the need for it security1
TRANSCRIPT
-
8/10/2019 The Need for IT Security1
1/34
The Need For IT Security
-
8/10/2019 The Need for IT Security1
2/34
IT Security Awareness
Understand and follow FVT IT Security regulations and procedures
Understand the responsibility to protect organizational assets.
Understand and recognize potential security risks and violations.
Understand the best practices that keeps your computer and information secure.
Understand the value of both organizational and personal information.
-
8/10/2019 The Need for IT Security1
3/34
Understand Value of Information ConfidentialityHow important is it that this information be protected so
that unauthorized persons cannot access it?
IntegrityHow important is it that this information be protected from
intentional or accidental unauthorized changes? Availability - How important is it that this information system be accessible
by authorized users whenever needed?
-
8/10/2019 The Need for IT Security1
4/34
Why Should We Care? You may make the following statements
or similar:
It is not my job, it is the IT departments job.
There is no risk, I do it at home all the time.
There is no harm in sharing my password withthe people I trust.
In a workplace environment you must
take responsibility for your own actions
when using technology in the company.The IT department are here to support
you with your technical issues.
-
8/10/2019 The Need for IT Security1
5/34
The Consequences Major consequences that may occur:
Exploitation of companys intellectual property
by other competitors
Legal actions against Freudenberg Group
Damage or theft of company equipment's Theft of Freudenbergs client information
Theft of YOUR personal information
FVT IT Security policies has been created
for this purpose. To enforce the rules to
ensure that IT risks are reduced and the
misuse of sensitive data are prevented.
Protecting you and the Freudenberg
Group.
-
8/10/2019 The Need for IT Security1
6/34
Follow FVT IT Security Policies As an employee at FVT you have the
responsibility to: Protect Freudenberg Groups assets
Protect FVT business operations
Protect FVTs client information Protect your personal information
Respect others data and information
Comply to FVT IT Security Policies andGuidelines
Report any suspicious behavior within FVT toyour superior or general manager.
To review the IT Security Policies:
Click Here
https://sharepoint.freudenberg-nw.com/sites/YangmeiIT/IT%20Security/IT%20Security%20Guideline%20Summary.pdfhttps://sharepoint.freudenberg-nw.com/sites/YangmeiIT/IT%20Security/IT%20Security%20Guideline%20Summary.pdf -
8/10/2019 The Need for IT Security1
7/34
Understanding Security Attacks Understanding the basic fundamentals
of security attacks will allow you to be
more aware when using technological
devices such as your desktop PC,
laptop/notebook or mobile phone andalso allows you to protect yourself and
your colleagues.
-
8/10/2019 The Need for IT Security1
8/34
Passive Attacks
It is the nature of eavesdropping or monitoring your data and actions performed on the Internet.
There are two types of passive attacks:
1. Release of Message Content
Security Attacks
The hacker reads the data you are
sending. This includes personal
messages, bank account details,
personal information.
-
8/10/2019 The Need for IT Security1
9/34
2. Traffic Analysis
Security Attacks
The hacker observes the actions you
perform on the Internet. This
includes identifying websites youvisit, the people you send messages
to and the encryption security your
browser use to protect your
information.
-
8/10/2019 The Need for IT Security1
10/34
Active Attacks
It is the nature of modifying your data or the creating false messages.
There are four types of active attacks:
1. Masquerade
Security Attacks
A hacker will impersonate as you,
performing unlawfully acts.
-
8/10/2019 The Need for IT Security1
11/34
2. Reply
Security Attacks
A hacker captures your data and
sends it to its original receiver. This
action often used to spy withoutthe you noticing.
-
8/10/2019 The Need for IT Security1
12/34
3. Modification of MessagesSecurity Attacks
A hacker captures your message
and makes changes to it and sends
it to the receiver.
-
8/10/2019 The Need for IT Security1
13/34
4. Denial of ServiceSecurity Attacks
A hacker prevents normal use of
communications in the system,
preventing you to access your dataor to use any system services.
