Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1
IntroductiontoInformationSecurity
Dr.RickJerz
© 2016 rjerz.com1
Goals
• Explain the varioustypesofthreats tothesecurity ofinformation
• Discuss the different categorizations ofsecurity technologies andsolutions
• Explain passwords, firewalls, biometrics,encryption, virusprotection, andwirelesssecurity
• Discuss themainpurposes andcontent ofsecurity policies
• Identify riskmanagement options
© 2016 rjerz.com2
IntroductiontoInformationSecurity
• FiveFactorsContributing toVulnerability• Today’s interconnected,interdependent,wirelesslynetworkedbusinessenvironment
• Smaller, faster,cheapercomputers &storagedevices
• Decreasingskillsnecessarytobeacomputerhacker
• Internationalorganizedcrimetakingovercybercrime
• Lackofmanagementsupport
© 2016 rjerz.com3
2
WhyWorryAboutSecurity
• Threatscanrenderasysteminoperative• Threatscanmakedataunavailable• Threatscansteal yourmoney• Threatscanchange data• Threatscanmakeyoulessproductive
• Threatscancost money!
• Balance thecost ofathreat versusthecost ofprotection
© 2016 rjerz.com4
InformationSecurityThreats
• Unauthorized access• Virusesandmalware• Email threats• Accidental lossofdata
• Security threatscaninvolve both people andequipment
© 2016 rjerz.com5
UnauthorizedAccess
• Locked areasorequipment• UserIDsand passwords• Encryption• Security cards• Biometrics
© 2016 rjerz.com6
3
Biometrics
• Fingerprint recognition• Facialrecognition• Iris/retina recognition• DNArecognition• Odorrecognition• Earrecognition• Signature recognition
© 2016 rjerz.com7
Firewalls
• Computer orarouterthat controls, orrestrictsaccess inand out oftheorganization’s networks
• Cannot protect anorganization fromavirus
• Cannot preventhackersfromexploiting anunsecured computer
• Should beimplementedatdifferent locations intheorganization
Af irewallarchitectureforDefenseinDepth
© 2016 rjerz.com8
VirusesandOtherMalware
• Virusesaresent out tofind anyvictim theycan
• Lines ofcode thatmakeupaviruscanbeembedded into other files
• Thesignature ofthevirusisthe particular bitpatterns that canberecognized,which ishowvirusdetection software knowsyourcomputer hascontracted avirus
• Canbeactive orpassive
© 2016 rjerz.com9
4
Rick’sComputers
OlderDell PC• Norton Antivirus• Malwarebytes• Spybot Search&Destroy
VirtualWindows7 PC• Microsoft’s Antivirus
Macintosh• Nothing!
© 2016 rjerz.com10
EmailAttacks
• Email bombing: Sending alargeamount ofemails designed to disrupt normalfunctioning
• Smurfing:When hackerssometimes use aninnocent 3rd partytosend aflood ofmessagestoanintended target
• Spoofing: Forgedsenderaddress• Phishing: Masquerading asatrustworthyentity
© 2016 rjerz.com11
CarefullyWatchYourEmail!
• Theemail is addressed toyouusing your email account info
• Theemail does not haveapersonalized salutation
• When you hover the mouseover the hyperlink, thesitedoes not seemtobe from theproper company
• When you hover the mouseover the hyperlink, thesiteseems tobe located inanother country
• Theemail makes you feelyour response is urgentorsomething bad isgoing tohappen.
© 2016 rjerz.com12
5
AccidentalLossofData
• Haveagoodfiling system• Think about theft and fraud• Password protect orencrypt importantinformation
• Backupyoursystemandfiles
• Becareful about putting dataon:• Cellphone• USBdrives• CDsandDVDs
© 2016 rjerz.com13
WirelessSecurity
• Bestprotection forwireless networks isencryption
• WEP,theWiredEquivalent Privacyisanolderencryption algorithm, which canbeeasilycrackedwithin minutes today
• WPA,theWi-FiProtected Access,isamorerecentand powerful encryption algorithmwidely available inmost routers
• Furtherprotection forhome wirelessnetworks istodisable thebroadcasting ofthenetwork’s ID(SSID)
© 2016 rjerz.com14
YourWebServer
• Firewalls• Antivirus• Whitelists andBlacklists• Encryption• VPN• SSL- SecureSocket Layer• EmployeeMonitoring Systems
• Email Spam:
© 2016 rjerz.com15
6
RiskManagement
• Processofidentifying, assessing andprioritizing thesecurity risksanorganizationmayface
• Analyzeand balance riskswith theresourcesavailable tomitigate them
• Management determines wherethecompany would bemostvulnerable andhowlikelyit isthat ariskwould affect it
© 2016 rjerz.com16
SecurityMeasures
• Educate people about security threatsandsolutions
• Createstrongpasswords• Keeppasswords inasecurelocation• Runappropriate antivirus andmalwaresoftware
• Develop agooddatabackup system
© 2016 rjerz.com17