COMP1321 Networks in Organisations Richard Henson March 2014.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Security Issues and Challenges in Cloud Computing

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Security+ Guide to Network Security Fundamentals

Chapter 12 Network Security.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

FIT3105 Security and Identity Management Lecture 1.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Virtual Private Network

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Digital Citizenship Project

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

BUSINESS B1 Information Security.

Internet Security for Small & Medium Business Week 6

What does “secure” mean? Protecting Valuables

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Today’s Lecture Covers < Chapter 6 - IS Security

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Report task. Security risks such as hacking, viruses and id theft Security prevention such as Firewalls, SSL and general security standards The laws which.

COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.

Small Business Security Keith Slagle April 24, 2007.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Network Security & Accounting

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

Computer Security By Duncan Hall.

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Unit 32 – Networked Systems Security

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

8 – Protecting Data and Security

Chapter 40 Internet Security.

Port Knocking Benjamin DiYanni.

Data and database administration

Secure Software Confidentiality Integrity Data Security Authentication

Lecture 14: Business Information Systems - ICT Security

Richard Henson University of Worcester September 2016

Introduction to Networking

Security of a Local Area Network

Securing Information Systems

Teaching Computing to GCSE

Encryption and Hacking

Back-End Data Security

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Anuj Dube Jimmy Lambert Michael McClendon

COMP2221 Networks in Organisations

Presentation transcript:

COMP1321 Networks in Organisations Richard Henson March 2014

Protecting Organisational Data n By the end of this session you should be able to: –explain why the internal network user is potentially a threat –explain the importance of protecting entry to the network by outsiders –suggest ways to identify vulnerabilities of the network, so action can be taken to reduce the risk

Network Management n A network manager has two (conflicting?) responsibilities –provide facilities and services that users need to do their jobs –protect the network against abuse by naïve or malign users n General perception (by users!)… –network managers are more concerned with “protecting the network” than servicing the needs of its users

The “good insider”.. Threat (?) n Users: employees, who (generally) want to do their job, and do it well… n Possible conflict with the “security-orientated” or “nanny-state” approach to network management n Personal opinion: needs balance –the network IS there for the benefit of the users… »fulfill business objectives –the network MUST be as secure as reasonably possible »protect valuable company data

“unthinking” insiders n Employees who do stupid things on the network –bring in viruses –spread passwords around –forward inappropriately –engage with phishing s… –etc…

Bad Insiders n Could be disillusioned –just plain corrupt –maybe a temp? n Could cause real damage –bring network down –put company out of business…

What to do about the Insider Threat? n A matter for organisational management –Establish policy »negotiated with users… –Educate/train users –Enable breaches of policy to be detected… –Enforce policy!

What about Outsiders? n Two types: –employees working “in the field” –the rest of the world… n Organisational management can’t enforce policy on the latter… –network only protected through good, well- resourced network management

... Firewall INTERNET Internal Network Firewalls: checking/blocking data coming in and out…

Do we have a problem? n Perceptions “from the inside” quite different from “outside looking in”

Should we find out…? n Almost impossible to tell if the network is secure from within… –could just hope so (!) –could go outside, and try to penetrate defences –better still, the organisation could get a benign expert to do it for them…

Assuming no security… n Data cannot be made completely secure if it uses a public network –naïve to think so n Also (especially…) true on a wireless public network –necessary to have a system that ensures data that is hacked en route is unintelligible

Authentication had better be good… n Generally means control via the desktop or application layer –Browser/Windows desktop n If Internet-based, should use PKI »public-key encrypted n user digital certificate tied to computer & address »public-key encrypted web pages n use https protocol n server has an SSL certificate

End-device controlled security n Two types of identification (as in previous e.g.): –via computer (device) ID –via user ID n Either/both can (should?) have a password to control access

Security & Privacy n Closely related technologies –important differences n Privacy –about informational self-determination »ability to decide what information about you goes where n Security –offers the ability to be confident that privacy decisions are respected

Privacy, Security, and Websites n Many potential vulnerabilities…. –openly displayed “sensitive” text n “Hidden” web pages not really hidden n Access to web server, or ftp server, by finding website administrators details… n Hacking web databases via SQL Injection…

Privacy, Security and Mobile Networks n Mobile voice privacy –can someone listen in on my call? »privacy goal: allow user to say no »security technology, e.g. encryption: allows user to enforce it n Sometimes goals of security and privacy are the same –other times orthogonal, or even in conflict

Security/Privacy v Availability n “I want it all, and I want it now…” – Rl72k Rl72khttp:// Rl72k n “Only if your request conforms with the rules…” –society: bad for other people –organisational: confidentiality –personal: human rights

Balancing Rules on Privacy/Security n Ideal: –keeps the data secure… –allows the user freedom to do their job, participate in legitimate leisure activity, etc. n Unnecessarily restrictive or unexplained rules… –users get frustrated…

NOT Getting the balance right… n Worrying survey & report (BBC, 19/11/10): n BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs that many (typically 41% according to a CISCO survey) ignored the rules! n Is it the same everywhere? n Is it any better today?