1 / 78

8: Basic Security

8: Basic Security. Networking for Home & Small Business. People use networks to exhange sensitive information. We expect SECURE networks to PROTECT our IDENTITY & INFO. What’s Ahead…. Networking Threats Methods of Attack Security Policy Using Firewalls. Networking Threats.

miracle
Download Presentation

8: Basic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 8: Basic Security Networking for Home & Small Business

  2. People use networks to exhange sensitive information...

  3. We expect SECURE networks to PROTECT our IDENTITY & INFO

  4. What’s Ahead… • Networking Threats • Methods of Attack • Security Policy • Using Firewalls

  5. Networking Threats

  6. Network Intrusion • Attacks can be devastating • Cost money, time, theft of files, etc • HACKERS • Intruders who gain access by modifying software or exploiting software vulnerabilities

  7. 4 Threats from Hacker • Information theft • Identity theft • Data loss / manipulation • Disruption of service

  8. 4 Threats from the Hacker • Stealing Confidential Info • Credit card #’s • Private Company info such as a project in development • Could be sold

  9. 4 Threats from the Hacker • Destroy or Alter Records • Send a virus that reformats HD • Changing your grades • Change store prices

  10. 4 Threats from the Hacker • Identity Theft • Stealing info to take on identity • Applying for credit cards & buying stuff • Obtain DL’s

  11. 4 Threats from the Hacker • Disrupting Service • Preventing user from accessing services such as Internet

  12. Activity

  13. Where’d He Come From? • External Threat • Outside attacker • Internet or Wireless

  14. Where’d He Come From? • Internal Threat • Has authorized access • Knows people & network • Knows what info is valuable • OR someone may have just picked up a virus • According to the FBI, internal access and misuse of computers systems account for approximately 70% of reported incidents of security breaches.

  15. Social Engineering • Easiest way to gain access… • Deceiving internal users into performing actions or revealing confidential info • Takes advantage of them • Usually don’t meet them face-to-face

  16. Fight Intrusion • http://www.us-cert.gov/reading_room/before_you_plug_in.html • http://www.us-cert.gov/reading_room/distributable.html • Example 1 • Example 2

  17. 3 Types of Social Engineering • Pretexting, Phishing, and Vishing

  18. Phishing

  19. Review

  20. Let’s Try This… • Cyber Security Awareness Quiz

  21. Methods of Attack

  22. Other Attacks • Viruses, Worms and Trojan horses • Malicious software put on hosts • Damage system, destroy data, deny access • They can forward data to thieves • Can replicate to other hosts

  23. 3 Evil Things • Viruses, Worms and Trojan horses • Go to 8.2.1.2

  24. Simplified

  25. Let’s See… • GCIT • Who wants to play… • ID Theft Faceoff? • Invasion of the Wireless Hackers? • Phishing Scams? • Quiz Time for all! • http://www.sonicwall.com/phishing/

  26. Activity • Virus, Worm or Trojan Horse???

  27. Just Being Evil! • Sometimes the goal is to shut a network down & disrupt the organization • Can cost a business lots of money!!

  28. Denial of Service (DoS) • In general, DoS attacks seek to: • Flood a system or network with traffic to prevent legitimate network traffic from flowing • Disrupt connections between a client and server to prevent access to a service • Some are not used much anymore, but can be • SYN flooding • Ping of Death

  29. DoS- SYN Flooding

  30. DoS- Ping of Death! • Sending SO MANY LARGE pings, the server can’t respond to anyone else!

  31. DDoS • DDoS • Attack by multiple systems infected with DDoS code • Sends useless data to server • Overwhelms system & it crashes

  32. Brute Force • Fast computer used to guess passwords or decipher encryption code • Brute force attacks can cause a denial of service due to excessive traffic to a specific resource or by locking out user accounts • Try 8.2.2.3

  33. Review • Name 3 types of social engineering. • Pretexting, Phishing, Vishing • How are you targeted in a pretexting attack? • Over the phone • You click on a pop-up window to claim a “prize.” A program was installed w/out you knowing & now an attacker has access to your system. What is this called? • Trojan Horse

  34. Review • Which attack doesn’t need activation and copies itself across the network? • Worm • A server is busy responding to a SYN with an invalid source IP address. What’s the attack? • SYN Flooding

  35. Other Threats • Not all threats do damage • Some collect info • Collecting Info/Invading Privacy • Spyware • Tracking Cookies • Adware • Pop-ups

  36. Spyware • Program that gathers personal info w/out your permission • Info sent to advertisers • Usually installed unknowingly • Downloaded, installing a program, click on pop-up • Can slow computer down or make settings changes • Can be difficult to remove

  37. Tracking Cookies • Form of spyware • Not always bad • Records info about user when they visit web sites • Allows personalization • Many sites require them

  38. Adware • Form of spyware • Records info about user when they visit web sites • For advertising purposes • Pop-ups & pop-ups of ads

  39. Pop-Ups (and Pop-Unders) • Adware EXCEPT doesn’t collect any info • Pop-ups • Open in front of the current browser window • Pop-unders • Open behind the current browser window

  40. What’s This?

  41. Spam • Unwanted bulk mail from advertisers • Spammer sends • Often sent through unsecured servers • Can take control of computers • Then sent from that computer to others • On average, how many spam emails are sent to a person per year? • 3000

  42. Review • You visit a web site and see this annoying advertising tactic that appears in a new window. What is it? • Pop-up • This type of advertising is sent to many, many people. The advertiser uses no marketing scheme. • Spam • This form of spyware is not always bad & can be used for personalization of a site. • Cookies

  43. Security Policy

  44. Security Measures • You can’t eliminate security breaches • You can minimize the risks • Policy • Procedures • Tools & Applications

  45. Security Policy • Formal statement of rules when using tech • Acceptable use policy • Detailed handbook • What should be included?

  46. Activity • Let’s review some policies… • GCIT • Klondike Middle School • Clearview High School

  47. More Security Procedures • The procedures help implement the policies • Some of the security tools and applications used in securing a network include:

  48. Rut Roh! • Computer starts acting abnormally • Program does not respond to mouse and keystrokes. • Programs starting or shutting down on their own. • Email program begins sending out large quantities of email • CPU usage is very high • There are unidentifiable, or a large number of, processes running. • Computer slows down significantly or crashes

  49. Anti-Virus Software • Preventive & Reactive tool • Features • Email checker • Dynamic Scanning (checks files when accessed) • Scheduled scans • Auto update • When a virus is known, they will update it

  50. Anti-Spam • Spam sends unwanted emails • Code takes over PC to send more • The software ID’s it & places it in junk folder or deletes it • On PC or on email server • ISP may have a spam filter

More Related