Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Management. Security Management is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines,

Published byHelen Phillips Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Management. Security Management is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines,"— Presentation transcript:

1 Security Management

2 Security Management is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines, Baselines – Organizational Structures – Roles and Responsibilities Security Management practices involve balancing security processes and proper management and oversight Risk Management is a big part of managing holistic security of an organization

3 Goals of Security Confidentiality – Allowing only authorized subjects access to information Integrity – Allowing only authorized subjects to modify information Availability – Ensuring that information and resources are accessible when needed

4 Goals of Security Confidentiality – Preventing unauthorized subjects from accessing information Integrity – Preventing unauthorized subjects from modifying information Availability – Preventing information and resources from being inaccessible when needed

5 Computer Security Computer and Network security was not at all well known, even about 12 years ago Today, it is something everyone is aware of the need, but not sure what is really means Interesting topic of threats, countermeasures, risks, stories, events and paranoia – With some mathematics, algorithms, designs and software issues mixed in – Yet, not enough people, even security specialists understand the issues and implications

6 Malicious Software

7 SECURITY INNOVATION ©2003 A Subject Overview Viruses Worms Trojans

8 malicious programs “ Malicious Programs” may be installed by hand on a single machine. They may also be built into widely distributed commercial software packages. These are very hard to detect before the payload activates (Trojan Horses, Trap Doors, and Logic Bombs). Virus - code that copies itself into other programs. A “Bacteria” replicates until it fills all disk space, or CPU cycles. Payload - harmful things the malicious program does, after it has had time to spread. Worm - a program that replicates itself across the network (usually riding on email messages or attached documents (e.g., macro viruses). Trojan Horse - instructions in an otherwise good program that cause bad things to happen (sending your data or password to an attacker over the net). Logic Bomb - malicious code that activates on an event (e.g., date). Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users. Easter Egg - extraneous code that does something “cool.” A way for programmers to show that they control the product.

9 Telnet Telnet is a remote host connection You log on to a server and access information as if you were sitting in front of the server Telnet provides a login shell (an environment that allows you to issue commands) Requires an account and password on the host computer A generic user name and password allow access to public servers SSH (Secure Shell) is a secure form of Telnet

10 File Transfer Protocol (FTP) Used to transfer files between two computers Public FTP servers generally allow anonymous logon and allow downloading of files only Files are downloaded via the FTP “get” command Corporate FTP servers usually require a user name and password (you may upload files if you have permission) Files are uploaded via the FTP “put” command You can use command-line FTP, a browser’s built-in FTP client, or a specialized FTP client Secure versions of FTP include: – Secure Copy (SCP) – SSH File Transfer Protocol (S/FTP) – SSL/TLS-enabled FTP (FTPS)

11 Managing Download Files You may need to define MIME types for files that you download Many files downloaded from FTP servers are compressed (using a compression utility) and must be decompressed before you can use them Common compression utilities include: – Zip/unzip – Bzip2/bunzip2 – Bzip/bunzip – Gzip/gunzip – Compress/uncompress – RAR/WinRAR

12 Virtual Network Computing (VNC) VNC allows you to control a computer at a remote location as if you were sitting in front of it VNC consists of two components: the server and the viewer VNC provides a fill GUI display and allows authenticated users to log on and see the same display they would see if they were sitting in front of the (server) computer The viewer and server do not need to be running the same operating system

13 Instant Messaging (IM) Computer-based method of communication in which users can type and view messages sent to one or more recipients and view the responses immediately Contacts must be online to receive messages Can also be used to send files, view photos, send Web links and talk to contacts Becoming very popular in the workplace Requires an instant messaging client and an account for instant messaging service There are several IM services, clients and servers in widespread use

14 Peer-to-Peer Networks In a peer-to-per network, each computer has both client and server capabilities On the Internet, a P2P network allows a group of users to connect with each other and directly share files among their hard drives P2P networks are inexpensive and allow users to share bandwidth

15 Lightweight Directory Access Protocol (LDAP) LDAP directories contain contact information (name, address, e-mail address, public keys, etc.) Simplified version of X.500 Supports TCP/IP Makes global directory service available to everyone Modern e-mail clients are capable of searching an LDAP directory

16 Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 7: Internet Security

17 Objectives Identify the three types of encryption Identify ways that authentication provides Web security Identify ways that firewalls provide Web security Identify malware (malicious software) Identify ways to detect and prevent virus attacks Define spyware Define patches and updates Identify ways that screen savers provide workstation security Define list servers and listserve groups Identify security-related ethical and legal issues faced by IT professionals

18 Encryption Encryption – encoding or scrambling information using specific algorithms Three types of encryption: – Symmetric-key (secret-key) encryption – the same key is used to encrypt and decrypt messages – Asymmetric-key (public-key) encryption – two keys are used to encrypt and decrypt messages: a public key and a private key – Hash (one-way) encryption – uses hashes to verify the integrity of transmitted messages

