Topic 1 Lesson 1: Importance of network security



Similar documents
Network Security and the Small Business

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

IQware's Approach to Software and IT security Issues

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Cybersecurity Workshop

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

CHAPTER 10: COMPUTER SECURITY AND RISKS

Cybersecurity Awareness. Part 1

Cybercrime: risks, penalties and prevention

Hacking Database for Owning your Data

Security A to Z the most important terms

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Internet threats: steps to security for your small business

Computer Security Maintenance Information and Self-Check Activities

OIG Fraud Alert Phishing

White Paper - Crypto Virus. A guide to protecting your IT

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

User Security Education and System Hardening

Network Incident Report

CYBER SECURITY. II. SCANDALOUS HACKINGS To show the seriousness of hacking we have included some very scandalous hacking incidences.

How To Protect Your Online Banking From Fraud

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

ICTN Enterprise Database Security Issues and Solutions

ZNetLive Malware Monitoring

Defensible Strategy To. Cyber Incident Response

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Is your data secure?

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Security from the Cloud

Cyber Security Awareness. Internet Safety Intro.

COSC 472 Network Security

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud

Eliminating Infrastructure Weaknesses with Vulnerability Management

10 Smart Ideas for. Keeping Data Safe. From Hackers

Internet Security. For Home Users

Computer Viruses: How to Avoid Infection

Cybersecurity Best Practices

Society for Information Management

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Don t Fall Victim to Cybercrime:

Information Security. CS526 Topic 1

How to prevent computer viruses in 10 steps

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Countermeasures against Bots

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

Information Security Incident Management Guidelines

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Data Security Best Practices. White Paper

C-SAVE. Scenario #1 Jake and the Bad Virus. The two major C3 concepts this scenario illustrates are:

Detailed Description about course module wise:

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

September 20, 2013 Senior IT Examiner Gene Lilienthal

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Statistical Analysis of Internet Security Threats. Daniel G. James

BE SAFE ONLINE: Lesson Plan

Collateral Effects of Cyberwar

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide

Visa CREDIT Card General Guidelines

How We're Getting Creamed

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Paul Nguyen CSG Interna0onal

Things To Do After You ve Been Hacked

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

Virus Definition and Adware

Threat Events: Software Attacks (cont.)

Introduction to Ethical Hacking and Network Defense. Objectives. Hackers

Application Intrusion Detection

TIME TO LIVE ON THE NETWORK

Cyber Security Management

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Cutting the Cost of Application Security

COB 302 Management Information System (Lesson 8)

DDoS-blocker: Detection and Blocking of Distributed Denial of Service Attack

Information Security Threat Trends

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Summary of the State of Security

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

TLP WHITE. Denial of service attacks: what you need to know

What Spammers Don t Want You To Know About Permanently Blocking Their Vicious s

SECURING INFORMATION SYSTEMS

Transcription:

Topic 1 Lesson 1: Importance of network security 1

Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you virus work? What is the effects of denial-of-service attacks? What is a worm? Do you have any personal experiences in suffering from attacks? Why do people need network security? 2

Why is network security so important? CRITICAL to businesses; national security concerns more and more personal info are on the web critical infrastructure is now controlled by networks increasing number of Internet uses, increased risk business need globalization; open your network to more and more eyes and holes from both inside and outside the # of incidents and vulnerability are increasing 3

Why are today s networks so vulnerable? more complexity more holes intranet internet users and sys admin poor understanding on security more users use internet now hacking tools are more accessible than ever security is enforced as an add-on; not part of the initial design business are more concerned about cost, so they are reluctant to invest in security all employees have knowledge of doing bad things users use same password again and again 4

How does Melissa virus work? (step 1) it is launched as an email with a malicious attachment (step 2) the attachment contains a macro program that is executable (step 3) exploit the user s address book to flood emails out take the 50 out of the user s address book (step 4) if the user click/open the attachment, the code will be executed you are infected! If the user does not click the attachment,? --nothing 5

The attachment: list.doc Melissa (cont.) The text Not executable Macro code Executable virus It is not a normal Word document, it contains code! 6

How does I love you virus work? Use email attachment user click on executable break passwords address book to selfpropagate replace certain file names with itself The social engineering aspect: saying I love you make user more prone to click very funny; you got a A; read this paper A visual basic script instead of a macro break passwords and report back usually corrupt files 7

What is the effects of denial-of-service attacks? unavailability of some services such as email take a web site down hard to detect since they look legitimate keep users from necessary resources such as the republication convention web server attack servers instead of clients can cost a company a lot of time and money does not disclose personal info not so harmful can slow down the entire Internet even if you are not a target more brute force attack than taking intelligent attack actions 8

DDoS Attack Master Daemon Daemon Daemon Daemon Daemon Victim Real Attacker 9

What is a worm? self-propagating programs that kill the Internet differences between virus and worm: worms do not need the user to do anything In Melissa, the users need to click Worms are self-propagating but viruses are not Compare DDoS with worm: The target of a DDoS attack is certain servers, but the target of a worm is every vulnerable host in the Internet Worms are self-propagating but DDoS attacks are not DDoS attacks attack servers instead of clients, but worms may attack both worms also collect info, but DDoS do not Both DDoS attack and worms may cause large-scale congestion 10

Do you have any personal experiences in suffering from attacks? () Summer 2003, internship, suffer from worm, attack windows XP/2000, servers and desktops, all servers went down; it took a week to recover based on Microsoft patches 1.5 points () Spring 02, klez virus, my friends hit; I burn a CD on which there is a virus, and both are infected () phishing attacks: identify stealing: (g6) EBAY NEEDS update information (g6) In july 04, citibank (682); US Bank (622), Ebay (255), PayPal (147), AOL (41), () credit card fraud: when you break in a web server, you may be able to grab 1000 credit cards (g6) In restaurant, after your card is skimmed, they can replicate your card (g7) Faked or hacked, yet legal, ATM machines can record your card info (pl) Xxx billions of dollars are lost 11

Why do people need network security? () Peace of mind () prevent identity theft () secure valuable info () protect your digital assets 12

If you are CSO, how do you measure the loss of security breaches? () the amount of lost sales () cost of repairs () negative press hurts my reputation () cost of re-coding due to file deletion () cost of wages to fix the problem () how your boss and his boss feel about this: my feeling is hurt 13

From the business point of view, what are the benefits of deploying security mechanisms? () it makes sense to have my customers trust me maintain customer relation Ethic you have responsibility () the company can be bothered by a lot of law suits () protect your secrets () spend some money now, avoid losing more money in the future () they can do business as usual () real expensive; the investment in security does not even cover the loss Risk: as new ones come out, you current ones become obsolete 14

Relation between security and (profitability, competency) () Lack of security may hurt competency thus hurt profitability; but too much security investment can also hurt 15

Internet is a double-edge sword () Internet not only makes your life easier more enjoyable, but also make the hacker happier 16

3 Colored Hats Hackers are classified not due to their knowledge or skills, but Their ethics Black hat hackers purely malicious criminal hacker; steal money ill intent; bad; bad; Gray hat hackers: use some black hat tactics but may be for good reasons; work for company; try to test weaknesses or warn people of weakness White hat hackers are any info security engineer specializing in defenses of computer networks 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information