Académique Documents
Professionnel Documents
Culture Documents
About
CDRC
Cyber Defense Research Centre (CDRC) is a
Jharkhand Government & Jharkhand Police
initiative to create awareness in Cyber Crimes &
Cyber Security. CDRC got operational in January,
2012
Approved by Chief Minister Arjun Munda and
cabinet in September, 2011
1st in the country, Probably 9th in the whole
world
analysis)
Government Employees)
process)
Panel of Experts
National/International tie-up to further our capabilities in these
domains
Me
Joined Jharkhand Police in January 2012 as a Chief Technology Officer (CTO).
Member, Crime and Criminal Tracking Network System (CCTNS), Jharkhand
Advised Ministry of Home Affairs (MHA), Indian Army Western Command prior
to joining JH Police
Guest Lecturer at College of Millitary Engineering(CME),Jharkhand Judicial
Academy, IIM Ranchi, IIT Kharagpur, Vellore Institute of Technology, BIT Sindri,
NIT Jamshedpur, BIT Mesra, Mecon, Indian Army (Core of Signals), CISF, CRPF,
MKCL, DPS, Loyolla School, Army School etc
Speaker at International Security Conferences like Marcus Evans, Hacktrix,
cOcOn etc
Had been awarded 5 International , 10 National Awards, 12 State awards
Prominent ones being United Nations Youth Achievement Award 2008,
Worlds Top 5 student Entrepreneur (GSEA 2010, Kansas City), National IT
Excellence Award 2007-2008, Young Achiever Award, Karmaveer Chakra 2008
etc
Agenda
Trends in Cyber Crime & Cyber Security
Case Studies
Practical Demonstrations
Month
Source : Anti Phishing Working Group (APWG)
Everything will be in
Cyberspace
covered by a hierarchy of computers!
Cell
Continent
Body
Home
Region
Car
Campus
Building
World
OriginalbyGordonBell
ItistheEraofTechnology
Technology
Rateofchange
Companies
Business
Society
People
LegalSystems
Governments
Time
Today
Cyberspace as a
Battleground?
Hacker VS
Cracker
A Hacker :
A Cracker :
Categories of Hackers:
Blackhat Hackers / Crackers :
Work for Illegal/Offensive purposes
Whitehat Hackers:
Work as Penetration Testers protecting Blackhats
from Penetrating into the networks
Greyhat Hackers:
Combination of whitehat and Blackhat i.e they work
for Both Offensive as well as defensive purpose
when needed
Why
Security ?
Based on CDRCs research: Over 80% of
Term
s
Vulnerability Weakness
Exploit
Honeypot Trap
Honeynet Two or more Honeypot
0 days (Zero Days) Unknown Vulnerabilities
Vulnerability Assessment
Penetration testing
Penetration testing
Process
Step
Step
Step
Step
Step
Step
Step
Step
Step
Step
Penetration testing
Process
Step 1 : Scope of the Target
Penetration testing
Process
Step 3 : Target Discovery
Penetration testing
Process
Step 5 : Vulnerability Assessment
Step)
Step 7 : Target Exploitation
Penetration testing
Process
Step 8 : Privilege Escalation
Penetration testing
used for Web Defacement.
methodology
How to Prevent
Defacement
Constant
Vulnerability
Assessment
and
Penetration testing required
Intrusion Detection System (IDS) / Intrusion
Prevention System (IPS)
Web App Firewall (WAFs), WIDS, WIPS
Source code audting required
Follow good security practices on your
network n Application
Keep your system up-to-patch
Keep
in touch with diverse security
newsgroups,
newsletters
and
other
information so you know what vulnerabilities
Example of
Website
Defacement
CBI HACKED
Case Studies
Case
Studies
Financial Frauds (ATM hacking)
Aashka Garodia case
Fake Facebook profile / page
Facebook threat
Facebook suicide
Facebook location mapping case
Email hacking
Phishing lottery case
ATM
Frauds
Card Skimming A special device put in front of the ATM
next to ATM offering an entry into a lottery for all ATM users
who put in a copy of their signed ATM slips.
ATM
Frauds
Card jamming / Lebanese Loop where an ATM machine
cash slot and the plate collects all the cash and it seems as
if no cash has come out of the machine.
ATM machine as
usual ?
Is there an additional
slot?
Practical
Demonstration
Practical
Demonstrations
Email Spoof
IP Spoofing
Password cracking
Vulnerability Assessment
Email Hacking
Facebook hacking
Securing Email Accounts (2 step verification)
Security Tips
General
Security
Install the latest Antivirus Software on all your computers and never disable
complete system scan with your anti-virus at least once a week, or better,
auto-schedule it to run every Friday.
Don't download or open attachments from unknown senders. Even if the
General
Security
Use secure Web browsers such asGoogle Chrome or Firefox. It is
Try not to visit warez, porn sites or Web sites that provide cracks
General
Security
Back-up your computer on a regular basis, at least weekly. Copy
General
Security
Beware ofphishingattacks. Sites like AntiPhishing offer latest updates on
unknown person on chat. Don't click on any links given by someone you
don't know.
Do not accept links or downloads from strangers even if it is tempting.
(LINK) that helps you choose what can be seen on the Internet and monitor
the activities of any users.
Password
Security
Use different passwords for different Web sites. Maintain separate
passwords for e-mail, work and other important Web sites and
routine web-surfing.
