security in the information age
DESCRIPTION
Security in the Information Age. Adventist Ministries Convention 2007 David Greene North American Division IT Services. Technology Changes in Ministries. Mobile devices Business transactions Websites. Mobile Devices - Laptops. New and increased risks Theft Network attacks - PowerPoint PPT PresentationTRANSCRIPT
Security in the Security in the Information AgeInformation Age
Adventist Ministries Convention Adventist Ministries Convention 20072007
David GreeneDavid GreeneNorth American Division IT North American Division IT
ServicesServices
Technology Changes in Technology Changes in MinistriesMinistries
Mobile devicesMobile devices
Business transactionsBusiness transactions
WebsitesWebsites
Mobile Devices - LaptopsMobile Devices - Laptops
New and increased risksNew and increased risks TheftTheft Network attacksNetwork attacks Wireless attacksWireless attacks Risks to office network from guestsRisks to office network from guests
Mobile Devices - LaptopsMobile Devices - Laptops
What to do about: TheftWhat to do about: Theft ““Phone-home” softwarePhone-home” software Physical locksPhysical locks EncryptionEncryption Strong passwordsStrong passwords
Mobile Devices - LaptopsMobile Devices - Laptops
What to do about: Network attacksWhat to do about: Network attacks Install updatesInstall updates Use a personal firewallUse a personal firewall Use anti-virus and anti-spam Use anti-virus and anti-spam
softwaresoftware Never send passwords “in the clear”Never send passwords “in the clear”
Mobile Devices - LaptopsMobile Devices - Laptops
What to do about: Wireless attacksWhat to do about: Wireless attacks Install updatesInstall updates Use care when connecting to access Use care when connecting to access
pointspoints Use WPA protection whenever Use WPA protection whenever
possiblepossible Never send passwords “in the clear”Never send passwords “in the clear” Use cellular network where availableUse cellular network where available
Mobile Devices - LaptopsMobile Devices - Laptops
What to do about: Guests at officeWhat to do about: Guests at office Separate guest and office networksSeparate guest and office networks Require employee-owned laptops to Require employee-owned laptops to
have current virus protection have current virus protection installedinstalled
Mobile Devices – PDA’sMobile Devices – PDA’s
New and increased risksNew and increased risks TheftTheft Improper disposalImproper disposal Bluetooth attacksBluetooth attacks Network attacksNetwork attacks VirusesViruses
Mobile Devices – PDA’sMobile Devices – PDA’s
What to do about: TheftWhat to do about: Theft EncryptionEncryption Strong passwordsStrong passwords ““Password safe”Password safe” Keep data synchronizedKeep data synchronized InsuranceInsurance
Mobile Devices – PDA’sMobile Devices – PDA’s
What to do about: Improper What to do about: Improper disposaldisposal
EncryptionEncryption DestructionDestruction
Mobile Devices – PDA’sMobile Devices – PDA’s
What to do about: Bluetooth What to do about: Bluetooth attacksattacks
Turn off Bluetooth when not in useTurn off Bluetooth when not in use Set device to be “non-discoverable”Set device to be “non-discoverable” Set Bluetooth authenticationSet Bluetooth authentication Ensure privacy when pairing devicesEnsure privacy when pairing devices
Mobile Devices – PDA’sMobile Devices – PDA’s
What to do about: Network attacksWhat to do about: Network attacks Turn off Wifi when not in useTurn off Wifi when not in use Use WPA protection whenever Use WPA protection whenever
possiblepossible Never send passwords “in the clear”Never send passwords “in the clear”
Mobile Devices – PDA’sMobile Devices – PDA’s
What to do about: VirusesWhat to do about: Viruses Consider installing PDA anti-virus Consider installing PDA anti-virus
softwaresoftware
Mobile Devices – Removable Mobile Devices – Removable mediamedia
New and increased risksNew and increased risks TheftTheft Improper disposalImproper disposal Loss of functionLoss of function
Mobile Devices – Removable Mobile Devices – Removable mediamedia
What to do about: TheftWhat to do about: Theft EncryptionEncryption Keep sensitive data off removable Keep sensitive data off removable
mediamedia
Mobile Devices – Removable Mobile Devices – Removable mediamedia
What to do about: Improper What to do about: Improper disposaldisposal
EncryptionEncryption DestructionDestruction Keep sensitive data off removable Keep sensitive data off removable
mediamedia
Mobile Devices – Removable Mobile Devices – Removable mediamedia
What to do about: Loss of functionWhat to do about: Loss of function Synchronize frequentlySynchronize frequently
Technology Changes in Technology Changes in MinistriesMinistries
Mobile devicesMobile devices
Business transactionsBusiness transactions
WebsitesWebsites
Technology Changes in Technology Changes in MinistriesMinistries
Mobile devicesMobile devices
Business transactionsBusiness transactions
WebsitesWebsites
Website Security Website Security QuestionsQuestions
Who’s making sure your whole website is Who’s making sure your whole website is secured?secured?
