Security Discussion IST Retreat June 2008. IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Slides:



Advertisements
Similar presentations
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Advertisements

Mr C Johnston ICT Teacher
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Chapter 7 HARDENING SERVERS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
CYBER CRIME AND SECURITY TRENDS
New Data Regulation Law 201 CMR TJX Video.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Storage Security and Management: Security Framework
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Internet Security facilities for secure communication.
C8- Securing Information Systems
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Types of Electronic Infection
Review 2 Chapters 7, 8, 9. 2  Define a network and its purpose.  Explain how communications technologies are used in our every day lives.  Understand.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Internet security  Definition  Types of internet security  Firewalls  Anti spyware  Buffer overflow attack  Phishing  Summary.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Network System Security - Task 2. Russell Johnston.
Securing Information Systems
Securing Network Servers
Top 5 Open Source Firewall Software for Linux User
Working at a Small-to-Medium Business or ISP – Chapter 8
Network Security (the Internet Security)
Critical Security Controls
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 17 Risks, Security and Disaster Recovery
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Securing Information Systems
Chapter 27: System Security
ISMS Information Security Management System
Firewalls Purpose of a Firewall Characteristic of a firewall
6. Application Software Security
Presentation transcript:

Security Discussion IST Retreat June 2008

IT Security Statement definition In the context of computer science, security is the prevention of, or protection against: access to information by unauthorized recipients, and intentional but unauthorized destruction or alteration of that information terminology Confidentiality - Ensuring that information is not accessed by unauthorized persons Integrity - Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication - Ensuring that users are the persons they claim to be

Components

Some New(er) Concerns Privacy of Information (e.g. PIPEDA, Health Services) Electronic Commerce (e.g. donations) Hosted Applications (e.g. Patriot Act) and Phishing Scams Identity theft

Top 7 (All Systems) - SANS 1.Default installs of operating systems and applications 2.Accounts with No Passwords or Weak Passwords 3.Non-existent or Incomplete Backups 4.Large number of open ports 5.Not filtering packets for correct incoming and outgoing addresses 6.Non-existent or incomplete logging 7.Vulnerable CGI Programs

Top 10 - HIPAA 1.Firewall and System Probing 2.Network File Systems (NFS) 3.Electronic Mail Attacks 4.Vendor Default Password Attacks 5.Spoofing, Sniffing, Fragmentation and Splicing 6.Social Engineering Attacks 7.Easy-To-Guess Password Compromise 8.Destructive Computer Viruses 9.Prefix Scanning 10.Trojan Horses

Recent Events C&PA - “events” application JobMine – resume PeopleSoft - URLs UW-ACE – “admin” privileges

What We’re Doing – Part I security working group passkey depot server hardening and/or review anti-virus software distribution machine room firewall internal audits patches for server and desktop

What We’re Doing – Part II campus advisories monitoring/scanning (ongoing, monthly) e-commerce verification external information (SANS, CERT) authorization/roles (ERP, Sharepoint) wireless access (Minuwet) networks (residence)

What We’re Doing – Part III certificates (Thawte) authentication (ADS, CAS) password rules and checks

Problems & Challenges – Part I Public security policy/statement for web sites Education & Training Reliance on vendors Keeping up to date on patches Laptops

Problems & Challenges – Part II Web applications architecture “academic” & “computing” institution Increases in attacks, trends

Physical Security Overlap with Key Control Hardcopy documents (internal, UW, academic) Overlap with Police Services (Emergency) IST and wired/physical security

Moving Forward New roles for all? More external/outsource testing? Testing protocols for applications/services?

Links

Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.