19 Authentication User names and passwords – use to log on to private and public networks, including the Internet Digital certificates – attachments to electronic transmissions that supply a verifiable signature – Digital signatures – electronic signatures that verify the identity of the message sender Non-repudiation – digital signatures prove that a transaction or transmission took place; neither the sender nor the receiver can later deny the action

20 Firewalls Firewall – a collection of hardware, software and corporate policies that prevents unauthorized access to or from private networks Use firewalls to: – Prevent unauthorized Internet users from accessing private networks – Retain control of proprietary information – Prevent unauthorized export of proprietary information Firewalls may prevent access to external e-mail providers or external servers

21 Malware (Malicious Software) Virus – damages computers and networks, often alters files to damage or destroy data Worm – resides in active memory and replicates itself until an entire disk is full Trojan horse – appears to be harmless (such as a computer game) but produces harmful results Illicit server – installs hidden services on systems – Client code – allows remote access to a computer by an attacker – Server code – infects destination computer and enables the attacker to control it

22 Virus Detection and Prevention Corporate IT departments are often the first line of defense against viruses Common ways to contract viruses: – Receive infected disk from colleague or friend – Download infected file – Download illicit server attachment – Copy to your hard disk a document infected with a macro virus

23 Virus Detection and Prevention (cont’d) Common ways to protect against viruses: – Do not open e-mail or attachments from unknown senders – Configure browser and e-mail security to highest levels – Use antivirus software – Keep antivirus software current – Stay informed about the latest virus threats – Make backup copies of important files

24 Virus Detection and Prevention (cont’d) If you receive an attachment you do not recognize: – Do not open the attachment – Contact the sender to determine whether the attachment is legitimate – If you cannot contact the sender, delete the attachment from the message – Delete the attachment from the Deleted Items folder

25 Virus Detection and Prevention (cont’d) If you suspect a virus attack: – Use antivirus software to remove the virus – If you cannot launch antivirus software, reboot from a known clean system disk, then launch the antivirus software – Remove virus from all disks, files and programs – If damage is too extensive, reformat hard disk, restore data and reinstall programs (last resort only)

26 Spyware Spyware – an application secretly placed on a user’s system to covertly gather information and relay it to outside parties, usually for advertising purposes Also known as adware Cookies are not spyware because: – The user is aware of their presence – The user has the option to disable outside access to cookie information Use spyware detection applications to detect and eliminate spyware

27 Updates and Patches Update – a software upgrade that permanently fixes known bugs and improves software performance Patch – a temporary bug fix Virus update – files of virus signature profiles you use to keep your antivirus software current

28 Screen Savers Screen saver – a utility program that displays images or animation on your monitor when your computer is idle Use to hide your work while you are away from your desk Specify screen saver and amount of time computer is idle before screen saver displays

29 List Servers and Listserve Groups List server – collects and distributes information to and from listserve groups List servers: – LISTSERV (www.lsoft.com) – Majordomo (www.greatcircle.com/majordomo) – Lyris (www.lyris.com) Listserve group – Participants who subscribe to a mailing list through a list server Mailing list Web sites (not list servers): – Topica (lists.topica.com) – Yahoo! Groups (groups.yahoo.com)

30 Security-Related Ethical and Legal Issues Privacy concerns: – Your computer activities are no longer private – You may receive malware and spam – Organizations may monitor employee e-mail and restrict access to Internet sites – Network administrators may audit the contents of employee hard drives Use home computer for personal communications and Internet searches

31 Security-Related Ethical and Legal Issues (cont’d) Copyright issues: – Copyright laws extend to works of authorship on the Internet – There is no international copyright – You must obtain copyrights from the appropriate agency in your home country – Court cases have set precedents that copyright-protected material cannot be used or distributed on the Internet without permission

32 Security-Related Ethical and Legal Issues (cont’d) Licensing: – To license copyright-protected material, you must obtain permission from the author Trademarks: – To register a trademark, you must contact the appropriate agency in your home country Encryption policies: – Determine the risk of transmitting or e-mailing unencrypted proprietary or sensitive data

Download ppt "Security Management. Security Management is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines,"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.

Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 8: Protecting Yourself Online.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 8: Protecting Yourself Online.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Computer Viruses.

Computer Viruses.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lesson 8: Protecting Yourself Online. Lesson 8 Objectives  Discuss The Right to Be Forgotten  Identify ways to minimize the spam you receive  Define.

Lesson 8: Protecting Yourself Online. Lesson 8 Objectives  Discuss "The Right to Be Forgotten"  Identify ways to minimize the spam you receive  Define.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google