Emerging Security Technological Threats

Size: px
Start display at page:

Download "Emerging Security Technological Threats"

Transcription

1 Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT

2 About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident response coordination and assistance CERT training for countries and companies Independent, university-based, non-government and not-for-profit Chair of APCERT Close collaboration with the AHTCC Other collaborations national and international

3 What We re Seeing Now Malicious code Network scanning Device compromise Denial of Service Impersonation and Identify theft Rapid adoption of new technologies

4 Malicious code Malicious code represents one of the most well known threats Including the classic: Viruses Worms Trojans Increasingly blurred line: Spyware Adware Marketing research (Eg. MarketScore)

5 AV Detection Rates Source: NBSO Nic.br Security Office Brazilian CERT

6 Network Scanning Network scanning is an ever increasing problem Usually a precursor to attacks/compromises Password brute force attacks, against SSH services, are increasingly effective and relevant Mass scanning by worms, botnets or similar large scale automation can lead to denial of service Increases the cost of detecting incidents and providing effective security management due to increased noise

7 Device Compromise Device compromise is a continually ongoing occurrence, with automated compromise tools now the standard The technical barrier to entry into this arena is now quite low, anyone can download the tools Majority are end user devices, but vast number are corporate, academic and government devices Not just simple PCs and servers but also network devices such as access points, firewalls, routers and switches The impact to organisations includes theft of information, corruption of information, brand damage, legislative breaches and potential third party liability issues.

8 Denial of Service Denial of Service attacks have a long history ranging from on box attacks through to the more widely known network attacks BotNets have been used to for significant denial of service attacks, in excess of sustained 400Mbit / second for months on end Seen as a threat that will continue to evolve and emerge, coupled with increasingly sophisticated botnets and financially motivation

9 Impersonation Impersonation and identity theft is a current and significant threat, both to individuals and organisations Individuals spoofing Account compromise Full identity theft Organisations spoofing Site duplication and redirection Hijacking of domains and network traffic

10 Rapid Adoption Rapid adoption of new technologies by both attackers and organisations often increases base level of risk Organisations Often no well established standards or best practices for new technologies Often implemented as a pilot with security to come later Design oversights or lack of inherent security controls Attackers Utilise cutting edge techniques and share them in a non-competitive manner Have time to research and develop attacks and exploits this is essentially their business. This contrasts with the reactive process of most corporates

11 Future Threats Attacks to lower percentage platforms Linux Mac OS X Just because software/device has less vulnerabilities, doesn t mean it s safe 0.01% Vulnerable 99.99% Safe

12 Future Threats Mobile malicious code More specifically, multi-purpose mobile devices ~100 million smart phones Symbian marketshare >70% (10% in US) Nokia, Siemens, Samsung, Sony Ericson, Motorola, and more Windows marketshare <10% 20 mobile malware at end of 2004, >120 end of 2005 Vectors Bluetooth, MMS, Web downloads More to come SMS, IM, P2P, malicious web sites Copyright 2006 AusCERT

13 Future Threats Wireless networks Obviously the classical network abuse Network used (externally) to commit crime Security, but not secure VoIP Most of the same old threats But a lack of the same old protection Trunking and mixing of traffic Gateways connected to PSTN

14 Future Threats Identify theft Classic ID theft on the increase Schools carry different details Students aren t always students, but their details remain constant Removable mass storage ipods/mp3 Players, USB, mobiles, games Ingress of malicious/illegal material Where does it go? Egress of internal data Where does it go? And what was it anyways?

15 Future Threats Insiders They already have access Profiling is next to impossible Even for corporates Frequency and impact are unknown Detection requires a good eye And maybe a couple tricks up your sleeve

16 2006 Australian Computer Crime and Security Survey

17 Methodology ACNielsen conducted the survey and collated the results Mail out to 2,024 Australian IT managers in public and private sector organisations (+ TISN + others contacted via ) 389 respondents (17% response rate) 238 paper online submissions

18 What s the good news? Across most categories of electronic attack, computer crime and abuse, there is a reduction in activity reported Fewer financial losses for most respondents 19% of those that reported computer crime to law enforcement resulted in charges being laid There will be a high demand for skilled, experienced information security professionals in future!

19 What s the bad news? More bad news than good news Across most categories there was a reduction in the reported use of security policies and procedures IT security standards security technologies and Level of staff qualifications/training

20 What s the bad news? Higher level of vulnerabilities that resulted in electronic attacks than before: Exploitation of unpatched or unprotected software vulnerabilities (63% vs 40% in 2005) Inadequate staff training and education in security practices and procedures (53% in 2006 vs 47% in 2005) Exploitation of misconfigured operating systems, applications or network devices (50% in 2006 vs 27% in 2005)

21 What s the bad news? 21% reported trojan or rootkit infections (no prior visibility on this figure) Very high considering this malware does not self-propagate 45% reported virus or worm infections Still most common form of electronic attack

22 What s the same (still not good) Copyright 2006 AusCERT The computer security management challenges have been almost constant over 4 years Changing users behaviour and attitudes re computer security 60% Configuration management 47% Keeping up to date with the latest threats and vulnerabilities 46% Only 10% managing all computer security issues reasonably well

