Security and Compliance - Cal Poly Pomona

minorbigarmSecurity

Nov 30, 2013 (3 years and 7 months ago)

85 views

Security

Security Issues are Everywhere


Hiring Decisions


Password Protection


Installing Unauthorized Software


Physical Security


BYOD


Cloud Computing


Securing Your Garbage

Security Audits


Evaluate your environment, policies and people
to see what your risks are.


Security Policy


Does the company have a policy and is it periodically
reviewed and updated?


Organization of information security


Is management involved?


Is the policy disseminated?


Asset Management


Are all the assets known/inventoried?


Do acceptable use polies exist?

Security Audits (contd.)


HR Security


Screen applicants for employment


Appropriate training


Disciplinary process


Physical and Environmental Security


Locks, gates, access to specific people.


Secure, maintained, protected equipment.


Communications and Operations Management



Access Control


Information Systems Acquisition, Development and Maintenance


Information Security Incident Management


Business Continuity Management


Compliance

Hackers


White Hat vs. Black Hat


Hacktivist


Cyber
-
Terrorist


Cracker

Types of Security Threats


Virus / Trojan Horse / Worm


Elevation of privilege


Hoaxes


DOS Attack


Packet
tampering


Phishing


Spyware


Virus


Program that attaches itself to other things (like
email) and spreads to all the computers it
connects with.


Mellissa 1999. Email propagates to the top 50
people in the person’s email
. “Here is that
document you asked for, don't show it to
anybody else
.”


Shut down many sites because of increase email
traffic.


David Smith got 20 months in jail and a $5000
fine.


Elevation of Privilege


Get higher access levels to computer systems.


Destroy information


Get confidential information


Gain access by stealing passwords, social
engineering, and other techniques.


Social Engineering Example
WIRED

Passwords


Why Bother?


WIRED “Kill the Password: Why a String of Characters Can’t Protect Us Anymore”
11/15/12


Passwords Vulnerabilities


Easy to guess (password, 123456)


Easy to brute
-
force figure out (Cain and Abel, John the Ripper)


Super Reused


50% of people


Phishing


emails asking you to divulge a password


Social engineering (previous slide)


Malware &
Keylogger



software hidden on your computer that sends information to hacker
(Verizon says 69% of data breaches are from this)


Biometrics


PassPhrases


Two
-
factor authentication


Single Sign On


Patterns

WIRED tips on Password Selection


Don’t


Reuse passwords


Use a dictionary word as your password


Use standard number substitutions
-

P@ssw0rd


Use a short password


Do


Use two
-
factor authentication


Give bogus answers to security questions


Scrub your online presence


Use a unique, secure, email when recovering a
password.


Hoax


DOS Attacks


Massive amount of traffic sent to a network so
that it crashes.


Ping of Death attack


send pings that are the
wrong size to crash the network.


Teardrop attack


packets overlap and network
tries to reassemble them.


Distributed DOS Attacks

Packet Tampering


Capture the transmission over the
network/Internet and alter it.

Phishing



Spyware


Tracks what you do: adware, cookies,
keystrokes and shares it with others.


Used to facilitate pop
-
up ads


Used to sell you things you need


Spam


Unwanted email


Solutions


Firewall


Virus Protection Software


Network monitoring


Authentication


Education


Mandatory compliance



Ethical Issues of the Information Age


Richard Mason, MISQ 1986, “Ethical Issues of
the Information Age”


Piracy


Accuracy


Privacy


Access