the need for it security1

8/10/2019 The Need for IT Security1

1/34

The Need For IT Security


2/34

IT Security Awareness

Understand and follow FVT IT Security regulations and procedures

Understand the responsibility to protect organizational assets.

Understand and recognize potential security risks and violations.

Understand the best practices that keeps your computer and information secure.

Understand the value of both organizational and personal information.


3/34

Understand Value of Information ConfidentialityHow important is it that this information be protected so

that unauthorized persons cannot access it?

IntegrityHow important is it that this information be protected from

intentional or accidental unauthorized changes? Availability - How important is it that this information system be accessible

by authorized users whenever needed?


4/34

Why Should We Care? You may make the following statements

or similar:

It is not my job, it is the IT departments job.

There is no risk, I do it at home all the time.

There is no harm in sharing my password withthe people I trust.

In a workplace environment you must

take responsibility for your own actions

when using technology in the company.The IT department are here to support

you with your technical issues.


5/34

The Consequences Major consequences that may occur:

Exploitation of companys intellectual property

by other competitors

Legal actions against Freudenberg Group

Damage or theft of company equipment's Theft of Freudenbergs client information

Theft of YOUR personal information

FVT IT Security policies has been created

for this purpose. To enforce the rules to

ensure that IT risks are reduced and the

misuse of sensitive data are prevented.

Protecting you and the Freudenberg

Group.


6/34

Follow FVT IT Security Policies As an employee at FVT you have the

responsibility to: Protect Freudenberg Groups assets

Protect FVT business operations

Protect FVTs client information Protect your personal information

Respect others data and information

Comply to FVT IT Security Policies andGuidelines

Report any suspicious behavior within FVT toyour superior or general manager.

To review the IT Security Policies:

Click Here
https://sharepoint.freudenberg-nw.com/sites/YangmeiIT/IT%20Security/IT%20Security%20Guideline%20Summary.pdfhttps://sharepoint.freudenberg-nw.com/sites/YangmeiIT/IT%20Security/IT%20Security%20Guideline%20Summary.pdf


7/34

Understanding Security Attacks Understanding the basic fundamentals

of security attacks will allow you to be

more aware when using technological

devices such as your desktop PC,

laptop/notebook or mobile phone andalso allows you to protect yourself and

your colleagues.


8/34

Passive Attacks

It is the nature of eavesdropping or monitoring your data and actions performed on the Internet.

There are two types of passive attacks:

1. Release of Message Content

Security Attacks

The hacker reads the data you are

sending. This includes personal

messages, bank account details,

personal information.


9/34

2. Traffic Analysis

Security Attacks

The hacker observes the actions you

perform on the Internet. This

includes identifying websites youvisit, the people you send messages

to and the encryption security your

browser use to protect your

information.


10/34

Active Attacks

It is the nature of modifying your data or the creating false messages.

There are four types of active attacks:

1. Masquerade

Security Attacks

A hacker will impersonate as you,

performing unlawfully acts.


11/34

2. Reply

Security Attacks

A hacker captures your data and

sends it to its original receiver. This

action often used to spy withoutthe you noticing.


12/34

3. Modification of MessagesSecurity Attacks

A hacker captures your message

and makes changes to it and sends

it to the receiver.


13/34

4. Denial of ServiceSecurity Attacks

A hacker prevents normal use of

communications in the system,

preventing you to access your dataor to use any system services.


14/34

Security Risks and Countermeasures Common security threats to users within the workplace are:

Passwords

Social engineering

Email

Untrusted Software


15/34

Password Issue Passwords are the first line of defense for authorization to data and information

Common problems:

Users often pick simple and easy passwords to remember which is easy to guess

Users use the same password for all their accounts

Users uses it all the time and,

Never changes it

Consequences:

Stealing confidential data

Modifying data

Misuse of your account

You will be held responsible for others actions


16/34

Password Length and Characters For a strong password, it depends on the length and different characters used in your

password

Example: a password that is abc including case sensitive, will have 140,608 possible

combinations of guessing your password. A computer today, will be able to guess that

password in less than 30 seconds.


17/34

Password Protection Use minimum of 8 characters

Use combination of numbers, letters and special characters

Use separate passwords for different accounts

Do not leave your passwords in an easy to view spot

Change your password regularly (every 30 days)

Do not give your passwords to other people


18/34

Social Engineering Social Engineering is the art of tricking people to give up information:

Passwords or other sensitive information

Credit card numbers or other personal information

To gain access to unauthorized areas

Social Engineering comes in many forms: Over the phone: Quick, easy and fairly cheap for scams

Via the Internet: Scams, fraud, via email or chatrooms

Snail mail: Scams and fraudulent letters asking you to provide personal information

In person: Trusting the person thought face to face communication, where they could be a fraud.


19/34

Social Engineering Tactic


20/34

Social Engineering Fundamentals Do not give out confidential information without

verification.

Verify Authenticity:

The person is who they say they are.

The business is a real company.

The person actually works at that company.

The URL matches the one you are familiar with.

The persons duties matches their job responsibilities.

Do not put confidential information in the trash

without shredding it first.

