module0&1 intro-foundations-b
DESCRIPTION
TRANSCRIPT
![Page 1: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/1.jpg)
© 2010 – Foreground Security. All rights reserved
IT Security Awareness Training
Your Instructor(s):
David Amsler
![Page 2: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/2.jpg)
© 2010 – Foreground Security. All rights reserved
IntroductionsModule
0
![Page 3: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/3.jpg)
© 2010 – Foreground Security. All rights reserved
•David Amsler, CIO, Foreground Security - CISSP, CISM, CCNA, CCSP, MCSE, MCT, NSA IAM/IEM, Security+, CCSA, CCSE, CEH, ECSA
IntroductionsModule
0
![Page 4: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/4.jpg)
© 2010 – Foreground Security. All rights reserved
Our Goals
• Understanding the basics of IT Security
• Basic IT Security terms, procedures, and policies
• Security risks, issues and attacker techniques
• Watermark Policies, Procedures, and Expectations
• You ARE IMPORTANT!
Module0
![Page 5: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/5.jpg)
© 2010 – Foreground Security. All rights reserved
Course Materials
• Student Course Book– Slides, Notes, and Presentations
• Home Security Guide– Detailed guide on steps to secure your home
computer
Module0
![Page 6: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/6.jpg)
© 2010 – Foreground Security. All rights reserved
Class Rules
• Ask questions at any time!
• This is an open and interactive class!
• If you don’t understand a concept, say so!We can demonstrate, explain, or illustrate in different ways to help you better understand!
Module0
![Page 7: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/7.jpg)
© 2010 – Foreground Security. All rights reserved
Course Outline
• IT Security Training Awareness • Modules:
– Module 0 - Introductions – Module 1 - Foundations of IT Security
• Essential terminology• Defining security• Need for security• Cyber crime• Information Security statistics• Security myths
Module0
![Page 8: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/8.jpg)
© 2010 – Foreground Security. All rights reserved
Course Outline
• Module 2 - Recognizing Security Threats and attacks
• Phishing and its countermeasures• Virus• Trojan Horse• Worms• Spyware• Adware• Keylogger• Social engineering• Denial of Service• Spamming• Port Scanning• Password cracking• Countermeasures
Module0
![Page 9: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/9.jpg)
© 2010 – Foreground Security. All rights reserved
• Module 3 – Social Engineering– Social engineering techniques– Recognizing social engineering– What to do/How to respond
• Module 4 - Basic Security Policies & Procedures– Introduction– Watermark Specific Policies & Procedures
• Module 5 – Desktop/Laptop Security– Encryption of Data– Loss of Laptop– Remote connections (VPN) Issues
Module0
![Page 10: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/10.jpg)
© 2010 – Foreground Security. All rights reserved
• Module 6 - Secure Internet Access – Internet Security Issues– Identity Theft– File Sharing– Downloading Programs– Secure Internet Practices
• Module 7 – Wireless Security– Wi-Fi Security Issues – Bluetooth– Cell Phone Policy and Procedures
Module0
![Page 11: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/11.jpg)
© 2010 – Foreground Security. All rights reserved
• Module 8 - Incident Response– How to spot an incident– What to do if you spot an incident
• Response
• Contact
• Document
• What else
Module0
![Page 12: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/12.jpg)
© 2010 – Foreground Security. All rights reserved
Quiz
• What is a hacker?
• Describe a typical hacker.
• What do hackers want?
• How do they get it?
![Page 13: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/13.jpg)
© 2010 – Foreground Security. All rights reserved
The Real Hackers
• Brian Kernighan, Dennis Ritchie, Bill Joy and Ken Thompson
C Programming Language, Unix
• Bill Gates
Microsoft
• Richard Stallman
GNU Project / Free Software Movement
• Steve Wozniak, Steve Jobs
Apple
• Linus Torvalds, Alan Cox, Bruce Perens,
Eric S. Raymond
Linux
![Page 14: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/14.jpg)
© 2010 – Foreground Security. All rights reserved
Well Known Attackers
PhiberOptikRobert MorrisKevin MitnickMafiaboyKevin PoulsenVladimir Levin
Today’s attackers are…StudentsIT ProfessionalsThe Office JanitorYour Nextdoor Neighboor!
