P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Slides:



Advertisements
Similar presentations
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Advertisements

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Protecting Your Identity: What to Know, What to Do.
1 Identity Theft and Phishing: What You Need to Know.
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Appendix B: Designing Policies for Managing Networks.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Policies and Standards
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,
Internet Safety and Kids Ms. Lee’s Classroom Computers are NOT bad Computers can be used to help kids learn and play. They can be used safely, if parents.
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Program Objective Security Basics
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
The Role of People in Security
Security+ All-In-One Edition Chapter 2 – Organizational Security Brian E. Brzezicki.
Chapter 4.  Can technology alone provide the best security for your organization?
Wireless Security: Protect yourself when you’re mobile.
SECURITY ENGINEERING 2 April 2013 William W. McMillan.
Security Introduction. Security is a system It is important to realize that security is a system of individual measures, each of which is not fully effective.
DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.
Information Systems Security Operations Security Domain #9.
Physical Site Security.  Personnel  Hardware  Programs  Networks  Data  Protection from:  Fire  Natural disasters  Burglary / Theft  Vandalism.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
What You Need to Know About Your Personal Information.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
KTAC Security Task Force Superintendents Update April 23, 2015.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Lesson 4-General Security Concepts. The Role of People in Security  This presentation discusses: – The human element and the role that people play in.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.
Jeff loses his identity! Lesson 5: Identity Theft.
10 things you can do today to reduce your security risk.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Network Management Unit 4 Course Name – IT Network Management Instructor – Jan McDanolds, MS,
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Module 5: Designing Physical Security for Network Resources
Identity Theft It’s a crime!
Why is this called “the ostrich effect”?
CompTIA Security+ Study Guide (SY0-401)
Risk management.
Security and Compliance with Security Standards/ Boss's Day
Protecting Your Identity:
Internet Safety & Acceptable Use Standards
Information Security 101 Richard Davis, Rob Laltrello.
CompTIA Security+ Study Guide (SY0-401)
Cybersecurity Awareness
CompTIA Security+ Study Guide (SY0-501)
Social Engineering No class today! Dr. X.
Understand mechanisms to control organisational IT security
Lesson 2: Epic Security Considerations
Objectives Telecommunications and Network Physical and Personnel
“There is a sucker born every minute”
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
6. Application Software Security
Presentation transcript:

P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01

Matt Lavoie NST C HAPTER 3: O PERATIONAL AND O RGANIZATIONAL S ECURITY

Security in Your Organization  Policy: A broad statement of accomplishment  Procedure: The step-by-step method to implement a policy  Standards: Mandatory elements of implementing a policy  Guidelines: Recommendations related to a policy

Security in Your Organization  Policy Lifecycle:  Plan  Implement  Monitor  Evaluate  Establish a security perimeter

Physical Security  Mechanisms to restrict physical access to computers and networks  Locks (combination/biometric/keyed)  Video surveillance, logs, guards  A room has six sides  Physical barriers (gates/walls, man-traps, open space)

Environmental Issues  HVAC Systems: Climate control  UPS/Generators: Power failure  Fire Protection: Detect/suppress  Off-Site Backups: Bad stuff happens

Other Issues  Wireless  Wi-Fi / Cellular / Bluetooth  Electromagnetic Eavesdropping  TEMPEST  Location  Bury the sensitive stuff

Matt Lavoie NST C HAPTER 4: T HE R OLE OF P EOPLE IN S ECURITY

Social Engineering  Making people talk  Questions, emotions, weaknesses  Obtaining insider info (or having it)  Knowledge of security procedures  Phishing  Impersonation

Social Engineering  Vishing  Trust in voice technology (VoIP, POTS)  Shoulder surfing  Observation for passcodes, PINs, etc  Reverse social engineering  Victim initiates contact

Poor Security Practices  Password selection  Too short  Not complicated  Easy to guess  Information on a person  Password policies  Can encourage bad behavior

Poor Security Practices  Same password, multiple accounts  One compromises all  Piggybacking  Controlled access points  Dumpster Diving  Sensitive information discarded

Poor Security Practices  Installing software/hardware  Backdoors/rogue access points  Physical access by non-employees  Control who gets in  Pizza and flowers  Legitimate access, nefarious intentions

People as a Security Tool  Security Awareness  Training/refreshers  Be alert  Don’t stick your head in the sand  Individual User Responsibilities  Keep secure material secure

In a properly secured environment, people are the weakest link A system with physical access is a compromised system What Have We Learned?

Questions and Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.