Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies.

Published byPierce Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies."— Presentation transcript:

1 Week 11 - Friday

2  What did we talk about last time?  Security planning  Risk analysis  Security policies

3

4

5

6 Andrew Sandridge

7

8  Flood  Water is problematic, but usually there is some warning  Hardware and software is replaceable  Data often is not ▪ Backups should be made ▪ Critical hard drives should be marked so that they can be removed first  Fire  Fire is worse  There is usually less time to react and the threat to humans is bigger  Fire suppression systems for computing facilities should not use water ▪ Using CO 2 or similar is good for computers but can kill humans  Everything else  Have contingency plans  Insure physical assets  Maintain off-site backups of critical data

9  Power loss  Causes vary  In some countries, multiple power losses per day are routine  Uninterruptible power supplies (UPS)  Stores energy when there is power so that you can keep your systems running when there isn't  Consumer UPSs are usually batteries ▪ Not a good solution for a large data center  Large scale solutions are kinetic storage systems or generators  UPSs generally only give you enough time to save data and do a safe shutdown  Surge suppressor  Power is not constant and can have drops, spikes, and surges  Surge suppressors are inexpensive and should be used for all computer power supplies  If possible, computers should be disconnected from power (and from phone and other outside lines) during a thunderstorm

10  Unauthorized access  With networked systems everywhere, people eavesdropping on connections is easier  Normal employees are also using computing resources for personal use  Theft  PCs, laptops, phones, PDAs, and portable media are easy to steal  Preventing access  Use a guard, a lock (traditional or swipe card)  Preventing portability  PCs can be locked to the desk  Motion sensors to see when someone is where they shouldn't be  Detecting theft  RFID tags

11  Shredding paper documents  Some kinds of tape can also be shredded  High sensitivity data should be burned after shredding  Overwriting magnetic data  Deleting files does not stop digital forensics experts  Data on disks should be overwritten many times with random patterns of 1s and 0s (burning)  Degaussing  Passing a disk through a magnetic field so intense that all data is lost  Van Eck phreaking safeguards  Many computer components emanate electromagnetic radiation that can be reconstructed  Tempest is a government certification standard for blocking these emissions (meeting the standard can be expensive)  An entire building (such as the NSA headquarters near DC) can be shielded in copper to protect emissions

12  Everything should be backed up, always  A complete backup covers the current state of all data  Revolving backups keep the last few complete backups  A selective (or incremental) backup stores only the files that have changed since the last backup  Ideally, you should have an offsite backup of all your data in case of fire or flood  Burning your critical data to a few DVDs and keeping them at home or school or vice versa is a good idea for you guys

13  Networked storage can allow for continuous offsite backups and make recovery easier  If a computing center is destroyed or unusable, a cold site or shell is a facility with power and cooling where you can quickly rebuild a data center  You have to supply the hardware  A hot site has ready to run computer systems of the kind you might need  You can pay a monthly fee to be ready to move into such a site at a moment's notice  A kind of data availability insurance

14

15  Locks have been in use since ancient times and probably developed independently in the great ancient civilizations  Locks you are likely to run into are:  Warded locks  Wafer tumbler locks  Pin tumbler locks  Combination locks

16  Warded locks have existed since antiquity  The shape of the key must be able to pass through and around wards, shapes that could block poorly made keys  Warded locks provide poor security but are still used for sheds, cabinets, and other low security applications

17  All warded locks have the problem that they can be defeated by a skeleton key, a key stripped down to only the part needed to turn the mechanism  In popular culture, the term skeleton key is often misused to mean old style keys for warded locks in general

18  Wafer tumbler locks have better security than warded locks  A series of wafers blocks the rotation of a plug  When a key pushes each wafer up to an appropriate height, the plug is free to turn  They are picked in the same way as a pin tumbler lock, but they are easier because you can't push them up too far and you can generally pick each wafer in sequence

19  Most house locks, office locks, and many car locks are pin tumbler locks  Pin tumbler locks are similar to wafer tumbler locks  A series of two part pins blocks the rotation of the plug  A key that pushes all the pins up to their shear lines will allow the plug to turn  Pins that are too high or too low will block the plug  Pin tumbler locks can offer relatively high security at a reasonable cost

20  Picking a pin tumbler (or wafer tumbler) lock is done by manipulating each pin (or wafer) into the correct position  It is impossible to machine a lock perfectly, thus, if you try to turn the plug, one pin will be holding more pressure than the others  If you can push that pin up to the shear line, it will snap in place, and another pin will now be holding more pressure  If you can move through all the pins without letting any drop, the plug will turn

21  You must apply a constant steady turning pressure while picking a lock  This pressure is supplied by a tension wrench  The wrench is usually just an L- shaped piece of spring steel  Picks are also pieces of spring steel with a tip that is good for manipulating pins  Popular picks include hook, ball, half diamond, and other types  A pick set with a tension wrench and broken key extractor can be bought for around $20 on the Internet

22  Removing combination locks without knowing the combination is called bypassing the lock  Some techniques rely on hearing or feeling clicks made when turning the cams, particularly when pressure is applied to the shank  Multiple dial combination locks are vulnerable to this attack  All combination locks can be bypassed by brute force (if you have the time)  Many of the methods rely on the fact that low- security locks are engineered with several digits of play  This play can be exploited for drastically reduced brute force times (usually still hours)

23

24

25  Making a business case  Quantifying security

26  Read Chapter 9  Keep working on Project 3 Phase 1

Download ppt "Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Electricity.

Electricity.
GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Safety Curriculum Project ChildSafe Putting A Lock On Safety! A nationwide program of the National Shooting Sports Foundation and its community partners.

Safety Curriculum Project ChildSafe Putting A Lock On Safety! A nationwide program of the National Shooting Sports Foundation and its community partners.
A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.

A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.
Mark Heggli Consultant to the World Bank Expert Real-time Hydrology Information Systems Workshop Module 4: Data Management Solutions for a Modernized HIS.

Mark Heggli Consultant to the World Bank Expert Real-time Hydrology Information Systems Workshop Module 4: Data Management Solutions for a Modernized HIS.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.

Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Everything your business needs to know but probably doesn’t.

Everything your business needs to know but probably doesn’t.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Disaster Protection and Recovery By: Michael Morrell Ross Ashenfelter Teresa Furnish Karla Maddox.

Disaster Protection and Recovery By: Michael Morrell Ross Ashenfelter Teresa Furnish Karla Maddox.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Similar presentations

Ads by Google