23 What s the same (still not good) Copyright 2006 AusCERT A high level of dissatisfaction with the level of qualifications and training for IT security staff 65% thought their organisations needed to improve training and education 53% thought that lack of adequate staff training and education in security policies and procedures contributed to the harmful electronic attacks

24 What s interesting CNI organisations reported lower levels of electronic attack and computer crime than non-cni organisations But they acknowledge many of the same information security management challenges as their non-cni counterparts Public sector organisations reported higher levels of electronic attack than private sector organisations

25 What s interesting Discrepancy between attack types and technology security counter-measures 90% have spam filters 99% have AV software 66% have procedural controls against malicious software But 45% reported virus or worm infections But 21% reported trojan or rootkit infections

26 What we don t know Why fewer attacks are being reported Why fewer readiness to protect factors are being deployed Security policies and procedures IT security standards Security technologies/counter-measures Training and education of staff Spending on IT security

27 What we don t know Whether reductions in the level of readiness to protect factors has impaired organisation s ability to detect attacks Whether changes in sample composition has affected the results Larger proportion of smaller sized organisations Larger proportion of organisations that may not be high users of IT What level of dependency and usage the respondents have on their information systems

28 What we do know High level of dissatisfaction with level of training and qualifications of IT security staff 90% of organisations face challenges or difficulties associated with some aspect of information security management Most are dissatisfied with the level of spending on information security More respondents perceive that harmful electronic attacks against their organisations were motivated by illicit financial gain (20% in 2006 vs 10% 2005)

29 Key messages Given the level of dissatisfaction with adequacy of staffing resources, training, IT security spending and general information security management challenges overall, organisations ability to manage their information security looks increasingly difficult

30 Key messages Despite some contradictory results, AusCERT and law enforcement continue to see worsening levels of Internet based attacks motivated by illicit financial gain, including online ID theft attacks compromising computers for use in botnets to support other forms of cyber attack (spam, DDOS extortion, ID theft) Predict these types of attacks will begin to impact on all e-commerce and e-government agencies and their users/customers in future At the organisation level, now is the time to strengthen not reduce readiness to protect factors Importantly, more must be done at the national level by government, industry and vendors to better address the problems identified

31 Copyright 2006 AusCERT

32 QUESTIONS

AusCERT Home Users Computer Security Survey 2008

AusCERT Home Users Computer Security Survey 2008 AusCERT Home Users Computer Security Survey 2008 Kathryn Kerr Manager, Analysis and Assessments 1 Agenda Scope Purpose Methodology Key findings Conclusion Copyright 2007 AusCERT 2 Survey scope Random sample

More information

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Malicious cyber activity is on the increase at risk. This may involve the loss of critical data and consumer confidence, as well as profits

Malicious cyber activity is on the increase at risk. This may involve the loss of critical data and consumer confidence, as well as profits CYBER CRIME & SECURITY SURVEY REPORT 2013 Foreword Malicious cyber activity is on the increase and every business with an online presence is at risk. This may involve the loss of critical data and consumer

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

CEH Version8 Course Outline

CEH Version8 Course Outline CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

CYBER CRIME & SECURITY SURVEY REPORT 2012_

CYBER CRIME & SECURITY SURVEY REPORT 2012_ CYBER CRIME & SECURITY SURVEY REPORT 2012_ Acknowledgements CERT Australia and the CIS would like to acknowledge the following contributors to the production of this report: CERT Australia s partner organisations

More information

CYBER CRIME & SECURITY SURVEY REPORT 2012_

CYBER CRIME & SECURITY SURVEY REPORT 2012_ CYBER CRIME & SECURITY SURVEY REPORT 2012_ ACKNOWLEDGEMENTS CERT Australia and the CIS would like to acknowledge the following contributors to the production of this report: CERT Australia s partner organisations

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

The Leading Provider of Endpoint Security Solutions

The Leading Provider of Endpoint Security Solutions The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle

More information

Endpoint Security Management

Endpoint Security Management Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments

WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

More information

Endpoint Security More secure. Less complex. Less costs... More control.

Endpoint Security More secure. Less complex. Less costs... More control. Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap

More information

Protecting personally identifiable information: What data is at risk and what you can do about it

Protecting personally identifiable information: What data is at risk and what you can do about it Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most

More information

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

[CEH]: Ethical Hacking and Countermeasures

[CEH]: Ethical Hacking and Countermeasures [CEH]: Ethical Hacking and Countermeasures Length Audience(s) Delivery Method : 5 days : This course will significantly benefit security officers, auditors, security professionals, site administrators,

More information

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document ESET CYBER SECURITY PRO for Mac Quick Start Guide Click here to download the most recent version of this document ESET Cyber Security Pro provides state-of-the-art protection for your computer against

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Course Description This class will immerse the student into an interactive environment where they will

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

US-CERT Overview & Cyber Threats

US-CERT Overview & Cyber Threats US-CERT Overview & Cyber Threats National Cyber Security Division United States Computer Emergency Readiness Team June 2006 Agenda Introduction to US-CERT Overview of why we depend on a secure cyberspace

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform

More information

ESET SMART SECURITY 8

ESET SMART SECURITY 8 ESET SMART SECURITY 8 Microsoft Windows 8.1 / 8 / 7 / Vista / XP / Home Server 2003 / Home Server 2011 Quick Start Guide Click here to download the most recent version of this document ESET Smart Security

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

for businesses with more than 25 seats

for businesses with more than 25 seats for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use

More information

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.

