Cos30015 and cos80013security it and internet

This preview shows page 10 - 15 out of 26 pages.

COS30015 and COS80013Security Aug-17 10 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 19 Slide 20 Credit card skimmers Used in some restaurants Extra hardware or built into EFTPOS terminals. - the-one-trick-to-use-to-protect-yourself#.kPPSP9dW5 See carder forums, Google “CVV2 dumps” Hardware made in China, South America for export. • Read Kingpin , Kevin Poulsen, Hachete (2011) IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 10

Subscribe to view the full document.

COS30015 and COS80013Security Aug-17 11 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 21 Slide 22 Air-gap security The idea is to prevent all forms on network intrusion. Only method of access is by physical access. RF, wi-fi – Screened rooms Lots of doors, locks, guards, dogs, monitoring (cameras, logs) Data ingress by keyboard (best) or CD-ROM (read- only) or USB (worst) Data egress is by screen (eyes only), print-out, blank CD-R (burnable), USB (worst) IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 11
COS30015 and COS80013Security Aug-17 12 Semi-Air-Gap • Used when monitoring critical infrastructure systems – Nuclear power – Dams – Gas – One-way network card LED -> phototransistor No return path Use non-handshake protocols No feedback, NACK, RST available Slide 23 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 24 Air gap failures Many examples: US Drones catch malware – Malware infection via USB • Stuxnet – Malware infection by USB Bradley Manning / Wikileaks – Videos burned to “Lady Ga Ga” CD-R Social engineering to gain access – Read any of Kevin Mitnick’s books IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 12

Subscribe to view the full document.

COS30015 and COS80013Security Aug-17 13 Bypassing Air Gap: Through-glass transfer ( ) TCP/IP through physical access only. Exfiltrate with text, QR (record screen with a camera). Infiltrate commands through a USB keyboard simulator. IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne Slide 25 ough-glass-transfer---ted-says-this- can-t-end-well Coffee time? Slide 26 IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne
Image of page 13
COS30015 and COS80013Security Aug-17 14 Slide 27 Social engineering! A lot of sensitive information can be obtained without the use of a computer. A hacker with good social skills can discover user names, passwords, software versions and other useful information just by asking a few questions at the right time and place. Even a socially inept hacker can use dumpster diving and shoulder surfing to create a profile of a target user, and then use phone calls to fill in the gaps.
Image of page 14

Subscribe to view the full document.

Image of page 15
You've reached the end of this preview.
  • One '17
  • Dr James Hamlyn-Harris

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern