Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Published byTabitha Baker Modified over 6 years ago

Similar presentations

Presentation on theme: "Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch."— Presentation transcript:

1

2

3 Some Methods Phishing Database & Password Exploits
Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

4

5 Some Methods Phishing Database & Password Exploits
Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

6 Website hacked by Anonymous
Puckett & Faraj Rep. Marine accused of 24 civilian deaths in Haditha, Iraq 2005 Website hacked by Anonymous Feb 2012 Hacked Gmail

7 Hacked Website

8 Default Accounts & Passwords
80% of data breaches involve stolen, weak, default or easily guessable passwords … and the list goes on …

9 Some Methods Phishing Database & Password Exploits
Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

10 Dated Software & Patch Exploits
Number of CVEs exploited in 2015 by the CVE publication date Common Vulnerabilities and Exposures (CVEs) as named by Verizon 2016 Data Breach Investigations Report Includes dated software exploits, and patches

11 Some Methods Phishing Database & Password Exploits
Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch Exploits Advanced Persistent Threat & Zero-Day

12 Adv. Persistent Threats & Zero-Day
Zero-Day Exploit Multiple attack vectors continuously over time Not just one attack one time Include several complex phases Any exploit plus continuous access Software vulnerability, unknown Exploited by hackers, before developers are aware Once known, “zero days” to patch, fix, and protect All exploits were once zero-day exploits May Zero-day attack against US Dept. of Labor website via Internet Explorer 8 vulnerability April 2014 Heartbleed, a zero-day vulnerability in the Transport Layer Security protocol, was published

13 Top Best Practices User training & awareness
Segregate data & privileges Password management Update patches and software Security hardware & software Removable media policy Data destruction policy Periodic pen testing Encrypt data Monitoring

14 Password Management Create strong passwords Change often
Min. 12 characters Phrase Change often Remove defaults Hardware & software Remove old employee accounts Don’t keep “password” files or folders Don’t share passwords Don’t reuse passwords

15 Encryption Whole disk Encryption BIOS password A phrase works well
Encrypt thumb drives Encrypt data in transit to cloud Encrypt Backups

16 What is the #1 source of data compromise ?

17 What is the #1 source?

18 Comments & Questions Steven Konecny | CFE, CIRA, CEH, CRISC
(916) (213) Let’s Take Flight

Download ppt "Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Cyber Security AMSC FM Training Symposium Alex Roosma, 1st Lt, USAF

Cyber Security AMSC FM Training Symposium Alex Roosma, 1st Lt, USAF
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.
TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT : 2011390663.

TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.

Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Appendix C: Designing an Operations Framework to Manage Security.

Appendix C: Designing an Operations Framework to Manage Security.
JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY.

JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY JEOPARDY.
Small Business Security Keith Slagle April 24, 2007.

Small Business Security Keith Slagle April 24, 2007.

Similar presentations

Ads by Google