Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.

Published byMicheal Twiss Modified over 10 years ago

Similar presentations

Presentation on theme: "IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager."— Presentation transcript:

1 IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager

2 Introduction Ian McLachlan (IT Manager) Responsible for the IT infrastructure within Avogel (UK) and it’s sister companies Background:Support & Maintenance, Networking, Project Management, Security & Pen-Testing, PCI Compliance Email: ian@bioforce.co.uk Tel: 01294 204704 Mob: 07813653519

3 Index  Hacking, Cracking, Penetration Testing… What is it?  “Who” and “What” are the threats?  Common Attacks and Attack Surfaces  Myths and Liabilities  Facts  Protecting you and your business  Q&A / Discussion

4 Hacking, Cracking, Pen-Testing… What is it? Hacking, Pen-Testing, Cracking… : Trying to gain access to data, systems or equipment that have been configured to restrict access from unauthorised sources WhiteHats, BlackHats, GreyHats IT Security : “Is a branch of computer technology in relation to computers and networks. The objective of IT security includes the protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. “ System Admin’s or IT Security Personnel

5 “Who” and “What” are the threats? BlackHats (and to a lesser extent GH)  “The Opportunist” ( target : Anyone) Mot: See what turns up. No defined plan or agenda Threat/Obj : Anything and everything  The “Mark” ( target : You/Business) Mot: Firm objective (personal/business), planned, determined Threat/Obj : Data, Money, Personal Info … etc  “The H…activist” ( target : Business/Gov’t) Mot: Agenda, Planned, Well Organised, Web Defacement Threat /Obj : Reputation

6 Common Attacks  “The Opportunist” Attack MO’s: Phishing Emails Crypting – Bots, Rats, Keylogger, Viruses (distribution : P2P, IRC’s) Scripts, Brute Force, War Driving Malware(?)  “The H…activist” Attack MO’s: Web Site Defacement - Vulnerable Sites (source, SQL Inj)  The “Mark” Attack MO’s: Foot-printing Numeration DDOS, Wifi, MitM, BF, Vun S., LHF, Skip Diving **** Social Engineering **** really K.S.

7 Common Attacks Surfaces  Users (Weakest – Social Engineering)  Email (Spoofing etc..)  Web Sites (Defacing, DDOS)  Firewalls (BF, Scanning)  Switches/Hubs/Routers (Telnet, SNMP)  Network Services (DNS, VPN etc…)  Applications (Web Apps)  Topology (wifi, sniffing)  Servers/Computers (inc Home)  Production/Safety System (eg fire doors etc.) ** H&S Risk Assessment  Other Hardware (SNMP)

8 Myths / Liabilities IT System can be made 100% Secure Up-to-date Virus software will stop any attacks ALL Financial transactions are insured from fraud ** Personal (CC, Bank) - Is Chip and Pin Secure? **Business (PCI DSS)

9 Facts Over two thirds of UK companies have experienced some sort of computer virus 2010 In a survey of 167 participants Over a 1 month survey period (2hr per day) found: 95% of participants probed On average 56 hacking attempts per day 68% of hacking attempts used the Backdoor SubSeven Trojan These were home users One in three companies web sites have had hacking attempts 2009

10 Protecting YOU and Your Business  IDS and Honey-pots  Identify, Map, Log and Monitor the Risks  Software Patches and Virus Updates  Correctly configured Firewalls and Software  Managed IT policies and systems (ISO) ** DON’T - Hide in the long grass **  Encryption  Be vigilant around anything, that by its nature, is protected from unauthorised access

11 Q&A Thank You !

Download ppt "IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager."

Similar presentations

POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google