Presentation on theme: "IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager."— Presentation transcript:
IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager
Introduction Ian McLachlan (IT Manager) Responsible for the IT infrastructure within Avogel (UK) and it’s sister companies Background:Support & Maintenance, Networking, Project Management, Security & Pen-Testing, PCI Compliance Email: email@example.com Tel: 01294 204704 Mob: 07813653519
Index Hacking, Cracking, Penetration Testing… What is it? “Who” and “What” are the threats? Common Attacks and Attack Surfaces Myths and Liabilities Facts Protecting you and your business Q&A / Discussion
Hacking, Cracking, Pen-Testing… What is it? Hacking, Pen-Testing, Cracking… : Trying to gain access to data, systems or equipment that have been configured to restrict access from unauthorised sources WhiteHats, BlackHats, GreyHats IT Security : “Is a branch of computer technology in relation to computers and networks. The objective of IT security includes the protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. “ System Admin’s or IT Security Personnel
“Who” and “What” are the threats? BlackHats (and to a lesser extent GH) “The Opportunist” ( target : Anyone) Mot: See what turns up. No defined plan or agenda Threat/Obj : Anything and everything The “Mark” ( target : You/Business) Mot: Firm objective (personal/business), planned, determined Threat/Obj : Data, Money, Personal Info … etc “The H…activist” ( target : Business/Gov’t) Mot: Agenda, Planned, Well Organised, Web Defacement Threat /Obj : Reputation
Common Attacks “The Opportunist” Attack MO’s: Phishing Emails Crypting – Bots, Rats, Keylogger, Viruses (distribution : P2P, IRC’s) Scripts, Brute Force, War Driving Malware(?) “The H…activist” Attack MO’s: Web Site Defacement - Vulnerable Sites (source, SQL Inj) The “Mark” Attack MO’s: Foot-printing Numeration DDOS, Wifi, MitM, BF, Vun S., LHF, Skip Diving **** Social Engineering **** really K.S.
Common Attacks Surfaces Users (Weakest – Social Engineering) Email (Spoofing etc..) Web Sites (Defacing, DDOS) Firewalls (BF, Scanning) Switches/Hubs/Routers (Telnet, SNMP) Network Services (DNS, VPN etc…) Applications (Web Apps) Topology (wifi, sniffing) Servers/Computers (inc Home) Production/Safety System (eg fire doors etc.) ** H&S Risk Assessment Other Hardware (SNMP)
Myths / Liabilities IT System can be made 100% Secure Up-to-date Virus software will stop any attacks ALL Financial transactions are insured from fraud ** Personal (CC, Bank) - Is Chip and Pin Secure? **Business (PCI DSS)
Facts Over two thirds of UK companies have experienced some sort of computer virus 2010 In a survey of 167 participants Over a 1 month survey period (2hr per day) found: 95% of participants probed On average 56 hacking attempts per day 68% of hacking attempts used the Backdoor SubSeven Trojan These were home users One in three companies web sites have had hacking attempts 2009
Protecting YOU and Your Business IDS and Honey-pots Identify, Map, Log and Monitor the Risks Software Patches and Virus Updates Correctly configured Firewalls and Software Managed IT policies and systems (ISO) ** DON’T - Hide in the long grass ** Encryption Be vigilant around anything, that by its nature, is protected from unauthorised access
Your consent to our cookies if you continue to use this website.