Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Network security policy: best practices
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Guide to Network Defense and Countermeasures Chapter 2.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Module 14: Configuring Server Security Compliance
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Computer Security By Rachel Gaines. Computers are used for work, play, and everything in between. So here’s how to keep it fun and protected.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 2 Securing Network Server and User Workstations.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Security fundamentals Topic 10 Securing the network perimeter.
NetTech Solutions Protecting the Computer Lesson 10.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Role Of Network IDS in Network Perimeter Defense.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
GCSE Computing: A451 Computer Systems & Programming Topic 3 Software System Software (2) Utility Software.
Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Security fundamentals
Chapter 6 Application Hardening
IS4680 Security Auditing for Compliance
Chapter 4: Protecting the Organization
Network hardening Chapter 14.
6. Application Software Security
Presentation transcript:

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security

Security Awareness: Applying Practical Security in Your World 2 Objectives List some of the challenges of making a computer secure Explain how to be prepared for a security attack List the steps that are important to keeping alert to attacks Explain how an organization and a user can resist security attacks

Security Awareness: Applying Practical Security in Your World 3 Total Security Computers around the world are vulnerable to threats New threats surface almost daily The need for security will continue to be a key element of IT systems Total security is a way of THINKING, PLANNING AND ACTING

Security Awareness: Applying Practical Security in Your World 4 The Security Challenge Trends expert cite  Speed of attacks Sophistication of attacks Faster detection of weaknesses Distributed attacks Attacks on routers Difficulties in patching (See Table 6-1)

Security Awareness: Applying Practical Security in Your World 5 The Security Challenge (continued)

Security Awareness: Applying Practical Security in Your World 6 Prepare for Attacks Security begins with preparation: Right philosophy about security Create a framework for action Putting it all into practice

Security Awareness: Applying Practical Security in Your World 7 Develop a Philosophy Information security philosophy  Absolute security can never be achieved on any network or computer Positive side: Users’ and administrators’ awareness of lack of 100% security = Be more alert!

Security Awareness: Applying Practical Security in Your World 8 Establish a Framework Framework  Establish how security should be approached Microsoft’s framework  SD3+C Secure by Design Secure by Default Secure by Deployment Communications

Security Awareness: Applying Practical Security in Your World 9 Establish a Framework (continued) Cisco’s framework Protect against known and unknown attacks Deploy security devices in layers Integrate security throughout the network Be sure decision making and reporting are accurate Security solution must be scalable and operationally effective

Security Awareness: Applying Practical Security in Your World 10 Take Action Implementing security involves: Patching software Hardening systems Blocking attacks Testing defenses

Security Awareness: Applying Practical Security in Your World 11 Patch Software Patch software  Hackers exploit weaknesses resulting from unpatched software to gain the easiest route Organizations and individuals should have a process for identifying vulnerabilities and responding by applying necessary patches immediately Proactive patch management is the first step in maintaining a secure environment (See Table 6-2)

Security Awareness: Applying Practical Security in Your World 12 Patch Software (continued)

Security Awareness: Applying Practical Security in Your World 13 Harden Systems Hardening  Properly configuring and securing a system against attackers Default configurations are often left unsecured Steps to systems hardening: Know what you are trying to protect Know what you are trying to protect it from

Security Awareness: Applying Practical Security in Your World 14 Harden Systems (continued) Systems hardening includes: Computer Patch management Install antivirus and antispyware and keep updated Disable macros in Office applications Internet connection Block cookies Set browser security settings to highest level

Security Awareness: Applying Practical Security in Your World 15 Harden Systems (continued) Systems hardening includes: (continued) Implement advanced security as necessary Use WEP encryption Filter out executables Turn off Preview Pane Wireless networks Turn off broadcast information Filter MAC addresses

Security Awareness: Applying Practical Security in Your World 16 Block Attacks Prime defense in blocking attacks is a firewall Enterprise firewalls  Installed at the network perimeter Individual users  Internet Connection Firewall or other personal firewall software Hiding IP address of devices from hackers NAT Proxy servers

