DIYTP 2009

INTRODUCTION TO CYBERCRIME
AND SECURITY
What is Cybercrime?

 Using the Internet to commit a crime.

 Identity Theft
 Hacking
 Viruses
 Facilitation of traditional criminal activity
 Stalking
 Stealing information
 Child Pornography
Cybercrime Components

 Computers

 Cell Phones

 PDA’s

 Game Consoles
High-Profile Cybercrime-
related Cases

 TJ Maxx data breach

 45 million credit and debit card numbers stolen
 Kwame Kilpatrick
 Cell phone text messages
 BTK Serial Killer
 Kevin Mitnick
Computer Security

 Confidentiality
 Only those authorized to view information

 Integrity
 Information is correct and hasn’t been altered by
unauthorized users or software

 Availability
 Data is accessible to authorized users
Computer Security

Figure 1.0 – CIA Triangle

Computer Security - Threats

 Malware
 Software that has a malicious purpose
 Viruses
 Trojan horse
 Spyware
Computer Security - Threats

 Intrusions
 Any attempt to gain unauthorized access to a
system
 Cracking
 Hacking
 Social Engineering
 War-driving
Computer Security - Threats

 Denial-of-Service (DOS)
 Prevention of legitimate access to systems
 Also Distributed-Denial-of-Service (DDoS)
 Different types:
 Ping-of-Death
 Teardrop
 Smurf
 SYN
Computer Security - Threats

Figure 1.1 – DoS and DDoS Models

Computer Security - Terminology

 People
 Hackers
 White Hat – Good guys. Report hacks/vulnerabilities
to appropriate people.
 Black Hat – Only interested in personal goals,
regardless of impact.
 Gray Hat – Somewhere in between.
Computer Security - Terminology

 Script Kiddies
 Someone that calls themselves a ‘hacker’ but
really isn’t

 Ethical Hacker
 Someone hired to hack a system to find
vulnerabilities and report on them.
 Also called a ‘sneaker’
Computer Security - Terminology

 Security Devices
 Firewall
 Barrier between network and the outside world.
 Proxy server
 Sits between users and server. Two main functions
are to improve performance and filter requests.
 Intrusion Detection Systems (IDS)
 Monitors network traffic for suspicious activity.
Computer Security - Terminology

 Activities
 Phreaking
 Breaking into telephone systems (used in
conjunction with war-dialing)
 Authentication
 Determines whether credentials are authorized to
access a resource
 Auditing
 Reviewing logs, records, or procedures for
compliance with standards
Computer Security - Careers

 Information Security Analyst

US National Average Salary

Figure 1.2 – Median salary courtesy cbsalary.com

Computer Security -
Certifications
 Entry-level
 Security+
http://www.comptia.org/certifications/listed/security.a
spx
 CIW Security Analyst www.ciwcertified.com
 Intermediate
 MSCE Security
http://www.microsoft.com/learning/en/us/certification
/mcse.aspx#tab3
 Professional
 CISSP www.isc2.org
 SANS www.sans.org
Computer Security - Education

 Community-college
 Washtenaw Community College
 Computer Systems Security
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APCSS
 Computer Forensics
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APDRAD
Computer Security - Education

 4-Year College
 Eastern Michigan University
 Information Assurance
 Applied
 Network
 Cryptography
 Management
 http://www.emich.edu/ia/undergraduate.html