Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Threats in the Information Age

Published byBrandon Sparks Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Threats in the Information Age"— Presentation transcript:

1 Security Threats in the Information Age
MBAA 6090 R. Nakatsu

2 Case Study: Mat Honan gets attacked
“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID was broken into, and hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.” Read the complete Wired article here. This is an example of social engineering.

3 Two-Factor Authentication
When using cloud-based services, use two-factor authentication whenever possible. Three Factors are: What you know (e.g., password) What you own (e.g., cellphone) Who you are (e.g., biometric authentication) See Google two-factor authentication example.

4 Security Threats On The Internet
Denial of Service (DoS) Attacks: A web server is overwhelmed with requests for data in order to cripple the network. What is a distributed denial of service (DDoS) attack? Intrusions: Human hackers gain access to an organization’s internal IT systems. How do they occur? Malware (e.g., viruses, worms, Trojans): Malicious software programs that spread rapidly through computer systems, sometimes destroying or modifying data. How does a computer become infected with malware?

5 Specific Threats: Know the Terminology
Phishing: fraud where the perpetrator sends out legitimate-looking s to collect information about you, or download malware. Example: Cryptolocker (an example of ransomware). News story: LA Hospital pays $17,000 ransom. Spyware: Program that hides on your system with the intent of collecting marketing information about you and your surfing habits, and/or displaying pop up ads on your screen (e.g., keyloggers capture and record your keystrokes). Drive-by Downloads: A program that is automatically downloaded to your computer—no action on your part is necessary!

6 A Multi-Pronged Approach to Securing Networks
Gateway security devices: these devices (e.g., firewalls and routers) protect the “front” door to the Internet, by comparing every bit of information going in and out of your network with a database of signatures. Most organizations place a firewall at the Internet entry point of their networks. Desktop security: install anti-virus/anti-malware on each computer. Note: Windows 8 and Windows 10 has anti-malware software automatically installed. Data encryption: encrypt sensitive data (1) before it is sent over the Internet, (2) when it is stored on a computer, (3) when backing up data on a server.

7 Gateway Security Router Intranet Server Host System The Internet
Fire wall Extranet

8 The Need for Data Encryption
Every packet of data sent over the Internet traverses many public networks At any step of the way, many people could have access to those packets. The Internet can be used for transmitting highly confidential information such as credit card data or proprietary corporate data. End-to-End Encryption means that a transmission is encrypted from beginning to end. No eavesdropper can intercept the message and read it.

9 Data Encryption: The Basics
Encryption is the process of encoding (or “scrambling”) information so that only authorized parties can read it. Plaintext: the “readable”, unencrypted message Encryption key: specifies how the message is encrypted Ciphertext: the “unreadable”, encrypted message. Public-key encryption: the encryption key is public for anyone to use and encrypt messages. The decryption key is private—only the receiving party can decrypt, or unscramble messages.

10 WhatsApp Example My smartphone WhatsApp Server Private key Public key
The message is encrypted by the WhatsApp public key and sent to me over the Internet Private key Public key Once the message reaches me the only way to decrypt it is through my private key. If law enforcement goes to WhatsApp they can’t read the message because they don’t have the private key.

11 Encryption Examples You can easily encrypt Microsoft Word, Excel, and Access files. Encryption is built into Windows (Bitlocker) and OS X (FileVault) Turn on WPA2, a protocol used to secure WiFi networks SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security): a protocol for encrypting information sent over the Internet. Encrypt your s (GPG also GnuPG): enables end-to-end encryption. Use a VPN (Virtual private network), a technology which creates a secure, encrypted tunnel across the Internet. See next slides.

12 VPN (Virtual Private Network)
A VPN creates a secure encrypted tunnel across the Internet. Internet traffic, including your IP address, is hidden from others to see.

13 Benefits of VPNs Secures your internet connection: snoopers cannot read your s and communications. Restores your freedom: allows you to circumvent regional restrictions (i.e., geoblocking) Allows secure remote access to company resources—e.g., files, applications, printers, etc. For more information on VPNs, click here.

14 Other IT Solutions Individual/Personal Solutions:
Have a backup strategy Practice good digital hygiene Business Solutions: Transaction log: a log of all changes applied to a database in chronological order Creation of a DMZ (de-militarized zone): place a proxy server in this zone.

15 Have a Back Up Strategy! Disk drives fail: don’t be surprised if this happens to you! 3-2-1 Strategy: Have at least three copies of your data, on at least two separate media storage devices, at least one copy offsite. Cloud-based services like Carbonite, and Dropbox offer affordable and convenient offsite, “cloud” storage. Create a disk image (e.g., timemachine on the Mac, superduper, drivesnapshot.de, among other programs) Synchronization programs, like FreeFileSync, are very useful to keep your backups up-to-date. See New York Times article for backup suggestions.

16 Digital hygiene means practicing safe behaviors on the Internet
Don’t open attachments from strangers; be careful even if it’s from someone you know. Update your OS regularly. Don’t click links in . That link could lead you to a phishing site, or the link may lead you to install malicious software. Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites. Use a firewall. The best firewall is a hardware router. Run as a limited user; do not run as an administrator. Here’s an article on how to require a password as an administrator.

17 Transaction Log Transaction records contain: Transaction identifier
Time of transaction Type of transaction (e.g., read, insert, update, delete, abort) Identifier of data item affected Before-image of the data item After-image of the data item From the transaction log, you can re-create a database up to a given point in time.

18 Network Diagram of a DMZ
DMZ: the area between the two firewalls—neither a part of the internal network nor the public Internet.

Download ppt "Security Threats in the Information Age"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Security Threats in the Information Age MBAA 609 R. Nakatsu.

Security Threats in the Information Age MBAA 609 R. Nakatsu.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Unit 19 INTERNET SECURITY

Unit 19 INTERNET SECURITY
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  E-mail Virus  Trojan Horse  Phishing 

Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Similar presentations

Ads by Google