1 / 35

Information Security A Practical Introduction

Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information Security A Practical Introduction. What is (Information) Security About?. InfoSec is… about Hackers. InfoSec is… about Vandalism. InfoSec is… about Backups.

ehren
Télécharger la présentation

Information Security A Practical Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information SecurityA Practical Introduction

  2. What is (Information) Security About?

  3. InfoSec is… about Hackers

  4. InfoSec is… about Vandalism

  5. InfoSec is… about Backups

  6. InfoSec is… about Theft

  7. InfoSec is… about Uptime

  8. InfoSec is… about Phones

  9. InfoSec is… about Information

  10. Information Security is an Outcome "Our systems aresecure from hackers“ "We haveblocked 17,342 viruses to date“ “Our systems are all online“ “Insiders cannotsteal our information” “We have backups” • “We are Secure”

  11. Information Security is a Process “We want to improvesecurity“ "We need to protect against morethreats" "We want to reduce risk" "We want to increasecustomer confidence" "We want to decrease the number of compromises" • “We want to be more Secure”

  12. InfoSec is… Risk Management Identify Measure Analyze Plan Implement

  13. What is at Risk? Confidentiality Integrity Availability

  14. Defence in Depth lowers Risk

  15. Processleads to Outcome Firewalls do not make you secure Anti-virus does not make you secure Policiesdo not make you secure VPNs do not make you secure Guardsdo not make you secure Passwords do not make you secure Together they all make you MOREsecure

  16. Threat: Denial of Service

  17. Counter: Firewalls and Switches

  18. Threat: Unintentional DoS ? An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidth usage.

  19. French Puppet Videos! The server was distributing 20 GB of French Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them!

  20. Counter: Change Management

  21. Counter: Monitoring

  22. Threat: SQL Injection Attack

  23. Counter: Vulnerability Scanning

  24. Counter: Developer Training

  25. Counter: Web Application Firewall

  26. Threat: The Man-in-the-Middle The Weaponized Pineapple Pretends to be YOURhome wifi network. Recordswhat you do on the Internet.

  27. Counter: 2 Factor Authentication YUBIKEY SecurID Google 2FA

  28. Threat: Insiders

  29. Counter: DLP and DPI • Deep Packet Inspection (DPI): • Firewalls inspect every packet on the network and rebuild the entire message. • Data Loss Prevention (DLP): • Uses DPI and pattern matching to look for suspicious content being sent FROM your network.

  30. Threat: Malvertisements

  31. Threat: It never rains… it pours The OS Vendor stopped providing patches The server was hacked A hard disk failed A cooling fan died & it crashes every 2hr The software vendor wanted more money Hardware support had not been paid for

  32. Final Threat: The A.P.T. Advanced Persistent Threat

  33. InfoSec is… Everyone’s Responsibility Confidentiality Integrity Availability

  34. More Threats • Spear-phishing • Credible emails, highly targeted, but malicious • USB Viruses: usb virus scanner, autorun, read-only storage • Automated

  35. Questions? • Email: • michael@winterstorm.ca • Slides: • http://winterstorm.ca/download/

More Related