Presentation is loading. Please wait.

Presentation is loading. Please wait.

P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Published byEmery Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01."— Presentation transcript:

1 P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01

2

3 Matt Lavoie NST281-01 C HAPTER 3: O PERATIONAL AND O RGANIZATIONAL S ECURITY

4 Security in Your Organization  Policy: A broad statement of accomplishment  Procedure: The step-by-step method to implement a policy  Standards: Mandatory elements of implementing a policy  Guidelines: Recommendations related to a policy

5 Security in Your Organization  Policy Lifecycle:  Plan  Implement  Monitor  Evaluate  Establish a security perimeter

6 Physical Security  Mechanisms to restrict physical access to computers and networks  Locks (combination/biometric/keyed)  Video surveillance, logs, guards  A room has six sides  Physical barriers (gates/walls, man-traps, open space)

7 Environmental Issues  HVAC Systems: Climate control  UPS/Generators: Power failure  Fire Protection: Detect/suppress  Off-Site Backups: Bad stuff happens

8 Other Issues  Wireless  Wi-Fi / Cellular / Bluetooth  Electromagnetic Eavesdropping  TEMPEST  Location  Bury the sensitive stuff

9

10 Matt Lavoie NST281-01 C HAPTER 4: T HE R OLE OF P EOPLE IN S ECURITY

11 Social Engineering  Making people talk  Questions, emotions, weaknesses  Obtaining insider info (or having it)  Knowledge of security procedures  Phishing  Impersonation

12 Social Engineering  Vishing  Trust in voice technology (VoIP, POTS)  Shoulder surfing  Observation for passcodes, PINs, etc  Reverse social engineering  Victim initiates contact

13 Poor Security Practices  Password selection  Too short  Not complicated  Easy to guess  Information on a person  Password policies  Can encourage bad behavior

14 Poor Security Practices  Same password, multiple accounts  One compromises all  Piggybacking  Controlled access points  Dumpster Diving  Sensitive information discarded

15 Poor Security Practices  Installing software/hardware  Backdoors/rogue access points  Physical access by non-employees  Control who gets in  Pizza and flowers  Legitimate access, nefarious intentions

16 People as a Security Tool  Security Awareness  Training/refreshers  Be alert  Don’t stick your head in the sand  Individual User Responsibilities  Keep secure material secure

17

18 In a properly secured environment, people are the weakest link A system with physical access is a compromised system What Have We Learned?

19 Questions and Answers

Download ppt "P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01."

Similar presentations

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!

Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Policies and Standards

Information Security Policies and Standards
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,

The ins and outs of By: Megan Tucker. What is identity theft? The stealing of a person’s information, especially credit cards and Social Security Number,
Internet Safety and Kids Ms. Lee’s Classroom Computers are NOT bad Computers can be used to help kids learn and play. They can be used safely, if parents.

Internet Safety and Kids Ms. Lee’s Classroom Computers are NOT bad Computers can be used to help kids learn and play. They can be used safely, if parents.
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Similar presentations

Ads by Google