security in internet banking
TRANSCRIPT
- 1. Security In Internet BankingChiheb chebbiChiheb-chebbi@outlook,11fr
- 2. Cyber risks: A severe and present danger everything is under attackThe annual cost ofcybercrime to the globaleconomy ranges from$375 billion to as muchas $575 billion22
- 3. The number of stolenCredit card information hasIncreased by 48%Cyber Threat intelligence ReportFirst Quarter 2014Credit card informationTheft via Point of Salesinfections haveIncreased by 700%The number of userIDand password theftshas increasedBy 410%Incidents and financial impacts continue to grow33
- 4. Who is a Hacker ?Intelligent individualswith excellentcomputer skills withthe ability to createand explorecomputers softwareand HardwareFor somehackers,hacking is ahobby to see howmany computers theycan compromiseTheir intention caneither be to gainknowledge or to pokearound to do illegalthings 44
- 5. Hacker Classes :BBllaacckk HHaattss GGrreeyy HHaattss WWhhiittee HHaattssIndividuals withextraordinarycomputing skills,Restoring to maliciousor destructiveactivities and alsoknown as CrackersIndividuals professinghacker skills and usingthem for defensivepurposes and are alsoknown as SecurityAnalystsIndividuals who workboth offensively anddefensively at varioustimes55
- 6. Hacking PhasesRReeccoonnnnaaiissssaannccee SSccaannnniinngg GainingAccessMaintaining AccessClearingTracks66
- 7. Attacker Password Cracking:Vulnerable SystemPassword Cracking techniques are used torecover passwords from computer systemsAttackers use password cracking techniques togain unauthorized access to the vulnerablesystem77
- 8. Password Cracking Techniques:DictionaryAttacksBrute ForcingAttacksHHyybbrriidd AAttttaacckkssA dictionary file isloaded into thecracking applicationthat runs against useraccountsThe program triesevery combination ofcaracters until thepassword is brokenLike a dictionaryattack but adds somenumbers and symbolsto the words88
- 9. SyllableAttacksRule-BasedAttacksPassword Cracking Techniques:It is the combinationof both brute forceattack and thedictionary attackThis attack is usedwhen the attackergets some informationabout the password99
- 10. Malwares:Is a program that record user sinteraction with the computer andinternet without the user s knowledge.Spyware:Trojan: It is a program in wich the maliciouscode is contained inside apparentlyharmless programming or data1100
- 11. Malwares:Is a self-replicating program thatproduces its own code by attachingcopies of itself into other executablecodeVirus:Keylogger is a hardware or softwaredevice which monitors every keystroke,screen shots, chats etc typed on thecomputer.Keylogger:1111
- 12. 1122
- 13. Total notificationsof attemptedinfections bybanking malware:1,387,0801133
- 14. Social Engineering:Social Engineering is the art of convincing peopleto reveal confidential information1144
- 15. Computer-based Social Engineering:Phishing Phishing is the attempt to acquire sensitiveinformation such as usernames, passwords,and credit card details (and sometimes,indirectly, money) by masquerading as a trustworthyentity in an electronic communication 1155
- 16. Computer-based Social Engineering:1166
- 17. The overallnumber ofanti-phishingnotifications:19,659,6281177
- 18. What is a Denial of service attack?In a Denial of service attack (DoS) attackers flood a victim system withNon-legitimate service requests or traffic to overload its resourcesAttack TrafficNormal Traffic1188
- 19. What are Destributed Denial of service attacks?A DDoS attack involves a multitude of compromised systemsattacking a singel targetTo launch a Ddos attack,an attacker usesBotnets and attacks a single system1199
- 20. DDoS Attack Tool: LOIC2200
- 21. What are Botnets ?Botnets are software applications that run aytomated tasksOver the internet and perform simple repetitive tasksA Botnet is a huge network of compromised systems 2211
- 22. 2222
- 23. What is SQL injection?SQL injection is a technique used to take advantage of non-validatedInput vulnerabilities to pass SQL commands through a web AppFor execution by a backend database2233
- 24. 2244
- 25. How to Defend against ccyybbeerr AAttttaacckkss??2255
- 26. Intrusion Detection Systems (IDS)An intusion detection system gathers and analyszesinformation from withinA computer or a network to identify the possibleviolation of security policyincluding Unauthorized access as well as misuse2266
- 27. 2277
- 28. FirewallsFirewall is a hardware or software or combined of both designedTo prevent unauthorized access to or from private networkIt is a placed at the gateway between the two networks which is usuallya private Network and a public network such as the internet2288
- 29. HoneypotHoneypot is an information system resource that is expresslySet up to attract and trap people who attemp to penetrateAn organization networkA honeypot can be used to log access attempts o those portsIncluding the attackers keystrokes,This could send early warningsOf a more concerned attack2299
- 30. CryptographyCryptography is the conversion of Data into a scrambled code thatIs decrypted and sent across a private or public network3300
- 31. Types of Cryptography:SymmetricEncryptionAsymmetricEncryptionHHaasshh FFuunnccttiioonnUses the samekey forencryption asthey do fordecryptionUses differentencryption keys forencryption anddecryption(publicand private key)Uses no key forencryption anddecryption3311
- 32. Public Key infrastructure(PKI)PKI is a set of harware,software,people,policies,and procedures requiredTo Create, Manage , distribute, use,and store digital certificates3322
- 33. 3333
- 34. 3344
- 35. Thank you for your attention !!!AndDont Try this at Home !!!3355
- 36. 3366