Great 2nd video in the series. I’ve been in cyber security since 2006 and have seen almost every type of hack at just about every level. Some of the suggestions you mention for mitigation and prevention are decent for small businesses. One that I did not hear yet, and probably most important is that servers that host back end databases should never be connected to the internet. Servers in general should have no internet access. Any admin account should not have internet access and controlled via the GPO.
This has been the most successful implementation where I work to prevent compromises. Layered security is necessary and continued monitoring of assets should be mandatory. Starts with ISP managed services at their level then moving into your enterprise edge firewalls, proxies, DNS, mail, etc. All of these should have PCAP captures and data logging which is all collected and sent to a SEIM tool for analysts to see real time. This includes all enterprise virus protection alerts which also gets sent to analyst SEIM tools. Of course that is the 30k ft level view of things. Very complex and constantly changing but can be implemented for any size company with data worth keeping private and secure.
As discussed in the video, scammers filing false income tax returns is a growing problem. Recently, a federal judge in Houston sentenced a man to more than 5 years in jail for his role in what the FBI calls a “Stolen Identify Refund Fraud” (SIRF) ring. According to an FBI affidavit, there was a data breach from an “unknown source” that exposed the taxpayer ID information of roughly 400 individuals in Columbus, Ohio. (Based on Tom’s video, my guess is the “unknown source” was a small accounting firm.) The information was then used to e-file false tax returns and claim refunds.
The FBI said it managed to trace all of bogus returns to the same IP address. The FBI contacted the ISP (Comcast) and traced the IP to a physical address in Houston. After obtaining a warrant, the FBI searched the address, and the woman who answered the door “voluntarily made several self-incriminating statements” about the SIRF ring.
I’d love to learn more about cyber security and White hat hacking. What resources/training do you recommend (other that awesome YouTube videos free or paid to get started?
Hacker conferences & Linux conferences can be a great place to start. There are also many aspects of the security world such as how Jayson Street deals with the physical layers of security. So it can really come down to first figuring out what you want to do.