1 / 32

Introduction to Network Security: Mitigating Security Risks and Protecting Information

Learn how to mitigate security risks and protect information in a network environment. Explore concepts such as confidentiality, integrity, availability, authentication, and data security. Understand the types of threats, including malicious software and unauthorized access, and discover protective measures like user awareness, authentication, and encryption. Gain insights into the mindset of hackers and learn about ethical hacking.

patriciad
Télécharger la présentation

Introduction to Network Security: Mitigating Security Risks and Protecting Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction ET4/5085 Keamanan Jaringan Telekomunikasi

  2. Course site: rhinestonecowboy1202.wordpress.com • Course schedule: • Tuesday : 13.00 – 13.50 • Thursday : 16.00 – 17.40 • Refs: • Various  towards CompTIA Security+ certification

  3. There is nothing that could be completely secure • There is no perfect scenario

  4. How to mitigate security risks?

  5. To defend against the worst CIA Confidentiality, Integrity, and Availability

  6. Confidentiality - Preventing the disclosure of information to unauthorized persons. • Integrity- the property that information has not be altered in an unauthorized way • Availability • The property that information is accessible and modifiable in a timely fashion by those authorized to do so. • Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network.

  7. Information security is achieved through a combination of three entities

  8. Comprehensive definition of information security • That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures

  9. Another acronym to live by AAA Authentication When a person’s identity is established with proof and confirmed by a system Authorization When a user is given access to certain data or areas of a building. Accounting The tracking of data, computer usage, and network resources When you have indisputable proof of something users have done and they cannot deny it, it is known as nonrepudiation

  10. The Basics of Data Security

  11. Data security is the act of protecting data from threats and possible corruption

  12. Type of threats • Malicious software • Unauthorized access • System failure • Social engineering

  13. Malicious Software • Malware • Viruses • Worms • Trojan horses • Spyware • Rootkits • Adware • and other types of unwanted software

  14. Unauthorized access • Access to computer resources and data without consent of the owner • Approaching the system • Trespassing • Communicating • Storing and retrieving data • Intercepting data • improper administrative access • Any other methods that would interfere with a computer’s normal work

  15. System failure • Computer crashes or individual application failure • Causes: • user error • malicious activity • or hardware failure

  16. Social engineering Bapak kamu hacker ya? Kok tau? • The act of manipulating users into revealing confidential information or performing other actions detrimental to the user Karena kamu telah meng-hack hatiku

  17. Protections against, or to help recoverfrom, the threats • User awareness • Authentication • Antimalware software • Data backups • Encryption • Data removal

  18. User awareness • The wiser the user, the less chance of security breaches • Employee training and education • Easily accessible and understandable policies • Security-awareness e-mails • Online security resources

  19. Authentication • The verification of a person’s identity that helps protect against unauthorized access • Something the user knows • a password or PIN • Something the user has • smart card or other security token • Something the user is • biometric reading of a fingerprint or retina scan

  20. Antimalware software • Protects a computer from the various forms of malware, and if necessary, detects and removes them • antivirus and antispyware software

  21. Data backups • Backups won’t stop damage to data • Can enable you to recover data after an attack or other compromise, or system failure

  22. Encryption • The act of changing information using an algorithm known as a cipher to make it unreadable to anyone except users who possess the proper “key” to the data

  23. Data removal • Proper data removal goes far beyond file deletion or the formatting of digital media • The problem with file deletion/formatting is data remanence, or the residue, that is left behind, from which re-creation of files can be accomplished by some less-than-reputable people with smart tools • Companies options to data removal: • Clearing • Purging (also known as sanitizing) • Destruction

  24. You Must Understand the Hacker Think A Like A Hacker

  25. White Hats • Nonmalicious • IT person who attempts to hack into a computer system before it goes live to test it • Involved in something known as ethical hacking

  26. Ethical hacker is an expert at breaking into systems and can attack systems on behalf of the system’s owner and with the owner’s consent • The ethical hacker will use penetration testing and intrusion testing to attempt to gain access to a target network or system

  27. Black hats • These are malicious and attempt to break into computers and computer networks without authorization • Black hats are the ones who attempt identity theft, piracy, credit card fraud, and so on.

  28. Grey Hats • Individuals who do not have any affiliation with a company but risk breaking the law by attempting to hack a system and then notify the administrator of the system that they were successful in doing so • Not to do anything malicious (other than breaking in...) • Some offer to fix security vulnerabilities at a price • Also known as green hats or mercenaries

  29. Blue hats • Individuals who are asked to attempt to hack into a system by an organization, but the organization does not employ them • The organization relies on the fact that the person simply enjoys hacking into systems • Usually, this type of scenario occurs when testing systems

  30. Elite • Elite hackers are the ones who first find out about vulnerabilities • 1 out of an estimated 10,000 hackers • Many of these types of individuals don’t usually care about “credit due” and are more interested in anonymity

  31. Constant battle between administrators and attackersyou need to be on your toes; you need to review logs often; you need to employ as many security precautions as possible; you need to keep abreast of the latest attacks and ways tomitigate your risk; never underestimate the power and resilience of a hacker.

More Related