Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.

Similar presentations

Presentation on theme: "IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager."— Presentation transcript:

1 IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager

2 Introduction Ian McLachlan (IT Manager) Responsible for the IT infrastructure within Avogel (UK) and it’s sister companies Background:Support & Maintenance, Networking, Project Management, Security & Pen-Testing, PCI Compliance Email: Tel: 01294 204704 Mob: 07813653519

3 Index  Hacking, Cracking, Penetration Testing… What is it?  “Who” and “What” are the threats?  Common Attacks and Attack Surfaces  Myths and Liabilities  Facts  Protecting you and your business  Q&A / Discussion

4 Hacking, Cracking, Pen-Testing… What is it? Hacking, Pen-Testing, Cracking… : Trying to gain access to data, systems or equipment that have been configured to restrict access from unauthorised sources WhiteHats, BlackHats, GreyHats IT Security : “Is a branch of computer technology in relation to computers and networks. The objective of IT security includes the protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. “ System Admin’s or IT Security Personnel

5 “Who” and “What” are the threats? BlackHats (and to a lesser extent GH)  “The Opportunist” ( target : Anyone) Mot: See what turns up. No defined plan or agenda Threat/Obj : Anything and everything  The “Mark” ( target : You/Business) Mot: Firm objective (personal/business), planned, determined Threat/Obj : Data, Money, Personal Info … etc  “The H…activist” ( target : Business/Gov’t) Mot: Agenda, Planned, Well Organised, Web Defacement Threat /Obj : Reputation

6 Common Attacks  “The Opportunist” Attack MO’s: Phishing Emails Crypting – Bots, Rats, Keylogger, Viruses (distribution : P2P, IRC’s) Scripts, Brute Force, War Driving Malware(?)  “The H…activist” Attack MO’s: Web Site Defacement - Vulnerable Sites (source, SQL Inj)  The “Mark” Attack MO’s: Foot-printing Numeration DDOS, Wifi, MitM, BF, Vun S., LHF, Skip Diving **** Social Engineering **** really K.S.

7 Common Attacks Surfaces  Users (Weakest – Social Engineering)  Email (Spoofing etc..)  Web Sites (Defacing, DDOS)  Firewalls (BF, Scanning)  Switches/Hubs/Routers (Telnet, SNMP)  Network Services (DNS, VPN etc…)  Applications (Web Apps)  Topology (wifi, sniffing)  Servers/Computers (inc Home)  Production/Safety System (eg fire doors etc.) ** H&S Risk Assessment  Other Hardware (SNMP)

8 Myths / Liabilities IT System can be made 100% Secure Up-to-date Virus software will stop any attacks ALL Financial transactions are insured from fraud ** Personal (CC, Bank) - Is Chip and Pin Secure? **Business (PCI DSS)

9 Facts Over two thirds of UK companies have experienced some sort of computer virus 2010 In a survey of 167 participants Over a 1 month survey period (2hr per day) found: 95% of participants probed On average 56 hacking attempts per day 68% of hacking attempts used the Backdoor SubSeven Trojan These were home users One in three companies web sites have had hacking attempts 2009

10 Protecting YOU and Your Business  IDS and Honey-pots  Identify, Map, Log and Monitor the Risks  Software Patches and Virus Updates  Correctly configured Firewalls and Software  Managed IT policies and systems (ISO) ** DON’T - Hide in the long grass **  Encryption  Be vigilant around anything, that by its nature, is protected from unauthorised access

11 Q&A Thank You !

Download ppt "IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager."

Similar presentations

Ads by Google