1 / 19

Security Awareness Challenges of Security

Discover the challenges in defending against today's security attacks and learn effective strategies for protecting computers and securing information. Explore the different types of attackers and their motives, and understand the fundamental principles and techniques for building a comprehensive security strategy.

carterm
Télécharger la présentation

Security Awareness Challenges of Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security AwarenessChallenges of Security • No single simple solution to protecting computers and securing information • Different types of attacks • Difficulties in defending against these attacks

  2. Today’s Security Attacks • Typical monthly security newsletter • Malicious programs • E-mail attachments • ‘‘Booby-trapped’’ Web pages are growing at an increasing rate • Mac computers can be the victim of attackers

  3. Today’s Security Attacks (cont’d.) • Security statistics • Millions of credit and debit card numbers stolen • Number of security breaches continues to rise

  4. Difficulties in Defending Against Attacks • Speed of attacks • Greater sophistication of attacks • Simplicity of attack tools • Quicker vulnerabilities detected • Delays in patching products • Distributed attacks • User confusion

  5. Who Are the Attackers? • Divided into several categories • Hackers • Script kiddies • Spies • Employees • Cybercriminals • Cyberterrorists

  6. Hackers • Debated definition of hacker • Identify anyone who illegally breaks into or attempts to break into a computer system • Person who uses advanced computer skills to attack computers only to expose security flaws • ‘‘White Hats’

  7. Script Kiddies • Unskilled users • Use automated hacking software • Do not understand the technology behind what they are doing • Often indiscriminately target a wide range of computers

  8. Spies • Person who has been hired to break into a computer and steal information • Do not randomly search for unsecured computers • Hired to attack a specific computer or system • Goal • Break into computer or system • Take the information without drawing any attention to their actions

  9. Employees • Reasons for attacks by employees • Show company weakness in security • Retaliation • Money • Blackmail • Carelessness

  10. Cybercriminals • Loose-knit network of attackers, identity thieves, and financial fraudsters • Motivated by money • Financial cybercrime categories • Stolen financial data • Spam email to sell counterfeits, etc.

  11. Cyberterrorists • Motivated by ideology

  12. Attacks and Defences • Same basic steps are used in most attacks • Protecting computers against these steps • Calls for five fundamental security principles

  13. Steps of an Attack • Probe for information • Penetrate any defences • Modify security settings • Circulate to other systems • Paralyse networks and devices

  14. Defences Against Attacks • Layering • If one layer is penetrated, several more layers must still be breached • Each layer is often more difficult or complicated than the previous • Useful in resisting a variety of attacks • Limiting • Limiting access to information reduces the threat against it • Technology-based and procedural methods

  15. Defences Against Attacks (cont’d.) • Diversity • Important that security layers are diverse • Breaching one security layer does not compromise the whole system • Obscurity • Avoiding clear patterns of behavior make attacks from the outside much more difficult • Simplicity • Complex security systems can be hard to understand, troubleshoot, and feel secure about

  16. Building a Comprehensive Security Strategy • Block attacks • Strong security perimeter • Part of the computer network to which a personal computer is attached • Local security important too • Update defences • Continually update defenses to protect information against new types of attacks

  17. Building a Comprehensive Security Strategy (cont’d.) • Minimise losses • Realise that some attacks will get through security perimeters and local defenses • Make backup copies of important data • Business recovery policy • Send secure information • ‘‘Scramble’’ data so that unauthorized eyes cannot read it • Establish a secure electronic link between the sender and receiver

  18. Summary • Attacks against information security have grown exponentially in recent years • Difficult to defend against today’s attacks • Information security definition • That which protects the integrity, confidentiality, and availability of information • Main goals of information security • Prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism

  19. Summary (cont’d.) • Several types of people are typically behind computer attacks • Five general steps that make up an attack • Practical, comprehensive security strategy involves four key elements

More Related