Understand Protection LESSON 4.2 98-367 Security Fundamentals.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

1 Identity Theft and Phishing: What You Need to Know.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Cyber X-Force-SMS alert system for threats.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet safety By Lydia Snowden.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Matthew Hardaway CSCI101 Thursday 3:30pm.  Fishing (Encyclopedia Britannica): ◦ Sport of catching fish—freshwater or saltwater— typically with rod, line,

Securing Microsoft® Exchange Server 2010

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.

Security fundamentals Topic 9 Securing internet messaging.

Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.

INTRODUCTION & QUESTIONS.

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

Any criminal action perpetrated primarily through the use of a computer.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Protecting the Server and Client Lesson 5. Objectives.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Cyber security. Malicious Code Social Engineering Detect and prevent.

Important Information Provided by Information Technology Center

Protecting Servers and Clients

Securing Information Systems

Unit 3 Section 6.4: Internet Security

Securing Information Systems

Protecting the Server and Client

Done by… Hanoof Al-Khaldi Information Assurance

TMG Client Protection 6NPS – Session 7.

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

Learn how to protect yourself against common attacks

Unit 4 IT Security.

Instructor Materials Chapter 7 Network Security

ISYM 540 Current Topics in Information System Management

Lesson 3 Safe Computing.

I S P S loss Prevention.

Phishing, what you should know

Cyber Security Awareness Workshop

Home Computer Security

Understand Networking Services

Phishing is a form of social engineering that attempts to steal sensitive information.

Protect Your Computer Against Harmful Attacks!

Securing Information Systems

Lesson 2- Protecting Yourself Online

Protecting Servers and Clients

Information Security Session October 24, 2005

HOW DO I KEEP MY COMPUTER SAFE?

9 ways to avoid viruses and spyware

What is Phishing? Pronounced “Fishing”

Designing IIS Security (IIS – Internet Information Service)

Lesson 2- Protecting Yourself Online

ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.

Cybersecurity Simplified: Phishing

Presentation transcript:

Understand Protection LESSON Security Fundamentals

LESSON 4.2 Lesson Overview In this lesson, you will learn:  Tips for securing the client and server  Anti-virus measures  Protecting against spam  Protecting against address spoofing  Phishing and pharming  SPF and PTR records

Security Fundamentals LESSON 4.2 Educating Users About Spam  Online scams of all sorts are serious and range from bank fraud to cyber-terrorism.  The first step in combating online scams is to educate users.  A typical spam strategy: o Users may receive spam that includes a disclaimer stating something similar to the following: “If you wish to be removed from this mailing list, you should respond to the mail with the word ‘Remove’ in the subject line.”  Although this is a legitimate tool for some reputable companies, it is often a means of verifying that an address is valid so that the address can then be used again and maybe sold to other spammers.

Security Fundamentals LESSON 4.2 Anticipatory Set Check all your accounts for potential spam messages. Did you find any? Who are they from? Did you respond? What happened?

Security Fundamentals LESSON 4.2 Anti-Virus Measures  Viruses transmitted through messages are a significant threat to an organization.  viruses can attack individual computers or your entire environment.  The most effective mechanisms for combating viruses are installing anti-virus software and keeping the anti-virus signature files up-to-date.  Consider protecting against viruses at the firewall, at the simple mail transfer protocol (SMTP) gateway, at each exchange server, and on every client computer.

Security Fundamentals LESSON 4.2 Protecting Against Address Spoofing  A common technique spammers use is to configure the From line in an message to hide the sender's identity.  Although SMTP does not require verification of a sender's identity, Exchange 2003 provides Anonymous Access Settings functionality to help minimize address spoofing.  Although Exchange 2003 provides the ability for client-side users to recognize spoofed mail, you should turn off anonymous SMTP access. o Helps assure that only authenticated users can submit messages within your organization.  Requiring authentication forces client programs such as Outlook Express and Outlook using RPC over HTTP to authenticate before sending mail.

Security Fundamentals LESSON 4.2 Phishing – Hook, Line and Sinker  Phishing scams consist of fraudulent messages that appear to be from a legitimate Internet address with a justifiable request.  Usually direct the user to a website for verification or updating of personal information or account details (passwords, credit card, Social Security, and bank account numbers).  The messages suggest negative repercussions for not following the link, such as “your account will be deactivated or suspended”.  Commonly referred to as “phishing” because they use bait that lures unsuspecting victims.  The goal is for users to fall for the bait so that cyber crooks can then withdraw money directly from bank accounts or go on shopping sprees with the credit card information.  View video: What you should know about phishing identity-theft scamsWhat you should know about phishing identity-theft scams

Security Fundamentals LESSON 4.2 Pharming  Term for when criminal hackers redirect Internet traffic from one website to an identical-looking site in order to trick you into entering your user name and password into their database.  Criminals try to acquire personal information in order to access bank accounts, steal identities, or commit other fraud.  Banking and similar financial sites are often the targets of these attacks.  More insidious because users can be redirected to a false site without any participation or knowledge on their part.  If you notice something suspicious about a trusted Web site, report it— by telephone if possible—to the business or site owner.  Remotely controlled Bot Nets (large collections of compromised systems) can take down a service or send spam under the radar. Rootkits can circumvent detection and execute with impunity.

Security Fundamentals LESSON 4.2 Securing the Client  Consider the client as you develop a security plan for your environment.  Examine which clients are strictly required and then limit Exchange functionality to those clients.  Ensure that your patch management plan extends beyond the operating system on the client desktop. Use current and patched versions of the client software, regularly checking for client security updates.  Educate your users about viruses, virus hoaxes, chain letters, and spam.  Establish procedures that your users can follow when they encounter suspect mail.

Security Fundamentals LESSON 4.2 Autodiscover and Sender Policy Framework  Enable Autodiscover o Automatically finds the correct Microsoft ® Exchange Server host and configures Office Outlook ® 2007 for your users. o Includes an offline address book and the Free-Busy availability service that provides availability information for your users.  Add Sender Policy Framework (SPF) o Lets you specify which computers are authorized to transmit from your domain. o Prevent others from using your domain to send SPAM or other malicious .

Security Fundamentals LESSON 4.2 How Sender ID Works  Domain administrators publish Sender of Policy Framework (SPF) records in the DNS that identify authorized outbound servers.  Receiving systems verify whether messages originate from properly authorized outbound servers.

Security Fundamentals LESSON 4.2 Configuring DNS Settings for Exchange 2007 Server Roles (PTR Records)  All computers that have the Exchange 2007 Mailbox, Client Access, Hub Transport, or Unified Messaging server role installed must be domain members.  When the Microsoft Windows ® server joins the domain, the domain name is used to create a DNS suffix. o The DNS suffix is appended to the server name to create a fully qualified domain name (FQDN).  A host record for the server, also known as an “A” resource record, is registered in a forward lookup zone in the DNS database.  A reverse lookup record for the server, also known as a “PTR” resource record, is registered in a reverse lookup zone in the DNS database.

Security Fundamentals LESSON 4.2 Class Activity  Visit the Microsoft Exchange Remote Connectivity AnalyzerMicrosoft Exchange Remote Connectivity Analyzer  Experiment with each test.  Record your experience with each.

Security Fundamentals LESSON 4.2 Lesson Review  Watch the video How Do I: Enable the Anti-spam Agent in a Single Server Exchange Server Environment? at