Download here - Help Net Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

IT risk management wikipedia , lookup

Airport security wikipedia , lookup

Information security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Unix security wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Mobile security wikipedia , lookup

Distributed firewall wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Understanding Security
A Presentation by Secured Networks
Copyright Secured Networks Pty Ltd 2001.
Email: [email protected]
Web:http://www.secured.com.au
What is Security?
•
•
process, procedures, and tools that assure data
can be stored reliability and retrieved by those
authorised users
procedures should additionally include services
and utilities to log intrusion attempts and attacks
aimed to penetrate security measures
•
hardware and software applications to block and
prevent unwanted any anomalistic behaviour
•
automated file and e-mail virus scanning to
reduce external and internal espionage threats
•
employee awareness of security and effective
user policies to minimise user-masquerading
•
implementation and deployment of encryption in
e-mail, passwords, data and network
transmissions
• Security (noun)
•
1. The state of being
secure.
•
2. Precautions taken to
ensure against theft,
espionage, or other danger
•
3. Something given or
pledged to secure the
fulfilment of a promise or
obligation.
•
•
4. Secured Networks
http://www.secured.com.au
Secured Networks Pty Ltd. http://www.secured.com.au
Dependability
•
•
•
•
Security is closely related of how to obtain a dependable and stable computer system.
Dependability is the trustworthiness of a system and can be seen as the quality of the service a system
offers.
Integrating security and dependability can be accomplished in various ways.
Security should be treated as one characteristic of dependability on the same level reliability, availability
and safety.
•
Availability if the percentage of operational lifetime a system performs its functions.
•
Reliability is the probability that a system will perform its function during a time period, ie continuity of a
service.
•
Safety is the probability that a system performs its intended functions correctly, or a in the event of failure
the risks/consequences are minimised. Such as a fail-safe operation.
Secured Networks Pty Ltd. http://www.secured.com.au
How much Security do I need?
•
•
What am I being charged for?
Security is purchased at a cost in system
performance, ease of use, complexity, and
management time.
•
Once cost effective safeguards have been
selected, residual risks remain and is accepted
by management.
•
•
Risk status should be periodically re-examined
to identify new threats, vulnerability's, or
changes that affect the degree of risk that
management has previously accepted.
Effort is required by all organisations to
safeguard information resources and reduce
risks to a prudent level.
•
•
Or you could go without and face the risks..
Inability or impairment of a company’s ability to
perform its objectives.
•
Inability to provide needed services to the
public.
•
Waste, loss, abuse or misappropriation of funds.
•
Loss of credibility or embarrassment to your
company.
•
Company competition gain upper hand by
stealing confidential information from your
server.
•
Decreased profit, and increase loss margin.
•
Client trust relationship tarnished.
Secured Networks Pty Ltd. http://www.secured.com.au
Management Support
•
Managerial staff play an important role in
the continual maintenance of a network.
Understanding the threat of hackers, and
crackers,should be constantly reviewed.
•
Success of risk management depends on
the top role management takes in the
out-sourcing of a Security company.
•
Management support to all levels of the
organisation.
•
Management explanation of the purpose
and scope of risk analysis.
•
Management selection of a qualified
team of formal delegation of authority
and responsibility.
Secured Networks Pty Ltd. http://www.secured.com.au
Management Support
•
Management’s review and understanding
of a Security company’s research and
findings.
•
Selecting a Security service tailored to
your requirements, in the best interest of
your company, not your profit.
•
Which Security services are there?
•
Network Security Consulting
•
Network Auditing
•
Vulnerability Assessment (Penetration)
•
Product Evaluation and Testing
Secured Networks Pty Ltd. http://www.secured.com.au
Network Security Consulting
•
Informative approach to Security by
detailing faults and problematic areas
within a network environment.
•
Thorough explanation of methods to
