Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

Slides:



Advertisements
Similar presentations
Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.
Advertisements

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
1 Protecting Your Computer Internet Annoyances (Already done in Chapter 3) Spam Pop-ups Identity theft phishing hoaxes Spyware.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Networks IGCSE ICT Section 4.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.
New Data Regulation Law 201 CMR TJX Video.
Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Securing Information Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
BUSINESS B1 Information Security.
© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Security at NCAR David Mitchell February 20th, 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
An Analysis of 3G Phone Security Emily Maples & Evan Nakano CMPE 209.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Intro to Firewalls. A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing.
Module 11: Designing Security for Network Perimeters.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
13LECTURE NET301 11/23/2015Lect13 NET THE PROBLEM OF NETWORK SECURITY The Internet allows an attacker to attack from anywhere in the world from.
Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
INTERNET & ONLINE COMMUNITY Week 14. RECAP Remember “Analysing the Social Web”? Why would we want to do that? Propagation – what is it and how.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
MIS323 – Business Telecommunications Chapter 10 Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Security, Ethics and the Law. Vocabulary Terms Copyright laws -software cannot be copied or sold without the software company’s permission. Copyright.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Onsite CRM Security
Do you know who your employees are sharing their credentials with
Network Attacks Dylan Small.
Networking for Home and Small Businesses – Chapter 8
Security week 1 Introductions Class website Syllabus review
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information Security A Practical Introduction

What does “Security” mean? ?

What is Information Security About?

Viruses InfoSec is about… Viruses

Hackers InfoSec is about… Hackers

Vandalism InfoSec is about… Vandalism

Backups InfoSec is about… Backups

Theft InfoSec is about… Theft

InfoSec is about… Computer “Uptime”

Phones InfoSec is about… Phones

Information InfoSec is… about Information

Outcome Information Security as an Outcome are "Our systems are secure from hackers“ have "We have blocked 17,342 viruses to date“ “Our systems are all online“ cannot “Insiders cannot steal our information” “We have backups” “We are Secure”

Process Information Security as a Process improve “We want to improve security“ more "We need to protect against more threats" reduce "We want to reduce risk" increase "We want to increase customer confidence" decrease "We want to decrease the number of compromises" “We want to be more Secure”

Risk Management InfoSec is… Risk Management Identify Analyze Measure Plan Implement

What is at Risk? ConfidentialityIntegrityAvailability

Defence in Depth Defence in Depth lowers Risk Firewalls do not make you secure Anti-virus Anti-virus does not make you secure Policies Policies do not make you secure VPNs VPNs do not make you secure Guards do not make you secure Passwords Passwords do not make you secure MORE Together they all make you MORE secure

Threat: Denial of Service

Counter: Firewalls and Switches

excessive bandwidth An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidth usage. ? Threat: Unintentional DoS

French Puppet Videos! French Puppet Videos The server was distributing 20 GB of French Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them!

Change Management Counter: Change Management

Counter: Monitoring

Threat: SQL Injection Attack

Counter: Vulnerability Scanning

Counter: Developer Training

Counter: Web Application Firewall

Threat: The Man-in-the-Middle The Pineapple YOUR 1.Pretends to be YOUR home wifi network. 2.Records 2.Records what you do on the Internet.

Counter: 2 Factor Authentication YUBIKEYSecurID Google 2FA

Threat: Insiders

Counter: DLP and DPI Deep Packet Inspection (DPI): Firewalls inspect every packet on the network and rebuild the entire message. Data Loss Prevention (DLP): Uses DPI and pattern matching to look for suspicious content being sent FROM your network.

Threat: Malvertisements

rainspours Why D.I.D? It never rains… it pours 1.The OS Vendor stopped providing patches 2.The server was hacked 3.A hard disk failed 4.A cooling fan died & it crashes every 2hr 5.The software vendor wanted more money 6.Hardware support had not been paid for

Final Threat: The A.P.T. Advanced Persistent Threat

InfoSec is… Everyone’s Responsibility ConfidentialityIntegrityAvailability

Questions? Slides:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.