By Hemant Dusane
Agenda
Overview of
Network & Information &
Networking The Internet
Concepts its sources
Concepts
Types of
Social Content
Services & Location Based
Networking Sharing
Case studies
Mobile Device
Common Uses Threat & Risks Best Practices
Security
What is a network?
Internet & its history
A minute world of
us
Types of Services
Social Networking
Facebook, Google+, LinkedIn, Twitter, WhatsApp etc.
Content Sharing
The Logical Indian, ScoopWhoop, Pinterest, Facebook, Dropbox, Google
Drive etc.
Location-based Services
Google Maps, Facebook Check-in etc.
Social Networking
Any form of content such as blogs, wikis, discussion forums, posts, chats,
tweets, podcasting, pins, digital images, video, audio files, advertisements
and other forms of media that was created by users of an online system
or service, often made available via social media websites
If a service does not charge you money, then you are paying in other
ways
Marketing and Advertising
Privacy
https://www.facebook.com/help/
Facebook Privacy
Settings Demo
https://www.facebook.com/help/
WhatsApp Privacy
Settings Demo
Google+ Privacy
Setting Demo
http://www.google.com/intl/en/policies/privacy/
LinkedIn Privacy
Setting Demo
Networking Privacy
Do not Friend or Connect with people that you have not met in person or know well
Active Sessions
Google Drive
ScoopWhoop
Privacy Policy
Demo
ScoopWhoop
Privacy Policy
Demo
Facebook
Privacy Policy
Demo
Facebook
Privacy Policy
Demo
Google Drive
Privacy Policy
Demo
Google Drive
Privacy Policy
Demo
Content Sharing Privacy
Enable two-step verification
Facebook Check-in
Google Maps
Privacy Policy
Demo
Facebook Check-in
Privacy Policy
Demo
LBS Privacy
Enable two-step verification
Standard A document that establishes uniform technical requirements to ensure that electronic devices can operate
together.
IEEE (Institute of Electrical and Electronics Engineers) The IEEE is a serious trendsetter, creating the standards for
computer communications.
Hot spot An area in which you can easily connect to a wireless network.
Wireless freeloader Someone who connects to an unsecured wireless connection that really belongs to someone
else.
War driving A popular hacker past-time. This is literally driving around town trying to pick up wireless networks.
Router The physical device that routes information between devices within a network.
Bluetooth An open wireless protocol that allows data to be exchanged by mobile devices over short distances.
WiFi Network
What are Wireless Networks?
A wireless network is the way that a computer is connected to a router without a physical
link.
Why do we need?
Facilitates mobility You can use lengthy wires instead, but someone might trip over them.
Why security?
Attacker may hack a victims personal computer and steal private data or may perform
some illegal activities or crimes using the victims machine & ID. Also there's a possibility
to read wirelessly transferred data (by using sniffers)
Security Definitions
Security context between two (network) entities should provide
Passphrase:
Key 1-4
Each WEP key can consist of the letters "A" through "F" & the numbers "0" through "9"
Attacking WEP
iwconfig a tool for configuring wireless adapters. You can use this to ensure that your w
ireless adapter is in monitor mode which is essential to sending fake ARP (Address Resol
ution Protocol) requests to the target router
macchanger a tool that allows you to view and/or spoof (fake) your MAC address
airmon a tool that can help you set your wireless adapter into monitor mode (rfmon)
Change your WEP keys frequently. There are devices that support "dynamic WEP" w
hich is off the standard but allows different WEP keys to be assigned to each user
Use a VPN for any protocol, including WEP, that may include sensitive information.
Implement a different technique for encrypting traffic, such as IPSec over wireless. T
o do this, you will probably need to install IPsec software on each wireless client, ins
tall an IPSec server in your wired network, and use a VLAN to the access points to th
e IPSec server.
WPA / WPA2
Encryption:
TKIP
AES
Pre-Shared Key:
A key of 8-63 characters
Key Renewal:
You can choose a Key Renewal period, which instructs the device how often it should
change encryption keys. The default is 3600 seconds
Attacking WPA
macchanger a tool that allows you to view and/or spoof (fake) your MAC address
airmon a tool that can help you set your wireless adapter into monitor mode (rfmon)
aircrack a tool for decrypting WEP keys (should be used with dictionary)
How to defend when using WPA
Passphrases the only way to crack WPA is to sniff the password PMK associated
with the handshake authentication process, and if this password is extremely comp
licated it will be almost impossible to crack
Change default name and hide broadcasting of the SSID (Service Set Identier)
None of the attack methods are faster or effective when a larger passphrase is used.
Restrict access to your wireless network by filtering access based on the MAC (Media
Access Code) addresses
Hacker A programmer who breaks into someone elses computer system or data without permission. (Black
Hats, White Hats, and Gray Hats)
Computer forensics The process of collecting digital evidence needed to identify and convict computer
criminals
Spoofed email An email message containing a fake From: address making it impossible to tell where it was
actually sent from.
Phishing A con artist scam to trick people into giving out personal and financial information.
SPAM relay A hijacked PC thats used to send SPAM without the PC owners knowledge.
Email scavenger A type of web crawler program that searches the Internet and collects (harvests) all the
email addresses it finds posted on web pages.
Security token A two-factor authentication method using a physical device as well as a secret code.
Cookie Information written to your hard drive by a website that you visit. A website can use a cookie to
recognize you, and sometimes remember custom settings, when you visit that site again in the future.
Data pharmer Someone who farms the Internet, growing collections (databases) of information about
Internet users.
Privacy policy The official policy of a commercial website telling you what (if any) information it collects
about you and what it does with that information.
Online Banking
Online
Transaction
Online Banking fraud
SMS Banking
SMS Banking fraud
Real world
Scenario
Secure Online Banking
Choose an account with two factor authentication
Be wary of unsolicited emails or phone calls asking you for PINs or passwords
Type your internet banking URL & Look for the lock icon
Size
Functionality
Common uses
Reading corporate and personal email
Passcode protect
Set device to wipe contents after specified number of failed login attempts
Best Security Practices cont.
When installing apps
Take time to read the small print
What information does the app require access to?
Make sure the Website is secure before giving any personal data
Best Security Practices cont.
Limit your activities when using public WiFi
Contact your service vendor to cancel your service and report your device missing
If you have a backup/wipe program, contact your vendor to have them wipe the device
Smartphone Nabbing & Infection
Difficult to determine
Decreased performance
Slow operation and decreased function
Random action
Phone powers on by itself