improve the current security status and
implementation within an organisation.
•
Installation and configuration of firewalls,
intrusion detection loggers, Operating
System updating, user policy
development, file integrity utilities,
promoting employee security awareness,
network audit procedures.
•
All levels of an organisation benefit
through improved security measures.
Secured Networks Pty Ltd. http://www.secured.com.au
Network Auditing
•
Detailed report of vulnerability and misconfiguration information of a network,
server, computer, router, or firewall.
•
Thorough evaluation of security status,
and problematic areas that may cause
future intrusion and hack attempts to
succeed.
•
Assessment of networks and computers
through port scanning, Intrusion
Detection testing, fingerprinting,
service/daemon inspection, protocol
probing, host identification, bug
identification, firewall subversion
analysis, authorisation assessment.
Secured Networks Pty Ltd. http://www.secured.com.au
Network Audit Report Contents
•
What does the final network audit
report contain exactly?
•
•
•
•
•
•
•
•
•
•
Risk Factor
Complexity
Popularity
Impact
Root Cause of Problem
Ease of Fix
Bug Description
Security Concerns
Suggestion/Patch Information
E-mail and hard copy of report
documentation
•
Secured Networks Pty Ltd. http://www.secured.com.au
Vulnerability Assessment
•
Penetration Testing extends beyond
network auditing by including an
exploitation phase within the security
analysis.
•
Identification of ‘real-world’ vulnerability's
your server(s) are susceptible to.
•
Accurate assessment through hacker-like
activities to closely assess the security
status of a system.
•
Identification of strength and weaknesses
of client and server as they appear to
remote users.
•
White-hat ethical hackers coordinate an
active penetrative attack on your
network.
Secured Networks Pty Ltd. http://www.secured.com.au
Vulnerability Assessment
•
What does Penetration Testing do
compared to Network Auditing?
•
•
•
•
•
•
•
•
•
•
Exploitation and research phases
Password cracking
Network/System scanning
Information gathering
Server log reviews
Bug analysis and intrusion
Denial of service
Host security compromisation
A hackers perspective
Deeper understand of threat analysis
•
However no content is destroyed, modified,
deleted, or inserted. This is a professional
assessment for security-wise company’s.
Secured Networks Pty Ltd. http://www.secured.com.au
Product Evaluation
•
Application Testing consists of a wide
variety of techniques to discover
programming faults, ranging from design
errors, to security issues.
•
Locating problematic code areas
primarily involves an extensive code
audit.
•
Reverse-engineering of
binary/executable's is also possible.
•
Bug reports, cause, risk involved, and fix
details are included in an overview of
security findings.
Secured Networks Pty Ltd. http://www.secured.com.au
Product Evaluation
•
What does an effective software audit
evaluate?
•
•
•
•
•
•
•
•
•
•
Insecure routine calls
Buffer overflows
Range checking
Format-String vulnerability's
Input data validation
Race conditions
Environment sanity checks
File permissions
Authentication design
Cryptographic algorithm analysis
Secured Networks Pty Ltd. http://www.secured.com.au
Where do you turn?
•
Secured Networks Pty Ltd.
•
The superior services offered by Secured
Networks consist of a plethora of security
activities and assessments.
•
Network Auditing
- YES!
•
Vulnerability Assessment
- YES!
•
Product Evaluation
- YES!
•
Security Consulting
- YES!
•
E-Commerce Consulting
- YES!
Secured Networks Pty Ltd. http://www.secured.com.au
Making the step
•
How do I contact the professionals?
•
•
•
•
•
Secured Networks Pty Ltd.
PO BOX 15
West Brunswick
Melbourne, Australia
3055
•
•
Phone: +61 (03) 9383 7040
Mobile: +61 0419 386 818
•
•
Web: http://www.secured.com.au
E-mail: [email protected]
Secured Networks Pty Ltd. http://www.secured.com.au
Related documents
application form
application form
Product Name: PHOSPHORUS PENTOXIDE LR - Chem
Product Name: PHOSPHORUS PENTOXIDE LR - Chem
Mike Morrongiellos Free Marketing Report
Mike Morrongiellos Free Marketing Report
Selecting the appropriate structure
Selecting the appropriate structure
Hailstorm Press Event template
Hailstorm Press Event template
Petrobridge Presentation
Petrobridge Presentation
Glossary - Tap Oil
Glossary - Tap Oil
Effects on the macro economy of more or less effective Land
Effects on the macro economy of more or less effective Land
Notation exercise 2
Notation exercise 2
Clear evidence: Stand out by pointing to outcomes
Clear evidence: Stand out by pointing to outcomes