Fraud Threat

Loading...

En provenance du cours de New York University Tandon School of Engineering

Introduction to Cyber Attacks

411 notes

New York University Tandon School of Engineering

Introduction to Cyber Attacks

411 notes

Cours 1 sur 4 dans Specialization Introduction to Cyber Security

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

À partir de la leçon

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Rencontrer les enseignants

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

Now I want to talk to you about that special case threat type that we

alluded too earlier, namely fraud, and you can also call it theft.

And just to review that's where you steal something, you're not paying money but

you're just basically taking an asset, and

this is an important kind of consideration in cyber security.

Because increasingly with things online and with so much e-commerce going on this

idea of preventing people from stealing is a really big piece in cyber security.

So we do want to take a minute to think about the threat and

how it normally plays out.

And as we said earlier when somebody is committing theft, they're not paying for

a service, and the first sort of place that we can take inventory

where this might happen is anyplace where there's something of value.

So if you're doing an inventory about whether there's a fraud risk and

it's simply is there any financial value in something that's being protected?

Financial value is what attracts fraudsters, okay, because if there's no

financial value then as the security engineer, as the security analyst, as

the security expert, you know that fraud is probably not going to be the big issue.

But when there is financial value then what we need to do then to prevent this,

and we'll get into it later, but I want to give you some motivation now for

the cyber security concept, is we need to look for

hints that fraudsters would typically follow.

Does that make sense?

We're going to do something that would be called behavioral analysis,

that's where I'm watching the behavior of something and

I'm trying to determine whether fraud is being committed.

I'll give you a simple example,

let's say we're keeping track of passwords that are coming into a system, okay.

So you write a program and I watch and I see user ID,

password, and I check and I see wait, not valid.

And I send a response back and go, not valid, sorry and I sit and I wait.

Now the same user ID comes in again, another password comes in and

doesn't match, and I go, sorry, not valid, that's two.

Then you see another user ID come in, [LAUGH] and see another password and

it's not valid, and I go back and I go, hey, not valid.

Now the question is from a behavioral perspective can I make some

conclusion about those three guesses, or fat fingers, or whatever?

Whatever is going on somebody's having a little bit of trouble here,

they tried three times and they didn't know the password.

So here's the question for you are they committing fraud or

did they just forget their password?

This is a big deal in cyber security,

it is absolutely fundamental to almost every control we have

in cyber security that an attack in many cases may not be an attack.

And we call that a false positive if we call it an attack but it's not,

we'll get into that later.

But for now this theft, fraud issue is something that's a little tough to know

when something's committing fraud.

Look, a lot of you have probably had experiences with your banks where you

get a phone call and they say Mr. Jones, Mrs. Smith, we see you're

using this credit card in Singapore, are you in Singapore, is this okay?

Are you really buying a suit in Singapore, it seems like you don't live there,

is this okay?

They're doing behavioral analysis to determine if something doesn't make sense.

You've all had that experience,

and a lot of times it is a false positive where you say well yeah I am in Singapore.

And yes I am buying this suit, thank you for checking but

everything's just fine, you get the point.

So it turns out that fraud is something a little difficult from a foundational

perspective to really assign good solid safeguards to.

Generally what we do is we watch the behavior, we look for

things that are odd patterns.

One other example that we see often in fraud activity is when somebody

is going through a website that might have a wizard, for example.

Where I'm stepping through the wizard doing each of the steps,

I go to this screen then it says continue, I go to that screen I do continue.

Fraudsters usually don't have a lot of patience, and they can usually

find a way to skip through a wizard and a lot of anti-fraud systems online.

And we'll watch to see if you skip the wizard and say that's probably fraud, and

it may or may not be.

So I think the learning here is that where there's money

you have to be suspicious that there may be fraud or theft that can go on.

And for the most part the types of technology and

the types of safeguards that we'll use to reduce the risk of fraud are going to

be rooted in behavioral activity just as you've seen with your credit card company.

So, thanks.

Explorer notre catalogue

Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.

Coursera propose un accès universel à la meilleure formation au monde, en partenariat avec des universités et des organisations du plus haut niveau, pour proposer des cours en ligne.

© 2018 Coursera Inc. Tous droits réservés.

Télécharger dans l'App Store

Disponible sur Google Play