1 / 25

Security in the Information Age

Security in the Information Age. Adventist Ministries Convention 2007 David Greene North American Division IT Services. Technology Changes in Ministries. Mobile devices Business transactions Websites. Mobile Devices - Laptops. New and increased risks Theft Network attacks

hanna-riggs
Télécharger la présentation

Security in the Information Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in the Information Age Adventist Ministries Convention 2007 David Greene North American Division IT Services

  2. Technology Changes in Ministries Mobile devices Business transactions Websites

  3. Mobile Devices - Laptops New and increased risks • Theft • Network attacks • Wireless attacks • Risks to office network from guests

  4. Mobile Devices - Laptops What to do about: Theft • “Phone-home” software • Physical locks • Encryption • Strong passwords

  5. Mobile Devices - Laptops What to do about: Network attacks • Install updates • Use a personal firewall • Use anti-virus and anti-spam software • Never send passwords “in the clear”

  6. Mobile Devices - Laptops What to do about: Wireless attacks • Install updates • Use care when connecting to access points • Use WPA protection whenever possible • Never send passwords “in the clear” • Use cellular network where available

  7. Mobile Devices - Laptops What to do about: Guests at office • Separate guest and office networks • Require employee-owned laptops to have current virus protection installed

  8. Mobile Devices – PDA’s New and increased risks • Theft • Improper disposal • Bluetooth attacks • Network attacks • Viruses

  9. Mobile Devices – PDA’s What to do about: Theft • Encryption • Strong passwords • “Password safe” • Keep data synchronized • Insurance

  10. Mobile Devices – PDA’s What to do about: Improper disposal • Encryption • Destruction

  11. Mobile Devices – PDA’s What to do about: Bluetooth attacks • Turn off Bluetooth when not in use • Set device to be “non-discoverable” • Set Bluetooth authentication • Ensure privacy when pairing devices

  12. Mobile Devices – PDA’s What to do about: Network attacks • Turn off Wifi when not in use • Use WPA protection whenever possible • Never send passwords “in the clear”

  13. Mobile Devices – PDA’s What to do about: Viruses • Consider installing PDA anti-virus software

  14. Mobile Devices – Removable media New and increased risks • Theft • Improper disposal • Loss of function

  15. Mobile Devices – Removable media What to do about: Theft • Encryption • Keep sensitive data off removable media

  16. Mobile Devices – Removable media What to do about: Improper disposal • Encryption • Destruction • Keep sensitive data off removable media

  17. Mobile Devices – Removable media What to do about: Loss of function • Synchronize frequently

  18. Technology Changes in Ministries Mobile devices Business transactions Websites

  19. Technology Changes in Ministries Mobile devices Business transactions Websites

  20. Settings Accounts Input Errors Backups Updates Website Security QuestionsWho’s making sure your whole website is secured?

  21. References: Mobile Device Theft • Laptop theften.wikipedia.org/wiki/Laptop_theft • Computer Theft—will you be the next victim? …the next computer theft will occur in 53 secondswww.user-groups.net/safenet/computer_theft.html • Combating Gadget Theftwww.nytimes.com April 28, 2005 • Solving Laptop Larcenywww.techreview.com June 19, 2006 • Screaming Phones to Cut Down Mobile Theft?www.tech2.com October 3, 2006 (Reuters)

  22. References: Mobile Device Security • Defining a Security Policy for Windows Mobile Pocket PCswww.pocketpcmag.com May, 2005 • Security in Windows Mobile 5.0 Messaging Pack Disappointswww.gartner.com June 9, 2005 • An overview of mobile device securitywww.viruslist.com September 21, 2005 • Mobile virus growth outpaces PC malwarewww.vnunet.com February 16, 2006 • New virus closes PC/Windows Mobile gapwww.vnunet.com February 28, 2006 • Trend Micro Advances Security for Smartphones & Other Deviceswww.hardwarezone.com.au November 14, 2006 • Intel PRO/Wireless 2200BG Driver Beacon Frame Remote Memory Corruption Vulnerabilitywww.fsirt.com December 19, 2006 • Smartphones Beware: New Viruses On The Horizon Target These Deviceswww.processor.com December 29, 2006 • Wireless drivers are now a major vulnerabilitywww.hackinthebox.org December 31, 2006 (Tech World) • How to crash a Windows mobile using MMS: Test code spotlights mobile malware menacewww.channelregister.co.uk January 2, 2007 • New Hacking Tools Bite Bluetoothwww.unstrung.com January 3, 2007

  23. References: Cyber Extortion • Cyber-Extortion: When Data Is Held Hostagewww.businessweek.com August 22, 2000 • Spyware Software Dubbed ‘Ransom-ware’www.techweb.com May 31, 2005 • Save Your PC From Cyber Extortionwww.cbsnews.com June 2, 2005 • Extortion virus makes rounds in Russia: It encrypts files then seeks money for the data to be decodedwww.computerworld.com October 25, 2005 (IDG News Service) • Hackers, Extortion Threats Shut Down Game Sitewww.eweek.com December 16, 2005 • Virus writers get into cyber-extortion—’Pay up or you’ll never see your data again’www.theregister.co.uk April 21, 2006 • New Trojan Ransoms Files, Demands $300www.techweb.com March 16, 2006 • Ransomeware Attack Targets Hotmail Accountswww.informationweek.com December 12, 2006 • Cybercrooks hold PC data captiveindystar.gns.gannett.com December 26, 2006

  24. References: Spear Phishing • ‘Spear Phishing’ Tests Education People About Online Scamsonline.wsj.com August 17, 2005 • Separating myth from reality in ID theftnews.com.com October 24, 2005 • Spear phishing reaches epidemic proportionswww.scmagazine.com October 26, 2005 • Spear Phishing Attack Targets Credit Unionswww.eweek.com December 16, 2005 • DOD battles spear phishingwww.fcw.com December 26, 2006 • Beware the Spear Phishing Attackswww.newsfactor.com December 27, 2006 • SonicWALL Phishing IQ Testwww.sonicwall.com/phishing

  25. References: Website Security • MSDN: Security Guidelines: ASP.NET 2.0msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0001.asp • SANS: Top-20 Internet Security Attack Targets (2006 Annual Update)www.sans.org/top20 • Open Web Application Security Project: Top Ten Projectwww.owasp.org/index.php/OWASP_Top_Ten_Project

More Related