-
8/10/2019 The Need for IT Security1
14/34
Security Risks and Countermeasures Common security threats to users within the workplace are:
Passwords
Social engineering
Email
Untrusted Software
-
8/10/2019 The Need for IT Security1
15/34
Password Issue Passwords are the first line of defense for authorization to data and information
Common problems:
Users often pick simple and easy passwords to remember which is easy to guess
Users use the same password for all their accounts
Users uses it all the time and,
Never changes it
Consequences:
Stealing confidential data
Modifying data
Misuse of your account
You will be held responsible for others actions
-
8/10/2019 The Need for IT Security1
16/34
Password Length and Characters For a strong password, it depends on the length and different characters used in your
password
Example: a password that is abc including case sensitive, will have 140,608 possible
combinations of guessing your password. A computer today, will be able to guess that
password in less than 30 seconds.
-
8/10/2019 The Need for IT Security1
17/34
Password Protection Use minimum of 8 characters
Use combination of numbers, letters and special characters
Use separate passwords for different accounts
Do not leave your passwords in an easy to view spot
Change your password regularly (every 30 days)
Do not give your passwords to other people
-
8/10/2019 The Need for IT Security1
18/34
Social Engineering Social Engineering is the art of tricking people to give up information:
Passwords or other sensitive information
Credit card numbers or other personal information
To gain access to unauthorized areas
Social Engineering comes in many forms: Over the phone: Quick, easy and fairly cheap for scams
Via the Internet: Scams, fraud, via email or chatrooms
Snail mail: Scams and fraudulent letters asking you to provide personal information
In person: Trusting the person thought face to face communication, where they could be a fraud.
-
8/10/2019 The Need for IT Security1
19/34
Social Engineering Tactic
-
8/10/2019 The Need for IT Security1
20/34
Social Engineering Fundamentals Do not give out confidential information without
verification.
Verify Authenticity:
The person is who they say they are.
The business is a real company.
The person actually works at that company.
The URL matches the one you are familiar with.
The persons duties matches their job responsibilities.
Do not put confidential information in the trash
without shredding it first.
Report any suspicious behavior to your superior
or general manager.
-
8/10/2019 The Need for IT Security1
21/34
E-mail Vulnerabilities E-mails are like postcards, they are both easy to intercept and read and/or changed.
All e-mails are insecure, as e-mails cost little to nothing, millions of people have uses
it. For this reasons, e-mails are one of many targets for exploitations.
There are several concerns when using e-mails:
Privacy
Spam
Chain
Offensive Content
Viruses
-
8/10/2019 The Need for IT Security1
22/34
E-mail Privacy Concerns Email passes through a number of networks to its destination. It may travel through
a location where IT security is unregulated. This is a potential security risk and your
e-mails can be read by anyone who is able to access the network between you and
its destination. You may encrypt your e-mail but there are other easier ways to
reduce e-mail security risks.
Do not send confidential information or files using e-mail!
If you send files, ensure it is encrypted using file compression program with a strong password.
-
8/10/2019 The Need for IT Security1
23/34
E-mail Spam Concerns Spam is the Internet version of junk mail and it can cause a nuisance in an
organization. If you are getting spam:
Do not respond to spam e-mail.
Report to IT administrator about the spam e-mail.
Delete the spam e-mail.
-
8/10/2019 The Need for IT Security1
24/34
E-mail Chain Concerns Chain e-mails are letters that promises a
reward, by asking you to send the email to
others for your chance to win a prize.
Under no circumstance do you forward its
e-mail. Chain e-mails are used to collectmore e-mails to send spam e-mails.
Some chain e-mails may even offer you to
visit a website to register, where they will
steal your given details. Under no
circumstance do you click on any links
from unknown senders
-
8/10/2019 The Need for IT Security1
25/34
E-mail Offensive Concerns When your e-mail is prone to spam and chain e-mails, you will most likely receive
offensive materials that are either offensive comments or images, racial slurs, or
anything that would offend someone on the basis of his or her age, sexual
orientation, religion or political beliefs.