More information

Managing Denial of Service (DoS) Attacks

Managing Denial of Service (DoS) Attacks Managing Denial of Service (DoS) Attacks Summary Report for CIOs and December 2009 DISCLAIMER: To the extent permitted by law, this paper is provided without any liability or warranty. Accordingly it is

More information

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

More information

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems Managing Information Systems Seventh Canadian Edition Laudon, Laudon and Brabston CHAPTER 8 Securing Information Systems Copyright 2015 Pearson Canada Inc. 8-1 System Vulnerability and Abuse Security:

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Netsweeper Whitepaper

Netsweeper Whitepaper Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826-5222 F: +1 (519) 826-5228 Netsweeper Whitepaper The Evolution of Web Security June 2010

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

ESET SMART SECURITY 7

ESET SMART SECURITY 7 ESET SMART SECURITY 7 Microsoft Windows 8.1 / 8 / 7 / Vista / XP / Home Server 2003 / Home Server 2011 Quick Start Guide Click here to download the most recent version of this document ESET Smart Security

More information

Basic Computer Security Part 2

Basic Computer Security Part 2 Basic Computer Security Part 2 Presenter David Schaefer, MBA OCC Manager of Desktop Support Adjunct Security Instructor: Walsh College, Oakland Community College, Lawrence Technology University Welcome

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

ESET SMART SECURITY 6

ESET SMART SECURITY 6 ESET SMART SECURITY 6 Microsoft Windows 8 / 7 / Vista / XP / Home Server Quick Start Guide Click here to download the most recent version of this document ESET Smart Security provides state-of-the-art

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Cyber Security Incident Reporting Scheme

Cyber Security Incident Reporting Scheme OCIO/G4.12a ISMF Guideline 12a Cyber Security Incident Reporting Scheme BACKGROUND Reporting cyber security incidents is a source of intelligence information that assists in the development of a greater

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Module 5: Analytical Writing

Module 5: Analytical Writing Module 5: Analytical Writing Aims of this module: To identify the nature and features of analytical writing To discover the differences between descriptive and analytical writing To explain how to develop

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Applications, virtualization, and devices: Taking back control

Applications, virtualization, and devices: Taking back control Applications, virtualization, and devices: Taking back control Employees installing and using legitimate but unauthorized applications, such as Instant Messaging, VoIP, games, virtualization software,

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit.

We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit. We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit. We participate in several team-based competitions a year to serve as training and experience

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

8 ELEMENTS OF COMPLETE VULNERABILITY MANAGEMENT.

8 ELEMENTS OF COMPLETE VULNERABILITY MANAGEMENT. 8 ELEMENTS OF COMPLETE VULNERABILITY MANAGEMENT. INTRODUCTION It used to be so simple. The threat was hackers. Their method was burrowing into your network through open ports on your firewall or exploiting

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Cyber security the facts

Cyber security the facts Cyber security the facts By Dr Carolyn Patteson, Executive Manager, CERT Australia The cyber threat is real and ever present and every business is at risk. Australia s security and intelligence agencies

More information

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council. Certified Ethical Hacker. Program Brochure EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

More information

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos David Watterson & Ross Cavazos Chief Information Officer IT Director City of Billings Yellowstone County Local Government IT Group Vice-Chairmen Classic Battle of Good vs Evil GOOD EVIL Firewall E-Mail

More information

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Page 1 Global Threat Center Exploit Research and Development

More information

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12. Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and

More information

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the

More information

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem FIGHTING FRAUD ON 4G Neutralising threats in the LTE ecosystem TABLE OF CONTENTS Introduction...3 New and Old Vulnerabilities...4 Identity Management...5 A Unified Response...6 Data Mining...7 An Evolving

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

TIME TO LIVE ON THE NETWORK

TIME TO LIVE ON THE NETWORK TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

5 Threats Your Anti-Virus Won t Stop. Thurstan Johnston Presales Engineer

5 Threats Your Anti-Virus Won t Stop. Thurstan Johnston Presales Engineer 5 Threats Your Anti-Virus Won t Stop Thurstan Johnston Presales Engineer Agenda The state of malware what s changed and why? The truth about anti-virus detection rates 5 threats your anti-virus won t stop

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Keep you computer running Keep your documents safe Identity theft Spreading infection Data Integrity (DPA: Data Protection Act)

Keep you computer running Keep your documents safe Identity theft Spreading infection Data Integrity (DPA: Data Protection Act) Security Analysis E-Commerce Security 2008 Matthew Cook Network & Security Manager Loughborough University Why bother? Keep you computer running Keep your documents safe Identity theft Spreading infection

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information