internet security - an introduction. internet security security security is a ‘hygiene factor’ ...
TRANSCRIPT
![Page 1: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/1.jpg)
INTERNET SECURITY
- An Introduction
![Page 2: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/2.jpg)
Internet Security
SecuritySecurity
Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can mean the
end of a business overnight
![Page 3: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/3.jpg)
Internet Security
SecuritySecurity
Security is the sum of: Access controls Authentication methods Availability of data/systems Confidentiality of data/info Data Integrity Non-repudiation of transactions Policies Reliability of data/systems
![Page 4: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/4.jpg)
Internet Security
TopicsTopics
What are the risks? What are the solutions? Which issues are specific to
the Utilities Industry? Which issues are specific to
the World Wide Web?
![Page 5: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/5.jpg)
Internet Security
Security - the hypeSecurity - the hype
![Page 6: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/6.jpg)
Internet Security
How Real Is The Risk?How Real Is The Risk?
31% of all companies (private and public) have experienced 1-3 “major security breaches” in the past 6 months
Real number is HIGHER! Companies keep breaches secret!
![Page 7: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/7.jpg)
Internet Security
How Real Is The Risk To Utilities?How Real Is The Risk To Utilities?
Risk is very real Bad publicity is risky Govt requirements:
Privacy of info Reliability of info Availability of systems
![Page 8: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/8.jpg)
Internet Security
What Is The Biggest Risk?What Is The Biggest Risk?
Not having good security procedures? Having good security procedures that
are not followed? Terrorism? Hackers? Internal misuse/errors? Viruses/worms? Trojan Horses?
![Page 9: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/9.jpg)
Internet Security
Biggest Risk? Internal Users!Biggest Risk? Internal Users!
Human error is the most significant cause of IT security breaches (63%)*
Research shows that good training would be the most effective way of improving security in most organizations
*Computing Technology Industry Assoc (CompTIA)
![Page 10: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/10.jpg)
Internet Security
Biggest Risk? InternalBiggest Risk? Internal
Internal security breaches seen as a much bigger threat than external ones by 51% of respondents to an Oracle/Institute of Directors survey
Threat can be to: Privacy of data Corruption of data Loss of data integrity Loss of data altogether Loss of whole system!
![Page 11: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/11.jpg)
Internet Security
Solutions? Company PoliciesSolutions? Company Policies
Chase up references Do background/ security checks
on staff Check out Temp staff carefully Give Temp staff limited access Get staff to signup to security
policy Switch off rights of ex-employees Ensure it is very clear which staff
have which roles and responsibilities
![Page 12: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/12.jpg)
Internet Security
Solutions? Company PoliciesSolutions? Company Policies
Clean desk policy Lock sensitive documents/disks
away Physically secure laptops and PCs Ensure passwords are not written
down Employee records/contracts etc
hidden
![Page 13: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/13.jpg)
Internet Security
Solutions? TrainingSolutions? Training
Good, effective training Training is an ongoing process
66 per cent believe that staff training/certification has improved their IT security, primarily through increased
awareness, as well as through proactive risk identification (source:CompTia)
![Page 14: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/14.jpg)
Internet Security
Solutions? TrainingSolutions? Training
22 per cent said none of their IT employees have received security-related training
69 per cent have fewer than 25 per cent of their IT staff were security-trained
Only 11 per cent said that all of their IT employees have received security training.
![Page 15: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/15.jpg)
Internet Security
Solutions? Physical SecuritySolutions? Physical Security
Visitors/guests accompanied at all times Reception area manned at all times All staff must wear a pass Access to work areas by pass only Access to sensitive areas by keycode Servers housed in a room with no
windows, inaccessible to unauthorised personnel, air conditioned with failover power
![Page 16: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/16.jpg)
Internet Security
Solutions? Network SecuritySolutions? Network Security
![Page 17: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/17.jpg)
Internet Security
Solutions? Network SecuritySolutions? Network Security
Use roles and groups Restrict access to minimum possible Use VPNs to allow external access Keep intranet protected from
internet using Firewalls
Enforce policy on passwords change regularly not easy to guess minimum length must contain numerics can’t reuse
![Page 18: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/18.jpg)
Internet Security
Solutions? Application SecuritySolutions? Application Security
Access Controls Authentication (userid and
password) Digital keys (public and
private) Access to info by user ‘class’ Code quality Programmers should be
security aware Code walkthroughs Testing/QA procedures Source code control/version
control Bug/defect tracking
![Page 19: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/19.jpg)
Internet Security
Solutions? Disaster RecoverySolutions? Disaster Recovery
Redundancy essential Of servers, firewalls, hubs,
routers, air conditioning, power Of ISP (in case ISP fails!) Physically separate location Have disaster recovery plans Test those plans! Test those plans regularly!
