DIYTP 2009

INTRODUCTION TO CYBERCRIME
AND SECURITY
What is Cybercrime?

Using the Internet to commit a crime.

Identity Theft
Hacking
Viruses
Facilitation of traditional criminal activity
Stalking
Stealing information
Child Pornography
Cybercrime Components

Computers

Cell Phones

PDAs

Game Consoles
High-Profile Cybercrime-
related Cases

TJ Maxx data breach

45 million credit and debit card numbers stolen
Kwame Kilpatrick
Cell phone text messages
BTK Serial Killer
Kevin Mitnick
Computer Security

Confidentiality
Only those authorized to view information

Integrity
Information is correct and hasnt been altered by
unauthorized users or software

Availability
Data is accessible to authorized users
Computer Security

Figure 1.0 CIA Triangle

Computer Security - Threats

Malware
Software that has a malicious purpose
Viruses
Trojan horse
Spyware
Computer Security - Threats

Intrusions
Any attempt to gain unauthorized access to a
system
Cracking
Hacking
Social Engineering
War-driving
Computer Security - Threats

Denial-of-Service (DOS)
Prevention of legitimate access to systems
Also Distributed-Denial-of-Service (DDoS)
Different types:
Ping-of-Death
Teardrop
Smurf
SYN
Computer Security - Threats

Figure 1.1 DoS and DDoS Models

Computer Security - Terminology

People
Hackers
White Hat Good guys. Report hacks/vulnerabilities
to appropriate people.
Black Hat Only interested in personal goals,
regardless of impact.
Gray Hat Somewhere in between.
Computer Security - Terminology

Script Kiddies
Someone that calls themselves a hacker but
really isnt

Ethical Hacker
Someone hired to hack a system to find
vulnerabilities and report on them.
Also called a sneaker
Computer Security - Terminology

Security Devices
Firewall
Barrier between network and the outside world.
Proxy server
Sits between users and server. Two main functions
are to improve performance and filter requests.
Intrusion Detection Systems (IDS)
Monitors network traffic for suspicious activity.
Computer Security - Terminology

Activities
Phreaking
Breaking into telephone systems (used in
conjunction with war-dialing)
Authentication
Determines whether credentials are authorized to
access a resource
Auditing
Reviewing logs, records, or procedures for
compliance with standards
Computer Security - Careers

Information Security Analyst

US National Average Salary

Figure 1.2 Median salary courtesy cbsalary.com

Computer Security -
Certifications
Entry-level
Security+
http://www.comptia.org/certifications/listed/security.a
spx
CIW Security Analyst www.ciwcertified.com
Intermediate
MSCE Security
http://www.microsoft.com/learning/en/us/certification
/mcse.aspx#tab3
Professional
CISSP www.isc2.org
SANS www.sans.org
Computer Security - Education

Community-college
Washtenaw Community College
Computer Systems Security
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APCSS
Computer Forensics
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APDRAD
Computer Security - Education

4-Year College
Eastern Michigan University
Information Assurance
Applied
Network
Cryptography
Management
http://www.emich.edu/ia/undergraduate.html