![Page 15: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/15.jpg)
© 2010 – Foreground Security. All rights reserved
Module 1Foundations of Security
Module1
![Page 16: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/16.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 17: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/17.jpg)
© 2010 – Foreground Security. All rights reserved
Module Objectives
• This module will familiarize you with the following:
• Essential terminology• Defining security• Need for security• Cyber crime• Information Security statistics• Security myths
Module1
![Page 18: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/18.jpg)
© 2010 – Foreground Security. All rights reserved
TerminologyModule
1
![Page 19: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/19.jpg)
© 2010 – Foreground Security. All rights reserved
CIA of SecurityModule
1
![Page 20: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/20.jpg)
© 2010 – Foreground Security. All rights reserved
Risk
A risk is the loss potential that exists as the result of
threat-vulnerability pairs
Key: Threats Vulnerabilities Risks
![Page 21: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/21.jpg)
© 2010 – Foreground Security. All rights reserved
Security TriangleModule
1
![Page 22: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/22.jpg)
© 2010 – Foreground Security. All rights reserved
CountermeasuresModule
1
![Page 23: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/23.jpg)
© 2010 – Foreground Security. All rights reserved
Graphics
![Page 24: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/24.jpg)
© 2010 – Foreground Security. All rights reserved
• The number of internet attacks has doubled every 6 months for the last two years. The cost of these attacks has cost businesses an estimated $98 billion dollars in the first 8 months of 2007. CERT
• A computer will be scanned or attacked within 5 seconds of connecting to the internet. Gartner
• A substantial percentage of attacks (39 percent) appeared to be deliberately targeted at a specific organization. Internetnews
![Page 25: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/25.jpg)
© 2010 – Foreground Security. All rights reserved
• Every five seconds another person is a victim of identity theft or fraud. Consumer.gov
• In 2007, identity theft and fraud cost US consumers $64 billion. Consumer.gov
• 85% of all computer users have some form of a virus, trojan horse, or spyware program and don’t even know it. Insecure.org
• 70% of all corporate attacks come from internal users (employees, contractors, etc.). CSI
• There were over 4 Million computer intrusions in 2007. (CSI/FBI survey)
![Page 26: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/26.jpg)
© 2010 – Foreground Security. All rights reserved
GENERAL MISUSE of the Internet•One-third of time spent online at work is non-work-related. (Websense, IDC)
•Internet misuse at work is costing American corporations more than $85 billion annually in lost productivity. (Websense)
•80 percent of companies reported that employees had abused Internet privileges, such as downloading pornography or pirated software. (CSI/FBI Computer Crime and Security Survey)
PEER-TO-PEER FILE-SHARING•Forty-five percent of the executable files downloaded through Kazaa contain malicious code. (Trusecure)
•73 percent of all movie searches on file-sharing networks were for pornography. (Palisade Systems)
•A company can be liable for up to $150K per pirated work if it is allowing employees to use the corporate network to download copyrighted material. (RIAA)
![Page 27: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/27.jpg)
© 2010 – Foreground Security. All rights reserved
SPYWARE•1 in 3 companies have detected spyware on their network. (Websense UK Survey)
•There more than 7,000 spyware programs. (Aberdeen Group)
VIRUSES/MALICIOUS CODE•Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms. (CSI/FBI)
•Blended threats made up 54 percent of the top 10 malicious code submissions over the last six months of 2003. (Symantec Internet Security Threat Report)
•The number of malicious code attacks with backdoors, which are often used to steal confidential data, rose nearly 50% in the last year. (Symantec)
![Page 28: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/28.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 29: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/29.jpg)
© 2010 – Foreground Security. All rights reserved
Who are the Attackers?
Who are these threat agents? • Teenage pranksters • Hacker junkies • Disgruntled employees • Terrorists (disruption of services)• Criminals (selling information)• Foreign intelligence agents
![Page 30: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/30.jpg)
© 2010 – Foreground Security. All rights reserved
Movie
![Page 31: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/31.jpg)
© 2010 – Foreground Security. All rights reserved
Movie
![Page 32: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/32.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 33: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/33.jpg)
© 2010 – Foreground Security. All rights reserved
How easy is it to hack?
Fact: Hackers post 30-40 new tools to the Internet every month
Anyone can search the Internet, find exploitable tools, "point and click" and start to hack.
REMINDER: Any Hacking be it for “fun” or to “see how it’s done” is against the law.
![Page 34: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/34.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 35: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/35.jpg)
© 2010 – Foreground Security. All rights reserved
Their common target?
You!You!
![Page 36: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/36.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 37: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/37.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 38: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/38.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 39: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/39.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 40: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/40.jpg)
© 2010 – Foreground Security. All rights reserved
![Page 41: Module0&1 intro-foundations-b](https://reader036.vdocuments.mx/reader036/viewer/2022081414/54b5ecd74a795949388b462d/html5/thumbnails/41.jpg)
© 2010 – Foreground Security. All rights reserved
IT Security Acronyms
• http://whatis.techtarget.com/• http://www.acro.it/• http://en.wikipedia.org/wiki/Main_Page• http://irm.cit.nih.gov/security/Nasa_IT/
Mgrs/html/course_acronyms.html• See the Book for a complete list