Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Similar presentations

Presentation on theme: "Department of Revenue Lessons for Management by Department of Revenue Internal Audit."— Presentation transcript:


2 Department of Revenue H@¢king! Lessons for Management by Department of Revenue Internal Audit

3 Presentation Objectives b Identify Electronic Intruders b Demonstrate their methods b Propose a plan of defense

4 Systems involved b Unix/Linux Systems b Microsoft NT Networks b Novell Network b Mainframe Systems

5 Protection Methods b Login ID and Password. b Encryption b Secure transmission

6 Why secure systems/data? b Maintain Data Integrity by preventing: unauthorized modificationsunauthorized modifications data corruption (viruses, etc)data corruption (viruses, etc) b Prevent Theft privacy violationprivacy violation information theft (SS#, credit card#, etc)information theft (SS#, credit card#, etc) b Maintain Service

7 How is data accessible? b Internet b Dialup Access b Physical Connection (Network Outlet)

8 Identifying the Electronic Intruders b Disgruntled employees b Contractors b Hackers b Insufficiently trained employees

9 Forms of Attack b Sniffing b Password cracking b Syncflood b Ping of Death b “Feature” Exploitation b Port Scanning b Social Engineering

10 Demonstrations

11 Vulnerabilities b Passwords too short/simple/obvious b Login accounts of people no longer in the organization being left activated b Lack of Data Encryption b Lack of system monitoring tools b Insufficiently trained security/audit personnel

12 Vulnerabilities (continued) b Shared login accounts (passwords) b Dialup login password is a general password b Not using screen savers

13 Prevention: Management Perspective b Tone at the top b Organizational structure b Budgeting b External Review (Penetration Tests) b Recovery Plan

14 Prevention: Technical Perspective b Reliable data backup (including testing the backed-up data) b Hardware redundancy/clustering b System monitoring/sniffing b Diligent maintenance of accounts (user, admin, and system accounts) b Physically restrict core systems

15 Conclusion There is no such thing as 100% secure. However, it is important that we at least not carelessly “leave doors unlocked.” The greater importance is not how to keep an intruder out, but is to assume that an intruder can get in. Efforts should be focused on addressing all possible damages that an intruder can inflict. We need to develop an “Insurance Policy” that can restore anything lost or damaged. Then, we need to be able to say that we took reasonable precautions.

16 Thank you This has been a presentation by the Department of Revenue’s Internal Audit Section. We hope you found this presentation educational and insightful. Surf and be safe…

Download ppt "Department of Revenue Lessons for Management by Department of Revenue Internal Audit."

Similar presentations

Ads by Google