Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting.

Slides:



Advertisements
Similar presentations
Secure and Web Browsing Sébastien Dellabella – Computer Security Team.
Advertisements

How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)
3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
System and Network Security Practices COEN 351 E-Commerce Security.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Controls for Information Security
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Incident Response Updated 03/20/2015
Website Hardening HUIT IT Security | Sep
Manjit kaur Manjit Kaur1. Why do we need to protect our computer from a virus? A reason why we need to protect our computer from a virus is because it.
General Awareness Training
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Defense-in-Depth What Is It?
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
1. Self Awareness You should only access your accounts and private informations from a safe location (only at home as necessary if at all possible) where.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Manjit kaur Manjit Kaur1. Why do we need to protect our computer from a virus? A reason why we need to protect our computer from a virus is because it.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Sebastian Lopienski CERN Computer Security Team Securing your servers and code (and how we can help you)
Use of CERN’s Computing Facilities Why is security important? What are the rules? HR Induction Programme.
Operational Circular No 5 Use of CERN Computing Facilities.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Security and Web Programming/Design. cell phones bio-facilities Sodas, junk food, and coffee Welcome to the No Smoking State.
NetTech Solutions Protecting the Computer Lesson 10.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN Computer Security Officer) with slides from B. Copy (CERN),
Role Of Network IDS in Network Perimeter Defense.
3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop,
Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan)
CERN Computing and Network Infrastructure for Controls (CNIC) Status Report on the Implementation Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop,
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
Computer Security Sample security policy Dr Alexei Vernitski.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Cyber Security Awareness Academic Freedom vs. Operations vs. Security CERN Computer Security Team (2010) S. Lopienski, S. Lüders, R. Mollon, R. Wartel.
Dr. Stefan Lüders CERN Computer Security Officer Sign into CERN: CERN IT Services for You!
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Critical Security Controls
Common Methods Used to Commit Computer Crimes
Secure Software Confidentiality Integrity Data Security Authentication
Cyber Security Awareness
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Robert Leonard Information Security Manager Hamilton
12 STEPS TO A GDPR AWARE NETWORK
Information Security Awareness
Cybersecurity Am I concerned?
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
6. Application Software Security
IP Addresses & Ports IP Addresses – identify a device on a network
WTF… About the unsecurity of IoT
Presentation transcript:

Cyber Security Awareness Why people are of N o 1 importance… CERN Computer Security Team (2009) L. Cons, S. Lopienski, S. Lüders, D. Myers “Protecting Office Computing, Computing Services, GRID & Controls”

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 2 About Security Security is not a synonym for safety. Security is a system property (not a feature). Security is a permanent process (not a product). Security is difficult to achieve, and only to 100%-ε: ► Complexity of systems & code ► No metrics to measure “security” ► No testing methods, proving that a system is “secure” (“phase-space problem”) Security is as high as the weakest link: ► Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) ► Attacker chooses the time, place, method

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 3 “If your kid just got the driving-license, you might wish for a ‘small’ accident, so it is aware of the risks, and drives with care.” The Learning Curve Oops !!??? …a user listing… A defaced web- page…

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 4 Protect your Assets ! Control who can do/access what: ► Have your PC centrally/IT managed ( free patching, firewalling, anti-virus) ► DON’T use administrator rights except when really needed (the “rule of least privilege”) ► Control published information Everyone can upload whatever… Configuration well doc’d in Google…

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 5 Rule of Least Privilege (for Experts) Control who can do/access what: ► Restrict root, admin, sudo access to those who really need ► Run programs with least privileges ► Control published information ► Use local firewall and central syslogs ► Harden your system, remove services which are not needed Everyone can upload whatever… Configuration well doc’d in Google…

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 6 Coding Practices (for Experts) Security is part of software development cycle ► Keep code simple, split it up, make sure that each part works correctly ► Choose safe defaults, limit resource usage, fail gracefully & securely ► Test and review the code with respect to security ► Document, but control the accessibility Don’t trust input data !!! Input data is the single most common reason of security- related incidents.

