1 / 24

Network Security Overview

This document provides an in-depth overview of network security management from a practical perspective. It highlights various dangers, including negligence, misconduct, and liability, while emphasizing the importance of employee training and crisis planning. The text outlines the evolution of IT security tools from the early 1990s to the late 2000s, noting significant vulnerabilities reported annually and their implications for businesses. It further discusses the financial impact of cybercrime and the sophistication of modern cybercriminals, making a case for continuous vigilance in digital security practices.

bonnie
Télécharger la présentation

Network Security Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Overview Ali Shayan 2008.08.06

  2. Network Security Management’s Perspective • Dangers: • Negligence • Dereliction of duty • Liable for damaged • Misconduct • Sabotage • Aiding and abetting crime

  3. Network Security Management’s Perspective • Issues • Training • Continuity and crisis planning • Assume information security is YOUR responsibility Lack of awareness can lead to negligence and liability!

  4. Understanding Components of an IT Security Audit

  5. Modern Technology Roadmap • Early 1990s: Virus scanners • Mid 1990s: Firewalls • Late 1990s: Over-reliance on encryption (PKI) • Early 2000s: Over-reliance on intrusion detection systems (IDS) • Late 2000s: Over-reliance on intrusion prevention systems/artificial intelligence

  6. Vulnerabilities • There was a total of 7,247 vulnerabilities in 2006, 39.5% more than 2005. • June was the busiest month of the year with 696 vulnerabilities. • Week 46 (the week before Thanksgiving) was the busiest week of 2006 for new vulnerabilities. • The most popular day for vulnerability discloser was Tuesday. • The top three vulnerable vendor in 2006 were Microsoft, Oracle and Apple. • 88.4 percent of all 2006 vulnerabilities could be exploited remotely. • Over half (50.6%) of 2006 vulnerabilities would allow an attacker to gain access to the host after successful exploitation.

  7. VulnerabilitiesPer Annum Vulnerabilities Count

  8. VulnerabilitiesPer Month

  9. Vulnerabilities by Day of Week

  10. Vulnerabilitiesby Day of Week

  11. VulnerabilitiesWeekdays vs. Weekends

  12. VulnerabilitiesTop Ten Vulnerable Vendors

  13. From which countries does spam originate?

  14. Incident and Events by Sector

  15. Quantifying by Losses • 9 out of 10 businesses affected by cybercrime (FBI 2005) • $67.2 billion per year is lost to cybercrime in the USA (FBI 2005) • 61% of US computers are compromised (Cyber Security Alliance 2006) • Estimated 14,000 – 17,000 Botnet C&Cs (Shadowserver.org)

  16. Notable Trends in Cyber Criminality • Motivation: Financial motives are making attackers more sophisticated. • Targeted attacks: Attacks are much more targeted than before. • Targets: The user and the user workstation (desktop or laptop) becomes the easiest path into the network.

  17. References • http://www.coresecurity.com • http://www.cert.com • http://www.iss.com • http://www.alexa.com

  18. Thanks

More Related