Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Securing IS.

Published byCori Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Securing IS."— Presentation transcript:

1 Security Securing IS

2 SECURITY: Deter Detect Minimize Investigate Recover

3 Security Risks Internal External

4 Threats Disaster and breakdowns Access and disclosure
Alteration or destruction Improper use

5 RISK ASSESSMENT P1 Probability of attack P2 Probability of success
L Cost of Loss Expected Loss = P1 * P2 * L Minimize Threat Categories

6 Security Policy Security is always a cost to efficiency. It must be promoted to be effective. From the top Before installing hardware Politically charged

7 Writing a Security Policy
Assess the types of risks Identify vulnerabilities Analyze user needs Write the policy Develop change procedures Plan implementation Implement

8 Elements of Risk Asset Threat Access

9 Administrative Controls: Limit the Threat
Standards, rules, procedures and discipline to assure that personnel abide by established policies. Includes segregation of functions.

10 Administrative Controls
Security organization Audits Risk assessment Administrative standards and procedures

11 Protecting the Assets Resource management Disaster recovery
System segregation

12 Resource Management Backup planning Job scheduling Redundant design
Selective decoupling

13 Disaster Management Redundancy and fault tolerant systems
Backups and off site storage Hot and cold sites Planning and procedures

14 Elements of Risk Asset Threat Access

15 Vulnerabilities Servers Networks Clients and modems Viruses
Securing operating systems and applications Networks Access protection from snooping, attacks, spoofing Clients and modems User verification for PCAnywhere etc. Viruses

16 Operating Systems UNIX Novell Netware Windows and Windows NT

17 Secure Operating Systems
U.S. Government Certification A1, B1, B2, B3, C1, C2 (most commercial systems), D Ease of use CERT (Computer Emergency Response Team)

18 Top 12 SecurityRisks 1. Hosts run unnecessary services
3. Information leakage through network service programs 4. Misuse of trusted access 5. Misconfigured firewall access lists 7. Misconfigured web servers 10.Inadequate logging, monitoring or detecting Infoworld, Feb, 8, 1999. Survey of 5 top network security assessment services to provide a list of the 12 problems found most frequently on clients networks.

19 Top 12 Security Risks 2. Unpatched, outdated or default configured software 6. Weak Passwords 8.Improperly exported file sharing services 9. Misconfigured or unpatched Windows NT servers 11.Unsecured remote access 12.Lack of comprehensive policies and standards Infoworld, Feb, 8, 1999. Survey of 5 top network security assessment services to provide a list of the 12 problems found most frequently on clients networks.

20 Tools Firewalls Network partitioning and routers Encryption
Testing tools Consultants

21 Firewall functions Packet Filter: Blocks traffic based on IP address and/or port numbers. Proxy Server: Serves as a relay between two networks, breaking the connection between the two. Network Address Translation (NAT): Hides the IP addresses of client stations in an internal network by presenting one IP address to the outside world. Stateful Inspection: Tracks the transaction in order to verify that the destination of an inbound packet matches the source of a previous outbound request. Generally can examine multiple layers of the protocol stack.

22 Firewall Operation quick study, firewall (10/19/98)

23 Firewall Operation 1. A router sits between two networks
2. A programmer writes an access control list, which contains IP addresses that can be allowed onto the network. 3. A message gets sent to the router. It checks the address against the access control list. If address the is on the list, it can go through. 4. If the address isn't on the list, the message is denied access to the network. quick study, firewall (10/19/98)

24 Encryption Keys and key length Public key/private key
Processing problems Location Application Network Firewall Link

25 Encryption Techniques

26 How Public Encryption Works
1. Sue wants to send a message to Sam, so she finds his public key in a directory. 2. Sue uses the public key to encrypt the message and send it to Sam. 3. When the encrypted message arrives, Sam uses his private key to decrypt the data and read Sue's message.

27 Encryption at the Firewall

28 Authentication Passwords “Credit” cards Biometrics Isolation
Remote location verification

29 Biometrics: how it works
Users "enroll" by having their fingerprints, irises, faces, signatures or voice prints scanned. Key features are extracted and converted to unique templates, which are stored as encrypted numerical data. Corresponding features presented by a would-be user are compared to the templates in the database. Matches will rarely be perfect, and the owners of the system can vary a sensitivity threshhold so as to minimize either the rate of false rejections, which annoy users, or false acceptances, which jeopardize security. This offers far more flexibility than the binary "Yes" or "No" answers given by password technologies.

30 Common biometric techniques and how they rate
International Biometric Group, New York as reported in Computerworld, Quick Study: Biometrics, 10/12/98

31 Lessons learned about properly securing your company.
Security: The expense that keeps on costing, By Erik Sherman, June 2000 Lessons learned about properly securing your company. Train employees to act in secure ways Use security professionals to perform an audit Provide the necessary resources Physically secure servers Use the appropriate degree of security

32 Security

Download ppt "Security Securing IS."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Department Of Computer Engineering

Department Of Computer Engineering
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Similar presentations

Ads by Google