SettingsSettings
AccountsAccounts
InputInput
ErrorsErrors
BackupsBackups
UpdatesUpdates
References: Mobile References: Mobile Device Theft Device Theft
Laptop theftLaptop theften.wikipedia.org/wiki/Laptop_theften.wikipedia.org/wiki/Laptop_theft
Computer Theft—will you be the next victim? …the next computer theft will occur in Computer Theft—will you be the next victim? …the next computer theft will occur in 53 seconds53 secondswww.user-groups.net/safenet/computer_theft.htmlwww.user-groups.net/safenet/computer_theft.html
Combating Gadget TheftCombating Gadget Theftwww.nytimes.comwww.nytimes.com April 28, 2005 April 28, 2005
Solving Laptop LarcenySolving Laptop Larcenywww.techreview.comwww.techreview.com June 19, 2006 June 19, 2006
Screaming Phones to Cut Down Mobile Theft?Screaming Phones to Cut Down Mobile Theft?www.tech2.comwww.tech2.com October 3, 2006 (Reuters) October 3, 2006 (Reuters)
References: Mobile Device References: Mobile Device SecuritySecurity
Defining a Security Policy for Windows Mobile Pocket PCsDefining a Security Policy for Windows Mobile Pocket PCswww.pocketpcmag.com May, 2005www.pocketpcmag.com May, 2005
Security in Windows Mobile 5.0 Messaging Pack DisappointsSecurity in Windows Mobile 5.0 Messaging Pack Disappointswww.gartner.comwww.gartner.com June 9, 2005 June 9, 2005
An overview of mobile device securityAn overview of mobile device securitywww.viruslist.comwww.viruslist.com September 21, 2005 September 21, 2005
Mobile virus growth outpaces PC malwareMobile virus growth outpaces PC malwarewww.vnunet.comwww.vnunet.com February 16, 2006 February 16, 2006
New virus closes PC/Windows Mobile gapNew virus closes PC/Windows Mobile gapwww.vnunet.comwww.vnunet.com February 28, 2006 February 28, 2006
Trend Micro Advances Security for Smartphones & Other DevicesTrend Micro Advances Security for Smartphones & Other Deviceswww.hardwarezone.com.auwww.hardwarezone.com.au November 14, 2006 November 14, 2006
Intel PRO/Wireless 2200BG Driver Beacon Frame Remote Memory Corruption VulnerabilityIntel PRO/Wireless 2200BG Driver Beacon Frame Remote Memory Corruption Vulnerabilitywww.fsirt.com December 19, 2006www.fsirt.com December 19, 2006
Smartphones Beware: New Viruses On The Horizon Target These DevicesSmartphones Beware: New Viruses On The Horizon Target These Deviceswww.processor.com December 29, 2006www.processor.com December 29, 2006
Wireless drivers are now a major vulnerabilityWireless drivers are now a major vulnerabilitywww.hackinthebox.org December 31, 2006 (Tech World)www.hackinthebox.org December 31, 2006 (Tech World)
How to crash a Windows mobile using MMS: Test code spotlights mobile malware menaceHow to crash a Windows mobile using MMS: Test code spotlights mobile malware menacewww.channelregister.co.uk January 2, 2007www.channelregister.co.uk January 2, 2007
New Hacking Tools Bite BluetoothNew Hacking Tools Bite Bluetoothwww.unstrung.com January 3, 2007www.unstrung.com January 3, 2007
References: Cyber References: Cyber ExtortionExtortion
Cyber-Extortion: When Data Is Held HostageCyber-Extortion: When Data Is Held Hostagewww.businessweek.comwww.businessweek.com August 22, 2000 August 22, 2000
