Level 2 Diploma Unit 11 IT Security Threats to security Level 2 Diploma Unit 11 IT Security
Unit outcomes Know the potential threats to the security of IT systems Understand how to protect IT systems Be able to supply security measures
3 Assignments 1) Threats to Security, P1, P2, M1, D1 2) Protecting Systems, P3, M2 3) Security Plans, P4, P5, P6, M3, D2
Today Threats to security Categories of threat Research task: Cost of breaches of security Research task: Cyber damage Password security Research task: Social engineering Research task: Deliberate removal or copying
Categories of threats Weak external security Unauthorised use without damage Unauthorised removal or copying Malware Hardware and media theft or loss Poor folder and file permissions
Why is security an issue? Use intelligent searches on the Internet to: Find the cost (in any currency) of security failures Consider all the categories (previous slide) Prepare a table as a single chart with your results Present your results to the class Category Date Description Cost Theft Jan 1010 Stolen laptops £88,000
Cost of security TYPE OF THREAT LOSS (£ million) Fraud 7,600 (1 fraudulent banker) Credit card fraud 306 (in 1 year) Malware attacks 72 (over 9 years) Software piracy 20,000 (estimated in 2005) Identity theft 90 (1 group of criminals in 2010) Theft 16.2 (3 criminals in 2009)
Weak external security threat What is external security? Prevention of unauthorised software access to a system via: WAN (wide area network) LAN (local area network) Wireless LAN VPN (Virtual Private Network) Exploitation of system weaknesses
Weak external security threat WAN (wide area network) No Firewall means internal servers are exposed to external connections. Web and e-mail servers in Demilitarised Zone (DMZ) allow access from internet Internal network has much stronger protection, blocks unsolicited requests
What does a firewall do? A firewall permits or denies network transmissions based upon a set of rules It protects networks from unauthorized access while permitting legitimate communications to pass Firewalls can be slowed or stopped by DDOS (distributed denial of service attacks)
Research task: cyber damage Find examples of damage caused by: DDOS Unsecured Wireless access point Failure to install security updates Describe the incident, how it was performed, the damage done, the cost of the damage, what weakness was exploited Put your results on slides and present to the class.
Unauthorised access How secure is your password? What is the weakest password you can think of? What is the strongest you can devise? https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
Unauthorised access How secure is your password? Written down? Strong or weak? Vulnerable to password crackers? sniffing the network cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks recording VoIP conversations decoding scrambled passwords uncovering cached passwords
Social engineering Phishing Fake IVR (interactive voice response) Baiting Quid pro quo (something for something) Virus hoaxes Each group to research and present (on a slide) what one of these techniques is what the purpose is give an example
Deliberate removal or copying Rick rolling Man in the middle Key stroke loggers Hackers Internal External Logic bomb Each group to research and present (on a slide) what one of these techniques is what the purpose is give an example
Summary Threats to security Categories of threat Research task: Cost of breaches of security Research task: Cyber damage Password security Research task: Social engineering Research task: Deliberate removal or copying