Video on Security and Company Policieshttp://webevents.broadcast.com/ZDAUwebcast/enemy/index.asp?loc=1
![Page 20: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/20.jpg)
Internet Security
Problems on the InternetProblems on the Internet
Payment Fraud Viruses (e.g. MyDoom) Hackers Denial of Service attacks Spam Imposters
![Page 21: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/21.jpg)
Internet Security
Viruses/worms/trojan horsesViruses/worms/trojan horses
Programs that do damage Often attachments to emails Can be downloaded from websites Often ‘attached’ to benign software May send emails using addressbook May delete files on hard disk
A virus is copied by a user A worm replicates automatically A trojan horse seems benign
![Page 22: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/22.jpg)
Internet Security
Solutions? IE and MailSolutions? IE and Mail
Internet Explorer Permissions Internet Options ->Security Zones Internet Options->Privacy Internet Options->Advanced
Enforce default policy for IE across company
Don’t open email from anyone you don’t know
Don’t download files/attachments from emails or web pages unless from a trusted source (esp .exe or .vbs files)
![Page 23: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/23.jpg)
Internet Security
Problems on the InternetProblems on the Internet
No centralised infrastructure Huge global scale - millions of
potential users 24 x 7 availability Initial conception was openness and
robustness - not security Organisations must provide a
window into their networks
![Page 24: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/24.jpg)
Internet Security
Solutions? Monitor UsageSolutions? Monitor Usage
Log usage Carry out regular audits/checks of logs Disable access if misuse detected Auto send emails of ‘exception’ usage
![Page 25: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/25.jpg)
Internet Security
Solutions? Web Server SecuritySolutions? Web Server Security
![Page 26: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/26.jpg)
Internet Security
Solutions? SoftwareSolutions? Software
Install ‘protection software’: Firewalls Proxy Servers Anti-Virus software
Update key software regularly: Web servers Operating systems Mail software Anti-virus software
Don’t forget patches!!
![Page 27: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/27.jpg)
Internet Security
Solutions? SoftwareSolutions? Software
Use SSL (Secure Socket Layer) Protects private information Encrypted using digital key Especially for payment data
Use public/private keys To authenticate parties To encrypt data To ‘digitally sign’ documents Some have whole infrastructures*
* Verisign Onsite Managed Trust Services
![Page 28: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/28.jpg)
Internet Security
Security QuizSecurity Quiz
1. What number (or e-mail address) should you contact if you want to report suspicious activity?
2. What type of corporate data are you allowed to store on your personal home computer?
3. When is it ok to give your password to someone else?
4. Create a multiple-choice question about which types of corporate information would be sensitive
Answer: key security contacts at your company
Answer: none
Answer: never
Answer: all of it
![Page 29: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/29.jpg)
Internet Security
ResourcesResources
‘Web Security and Commerce’ Garfunkel and Spafford (O’Reilly)
http://wp.netscape.com/security/ - intro to security concepts
http://www.netcraft.com/security/diary.html - security diary
http://www.mcaffee.com – mailing list of security issues
http://www.verisign.com – general security issues
http://groups.google.com – groups / news groups
http://way2goal.com/internet/is.html - security issues
![Page 30: INTERNET SECURITY - An Introduction. Internet Security Security Security is a ‘Hygiene Factor’ When there, noone should notice When not there, can](https://reader034.vdocuments.mx/reader034/viewer/2022042718/56649f355503460f94c528d8/html5/thumbnails/30.jpg)
Internet Security
ResourcesResources
Apogee Interactive Inc. http://www.apogee.net Michelle Johnston 770 270 6516 Email [email protected]
Security reviews/IT reviews/Audits Code reviews Training Web site reviews/audits ELearning