Download The Top Ten of Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Cracking of wireless networks wikipedia , lookup

Multilevel security wikipedia , lookup

Outlook.com wikipedia , lookup

Airport security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Wireless security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Information security wikipedia , lookup

Distributed firewall wikipedia , lookup

Unix security wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Hacker wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Social engineering (security) wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
The Top Ten of Security
• Ten best practices for securing your
network.
• Ten best security web sites.
• Eight certifications.
“Best Practices”
• ‘Best Practices’ are recognized measures
you can take to secure your computers.
• If you don’t use these ‘Best Practices’ and
your systems are used against someone else
as in a DDOS attack, you could be liable.
• Using industry Best Practices can protect
you from lawsuits.
Best Practices
1. Educate users and use strong passwords
–
Users need to know the rules and the reasons for
them
2. Use anti-virus software – it works (update at
least once a week)
3. Never accept default installations – default
settings are always the weakest – change default
password.
4. Don’t run unnecessary services – web server,
ftp, telnet, SMTP
Best Practices (con’t)
5. Install security patches immediately.
6. Back up your data and protect against
power surges
7. Limit who you trust – give each user only
the level of access they need to
accomplish their tasks and no more.
8. Enable logging and review the logs
regularly
Best Practices (con’t)
9. Expect protection to fail. Firewalls,
routers, IDS, access control mechanisms
often fail without warning. Have layers of
protection. Have a plan B and C.
10. Manage user accounts. Disable or delete
unneeded accounts immediately. They are
fertile ground for crackers.
Ten Best Security Web Sites
1. www.cert.org
– Computer Emergency Response Team at
Carnegie Mellon
– Current vulnerabilities,background info
2. http://online.securityfocus.com
– Like a library of information
3. http://rr.sans.org
– The “reading room” for SANS, a large computer
security training organization.
Web Sites
4. www.antionline.com
–
“Hackers know the weaknesses in your
system, shouldn’t you?”
5. www.ciac.org
–
–
Computer Incident Advisory Capability
U.S. Dept of Energy
6. www.theregister.co.uk
–
Good for getting a different viewpoint
Web Sites
7. www.cerias.purdue.edu/hotlist
–
Portal to many other good web sites
8. www.infosecuritymag.com/
–
Online magazine
9. www.secinf.net
–
Network Security Library
10. http://csrc.nist.gov/
–
Computer security resource center of the national
institute of standards and technology
Top (8) Security Certifications
1. CISSP – Certified information systems security
professional – general security knowledge –
www.isc2.org
2. SSCP – Systems security certified practitioner –
more technical than cissp
3. CISA – Certified information systems auditor –
www.isaca.org
4. CPP – Certified Protection Professional –
security management – www.asisonline.org
5. GIAC – Global information assurance
certification – multilevel certification by SANS –
www.giac.org
6. Security Certified Network Architect/ Network
Professional –
www.securitycertified.net/certifications.htm
7. Cisco certifications – proficiency with Cisco
products – www.cisco.com
8. Microsoft certifications – proficiency with
Microsoft products – www.microsoft.com