Upload
bbaoc
View
279
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
© 2010 – Foreground Security. All rights reserved
IT Security Awareness Training
Your Instructor(s):
David Amsler
© 2010 – Foreground Security. All rights reserved
IntroductionsModule
0
© 2010 – Foreground Security. All rights reserved
•David Amsler, CIO, Foreground Security - CISSP, CISM, CCNA, CCSP, MCSE, MCT, NSA IAM/IEM, Security+, CCSA, CCSE, CEH, ECSA
IntroductionsModule
0
© 2010 – Foreground Security. All rights reserved
Our Goals
• Understanding the basics of IT Security
• Basic IT Security terms, procedures, and policies
• Security risks, issues and attacker techniques
• Watermark Policies, Procedures, and Expectations
• You ARE IMPORTANT!
Module0
© 2010 – Foreground Security. All rights reserved
Course Materials
• Student Course Book– Slides, Notes, and Presentations
• Home Security Guide– Detailed guide on steps to secure your home
computer
Module0
© 2010 – Foreground Security. All rights reserved
Class Rules
• Ask questions at any time!
• This is an open and interactive class!
• If you don’t understand a concept, say so!We can demonstrate, explain, or illustrate in different ways to help you better understand!
Module0
© 2010 – Foreground Security. All rights reserved
Course Outline
• IT Security Training Awareness • Modules:
– Module 0 - Introductions – Module 1 - Foundations of IT Security
• Essential terminology• Defining security• Need for security• Cyber crime• Information Security statistics• Security myths
Module0
© 2010 – Foreground Security. All rights reserved
Course Outline
• Module 2 - Recognizing Security Threats and attacks
• Phishing and its countermeasures• Virus• Trojan Horse• Worms• Spyware• Adware• Keylogger• Social engineering• Denial of Service• Spamming• Port Scanning• Password cracking• Countermeasures
Module0
© 2010 – Foreground Security. All rights reserved
• Module 3 – Social Engineering– Social engineering techniques– Recognizing social engineering– What to do/How to respond
• Module 4 - Basic Security Policies & Procedures– Introduction– Watermark Specific Policies & Procedures
• Module 5 – Desktop/Laptop Security– Encryption of Data– Loss of Laptop– Remote connections (VPN) Issues
Module0
© 2010 – Foreground Security. All rights reserved
• Module 6 - Secure Internet Access – Internet Security Issues– Identity Theft– File Sharing– Downloading Programs– Secure Internet Practices
• Module 7 – Wireless Security– Wi-Fi Security Issues – Bluetooth– Cell Phone Policy and Procedures
Module0
© 2010 – Foreground Security. All rights reserved
• Module 8 - Incident Response– How to spot an incident– What to do if you spot an incident
• Response
• Contact
• Document
• What else
Module0
© 2010 – Foreground Security. All rights reserved
Quiz
• What is a hacker?
• Describe a typical hacker.
• What do hackers want?
• How do they get it?
© 2010 – Foreground Security. All rights reserved
The Real Hackers
• Brian Kernighan, Dennis Ritchie, Bill Joy and Ken Thompson
C Programming Language, Unix
• Bill Gates
Microsoft
• Richard Stallman
GNU Project / Free Software Movement
• Steve Wozniak, Steve Jobs
Apple
• Linus Torvalds, Alan Cox, Bruce Perens,
Eric S. Raymond
Linux
© 2010 – Foreground Security. All rights reserved
Well Known Attackers
PhiberOptikRobert MorrisKevin MitnickMafiaboyKevin PoulsenVladimir Levin
Today’s attackers are…StudentsIT ProfessionalsThe Office JanitorYour Nextdoor Neighboor!
© 2010 – Foreground Security. All rights reserved
Module 1Foundations of Security
Module1
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
Module Objectives
• This module will familiarize you with the following:
• Essential terminology• Defining security• Need for security• Cyber crime• Information Security statistics• Security myths
Module1
© 2010 – Foreground Security. All rights reserved
TerminologyModule
1
© 2010 – Foreground Security. All rights reserved
CIA of SecurityModule
1
© 2010 – Foreground Security. All rights reserved
Risk
A risk is the loss potential that exists as the result of
threat-vulnerability pairs
Key: Threats Vulnerabilities Risks
© 2010 – Foreground Security. All rights reserved
Security TriangleModule
1
© 2010 – Foreground Security. All rights reserved
CountermeasuresModule
1
© 2010 – Foreground Security. All rights reserved
Graphics
© 2010 – Foreground Security. All rights reserved
• The number of internet attacks has doubled every 6 months for the last two years. The cost of these attacks has cost businesses an estimated $98 billion dollars in the first 8 months of 2007. CERT
• A computer will be scanned or attacked within 5 seconds of connecting to the internet. Gartner
• A substantial percentage of attacks (39 percent) appeared to be deliberately targeted at a specific organization. Internetnews
© 2010 – Foreground Security. All rights reserved
• Every five seconds another person is a victim of identity theft or fraud. Consumer.gov
• In 2007, identity theft and fraud cost US consumers $64 billion. Consumer.gov
• 85% of all computer users have some form of a virus, trojan horse, or spyware program and don’t even know it. Insecure.org
• 70% of all corporate attacks come from internal users (employees, contractors, etc.). CSI
• There were over 4 Million computer intrusions in 2007. (CSI/FBI survey)
© 2010 – Foreground Security. All rights reserved
GENERAL MISUSE of the Internet•One-third of time spent online at work is non-work-related. (Websense, IDC)
•Internet misuse at work is costing American corporations more than $85 billion annually in lost productivity. (Websense)
•80 percent of companies reported that employees had abused Internet privileges, such as downloading pornography or pirated software. (CSI/FBI Computer Crime and Security Survey)
PEER-TO-PEER FILE-SHARING•Forty-five percent of the executable files downloaded through Kazaa contain malicious code. (Trusecure)
•73 percent of all movie searches on file-sharing networks were for pornography. (Palisade Systems)
•A company can be liable for up to $150K per pirated work if it is allowing employees to use the corporate network to download copyrighted material. (RIAA)
© 2010 – Foreground Security. All rights reserved
SPYWARE•1 in 3 companies have detected spyware on their network. (Websense UK Survey)
•There more than 7,000 spyware programs. (Aberdeen Group)
VIRUSES/MALICIOUS CODE•Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms. (CSI/FBI)
•Blended threats made up 54 percent of the top 10 malicious code submissions over the last six months of 2003. (Symantec Internet Security Threat Report)
•The number of malicious code attacks with backdoors, which are often used to steal confidential data, rose nearly 50% in the last year. (Symantec)
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
Who are the Attackers?
Who are these threat agents? • Teenage pranksters • Hacker junkies • Disgruntled employees • Terrorists (disruption of services)• Criminals (selling information)• Foreign intelligence agents
© 2010 – Foreground Security. All rights reserved
Movie
© 2010 – Foreground Security. All rights reserved
Movie
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
How easy is it to hack?
Fact: Hackers post 30-40 new tools to the Internet every month
Anyone can search the Internet, find exploitable tools, "point and click" and start to hack.
REMINDER: Any Hacking be it for “fun” or to “see how it’s done” is against the law.
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
Their common target?
You!You!
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
© 2010 – Foreground Security. All rights reserved
IT Security Acronyms
• http://whatis.techtarget.com/• http://www.acro.it/• http://en.wikipedia.org/wiki/Main_Page• http://irm.cit.nih.gov/security/Nasa_IT/
Mgrs/html/course_acronyms.html• See the Book for a complete list