Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Cyber Security AMSC FM Training Symposium Alex Roosma, 1st Lt, USAF

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Internet Security In the 21st Century Presented by Daniel Mills.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Appendix C: Designing an Operations Framework to Manage Security.

JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY.

Small Business Security Keith Slagle April 24, 2007.

Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.

Computer Security By Duncan Hall.

Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.

Technological Awareness for Teens and Young Adults.

Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.

Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.

Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!

Common System Exploits Tom Chothia Computer Security, Lecture 17.

September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking.

November 14, 2016 bit.ly/nercomp_defendingyourdata16

IT Security Awareness Day October 19, 2016

Cybersecurity - What’s Next? June 2017

Working at a Small-to-Medium Business or ISP – Chapter 8

Hacking SQL Server The best defense is a good offence by Dustin

Common Methods Used to Commit Computer Crimes

Ways to protect yourself against hackers

E-commerce Application Security

Your Computer Wants To Ruin Your Life

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Forensics Week 11.

Jon Peppler, Menlo Security Channels

Exploits and Zero-Days Exploits

Cybersecurity Awareness

Robert Leonard Information Security Manager Hamilton

Determined Human Adversaries: Mitigations

Risk of the Internet At Home

Take Cyber Security “TO HEART”

Network Security Best Practices

David J. Carter, CISO Commonwealth Office of Technology

Introduction to Computers

12 STEPS TO A GDPR AWARE NETWORK

Information Security Awareness

How to Mitigate the Consequences What are the Countermeasures?

Protecting Your Company’s Most Valuable Asset

Networking for Home and Small Businesses – Chapter 8

Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!

Determined Human Adversaries: Mitigations

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Networking for Home and Small Businesses – Chapter 8

Information Protection

Networking for Home and Small Businesses – Chapter 8

Designing IIS Security (IIS – Internet Information Service)

Test 3 review FTP & Cybersecurity

Dark Web Domain Status Report

Introduction to Networking Security

Information Protection

Presentation transcript:

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

Website hacked by Anonymous Puckett & Faraj Rep. Marine accused of 24 civilian deaths in Haditha, Iraq 2005 Website hacked by Anonymous Feb 2012 Hacked Gmail

Hacked Website

Default Accounts & Passwords 80% of data breaches involve stolen, weak, default or easily guessable passwords … and the list goes on … https://spiessblog.wordpress.com/2016/04/26/first-blog-post/

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

Dated Software & Patch Exploits Number of CVEs exploited in 2015 by the CVE publication date Common Vulnerabilities and Exposures (CVEs) as named by Verizon 2016 Data Breach Investigations Report Includes dated software exploits, and patches

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

Adv. Persistent Threats & Zero-Day Zero-Day Exploit Multiple attack vectors continuously over time Not just one attack one time Include several complex phases Any exploit plus continuous access Software vulnerability, unknown Exploited by hackers, before developers are aware Once known, “zero days” to patch, fix, and protect All exploits were once zero-day exploits May 2013 Zero-day attack against US Dept. of Labor website via Internet Explorer 8 vulnerability April 2014 Heartbleed, a zero-day vulnerability in the Transport Layer Security protocol, was published

Top Best Practices User training & awareness Segregate data & privileges Password management Update patches and software Security hardware & software Removable media policy Data destruction policy Periodic pen testing Encrypt data Monitoring

Password Management Create strong passwords Change often Min. 12 characters Phrase Change often Remove defaults Hardware & software Remove old employee accounts Don’t keep “password” files or folders Don’t share passwords Don’t reuse passwords

Encryption Whole disk Encryption BIOS password A phrase works well Encrypt thumb drives Encrypt data in transit to cloud Encrypt Backups

What is the #1 source of data compromise ?

What is the #1 source?

Comments & Questions Steven Konecny | CFE, CIRA, CEH, CRISC steve.konecny@eisneramper.com (916) 563-7790 (213) 482-0669 Let’s Take Flight