non-handshake protocols No feedback, NACK, RST available Slide 23 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 24 Air gap failures Many examples: US Drones catch malware – Malware infection via USB • Stuxnet – Malware infection by USB Bradley Manning / Wikileaks – Videos burned to “Lady Ga Ga” CD-R Social engineering to gain access – Read any of Kevin Mitnick’s books IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 12
COS30015 and COS80013Security Aug-17 13 Bypassing Air Gap: Through-glass transfer ( ) TCP/IP through physical access only. Exfiltrate with text, QR (record screen with a camera). Infiltrate commands through a USB keyboard simulator. IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 25 ough-glass-transfer---ted-says-this- can-t-end-well Coffee time? Slide 26 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 13
COS30015 and COS80013Security Aug-17 14 Slide 27 Social engineering! A lot of sensitive information can be obtained without the use of a computer. A hacker with good social skills can discover user names, passwords, software versions and other useful information just by asking a few questions at the right time and place. Even a socially inept hacker can use dumpster diving and shoulder surfing to create a profile of a target user, and then use phone calls to fill in the gaps.
Image of page 14
Image of page 15

You've reached the end of your free preview.

Want to read all 26 pages?

  • Three '19

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture