Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Discussion IST Retreat June 2008. IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Published byEugenia Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Discussion IST Retreat June 2008. IT Security Statement definition In the context of computer science, security is the prevention of, or protection."— Presentation transcript:

1 Security Discussion IST Retreat June 2008

2 IT Security Statement definition In the context of computer science, security is the prevention of, or protection against: access to information by unauthorized recipients, and intentional but unauthorized destruction or alteration of that information terminology Confidentiality - Ensuring that information is not accessed by unauthorized persons Integrity - Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication - Ensuring that users are the persons they claim to be

3 Components

4 Some New(er) Concerns Privacy of Information (e.g. PIPEDA, Health Services) Electronic Commerce (e.g. donations) Hosted Applications (e.g. Patriot Act) Email and Phishing Scams Identity theft

5 Top 7 (All Systems) - SANS 1.Default installs of operating systems and applications 2.Accounts with No Passwords or Weak Passwords 3.Non-existent or Incomplete Backups 4.Large number of open ports 5.Not filtering packets for correct incoming and outgoing addresses 6.Non-existent or incomplete logging 7.Vulnerable CGI Programs

6 Top 10 - HIPAA 1.Firewall and System Probing 2.Network File Systems (NFS) 3.Electronic Mail Attacks 4.Vendor Default Password Attacks 5.Spoofing, Sniffing, Fragmentation and Splicing 6.Social Engineering Attacks 7.Easy-To-Guess Password Compromise 8.Destructive Computer Viruses 9.Prefix Scanning 10.Trojan Horses

7 Recent Events C&PA - “events” application JobMine – resume PeopleSoft - URLs UW-ACE – “admin” privileges

8 What We’re Doing – Part I security working group passkey depot server hardening and/or review anti-virus software distribution machine room firewall internal audits patches for server and desktop

9 What We’re Doing – Part II campus advisories monitoring/scanning (ongoing, monthly) e-commerce verification external information (SANS, CERT) authorization/roles (ERP, Sharepoint) wireless access (Minuwet) networks (residence)

10 What We’re Doing – Part III certificates (Thawte) authentication (ADS, CAS) password rules and checks

11 Problems & Challenges – Part I Public security policy/statement for web sites Education & Training Reliance on vendors Keeping up to date on patches Laptops

12 Problems & Challenges – Part II Web applications architecture “academic” & “computing” institution Increases in attacks, trends

13 Physical Security Overlap with Key Control Hardcopy documents (internal, UW, academic) Overlap with Police Services (Emergency) IST and wired/physical security

14 Moving Forward New roles for all? More external/outsource testing? Testing protocols for applications/services?

15 Links http://ist.uwaterloo.ca/security/ http://security.uwo.ca/ http://www.uoguelph.ca/ccs/security/index.shtml http://www.wlu.ca/page.php?grp_id=47&p=1128 http://www.usask.ca/its/services/itsecurity/ http://www.cse-cst.gc.ca/training/ http://www.cert.org/ http://www.sans.org/ http://en.wikipedia.org/wiki/Security

16 Discussion

Download ppt "Security Discussion IST Retreat June 2008. IT Security Statement definition In the context of computer science, security is the prevention of, or protection."

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google