Security Awareness: Applying Practical Security in Your World 17 Test Defenses Does it all work? Don’t wait for an attack to find out! TEST YOUR OWN DEFENSES! Several products are available to probe defenses and find weaknesses Microsoft Baseline Security Analyzer (See Figure 6-1) Testing should be a regular step in the security process

Security Awareness: Applying Practical Security in Your World 18 Keep Alert Biggest mistake when dealing with security is letting guard down It is important to always keep alert to new threats Know what hackers are doing Use support provided by other security groups Be familiar with tools used to secure systems

Security Awareness: Applying Practical Security in Your World 19 Know the Enemy Attacks on data usually follow trends and create patterns Most hackers imitate other hackers The Internet contains a wealth of information posted by hackers (See Figure 6-2) Visit hacker Web sites regularly to keep up on what hackers are doing

Security Awareness: Applying Practical Security in Your World 20 Join with Allies You are not alone in the fight for information security Learn from other groups Many Web sites provide information on security: isc.incidents.org (See Figure 6-3)

Security Awareness: Applying Practical Security in Your World 21 Build a Toolbox There are many tools available for securing a computer or network Search the Internet for information and tools to help with security efforts

Security Awareness: Applying Practical Security in Your World 22 Resist Attack No matter how good defenses are, attacks will happen Organizations and individuals need to know how to react to an attack

Security Awareness: Applying Practical Security in Your World 23 Organizational Response Response must be orchestrated among users, managers, IT personnel, and others Response measured in: How to prepare How to know if an attack is occurring] How to respond How to preserve evidence

Security Awareness: Applying Practical Security in Your World 24 Organizational Response (continued) Preparation Store a clean copy of the operating system on a CD for quick clean-up and reinstallation Keep updates for all software on CD in the event the Internet is unavailable during reinstallation Be sure users have adequate training Keep a prioritized list of key assets to be protected first in an emergency Establish and maintain disaster recovery information for all systems

Security Awareness: Applying Practical Security in Your World 25 Organizational Response (continued) Detection Early warning signs of an attack Changes in network traffic Slow running computer Sudden appearance of a new user account Maintain and review event logs Visit security organizations for up-to-date information on latest attacks and trends

Security Awareness: Applying Practical Security in Your World 26 Organizational Response (continued) Response Identify the nature of the attack Identify the source Communicate information about attack to appropriate persons All users may or may not need to know, based on the nature of the attack Isolate and contain the attack Determine additional steps necessary based on the nature of the attack (change passwords, disconnect, etc.)

Security Awareness: Applying Practical Security in Your World 27 Organizational Response (continued) Preserve Evidence Computer forensics  Science of preserving and analyzing evidence Evidence may be used to prosecute Many tools are available for forensics work General rules to follow: Keep backup copies of logs Take detailed notes Don’t attempt to change or fix the affected computer The more you do to it, the more likely you are to destroy evidence

Security Awareness: Applying Practical Security in Your World 28 User Response Response for a user is usually not as extensive as that for an organization Guidelines: Keep a current copy of your operating system’s recovery disk and operating system software on CD Be aware of news of impending attacks and/or check security sites regularly Keep watch over your computer If you are attacked, disconnect from the Internet

Security Awareness: Applying Practical Security in Your World 29 User Response (continued) User response guidelines: Use another computer to search the Internet for cleanup tools. Copy to CD and run on affected computer Inform contacts in address book that you were attacked and to be cautious of from you Find virus removal tools After clean up, determine why your computer was compromised and what you can do to prevent it in future

Security Awareness: Applying Practical Security in Your World 30 Summary Computer attacks are becoming more sophisticated and more frequent. Defending against attack requires a total secure approach Security begins by having the right mind set or philosophy and developing a framework for security. We can never be totally secure  BE ALERT!

Security Awareness: Applying Practical Security in Your World 31 Summary (continued) Four major steps to putting the framework and philosophy into practice: Patch Harden Block unnecessary traffic Test It is important to keep alert to new security challenges Staying up-to-date on current threats and tools can help keep a system secure

Security Awareness: Applying Practical Security in Your World 32 Summary (continued) Key steps in responding to an attack: Preparation Detection Inform users Preserve evidence

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.