December 10, 2002 Bob Cowles, Computer Security Officer

Slides:



Advertisements
Similar presentations
Online Course Privacy Contacting Patients and Verification START Click to begin…
Advertisements

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Art of Social Hacking
Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.
1 An Overview of Computer Security computer security.
How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.
Using Digital Credentials On The World-Wide Web M. Winslett.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
SEC835 Database and Web application security Information Security Architecture.
Cory Bowers Harold Gray Brian Schneider Data Security.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA PRIVACY AND SECURITY AWARENESS.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 4.  Can technology alone provide the best security for your organization?
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
1 People By Jamie Sims February 13, Outline Trusting other computers Trusting other computers Firewall Vulnerabilities Firewall Vulnerabilities.
CIS Computer Security Kasturi Pore Ravi Vyas.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
Network Security – Special Topic on Skype Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
RD Apply – Obtaining a Level 2 eAuth Account - October 2015 Appendix A 1.
Biometric for Network Security. Finger Biometrics.
Computer Security By Duncan Hall.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Developing a Network Security Policy By: Chris Catalano.
ISMS Information Security Management System
Social Engineering Brock’s Cyber Security Awareness Committee
Social Engineering Charniece Craven COSC 316.
Phishing is a form of social engineering that attempts to steal sensitive information.
To Join the Teleconference
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Social Engineering Brock’s Cyber Security Awareness Committee
2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
CS 465 Social Engineering Last Updated: Dec 14, 2017.
What is Phishing? Pronounced “Fishing”
Session 1 – Introduction to Information Security
Presentation transcript:

December 10, 2002 Bob Cowles, Computer Security Officer

December 10, 2002Security Awareness2

December 10, 2002Security Awareness3 Tarsier Native of East Indies jungles, eating insects, active only at night, 6 in. tall, loners Used at SLAC –Very curious and attracted by any movement in the beamline tunnel or klystron gallery –The radiation when the accelerator is running has allowed them grow a little larger which explains why the one in the pictured above is carrying a section of spare beampipe particularly useful in dealing with those unbadged creepy, crawly things. ;-)

December 10, 2002Security Awareness4 Social Engineering The Art of Deception by Kevin Mitnick “Social Engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not. As a result, the social engineer is able take advantage of people to obtain information with or without the use of technology.”

December 10, 2002Security Awareness5 Is Technology the Answer? “When trusted employees are deceived, influenced, or manipulated into revealing sensitive information or creating a hole for an attacker to slip through, no technology in the world can protect a business.” TAD p7 Humans – we, each of us – are the most severe threat to each other’s security. p8

December 10, 2002Security Awareness6 Ex. 1 Let Me Help Plant expectation of problem and offer help Create problem Help solve problem – attacker now has –credibility –created an obligation Ask for a favor p55

December 10, 2002Security Awareness7 Ex. 2 Target: Inexperienced New employees are prime targets Trying to please and fit in Not familiar with policies Not familiar with lines of authority p61

December 10, 2002Security Awareness8 Ex. 3 Needing Help Large or distributed companies are very susceptible Help a co-worker in distress Knowing the right lingo or a few names is usually sufficient to provide credibility p77

December 10, 2002Security Awareness9 Ex. 4 High Tech Security Secure ID card required for access Not a problem for social engineer – get someone to read you the display from theirs And get his manager to authorize doing it And have him set up a temporary account behind the firewall for the attacker to use p85

December 10, 2002Security Awareness10 Kevin Mitnick’s s Advice Golden Questions –How do I know this person is who he says he is? –How do I know this person has the authority to make this request? Golden Rules –No implicit trust of anyone without verification –Challenging requests is encouraged

December 10, 2002Security Awareness11 Policies Information classification Identification Verification –Role –Authorization Incident reporting and handling

December 10, 2002Security Awareness12 Policies – Classification Confidential – release would harm the organization Private – release would harm individuals Internal – release allows masquerade as insider Public – specifically designated for release First three categories termed “sensitive” Unverified – someone not known to have authorization or vouched for by trusted 3 rd party (Not government accepted usage of these terms)

December 10, 2002Security Awareness13 Policies – Verification Identify the person is who they claim to be Verify the role (employee, contractor with need-to-know, etc.) Determine that role is authorized to receive the information or perform the requested action

December 10, 2002Security Awareness14 Policies – Identity Checking CallerID Callback Vouching Shared Secret Emp Supervisor/Manager Secure Personal voice recognition Dynamic password In person with ID

December 10, 2002Security Awareness15 Information Security Summary Clear policies w/ compliance & enforcement Data classification Good, appropriate identification, authentication and authorization controls Your active involvement

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.