220 likes | 346 Views
Security 101. Bob Middleton Product Marketing EMEA SAV, GSS & pcA. What is IT Security. Is it threats. Or Is it business needs. Virus (macro virus) Worm Trojan Horse Crimeware Hacking – internal & external Phishing - botnet Pharming Spyware Adware Blended threats Data theft.
E N D
Security 101 Bob Middleton Product Marketing EMEA SAV, GSS & pcA
What is IT Security Is it threats Or Is it business needs • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft • Protect customer information • Protect reputation • Data integrity • Business continuity • Compliance • Protecting other assets • Preventing downtime • Protect intellectual property • Efficiency/cost reduction • Enabling business opportunity • Source: IT Security Breaches Survey 2006
Security 101 - Viruses Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft • Virus • A program that replicates itself • Payload – what it does • Unlimited • Delete files, add to files • P.S. don’t you think the Prime Minister is a */@7^%$£ • Even a harmless virus, sent to a customer can be devastating • Macro Virus • Using the macro/visual basic language built into MS Office and many other application to create virus code.
Security 101 - Worms Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Worm A program that replicates itself using the network. Could use your email to send itself to ever contact in your address book Payload Unlimited Could act as an auto-forwarder so the author can send you email which will automatically go to your address book, as if they were from you
Security 101 - Trojans Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Trojan Horse Program that does one thing openly while doing something very different in secret Examples: Screensaver, game, funky mouse cursor, anti-spyware product, free scanner Payload Unlimited, often sow Viruses, worms etc.
Security 101 - Crimeware Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Crimeware Crimeware can surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief. A crimeware program can also redirect a user's browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar. Crimeware threats can steal passwords cached on a user's system. Crimeware can wait for the user to log into their account at a financial institution, then drain the account behind the scenes. Crimeware can enable remote access into applications, allowing hackers to break into networks for malicious purposes.
Security 101 - Hacking Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Hacking Breaking in to a computer system you are not authorised to access, Much hacking is done internally by members of staff. Hackers use tools to try and gain acces, like: Keyloggers, social engineering (calling and asking works best) The hacker wants administrative rights to the network
Security 101 - Phishing Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Phishing
Security 101 - Phishing Follow the link: www.barc1ays.com WWW.ABBEYNATI0NAL.CO.UK www.paypaI.com www.paypal.com
IT Security My dodgy website All donations gratefully received
Security 101 - Pharming Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Pharming Redirecting website access So you type www.barclays.com yourself but still end up on a spoof site!
Security 101 - Spyware Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Spyware Secretly gathering information: Surfing habits Passwords Personal details . . . . . .
Security 101 - Adware Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Adware Does what it sez on the tin.
Security 101 – Blended threats Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Blended threats Using more than one of these techniques to attack a system Render point security solutions useless
Security 101 – Data theft Is it threats • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft Data theft Mass acquisition of credit card details from well known retailers Copying the details of your favourite customers when leaving a company Companies failing to protect against data theft can be in breach of data protection law.
What is IT Security Is it threats Or Is it business needs • Virus (macro virus) • Worm • Trojan Horse • Crimeware • Hacking – internal & external • Phishing - botnet • Pharming • Spyware • Adware • Blended threats • Data theft • Protect customer information • Protect reputation • Data integrity • Business continuity • Compliance • Protecting other assets • Preventing downtime • Protect intellectual property • Efficiency/cost reduction • Enabling business opportunity • Source: IT Security Breaches Survey 2006
What is IT Security yes Partial No
“The attacks, which started around April 27, have crippled Web sites for Estonia's prime minister, banks, and less-trafficked sites run by small schools, said Hillar Aarelaid, chief security officer for Estonia's Computer Emergency Response Team (CERT), on Thursday. But most of the affected Web sites have been able to restore service. “ BBC News -> Security 101 – Other buzz words • Zero day attack • A threat that is already in-the-wild when we first hear of it. It has a chance to do damage before the industry can respond. • Denial of Service (DoS) • Routing so much traffic at a website or company firewall that it cannot cope and normal traffic cannot be processed • Distributed Denial of Service (DDoS) • Using many ‘hijacked’ computers to mount a large DoS attack • BotNets are used to facilitate this type of attack.
Security 101 • In a world of blended threats and $ driven malware innovation; only a multi-layered defence can hope to meet the challenge. ?
Thank you Bob_middleton@symantec.com