Presentation is loading. Please wait.

Presentation is loading. Please wait.

Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.

Published byEsmond Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative."— Presentation transcript:

1

2

3 Importance of Physical Security

4

5 Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative practices 5.Over-privileged Users 6.Patch Management 7.Unsecured Servers/Services 8.Mis-configured Edge Devices 9.Poor Auditing/Logging Practices 10.Poor Data Access Control

6 Computer Left in Hibernation/Sleep Computer Left Alone And Unlocked Computer Left Logged On and Desktop Unlocked Discover Local/ Domain Password Insider Can Read Encrypted Data Key Discovery through Offline Attack Offline Attacks Against the Operating System Online Attacks Against the Operating System Plaintext Data Found on Computer Plaintext Data Leaks through Hibernation File Platform Attacks Plaintext Data Leaks through System Paging File Required Authentication Factor Left with Computer User Error

7 Confidentiality Accountability Integrity Traceability of Actions Performed Assurance of Data Privacy Assurance of Data Non-alteration

8 Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

9 Human error, not systems weakness, is the leading cause of serious security incidents. - CompTIA: Committing to Security Benchmark Study

10 Squeal like a pig! www.myfavoritewebsite.com Passphrase > Password Nikon Coolpix s50c My first car was a 72 Civic!

11 Delivering a consistent message about the importance of information security Convincing users to develop and maintain safer computer usage habits Motivating users to take a personal interest in information security Developing materials that deliver a clear message about security topics Giving end user security awareness a higher priority within organizations security

12

13 Configuring User Account Control Policies

14 Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs People

15 Secure architecture Security aware features Reduce vulnerabilities in the code Reduce attack surface area Unused features off by default Require only minimum privilege Protect, defend, recover, manage Process: How to’s, architecture guides People: Training SD 3 Secure by Design Secure by Default Secure in Deployment

16 http://blogs.csoonline.com/blog/jeff_jones

17 Windows Server 2003 Services and features off by default Local connections only SAC to enable services / features Upgrade preserves settings Other services / features disabled SAC to enable services / features SQL Server 2005 Windows Server 2003 SQL Server 2000

18 Provides effective administration GPO Accelerator tool – scripted Extend AD Schema Domain Root Department OU Domain Controllers Windows Vista Computers OU Desktop OU Windows Vista Users OU Laptop OU

19 Secure Vista Desktops with GPO Accelerator

20 Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

21 A security policy is the most critical part of you security infrastructure!

22 Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls Risk Level Impact to Business Probability of Attack Connected Productive Increase Business Value Connect with customers Integrate with partners Empower employees ROI

23 Lack of knowledge Lack of commitment Human error Products Products lack security features Products have bugs Policies Designing for security Roles & responsibilities Auditing, tracking, follow-up Calamity plans Maintenance People

24 Daily Bi-Weekly Monthly 2. T echNet Flash Newsletter microsoft.ca/technet/tnflash/default.aspx 3. T echNet Security Newsletter microsoft.ca/technet/securitynewsletter 1. IT Pro Blogs http://blogs.technet.com/canitpro/

25

Download ppt "Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative."

Similar presentations

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.

ISV Partner Alliance Value Policy Policy Management for Microsoft® System Center.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop

Similar presentations

Ads by Google