Presentation is loading. Please wait.

Presentation is loading. Please wait.

Irongeek.com Adrian Crenshaw Joseph Hollingsworth.

Published byJudith Shana Malone Modified over 9 years ago

Similar presentations

Presentation on theme: "Irongeek.com Adrian Crenshaw Joseph Hollingsworth."— Presentation transcript:

1 Irongeek.com Adrian Crenshaw Joseph Hollingsworth

2 Irongeek.com Joe  Professor at Indiana University Southeast  Computer Science & Informatics departments  Director of professional development for faculty Adrian  Runs Irongeek.com  Has an interest in InfoSec education  (ir)Regular on the ISDPodcast http://www.isdpodcast.com http://www.isdpodcast.com

3 Irongeek.com  Given only 25 minutes, tell us what a small business could do to help their security posture?  You can expect a lot of “buts” and “except fors” because that’s the nature of the business.

4 Irongeek.com The CIA Triad  Confidentiality  Who needs to know it?  Integrity  Has anyone changed it?  Availability  Can the people that need to access it, get to it? Confidentiality Integrity Availability Stuff that will ring your bell security wise

5 Irongeek.com  Not cool or sexy, but important  How often? Daily, Weekly, Monthly?  Offsite storage! Why?  Check to make sure you can restore from the backup  What to use? Tape, another box, cloud?  Not sure of a “cloud” provider to recommend, but check the provider’s:  Privacy Policy  Liability for lost data

6 Irongeek.com  Don't run as admin on your own machine  This somewhat mitigates what malware can do on a system  File shares with too open a permissions set?  Lots of Windows software is badly designed to require more rights than it needs  Tools to help with this include  ProcMon http://technet.microsoft.com/en-us/sysinternals/bb896645 http://technet.microsoft.com/en-us/sysinternals/bb896645  RegFrom App http://www.nirsoft.net/utils/reg_file_from_application.html http://www.nirsoft.net/utils/reg_file_from_application.html  ProcessActivityView http://www.nirsoft.net/utils/process_activity_view.html http://www.nirsoft.net/utils/process_activity_view.html

7 Irongeek.com  Always unique is best, but…  Levels and domains  Different passwords for different purposes (financial, social network, etc.)  Users sharing a password?  Pass phrases  More secure and easier to remember  Do you store passwords in apps where others can access them?  Password Vaults  KeyPass - http://keepass.info/http://keepass.info/

8 Irongeek.com  Microsoft  Remember patch Tuesday and keep it holy  Somewhat automated  May want to do testing first  Windows Server Update Services http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx  Linux  apt-get is lovely for package management, but hand installed web apps are a pain  3rd Party  Adobe auto updating?  Shavlik NetChk http://www.shavlik.com/sol-patch-management.aspx http://www.shavlik.com/sol-patch-management.aspx  GFI Languard http://www.gfi.com/network-security-vulnerability-scanner/ http://www.gfi.com/network-security-vulnerability-scanner/  Secunia PSI/CSI http://secunia.com

9 Irongeek.com  Not a magic bullet  If the malware is custom, you are out of luck  Should help against wide spread common malware  Concentrate on user awareness, patches, and least privilege  Some suggestions:  Microsoft Security Essentials http://www.microsoft.com/en-us/security_essentials/default.aspx http://www.microsoft.com/en-us/security_essentials/default.aspx  AVG http://free.avg.com http://free.avg.com  Malware Bytes http://www.malwarebytes.org/ http://www.malwarebytes.org/

10 Irongeek.com  Do you have a perimeter (hint not totally)  Sites and browser issues  WiFi – (decreasing levels of protection)  WPA Enterprise > WPA > WEP > Open  Forget about MAC filtering and SSID cloaking  VPN  Built into Windows  DD-WRT http://www.dd-wrt.com http://www.dd-wrt.com  OpenVPN http://openvpn.net http://openvpn.net

11 Irongeek.com  What if someone gets access to the physical storage of your data?  For Email  Public and private keys  GPG http://www.gnupg.org/ http://www.gnupg.org/  For hard drives/data  Truecrypt http://www.truecrypt.org http://www.truecrypt.org

12 Irongeek.com  Only hardware that goes public:  Donations  Trashed  Stolen  Format may not remove as much as you think  Data carving  File and Drive wiping  Secure Erase http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml  DBAN http://www.dban.org/ http://www.dban.org/

13 Irongeek.com  Louisville Infosec Sept 29th http://www.louisvilleinfosec.com http://www.louisvilleinfosec.com  DerbyCon 2011, Louisville Ky Sept 30 - Oct 2 http://derbycon.com http://derbycon.com

14 Irongeek.com 42

Download ppt "Irongeek.com Adrian Crenshaw Joseph Hollingsworth."

Similar presentations

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.

Share Your PC Get Started. Sharing a computer used to mean that others could see your private files, install software you didn't want, or change your.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Day 4-1-5 Wipe, Recover, Replace, Archives Remote fallback 4-1-5.wipe, recover, replace 1.

Day Wipe, Recover, Replace, Archives Remote fallback wipe, recover, replace 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Back Up and Recovery Sue Kayton February 2013.

Back Up and Recovery Sue Kayton February 2013.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Tim Vander Kooi Systems

Tim Vander Kooi Systems
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
In the old days... You Your computer. Then came... The Network.

In the old days... You Your computer. Then came... The Network.

Similar presentations

Ads by Google