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 7 Who owns the consequences ? Can you allow for: ► Loss of resources… ► Loss of data… ► Loss of functionality… ► Loss of control… ► Loss of reputation… This boils down to CHF €€ ££ $$ ¥¥ !! Are you prepared to take the full responsibility ? Are you in the hierarchical position to really take it ?

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 8 Hacked oscilloscope (running Win XP SP2) Security risks are everywhere !!! Lack of input validation & sanitization Confidential data on CVS, Wiki, Savannah… Free passwords on Google: What about you?

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 9 Be Vigilant & Stay Alert !!! addresses can easily be faked ! Stop “Phishing” attacks: No legitimate person will EVER ask for your credentials ! Do not trust your web browser !

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 10 Do not trust your web browser ! What links to ? %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default    The answers are not obvious even for IT professionals !

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 11 ► Do incident forensics ► Leave “ON”, dis- connect & don’t touch ► Recover… ► Analyze causes & apply lessons learned ► Have your PC centrally/IT managed ► Keep passwords secret & change them regularly ► Patch immediately ► Control access to all your assets ► Monitor traffic ► Maintain up-to-date anti-virus software ► Be vigilant & stay alert ► Deploy “Defense-in-Depth” ► Don’t log in as administrator ► Enable local firewall ► Be vigilant & stay alert YOU&US YOU Security is a permanent process Budget & Resources YOU Response PreventionProtection Detection

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 12 ► Monitor traffic ► Deploy intrusion detection (host-, network-based) ► Maintain up-to-date anti-virus software ► Enable & monitor syslogs ► Be vigilant & stay alert ► Do incident forensics ► Leave “ON”, dis- connect & don’t touch ► Recover… ► Analyze causes & apply lessons learned ► Patch immediately ► Keep passwords secret & change them regularly ► Apply proper coding & configuration practice ► Control access to all your assets ► Deploy “Defense-in-Depth” ► Segregate networks ► Tighten down firewalls ► Be vigilant & stay alert YOU&US YOU Security is a permanent process Budget & Resources YOU Response PreventionProtection Detection

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 13 The operational circular #5 defines the rules for the use of CERN computing facilities. Personal use is tolerated or allowed provided: ► Frequency and duration is limited and resources used are minimal ► Activity is not illegal, political, commercial, inappropriate, offensive, detrimental to official duties Restricted personal use: ► Applications known to cause security and/or network problems ► e.g. IRC, Tor, P2P (eDonkey, BitTorrent, …) ► see Respect confidentiality and copyrights ► Illegal or pirated data (software, music, video, etc.) is not permitted General Computing at CERN

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 14 Security is a system property and can be achieved to 100%-ε. YOU are responsible for securing your service(s) (i.e. ε): ► As user, developer, system expert or administrator ► As a project manager or line manager Therefore: ► Provide funding and resources ► Close vulnerabilities: prevent incidents from happening ► Check access rights and stick to the principle of least privileges ► Review your configuration & coding practices ► Be vigilant and stay alert ! The Computer Security Team can provide assistance. Summary

Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 — “Computer Security Awareness” — slide 15 More Information… CERN Computing Rules OC#5, subsidiary service rules & Computer Security information: Please report incidents to: Security contacts (Departments): Security contacts (Experiments): Pierre Charrue (BE), Vittorio Remondino (TE), Peter Jurcso (DSU), Flavio Costa (FP), Catharina Hoch (HR), David Myers (IT), Joel Closier (PH), Gustavo Segura (SC), Timo Hakulinen (GS) Peter Chochula (ALICE), Giuseppe Mornacchi (ATLAS), Eric Cano (CMS), Gerhart Mallot (COMPASS), Niko Neufeld (LHCb), Alberto Gianoli (NA62), Francesco Cafagna (TOTEM), Technical-Network Administrator (TN).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.