Introduction to Information Security Dr. Rick Jerz

Transcription

1 Introduction to Information Security Dr. Rick Jerz 1

2 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions Explain passwords, firewalls, biometrics, encryption, virus protection, and wireless security Discuss the main purposes and content of security policies Identify risk management options 2

3 Introduction to Information Security Five Factors Contributing to Vulnerability Today s interconnected, interdependent, wirelessly networked business environment Smaller, faster, cheaper computers & storage devices Decreasing skills necessary to be a computer hacker International organized crime taking over cybercrime Lack of management support 3

4 Why Worry About Security Threats can render a system inoperative Threats can make data unavailable Threats can steal your money Threats can change data Threats can make you less productive Threats can cost money! Balance the cost of a threat versus the cost of protection 4

5 Information Security Threats Unauthorized access Viruses and malware threats Accidental loss of data Security threats can involve both people and equipment 5

6 Unauthorized Access Locked areas or equipment User IDs and passwords Encryption Security cards Biometrics 6

7 Biometrics Fingerprint recognition Facial recognition Iris/retina recognition DNA recognition Odor recognition Ear recognition Signature recognition 7

8 Firewalls Computer or a router that controls, or restricts access in and out of the organization s networks Cannot protect an organization from a virus Cannot prevent hackers from exploiting an unsecured computer Should be implemented at different locations in the organization A firewall architecture for Defense in Depth 8

9 Viruses and Other Malware Viruses are sent out to find any victim they can Lines of code that make up a virus can be embedded into other files The signature of the virus is the particular bit patterns that can be recognized, which is how virus detection software knows your computer has contracted a virus Can be active or passive 9

10 Rick s Computers Older Dell PC Norton Antivirus Malwarebytes Spybot Search & Destroy Virtual Windows7 PC Microsoft s Antivirus Macintosh Nothing! 10

11 Attacks bombing: Sending a large amount of s designed to disrupt normal functioning Smurfing: When hackers sometimes use an innocent 3 rd party to send a flood of messages to an intended target Spoofing: Forged sender address Phishing: Masquerading as a trustworthy entity 11

12 Carefully Watch Your ! The is addressed to you using your account info The does not have a personalized salutation When you hover the mouse over the hyperlink, the site does not seem to be from the proper company When you hover the mouse over the hyperlink, the site seems to be located in another country The makes you feel your response is urgent or something bad is going to happen. 12

13 Accidental Loss of Data Have a good filing system Think about theft and fraud Password protect or encrypt important information Backup your system and files Be careful about putting data on: Cell phone USB drives CDs and DVDs 13

14 Wireless Security Best protection for wireless networks is encryption WEP, the Wired Equivalent Privacy is an older encryption algorithm, which can be easily cracked within minutes today WPA, the Wi-Fi Protected Access, is a more recent and powerful encryption algorithm widely available in most routers Further protection for home wireless networks is to disable the broadcasting of the network s ID (SSID) 14

15 Your Web Server Firewalls Antivirus Whitelists and Blacklists Encryption VPN SSL - Secure Socket Layer Employee Monitoring Systems Spam: 15

16 Risk Management Process of identifying, assessing and prioritizing the security risks an organization may face Analyze and balance risks with the resources available to mitigate them Management determines where the company would be most vulnerable and how likely it is that a risk would affect it 16

17 Security Measures Educate people about security threats and solutions Create strong passwords Keep passwords in a secure location Run appropriate antivirus and malware software Develop a good data backup system 17