Security Threats in the Information Age MBAA 609 R. Nakatsu.

Slides:



Advertisements
Similar presentations
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Advertisements

Crime and Security in the Networked Economy Part 4.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
PC Support & Repair Chapter 9 Fundamental Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Virtual Private Network
Quiz Review.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Threats to I.T Internet security By Cameron Mundy.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Viruses.
Unit 19 INTERNET SECURITY
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
IT security By Tilly Gerlack.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Types of Electronic Infection
PLUG IT IN SIX Protecting Your Information Assets.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Discovery 2 Internetworking Module 8 JEOPARDY K. Martin.
Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Computer Security Keeping you and your computer safe in the digital world.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Hardware and software that can provide a good level of security In this presentation I am going to provide advices on hardware and software that needs.
Security Risks Todays Lesson Security Risks Security Precautions
Chapter 40 Internet Security.
Security Threats in the Information Age
What they are and how to protect against them
Managing Multi-User Databases
TECHNOLOGY GUIDE THREE
Security in Networking
HOW DO I KEEP MY COMPUTER SAFE?
How to keep the bad guys out and your data safe
Designing IIS Security (IIS – Internet Information Service)
Introduction-Cyber Safety
Presentation transcript:

Security Threats in the Information Age MBAA 609 R. Nakatsu

Case Study: Mat Honan gets attacked “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID was broken into, and hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.” Read the complete Wired article here.here. This is an example of social engineering.

Two-Factor Authentication When using cloud-based services, use two-factor authentication whenever possible. Three Factors are: What you know (e.g., password) What you own (e.g., cellphone) Who you are (e.g., biometric authentication) See Google two-factor authentication example.Google two-factor authentication

Security Threats On The Internet Denial of Service (DoS) Attacks : A web server is overwhelmed with requests for data in order to cripple the network. –What is a distributed denial of service (DDoS) attack? Intrusions : Human hackers gain access to an organization’s internal IT systems. –How do they occur? Malware (e.g., viruses, worms, Trojans): Malicious software programs that spread rapidly through computer systems, sometimes destroying or modifying data. –How does a computer become infected with malware?

Specific Threats: Know the Terminology Phishing: fraud where the perpetrator sends out legitimate-looking s to collect information about you, or download malware. Example: Cryptolocker (an example of ransomware). Spyware: Program that hides on your system with the intent of collecting marketing information about you and your surfing habits, and/or displaying pop up ads on your screen (e.g., keyloggers capture and record your keystrokes). Drive-by Downloads: A program that is automatically downloaded to your computer—no action on your part is necessary!

A Multi-Pronged Approach to Securing Networks Gateway security devices: these devices (e.g., firewalls and routers) protect the “front” door to the Internet, by comparing every bit of information going in and out of your network with a database of signatures. Most organizations place a firewall at the Internet entry point of their networks. Desktop security: install anti-virus/anti-malware on each computer. Data encryption: encrypt sensitive data (1) before it is sent over the Internet, (2) when it is stored on a computer, (3) when backing up data on a server.

Gateway Security Router Intranet Server Host System Intranet Server The Internet Fire wall Router Extranet

The Need for Data Encryption Every packet of data sent over the Internet traverses many public networks At any step of the way, many people could have access to those packets. The Internet can be used for transmitting highly confidential information such as credit card data or proprietary corporate data.

Data Encryption: The Basics Encryption is the process of encoding (or “scrambling”) information so that only authorized parties can read it. Plaintext: the “readable”, unencrypted message Encryption key: specifies how the message is encrypted Ciphertext: the “unreadable”, encrypted message. Public-key encryption: the encryption key is public for anyone to use and encrypt messages. The decryption key is private— only the receiving party can decrypt, or unscramble messages.

Encryption Examples You can easily encrypt Micosoft Word, Excel, and Access files. Encryption is built into Windows (Bitlocker) and OS X (FileVault) Turn on WPA2, a protocol used to secure WiFi networks SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security): a protocol for encrypting information sent over the Internet. Use a VPN (Virtual private network), a technology which creates a secure, encrypted tunnel across the Internet. See next slides. Encrypt your s (PGP and OpenPGP): enables point- to-point encryption.

VPN (Virtual Private Network)

Benefits of VPNs Secures your internet connection: snoopers cannot read your s and communications. Restores your freedom: allows you to circumvent regional restrictions (i.e., geoblocking) Allows secure remote access to company resources—e.g., files, applications, printers, etc.

The Need for Digital Certificates Masquerading or spoofing means pretending to be someone you are not, or representing a Web site as an original when it is fake. A digital certificate provides identifying information of a company or individual, and is verified by an official, trusted agency known as a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant’s public key and a variety of other information. Digital certificates are an important part of TLS/SSL (described earlier on the encryption slide).

Other IT Solutions Have a backup strategy Practice good digital hygiene Transaction log: a log of all changes applied to a database in chronological order Creation of a DMZ (de-militarized zone): place a proxy server in this zone.

Have a Back Up Strategy! Disk drives fail: don’t be surprised if this happens to you! Strategy: Have at least three copies of your data, on at least two separate media storage devices, at least one copy offsite. –Cloud-based services like Carbonite, and Dropbox offer affordable and convenient offsite, “cloud” storage. Create a disk image (e.g., timemachine on the Mac, superduper, drivesnapshot.de, among other programs)

Digital hygiene means practicing safe behaviors on the Internet Don’t open attachments from strangers; be careful even if it’s from someone you know. Update your OS regularly. Don’t click links in . That link could lead you to a phishing site, or the link may lead you to install malicious software. Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites. Use a firewall. The best firewall is a hardware router. Run as a limited user; do not run as an administrator. Here’s an article on how to require a password as an administrator. Here’s an article

Transaction Log Transaction records contain: Transaction identifier Time of transaction Type of transaction (e.g., read, insert, update, delete, abort) Identifier of data item affected Before-image of the data item After-image of the data item From the transaction log, you can re-create a database up to a given point in time.

Network Diagram of a DMZ DMZ: the area between the two firewalls—neither a part of the internal network nor the public Internet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.