Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.

Slides:



Advertisements
Similar presentations
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Advertisements

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Security+ Guide to Network Security Fundamentals
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Module 8: Implementing Administrative Templates and Audit Policy.
IT:Network:Microsoft Applications
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
RJB Technical Consulting Microsoft Office SharePoint Server 2007 Governance Russ Basiura RJB Technical Consulting.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Troubleshooting Windows Vista Security Chapter 4.
Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.
Module 14: Configuring Server Security Compliance
Chapter 6 of the Executive Guide manual Technology.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Database Security and Data Protection Suseel Pachalla, CISSP.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Database Role Activity. DB Role and Privileges Worksheet.
Chapter 2 Securing Network Server and User Workstations.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 7: Implementing Security Using Group Policy.
Session 8 Windows Platform Dina Alkhoudari. Learning Objectives Read Only Domain Controller Active Directory Certificate Service Group Policy.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Module 10: Implementing Administrative Templates and Audit Policy.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)
Module 8 Implementing Security Using Group Policy.
Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Customer Guide to Limited-Time Offer
Compliance with hardening standards
Common Security Mistakes
Lesson 16-Windows NT Security Issues
Information Security Awareness
Cybersecurity Threat Assessment
Agenda The current Windows XP and Windows XP Desktop situation
6. Application Software Security
Security in the Real World – Plenary Day One
Presentation transcript:

Importance of Physical Security

Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative practices 5.Over-privileged Users 6.Patch Management 7.Unsecured Servers/Services 8.Mis-configured Edge Devices 9.Poor Auditing/Logging Practices 10.Poor Data Access Control

Computer Left in Hibernation/Sleep Computer Left Alone And Unlocked Computer Left Logged On and Desktop Unlocked Discover Local/ Domain Password Insider Can Read Encrypted Data Key Discovery through Offline Attack Offline Attacks Against the Operating System Online Attacks Against the Operating System Plaintext Data Found on Computer Plaintext Data Leaks through Hibernation File Platform Attacks Plaintext Data Leaks through System Paging File Required Authentication Factor Left with Computer User Error

Confidentiality Accountability Integrity Traceability of Actions Performed Assurance of Data Privacy Assurance of Data Non-alteration

Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

Human error, not systems weakness, is the leading cause of serious security incidents. - CompTIA: Committing to Security Benchmark Study

Squeal like a pig! Passphrase > Password Nikon Coolpix s50c My first car was a 72 Civic!

Delivering a consistent message about the importance of information security Convincing users to develop and maintain safer computer usage habits Motivating users to take a personal interest in information security Developing materials that deliver a clear message about security topics Giving end user security awareness a higher priority within organizations security

Configuring User Account Control Policies

Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs People

Secure architecture Security aware features Reduce vulnerabilities in the code Reduce attack surface area Unused features off by default Require only minimum privilege Protect, defend, recover, manage Process: How to’s, architecture guides People: Training SD 3 Secure by Design Secure by Default Secure in Deployment

Windows Server 2003 Services and features off by default Local connections only SAC to enable services / features Upgrade preserves settings Other services / features disabled SAC to enable services / features SQL Server 2005 Windows Server 2003 SQL Server 2000

Provides effective administration GPO Accelerator tool – scripted Extend AD Schema Domain Root Department OU Domain Controllers Windows Vista Computers OU Desktop OU Windows Vista Users OU Laptop OU

Secure Vista Desktops with GPO Accelerator

Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

A security policy is the most critical part of you security infrastructure!

Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls Risk Level Impact to Business Probability of Attack Connected Productive Increase Business Value Connect with customers Integrate with partners Empower employees ROI

Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

Daily Bi-Weekly Monthly 2. T echNet Flash Newsletter microsoft.ca/technet/tnflash/default.aspx 3. T echNet Security Newsletter microsoft.ca/technet/securitynewsletter 1. IT Pro Blogs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.