Spyware Software Dubbed ‘Ransom-ware’Spyware Software Dubbed ‘Ransom-ware’www.techweb.comwww.techweb.com May 31, 2005 May 31, 2005
Save Your PC From Cyber ExtortionSave Your PC From Cyber Extortionwww.cbsnews.comwww.cbsnews.com June 2, 2005 June 2, 2005
Extortion virus makes rounds in Russia: It encrypts files then seeks money for the Extortion virus makes rounds in Russia: It encrypts files then seeks money for the data to be decodeddata to be decodedwww.computerworld.comwww.computerworld.com October 25, 2005 (IDG News Service) October 25, 2005 (IDG News Service)
Hackers, Extortion Threats Shut Down Game SiteHackers, Extortion Threats Shut Down Game Sitewww.eweek.comwww.eweek.com December 16, 2005 December 16, 2005
Virus writers get into cyber-extortion—’Pay up or you’ll never see your data again’Virus writers get into cyber-extortion—’Pay up or you’ll never see your data again’www.theregister.co.ukwww.theregister.co.uk April 21, 2006 April 21, 2006
New Trojan Ransoms Files, Demands $300New Trojan Ransoms Files, Demands $300www.techweb.comwww.techweb.com March 16, 2006 March 16, 2006
Ransomeware Attack Targets Hotmail AccountsRansomeware Attack Targets Hotmail Accountswww.informationweek.comwww.informationweek.com December 12, 2006 December 12, 2006
Cybercrooks hold PC data captiveCybercrooks hold PC data captiveindystar.gns.gannett.comindystar.gns.gannett.com December 26, 2006 December 26, 2006
References: Spear References: Spear PhishingPhishing
‘‘Spear Phishing’ Tests Education People About Online ScamsSpear Phishing’ Tests Education People About Online Scamsonline.wsj.comonline.wsj.com August 17, 2005 August 17, 2005
Separating myth from reality in ID theftSeparating myth from reality in ID theftnews.com.com October 24, 2005news.com.com October 24, 2005
Spear phishing reaches epidemic proportionsSpear phishing reaches epidemic proportionswww.scmagazine.comwww.scmagazine.com October 26, 2005 October 26, 2005
Spear Phishing Attack Targets Credit UnionsSpear Phishing Attack Targets Credit Unionswww.eweek.comwww.eweek.com December 16, 2005 December 16, 2005
DOD battles spear phishingDOD battles spear phishingwww.fcw.comwww.fcw.com December 26, 2006 December 26, 2006
Beware the Spear Phishing AttacksBeware the Spear Phishing Attackswww.newsfactor.comwww.newsfactor.com December 27, 2006 December 27, 2006
SonicWALL Phishing IQ TestSonicWALL Phishing IQ Testwww.sonicwall.com/phishingwww.sonicwall.com/phishing
References: Website References: Website SecuritySecurity
MSDN: Security Guidelines: ASP.NET 2.0MSDN: Security Guidelines: ASP.NET 2.0msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0001.asppagguidelines0001.asp
SANS: Top-20 Internet Security Attack Targets (2006 Annual Update)SANS: Top-20 Internet Security Attack Targets (2006 Annual Update)www.sans.org/top20www.sans.org/top20
Open Web Application Security Project: Top Ten ProjectOpen Web Application Security Project: Top Ten Projectwww.owasp.org/index.php/OWASP_Top_Ten_Projectwww.owasp.org/index.php/OWASP_Top_Ten_Project