1 / 35

Information Security A Practical Introduction

Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information Security A Practical Introduction. What does “Security” mean?. ?. What is Information Security About?. InfoSec is about… Viruses. InfoSec is about… Hackers.

kira
Download Presentation

Information Security A Practical Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information SecurityA Practical Introduction

  2. What does “Security” mean? • ?

  3. What is Information Security About?

  4. InfoSec is about… Viruses

  5. InfoSec is about… Hackers

  6. InfoSec is about… Vandalism

  7. InfoSec is about… Backups

  8. InfoSec is about… Theft

  9. InfoSec is about… Computer “Uptime”

  10. InfoSec is about… Phones

  11. InfoSec is… about Information

  12. Information Security as an Outcome "Our systems aresecure from hackers“ "We haveblocked 17,342 viruses to date“ “Our systems are all online“ “Insiders cannotsteal our information” “We have backups” “We are Secure”

  13. Information Security as a Process “We want to improvesecurity“ "We need to protect against morethreats" "We want to reduce risk" "We want to increasecustomer confidence" "We want to decrease the number of compromises" “We want to be more Secure”

  14. InfoSec is… Risk Management Identify Measure Analyze Plan Implement

  15. What is at Risk? Confidentiality Integrity Availability

  16. Defence in Depth lowers Risk Firewalls do not make you secure Anti-virus does not make you secure Policiesdo not make you secure VPNs do not make you secure Guards do not make you secure Passwords do not make you secure Together they all make you MOREsecure

  17. Threat: Denial of Service

  18. Counter: Firewalls and Switches

  19. Threat: Unintentional DoS ? An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidth usage.

  20. French Puppet Videos! The server was distributing 20 GB of French Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them!

  21. Counter: Change Management

  22. Counter: Monitoring

  23. Threat: SQL Injection Attack

  24. Counter: Vulnerability Scanning

  25. Counter: Developer Training

  26. Counter: Web Application Firewall

  27. Threat: The Man-in-the-Middle The Pineapple Pretends to be YOURhome wifi network. Recordswhat you do on the Internet.

  28. Counter: 2 Factor Authentication YUBIKEY SecurID Google 2FA

  29. Threat: Insiders

  30. Counter: DLP and DPI • Deep Packet Inspection (DPI): • Firewalls inspect every packet on the network and rebuild the entire message. • Data Loss Prevention (DLP): • Uses DPI and pattern matching to look for suspicious content being sent FROM your network.

  31. Threat: Malvertisements

  32. Why D.I.D? It never rains… it pours The OS Vendor stopped providing patches The server was hacked A hard disk failed A cooling fan died & it crashes every 2hr The software vendor wanted more money Hardware support had not been paid for

  33. Final Threat: The A.P.T. Advanced Persistent Threat

  34. InfoSec is… Everyone’s Responsibility Confidentiality Integrity Availability

  35. Questions? • Email: • michael@winterstorm.ca • Slides: • http://winterstorm.ca/download/

More Related