Inform your IT Administrator that you are receiving spam e-mails
Delete these e-mails
-
8/10/2019 The Need for IT Security1
26/34
E-mail Virus Concerns The effect of viruses passed through by
email can range from simple annoyance
to serious destruction. Viruses are spread
via attachments. And if you unknowingly
opened it activates these viruses andcause it to infect the computer system
and the entire organizationsnetwork and
devices.
Do not open any suspicious e-mails and
attachments from unknown senders
-
8/10/2019 The Need for IT Security1
27/34
E-mail Security Fundamentals Minimize use of sending attachments.
Be suspicious of unknown senders e-mails.
Be VERYsuspicious of unknown senders e-
mails with an executable programs.
Never respond to spam or unknown senders
e-mails.
Do not include confidential information in e-
mail.
Notify IT administrator that you are receiving
infected emails.
-
8/10/2019 The Need for IT Security1
28/34
Policies On E-mailing E-mails plays a vital role in business communication. Ensure you take the time to
select the recipient correctly in your e-mails as an e-mail cannot be recalled.
Please note that transfer of sensitive information by e-mail is recommended to be
encrypted first before sending.
Emails may be business documents that have to be archived. Keep this in mind
before you delete any e-mails.
It is not permitted to automatically forward e-mails to external e-mail address.
Special permission for particular necessities has to be approved by your superior
and the IT security officer
-
8/10/2019 The Need for IT Security1
29/34
Untrusted Software It may be difficult to differentiate the difference
between trusted and untrusted software.
However, it the responsibility for IT staffs to
identify these for you and either provide you
the approval to install a software or install thesoftware themselves.
Never install any software into companys equipment
such as Desktop PC and notebooks without
confirmation and approval by the IT department. In
such cases, they may install the software for you.
Note that untrusted software may containharm viruses what will cause various of
problems with the computer system and the
companys network
-
8/10/2019 The Need for IT Security1
30/34
Main Malicious ProgramsMalicious Programs Description
Virus Replicates itself when activated causing the system performance
to slow down, crash applications and corrupt/change files.
Worm Spreads itself onto other computers through the network by
exploiting security vulnerabilities.
Logical Bomb A code inserted into a piece of software that may intentionally
delete files or change system configurations.
Trojan Horse Exploits authorizations of a system allows hackers to get in.
Key-logger Records your key-strokes and sends them to the hacker. Itactivates when you are trying to enter your online bank account.
Spyware Collects information from your computer to another computer.
Adware Popup advertisement on your computer and redirecting yourbrowser to another website.
-
8/10/2019 The Need for IT Security1
31/34
Anti-Virus SoftwareProtects your computer from malicious programs
Other anti-virus software
-
8/10/2019 The Need for IT Security1
32/34
Untrusted Software Fundamentals
Do not download executable programs from untrusted websites
Do not accept or use unlicensed software
Do not allow access to your computer by people whom you do not trust
Do not ignore abnormal computer functionalities Report any abnormalities on your computer system to your IT administrator
Back up essential files
Delete suspicious emails
-
8/10/2019 The Need for IT Security1
33/34
Firewalls
A firewall provides an additional layer of defense, insulating the internal systems from
external networks. The firewall is inserted between the premises network and the
Internet to establish a controlled link and to create an outer security wall or
perimeter.
The aim of this perimeter is to protect the internal network from Internet-based
attacks and to provide a single choke point where security and auditing can be
imposed. The firewall may be a single computer system or a set of two or more
systems that cooperate to perform the firewall function.
-
8/10/2019 The Need for IT Security1
34/34
Firewalls
The design goals for a firewall:
1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by
physically blocking all access to the local network except via the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3. The firewall itself is immune to penetration. This implies the use of a hardened system with a securedoperating system. Trusted computer systems are suitable for hosting a firewall and often required in
government applications.