DIYTP 2009
INTRODUCTION TO CYBERCRIME
AND SECURITY
What is Cybercrime?
 Using the Internet to commit a crime.
 Identity Theft
 Hacking
 Viruses
 Facilitation of traditional criminal activity
 Stalking
 Stealing information
 Child Pornography
Cybercrime Components
 Computers
 Cell Phones
 PDA’s
 Game Consoles
High-Profile Cybercrimerelated Cases
 TJ Maxx data breach
 45 million credit and debit card numbers stolen
 Kwame Kilpatrick
 Cell phone text messages
 BTK Serial Killer
 Kevin Mitnick
Computer Security
 Confidentiality
 Only those authorized to view information
 Integrity
 Information is correct and hasn’t been altered by
unauthorized users or software
 Availability
 Data is accessible to authorized users
Computer Security
Figure 1.0 – CIA Triangle
Computer Security - Threats
 Malware
 Software that has a malicious purpose
 Viruses
 Trojan horse
 Spyware
Computer Security - Threats
 Intrusions
 Any attempt to gain unauthorized access to a




system
Cracking
Hacking
Social Engineering
War-driving
Computer Security - Threats
 Denial-of-Service (DOS)
 Prevention of legitimate access to systems
 Also Distributed-Denial-of-Service (DDoS)
 Different types:
 Ping-of-Death
 Teardrop
 Smurf
 SYN
Computer Security - Threats
Figure 1.1 – DoS and DDoS Models
Computer Security - Terminology
 People
 Hackers
 White Hat – Good guys. Report hacks/vulnerabilities
to appropriate people.
 Black Hat – Only interested in personal goals,
regardless of impact.
 Gray Hat – Somewhere in between.
Computer Security - Terminology
 Script Kiddies
 Someone that calls themselves a ‘hacker’ but
really isn’t
 Ethical Hacker
 Someone hired to hack a system to find
vulnerabilities and report on them.
 Also called a ‘sneaker’
Computer Security - Terminology
 Security Devices
 Firewall
 Barrier between network and the outside world.
 Proxy server
 Sits between users and server. Two main functions
are to improve performance and filter requests.
 Intrusion Detection Systems (IDS)
 Monitors network traffic for suspicious activity.
Computer Security - Terminology
 Activities
 Phreaking
 Breaking into telephone systems (used in
conjunction with war-dialing)
 Authentication
 Determines whether credentials are authorized to
access a resource
 Auditing
 Reviewing logs, records, or procedures for
compliance with standards
Computer Security - Careers
 Information Security Analyst
US National Average Salary
Figure 1.2 – Median salary courtesy cbsalary.com
Computer Security Certifications
 Entry-level
 Security+
http://www.comptia.org/certifications/listed/security.a
spx
 CIW Security Analyst www.ciwcertified.com
 Intermediate
 MSCE Security
http://www.microsoft.com/learning/en/us/certification
/mcse.aspx#tab3
 Professional
 CISSP www.isc2.org
 SANS www.sans.org
Computer Security - Education
 Community-college
 Washtenaw Community College
 Computer Systems Security
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APCSS
 Computer Forensics
http://www4.wccnet.edu/academicinfo/creditofferin
gs/programs/degree.php?code=APDRAD
Computer Security - Education
 4-Year College
 Eastern Michigan University
 Information Assurance




Applied
Network
Cryptography
Management
 http://www.emich.edu/ia/undergraduate.html