Protecting IT systems (2)

Slides:



Advertisements
Similar presentations
HEALTH, SAFETY AND SECURITY. HEALTH AND SAFETY POLICY This is a statement that sets out how a firm manages health and safety in the workplace. Shows the.
Advertisements

HIPAA Security.
Chapter Five Users, Groups, Profiles, and Policies.
An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.
Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.
Understand Database Security Concepts
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Module 4: Implementing User, Group, and Computer Accounts
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 5 Database Application Security Models
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Administrative Practices Outcome 1
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
CIS 450 – Network Security Chapter 8 – Password Security.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Windows Object Manager CS Spring Overview The object paradigm NT Objects and the Object Manager Object Structure Object Naming Object Handles.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.
Networked Information Systems Network Security. Network Physical Security File server failure can severely affect network users. Server security: Locked.
C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.
IMS 4212: Database Security 1 Dr. Lawrence West, Management Dept., University of Central Florida Data & Database Administration Security.
Every computer along the path of your data can see what you send and receive. USERNAMES and PASSWORDS  Username can be assigned to you eg. Student ID.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Academic Year 2014 Spring Academic Year 2014 Spring.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
CSCE 201 Identification and Authentication Fall 2015.
Account & Google Message Center Guide August 2015 Prepared by: Angela Mars IT Education and Training.
Understanding Security Policies Lesson 3. Objectives.
Protection of Data 31 Protection of Data 31. Protection of Data 31 Having looked at threats, we’ll now look at ways to protect data: Physical Barriers.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
ISMS Information Security Management System
Account & Google Message Center Guide August 2015 Prepared by: Angela Mars IT Education and Training.
Understanding Security Policies
Data security OCR Cambridge Nationals in ICT Level 1/2 © Hodder & Stoughton 2013.
SQL Server Security & Intrusion Prevention
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Locked.
Administrative Practices Outcome 1
I have edited and added material.
Information Systems Desktop Support
IS3440 Linux Security Unit 3 User Account Management
Level 2 Diploma Unit 11 IT Security
Chapter 27: System Security
Security of People, Property and Information
Unit 1.6 Systems security Lesson 4
Passwords.
Lesson 16-Windows NT Security Issues
Level 2 Diploma Unit 11 IT Security
Epic Introduction Basics
Security of Data  
Epic Introduction Basics
Greta Mameniskyte IV course 3rd group
Advantages of Networking
Morgan County Schools And Extreme Networks
Exercise: Hashing, Password security, And File Integrity
Intrusion.
Session 1 – Introduction to Information Security
Presentation transcript:

Protecting IT systems (2) Level 2 Diploma Unit 11 IT Security

Password security Password protection is the most common Password policies need to be defined Do not write passwords down Change the password periodically Use a strong password Use nonsense words Protect against multiple attempts Longer time between attempts Lock out after so many attempts

Password vulnerability Passwords are not stored as entered, they are “hashed” to a new value which is stored Hashing mathematically changes the string to a value which cannot be decoded without knowing a key Passwords should be stored in hidden system files only accessible with system privileges Passwords can be obtained by “sniffing” wireless transmissions or getting access to a system (e.g. via a back door) A WEP protected wireless system can be cracked in under a minute

Password strength A user-selected eight-character password with numbers, mixed case, and symbols can be cracked on a desktop PC in 16 minutes A minimum secure password length is now 12 characters

Physical access control Access authorisation Who grants access rights? Who is allowed in? How are they identified? Are there different levels of control?

Exercise Complete the table with the items on the left Item Area Permitted access IT Staff Reception Staff Principal’s office Students Finance office General public IT office Principal Server room Classrooms IT Help desk staff Computer rooms

Access control system The key requirements are: Central control For authorisations Flexible access permissions Temporary upgrades Visitors Reporting For audit control Unauthorised attempts

Control and permissions Add users Bar users Change users’ access permissions Control many buildings in different locations using TCP/IP Set permissions individually or by department. Restrict areas to certain groups. Set shift patterns

Monitoring View real time events as they are happening Monitor who is where in a building if doors have been left propped open if a door has been forced Generate reports

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.