Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Similar presentations


Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1 Chapter 11: Cyber Security Essentials for Small Business

2 Anti-Malware Protection Malware includes viruses, worms, rootkits, spyware, and many other forms Basic anti-malware includes anti-virus and host-based software firewall Anti-malware should be rigorously kept up to date Advanced anti-malware features include –Internet browser filtering for Drive-By-Malware –Anti-spyware –In memory scans – new forms of malware 10/12/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Updating Operating Systems If the system is on the Internet it should be configured to auto-update Regularly check if updates are required, e.g. Windows Update menu command Important to update every Patch Tuesday 10/12/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Updating Applications Applications, even when configured to auto- update, may not unless they are running – manual update checks are essential –Use same approach as for operating systems, e.g. Windows Update Application updates overall represent a more significant vulnerability than operating systems Updates should include plug-ins as was well as standalone applications, e.g. Flash, Java 10/12/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Change Default Passwords Virtually all software and devices come configured with default passwords –This represents a very significant vulnerability, attackers will try defaults first There are online lists of default passwords, e.g. Change the default account’s password or disable that account entirely 10/12/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 Educate End-Users People represent the most significant vulnerability of all –See You Can’t Patch Dumb in Chapter 2 All users, anyone who touches a computer-driven device should have thorough Internet Safety education –See Chapter 10 –Or go online 10/12/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 System Security Administration Some basics for your in-house system admin to greatly reduce susceptibilities –Subscribe to security alerts e.g. https://forms.us- cert.gov/maillists/https://forms.us- cert.gov/maillists/ –Backup your systems regularly –Have documented system restore procedures –For web applications, particularly customized, use benchmarks to harden them, e.g. https://benchmarks.cisecurity.org/downloads/multifor m/index.cfm https://benchmarks.cisecurity.org/downloads/multifor m/index.cfm –Have your IT environment professionally Pen Tested – See Chapter 9 10/12/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Wireless Security Basics Assuming this WAP is for staff use, not customers… Change the default WAP password Configure encryption at highest level Disable SSID public broadcast Enable WEP or WPA protections Reduce wireless signal strength to within space you control –War Driving is the practice of finding unprotected WAPs by driving around 10/12/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/12/2014 DRAFT9


Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1."

Similar presentations


Ads by Google