Use difficult-to-guess password by taking the first alphabet from
Get two email accounts, one for business and one for personal use. Only
give out your personal address to family and friends to help reduce unwanted
emails (otherwise known as "spam"). A more comprehensive approach would
be to use a service which checks for spams , service like spamex is available
to manage the same.
Don't give the password to your e-mail service or to anyone that you don't
know or trust. Try to avoid using services that do not allow you to change
your password, but rather set it for you.
Don't download any attachments from people you don't know, or from
people you don't trust.
Do's
Don'ts
Smartphone unattended
information
in public spaces.
as Contacts or in Notes.
password/passcode protection
shopping and
setting;
occurrence
numbers.
Avoid opening suspicious e-mail or SMS text
messages,
available to reduce the number of system especially from unknown sources. Incautious
vulnerabilities;
readers may
Do's
Install an anti-malware protection app (if available for the device) to prevent infection
from malicious apps and websites;
When using the smartphone's web browser, avoid suspicious/questionable websites
that can be the source of malicious code.
Be selective when buying or installing apps; wait for app reviews, download only from
trusted sources and be cautious/suspicious of free apps
Understand and control each downloaded apps "access to smartphone data and
personal information;
Turn the Bluetooth access feature off when not needed and avoid Bluetooth use in
busy public areas.
Utilize a PIN to access voice-mail and avoid using the carrier's default PIN setting.
Insure that smartphone e-mail account access is through either a SSL or HTTPS
connection so that transmitted data is encrypted.
Do's
Don'ts
Scammers might hack your Friends accounts and send links from their
accounts. Beware of enticing links coming from your Friends.
celebrities.
Big News and information
Prevention
Don`t click suspicious links
Report anything that seems too good to be
true
Never share your password
Don`t indulge in freebies(attractive online
offers)
Keep your Anti-Virus/Spyware program upto-date(inspite it`s been bypassed)
Get
E-mail
Security
two email accounts, one for business and one for personal use. Only give
out your personal address to family and friends to help reduce unwanted emails
(otherwise known as "spam"). A more comprehensive approach would be to use
a service which checks for spams , service like spamex is available to manage
the same.
Try to memorize your password rather than writing it down. Use an acronym of
a favourite saying or something that as true about you such as I Don't Like
Driving In The Snow password = idldits. You can then take that password and
substitute some numbers for letters such as: id1dit5. Now that's a good a
password!
Don't give the password to your e-mail service or to anyonethat you don't
know or trust. Try to avoid using services that do not allow you to change your
password, but rather set it for you.
Don't download any attachments from people you don't know, or from people
you don't trust.
E-mail
Security
Scan attachments with a virus program before downloading them, even if they
come from a friend.
When sending private or secret information through e-mail, make sure you
encrypt it first.
Don't spam people, you could get into trouble with your ISP and have your
account terminated. In fact, this is becoming common practice as more
services implement no-spam policies.
If you don't like getting ads in your e-mail, choose to opt out of all unnecessary
mailing lists. You should know however that Opt-Out still keeps a cookie on
your machine.
Online shopping
security
Online Shopping
Security
While purchasing online, look for signs that these are secure (SSL secured
sites or 128 bit encryption) like shopping.rediff.com. At the point when you
are providing your payment information, a golden-coloured lock appears
(for SSL secured sites) on the right hand side corner of the browser or the
beginning of the Web site address should change from http to https,
indicating that the information is being encrypted ie turned into code that
can only be read by the seller.
Your browser may also signal that the information is secure with a symbol,
your credit card and bank statements at regular intervals. Notify the bank
immediately if there are unauthorised charges or debits. Avoid using credit
card details and online banking on public computers and in cyber cafes. It is
very unsafe because most of them are infected with viruses, trojans and
key loggers.
Some banks have launched their services like Net Safe to create temporary
credit cards with a limited value to transact online. Paypal is also a secure
Wireless
Security
If you have a wireless network, turn on the security
Detailed
Guidelines
http://cdrc.jhpolice.gov.in/guid
elines/
analysis)
Government Employees)
process)
Panel of Experts
National/International tie-up to further our capabilities in these
domains
Initiatives and
Projects
Cyber Caf Controls Guidelines and License policy after
Misson
E-Raksha Mission to fosterawareness about various types of
cybercrimes, internet threats and risks and methods to be
secure
Cyber Security awareness and training is provided for school
children, parents , teachers and citizens of Jharkhand
Train the teacher program will carry eRaksha message to
schools across the state as a regular planned activity
Advise on various types of cyber crimes, impact in the society
and educate them in prevention of cyber crimes
Example program held at DPS, Ranchi provided training on
Password Security ,Social Networking, E-Mail, Stalking etc.
Mission
Initiatives
Cyber Surveillance
Critical
Infrastructure
Protection
Responsible
Disclosure and
Threat Intelligence
Public Helpline
Research
Panel of Experts
Inviting professionals to volunteer their time to help guide
our initiatives
We will welcome experts in
a) Cyber Security
b) Cyber Crime
c) Cyber Law
d) Vulnerability Assessment and Penetration Testing
e) Cyber Forensics
f) Criminology, Psychology, Sociology
g) IT and Business Management
h) Industry / Verticals specialists (finance, insurance, mfg,
trdg etc)
E-Samadhan Web
helpline
http://esamadhan.jhpolice.gov.in/open.php
Thanks!
I can be reached at :
Vineet Kumar
Chief Technology Officer, Special Branch
CDRC Building, Jharkhand Police HQ
Dhurwa
Ranchi
Pin 834004
Mail us at : cdrc@jhpolice.gov.in