Understand mechanisms to control organisational IT security Unit 48 I.T. Security Management HND in Computing and Systems Development
Security perimeter Router (enforces encryption settings) Intrusion detection system (IDS) Firewall Wireless access points Public switched telephone network (PSTN) VOIP Modems insiders
Physical security Doors Windows Walls Floors Ceilings Location of Monitors Wireless access points Printers Sensitive equipment (TEMPEST) {Transient electromagnetic Pulse Emanation Standard} Actual site (proximity to roads, other buildings)
People = security problem The problem Social engineering ploys Make mistakes Easily fooled Easily led (misled) Want to help Desire to avoid confrontation Direct question: e.g. “Who is the I.T. manager?” Engage in conversation, evoke sympathy “I really need this information now, X is on the warpath…” Appeal to ego “I hear you did a great job for Y, that was really impressive, I wonder if you could do the same for me…” Intimidation “If you won’t give me this information I’m going to have to report you…” especially effective in eg military Insiders can be more effective: Stanley Mark Rifkin 1978, $10.2million, Conklin & White p68 https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=79169
Social engineering task Find examples of a range of social engineering attacks. You could include the following; Phishing Spear phishing Whaling Vishing Spam (SPIM) Shoulder surfing Reverse social engineering hoaxes
Poor Security Practices Individuals Poor training/policies/procedures Password selection Piggybacking Dumpster diving Unauthorised hardware or software Physical access by non-employees Access by ill-intentioned insiders/contractors/consultants
Physical security task Describe and evaluate various procedures to restrict physical access to a facility. Include a cost-benefit evaluation for each procedure. Include both prevention and monitoring methods. You could include: Physical locks Biometrics Sign-in logs CCTV or video Security personnel Two-factor authentication Utility protection (HVAC, power) swipe cards, theft prevention Something you know Something you have Something unique about you Note your sources – make sure they are reputable and up-to-date!