Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager Introduction • Ian McLachlan (IT Manager) • Responsible for the IT infrastructure within Avogel (UK) and it’s sister companies • Background: Email: [email protected] Support & Maintenance, Networking, Project Management, Security & Pen-Testing, PCI Compliance Tel: 01294 204704 Mob: 07813653519 Index Hacking, Cracking, Penetration Testing… What is it? “Who” and “What” are the threats? Common Attacks and Attack Surfaces Myths and Liabilities Facts Protecting you and your business Q&A / Discussion Hacking, Cracking, Pen-Testing… What is it? Hacking, Pen-Testing, Cracking… : Trying to gain access to data, systems or equipment that have been configured to restrict access from unauthorised sources WhiteHats, BlackHats, GreyHats IT Security : “Is a branch of computer technology in relation to computers and networks. The objective of IT security includes the protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. “ System Admin’s or IT Security Personnel “Who” and “What” are the threats? BlackHats (and to a lesser extent GH) “The Opportunist” (target : Anyone) Mot: See what turns up. No defined plan or agenda Threat/Obj : Anything and everything “The H…activist” (target : Business/Gov’t) Mot: Agenda, Planned, Well Organised, Web Defacement Threat /Obj : Reputation The “Mark” (target : You/Business) Mot: Firm objective (personal/business), planned, determined Threat/Obj : Data, Money, Personal Info … etc Common Attacks “The Opportunist” Attack MO’s: Phishing Emails Crypting – Bots, Rats, Keylogger, Viruses (distribution : P2P, IRC’s) Scripts, Brute Force, War Driving Malware(?) “The H…activist” Attack MO’s: Web Site Defacement - Vulnerable Sites (source, SQL Inj) The “Mark” Attack MO’s: Foot-printing Numeration DDOS, Wifi, MitM, BF, Vun S., LHF, Skip Diving **** Social Engineering **** really K.S. Common Attacks Surfaces Users (Weakest – Social Engineering) Email (Spoofing etc..) Web Sites (Defacing, DDOS) Firewalls (BF, Scanning) Switches/Hubs/Routers (Telnet, SNMP) Network Services (DNS, VPN etc…) Applications (Web Apps) Topology (wifi, sniffing) Servers/Computers (inc Home) Production/Safety System (eg fire doors etc.) ** H&S Risk Assessment Other Hardware (SNMP) Myths / Liabilities IT System can be made 100% Secure Up-to-date Virus software will stop any attacks ALL Financial transactions are insured from fraud ** Personal (CC, Bank) - Is Chip and Pin Secure? ** Business (PCI DSS) Facts Over two thirds of UK companies have experienced some sort of computer virus 2010 One in three companies web sites have had hacking attempts 2009 In a survey of 167 participants Over a 1 month survey period (2hr per day) found: 95% of participants probed On average 56 hacking attempts per day 68% of hacking attempts used the Backdoor SubSeven Trojan These were home users Protecting YOU and Your Business Identify, Map, Log and Monitor the Risks Software Patches and Virus Updates Correctly configured Firewalls and Software Managed IT policies and systems (ISO) IDS and Honey-pots Encryption Be vigilant around anything, that by its nature, is protected from unauthorised access ** DON’T - Hide in the long grass ** Q&A Thank You !