Thursday, April 3, 2008 Presenters: Dr. Tom Cupples, EdD, CISSP, MCSE Dr. Craig Klimczak, DVM, MS
Security Terms 101 The Security Forecast ◦ Technology Risks ◦ Personnel Risks The Threat to Higher Education Tools for Coping Thursday, April 3, 2008
Threat – potential cause of an unwanted event which could cause damage to an asset Vulnerability – weakness of an asset that can be exploited by a threat Impact – a measure of the effect of an event Risk – the combination of the likelihood of an event and its potential impact Control – means of managing risk – can be administrative, technical, managerial, or legal in nature Reference - Thursday, April 3, 2008
VoIP Professional Attack Toolkits Virtualization Online gaming Vista Storm Worms Pump and Dump Social Networking Sites Online applications Phishing Reference - Thursday, April 3, 2008
Browser vulnerabilities Botnets Targeted Phishing VoIP/Mobile Devices Insider Attacks Persistent Bots Spyware Web Applications Blended Phishing with VoIP & Event Phishing Supply chain attacks Reference - Thursday, April 3, 2008
Web 2.0 Botnets Instant Malware Online Gaming Vista Adware Targeted Phishing Parasitic Malware Virtualization VoIP Reference - Thursday, April 3, 2008
Botnets Malware Online Gaming Social Networking Sites Key Dates of Opportunity Web 2.0 Vista Mobile Devices Reference - Thursday, April 3, 2008
Bot Evolution Election Campaigns Mobile Platforms Spam Evolution Virtual Worlds Reference - Thursday, April 3, 2008
VoIP/Mobile Devices & Platforms Professional Attack Toolkits Virtualization & Vista Online & Web-based Applications Browser Vulnerabilities Botnets & Persistent Bots & Bot Evolution Spyware Supply Chain Attacks Web 2.0 Instant Malware, Parasitic Malware & Adware Thursday, April 3, 2008
Online Gaming Storm Worms Pump and Dump Social Networking Sites Event, Targeted, & Blended Phishing Insider Attacks Key Dates of Opportunity & Election Campaigns Virtual Worlds Thursday, April 3, 2008
Web Applications Social Engineering Cyber Terrorism Communications Human Error/Lack of Training Crisis Management Strong Passwords/ID Protection Networks (Physical-Wireless, Logical-Social) Identity Life Cycle Management PCI Standard for Payment Acceptance Thursday, April 3, 2008
Microsoft ( s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en) s.aspx?familyid=E9C4BFAA-AF88-4AA5- 88D4-0DEA898C31B9&displaylang=en Sun Microsystems ( tyThreats.pdf) tyThreats.pdf Thursday, April 3, 2008
Education Policy Development Procedure Development & Personnel Training Monitoring Thursday, April 3, 2008
Federal Bureau of Investigation ( Law Enforcement Training Site ( bs/02.html) bs/02.html Department of Homeland Security ( Thursday, April 3, 2008
International Telecommunications Union ( Federal Communications Commission ( National Institute of Standards and Technology ( Thursday, April 3, 2008
Education Policy Development Procedure Development & Personnel Training Monitoring Thursday, April 3, 2008
Missouri Department of Homeland Security ( Missouri Campus Security Task Force ( x.htm) x.htm FEMA ( Local Law Enforcement Thursday, April 3, 2008
Microsoft “How-to” ( eate.mspx) eate.mspx Microsoft ‘Password Checker” ( ecker.mspx) ecker.mspx Microsoft - What is a Strong Password? ( /d406b c-4c2a-8de2- 9b7ecbfa6e mspx?mfr=true) /d406b c-4c2a-8de2- 9b7ecbfa6e mspx?mfr=true SANS Tutorial ( cation/1636.php) cation/1636.php Thursday, April 3, 2008
Use Encryption for ◦ Storing Usernames and Passwords ◦ Transmitting Usernames and Passwords ◦ Storing Files ◦ Transmitting files on a Local Area Network Virtual Private Network Intranet/Extranet Use two factor authentication when possible Enforce Strong Passwords Use Password Policies that require timely changes in passwords Thursday, April 3, 2008
◦ Microsoft ( chnologies/idm/ilm.mspx) chnologies/idm/ilm.mspx ◦ Sun Microsystems ( papers/identity_enabled_ilm.pdf) papers/identity_enabled_ilm.pdf Thursday, April 3, 2008
PCI Standard Website ( PCI Standard White Paper ( pci_dss_v1-1.pdf) pci_dss_v1-1.pdf PCI Forum ( Thursday, April 3, 2008
There is no guarantee of total security. The best that can be accomplished is managing the threats Know your enemy! Thursday, April 3, 2008
Dr. Tom Dr. Craig Thursday, April 3, 2008