Download IT Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts
no text concepts found
Transcript 
IT Security
“Knowing the potential threat to YOU and your business”
Ian McLachlan
IT Manager
Introduction
• Ian McLachlan (IT Manager)
• Responsible for the IT infrastructure within Avogel (UK)
and it’s sister companies
• Background:
Email: [email protected]
Support & Maintenance,
Networking, Project Management,
Security & Pen-Testing, PCI
Compliance
Tel: 01294 204704
Mob: 07813653519
Index
 Hacking, Cracking, Penetration Testing… What is it?
 “Who” and “What” are the threats?
 Common Attacks and Attack Surfaces
 Myths and Liabilities
 Facts
 Protecting you and your business
 Q&A / Discussion
Hacking, Cracking, Pen-Testing… What is it?
Hacking, Pen-Testing, Cracking… :
Trying to gain access to data, systems or equipment that have been
configured to restrict access from unauthorised sources
WhiteHats, BlackHats, GreyHats
IT Security :
“Is a branch of computer technology in relation to computers and networks.
The objective of IT security includes the protection of information and
property from theft, corruption, or natural disaster, while allowing the
information and property to remain accessible and productive to its
intended users. “
System Admin’s or IT Security Personnel
“Who” and “What” are the threats?
BlackHats (and to a lesser extent GH)
 “The Opportunist” (target : Anyone)
Mot: See what turns up. No defined plan or agenda
Threat/Obj : Anything and everything
 “The H…activist” (target : Business/Gov’t)
Mot: Agenda, Planned, Well Organised, Web Defacement Threat
/Obj : Reputation
 The “Mark” (target : You/Business)
Mot: Firm objective (personal/business), planned, determined
Threat/Obj : Data, Money, Personal Info … etc
Common Attacks
 “The Opportunist”
Attack MO’s:
Phishing Emails
Crypting – Bots, Rats, Keylogger, Viruses
(distribution : P2P, IRC’s)
Scripts, Brute Force, War Driving
Malware(?)
 “The H…activist”
Attack MO’s:
Web Site Defacement
- Vulnerable Sites (source, SQL Inj)
 The “Mark”
Attack MO’s:
Foot-printing
Numeration
DDOS, Wifi, MitM, BF, Vun S., LHF,
Skip Diving
**** Social Engineering ****
really K.S.
Common Attacks Surfaces










Users (Weakest – Social Engineering)
Email (Spoofing etc..)
Web Sites (Defacing, DDOS)
Firewalls (BF, Scanning)
Switches/Hubs/Routers (Telnet, SNMP)
Network Services (DNS, VPN etc…)
Applications (Web Apps)
Topology (wifi, sniffing)
Servers/Computers (inc Home)
Production/Safety System (eg fire doors etc.)
** H&S Risk Assessment
 Other Hardware (SNMP)
Myths / Liabilities
IT System can be made 100% Secure
Up-to-date Virus software will stop any attacks
ALL Financial transactions are insured from fraud
** Personal (CC, Bank)
- Is Chip and Pin Secure?
** Business (PCI DSS)
Facts
Over two thirds of UK companies have experienced
some sort of computer virus 2010
One in three companies web sites have had hacking
attempts 2009
In a survey of 167 participants
Over a 1 month survey period (2hr per day) found:
95% of participants probed
On average 56 hacking attempts per day
68% of hacking attempts used the Backdoor
SubSeven Trojan
These were home users
Protecting YOU and Your Business
 Identify, Map, Log and Monitor the Risks
 Software Patches and Virus Updates
 Correctly configured Firewalls and Software
 Managed IT policies and systems (ISO)
 IDS and Honey-pots
 Encryption
 Be vigilant around anything, that by its nature,
is protected from unauthorised access
** DON’T - Hide in the long grass **
Q&A
Thank You !
Related documents
Growth Hacking - Roy Povarchik
Growth Hacking - Roy Povarchik
What can “Economics of Information Security” offer for SMEs
What can “Economics of Information Security” offer for SMEs
Chapter 2: Force & Newton`s Laws
Chapter 2: Force & Newton`s Laws
Defective by Design?!
Defective by Design?!
Computer Hacking
Computer Hacking
Imperva ADC Webinar Series: Top 5 Security Trends for 2010
Imperva ADC Webinar Series: Top 5 Security Trends for 2010
Hackers On the Computer Should Get Prosecuted
Hackers On the Computer Should Get Prosecuted
Teenager in virtual reality
Teenager in virtual reality
Computer Ethics - Fairfield Faculty
Computer Ethics - Fairfield Faculty
pengaruh kepemimpinan, komunikasi, motivasi, pengembangan
pengaruh kepemimpinan, komunikasi, motivasi, pengembangan
Slide 1 - IITK - Indian Institute of Technology Kanpur
Slide 1 - IITK - Indian Institute of Technology Kanpur
Use of AI algorithms in design of Web Application Security Testing
Use of AI algorithms in design of Web Application Security Testing
Safe and Sound: The Physics of Hacking
Safe and Sound: The Physics of Hacking
Models and Myths of Science: Views of the
Models and Myths of Science: Views of the
Youth Pathways Cybercrime
Youth Pathways Cybercrime
Implementing a Web Browser with Web Defacement Detection
Implementing a Web Browser with Web Defacement Detection