Report any suspicious behavior to your superior

or general manager.


21/34

E-mail Vulnerabilities E-mails are like postcards, they are both easy to intercept and read and/or changed.

All e-mails are insecure, as e-mails cost little to nothing, millions of people have uses

it. For this reasons, e-mails are one of many targets for exploitations.

There are several concerns when using e-mails:

Privacy

Spam

Chain

Offensive Content

Viruses


22/34

E-mail Privacy Concerns Email passes through a number of networks to its destination. It may travel through

a location where IT security is unregulated. This is a potential security risk and your

e-mails can be read by anyone who is able to access the network between you and

its destination. You may encrypt your e-mail but there are other easier ways to

reduce e-mail security risks.

Do not send confidential information or files using e-mail!

If you send files, ensure it is encrypted using file compression program with a strong password.


23/34

E-mail Spam Concerns Spam is the Internet version of junk mail and it can cause a nuisance in an

organization. If you are getting spam:

Do not respond to spam e-mail.

Report to IT administrator about the spam e-mail.

Delete the spam e-mail.


24/34

E-mail Chain Concerns Chain e-mails are letters that promises a

reward, by asking you to send the email to

others for your chance to win a prize.

Under no circumstance do you forward its

e-mail. Chain e-mails are used to collectmore e-mails to send spam e-mails.

Some chain e-mails may even offer you to

visit a website to register, where they will

steal your given details. Under no

circumstance do you click on any links

from unknown senders


25/34

E-mail Offensive Concerns When your e-mail is prone to spam and chain e-mails, you will most likely receive

offensive materials that are either offensive comments or images, racial slurs, or

anything that would offend someone on the basis of his or her age, sexual

orientation, religion or political beliefs.

Inform your IT Administrator that you are receiving spam e-mails

Delete these e-mails


26/34

E-mail Virus Concerns The effect of viruses passed through by

email can range from simple annoyance

to serious destruction. Viruses are spread

via attachments. And if you unknowingly

opened it activates these viruses andcause it to infect the computer system

and the entire organizationsnetwork and

devices.

Do not open any suspicious e-mails and

attachments from unknown senders


27/34

E-mail Security Fundamentals Minimize use of sending attachments.

Be suspicious of unknown senders e-mails.

Be VERYsuspicious of unknown senders e-

mails with an executable programs.

Never respond to spam or unknown senders

e-mails.

Do not include confidential information in e-

mail.

Notify IT administrator that you are receiving

infected emails.


28/34

Policies On E-mailing E-mails plays a vital role in business communication. Ensure you take the time to

select the recipient correctly in your e-mails as an e-mail cannot be recalled.

Please note that transfer of sensitive information by e-mail is recommended to be

encrypted first before sending.

Emails may be business documents that have to be archived. Keep this in mind

before you delete any e-mails.

It is not permitted to automatically forward e-mails to external e-mail address.

Special permission for particular necessities has to be approved by your superior

and the IT security officer


29/34

Untrusted Software It may be difficult to differentiate the difference

between trusted and untrusted software.

However, it the responsibility for IT staffs to

identify these for you and either provide you

the approval to install a software or install thesoftware themselves.

Never install any software into companys equipment

such as Desktop PC and notebooks without

confirmation and approval by the IT department. In

such cases, they may install the software for you.

Note that untrusted software may containharm viruses what will cause various of

problems with the computer system and the

companys network


30/34

Main Malicious ProgramsMalicious Programs Description

Virus Replicates itself when activated causing the system performance

to slow down, crash applications and corrupt/change files.

Worm Spreads itself onto other computers through the network by

exploiting security vulnerabilities.

Logical Bomb A code inserted into a piece of software that may intentionally

delete files or change system configurations.

Trojan Horse Exploits authorizations of a system allows hackers to get in.

Key-logger Records your key-strokes and sends them to the hacker. Itactivates when you are trying to enter your online bank account.

Spyware Collects information from your computer to another computer.

Adware Popup advertisement on your computer and redirecting yourbrowser to another website.


31/34

Anti-Virus SoftwareProtects your computer from malicious programs

Other anti-virus software


32/34

Untrusted Software Fundamentals

Do not download executable programs from untrusted websites

Do not accept or use unlicensed software

Do not allow access to your computer by people whom you do not trust

Do not ignore abnormal computer functionalities Report any abnormalities on your computer system to your IT administrator

Back up essential files

Delete suspicious emails


33/34

Firewalls

A firewall provides an additional layer of defense, insulating the internal systems from

external networks. The firewall is inserted between the premises network and the

Internet to establish a controlled link and to create an outer security wall or

perimeter.

The aim of this perimeter is to protect the internal network from Internet-based

attacks and to provide a single choke point where security and auditing can be

imposed. The firewall may be a single computer system or a set of two or more

systems that cooperate to perform the firewall function.


34/34

Firewalls

The design goals for a firewall:

1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by

physically blocking all access to the local network except via the firewall.

2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.

3. The firewall itself is immune to penetration. This implies the use of a hardened system with a securedoperating system. Trusted computer systems are suitable for hosting a firewall and often required in

government applications.

the need for it security1

Documents