+ All Categories
Home > Documents > Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

Date post: 14-Jan-2016
Category:

Documents
Upload: alyson-parker
View: 220 times
Download: 2 times
Download Report this document
Share this document with a friend
20
Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015
Transcript
Page 1: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

Introduction to Systems Security

(January 12, 2015)

© Abdou Illia – Spring 2015

Page 2: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

2

Learning Objectives

Discuss state of security threats in the U.S.

Discuss how to manage info security

Plan-Protect-Respond cycle

People-Technology-Policy approach

Page 3: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

3

Preventing Security Threats

What can you do, as a user of computer connected to the Internet or as a business having a network that is connected to the Internet, to prevent security threats/attacks from occurring?

Page 4: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

4

Preventing Security Threats Use anti-virus software

Use software firewall

Use hardware/appliance firewall

Use Intrusion Defense Systems

Use Intrusion Prevention Systems

Install OS updates

Install applications’ updates

Not open file attachments from unknown sources

Not click URL in emails from unknown sources

Social engineering tests/Mock phishing schemes

Awareness training

Acceptable computer use policy

Password policy

Etc.

Page 5: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

5

Countermeasures

Tools used to thwart attacks

Also called safeguards, protections, and controls

Types of countermeasures Preventative

Detective

Corrective

Question: Match each of the countermeasures from the previous slide with its type.

Page 6: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

6

Dominates security management thinking

The Plan-Protect-Respond cycle

Figure 2-6

6

Page 7: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

How is the book organized?

7

Page 8: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

8

2010/2011 CSI Security Report

Survey conducted by the Computer Security Institute (http://www.gocsi.com).

Copy of Survey report on course web site

Survey Summary online

Page 9: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

9

Page 10: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

10

Types of attacks: by % of respondents

Page 11: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

11

2011 CSI Report (cont.)

Page 12: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

12

CSI Survey (cont.)

Page 13: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

13

Page 14: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

14

Satisfaction with Security Technology (cont.)

Page 15: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

15

Page 16: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

16

Types of Technology Used (cont.)

Page 17: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

17

2011 Sophos Security Threat Report

Malware* hosted on websites

* Malicious software

Page 18: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

18

2011 Sophos Security Threat Report

Malware hosting countries

Page 19: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

19

2011 Sophos Security Threat Report

Web server’s software affected

As of March 2011 Apache served 58% of all web servers

Apache available for Microsoft Windows, Novell NetWare and Unix-like OS

Web server softwareApache IIS SunONE

Operating System

Computer hardware

HDRAM chip

Processor

Web server computer

Page 20: Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

20

Summary Questions

1. What is Plan-Protect-Respond? How important is it for information security?

2. What is PTP?

3. What does malware refer to?

4. Systems running Microsoft operating systems are more likely to be attacked than others. T F

5. With Windows OS, you can use IIS or another web server software like Apache. T

F

6. What web server software is most affected by web threats today?


Recommended
Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.

Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.

Documents

Systems Requirements 10/4/2010 © Abdou Illia MIS 4200 - Fall 2010.

Systems Requirements 10/4/2010 © Abdou Illia MIS 4200 - Fall 2010.

Documents

1 Review For Exam 3 (Part 2) BUS3500 - Abdou Illia, Fall 2010.

1 Review For Exam 3 (Part 2) BUS3500 - Abdou Illia, Fall 2010.

Documents

Structuring System Requirements: Process Modeling 4/8/2015 © Abdou Illia MIS 4200 - Spring 2015.

Structuring System Requirements: Process Modeling 4/8/2015 © Abdou Illia MIS 4200 - Spring 2015.

Documents

Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Documents

1 DATABASE TECHNOLOGIES (Part 2) BUS3500 - Abdou Illia, Fall 2015 (September 9, 2015)

1 DATABASE TECHNOLOGIES (Part 2) BUS3500 - Abdou Illia, Fall 2015 (September 9, 2015)

Documents

Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Documents

Creating Database Tables © Abdou Illia MIS 4200 - Spring 2015 1/21/2015.

Creating Database Tables © Abdou Illia MIS 4200 - Spring 2015 1/21/2015.

Documents

Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015.

Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015.

Documents

The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.

The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.

Documents

Review For Exam 1 (February 8, 2012) © Abdou Illia – Spring 2012.

Review For Exam 1 (February 8, 2012) © Abdou Illia – Spring 2012.

Documents

1 Review For Exam 1 BUS3500 - Abdou Illia, Spring 2008 (January 28, 2009)

1 Review For Exam 1 BUS3500 - Abdou Illia, Spring 2008 (January 28, 2009)

Documents

1 REVIEW FOR EXAM 3 BUS3500 - Abdou Illia, Fall 2006.

1 REVIEW FOR EXAM 3 BUS3500 - Abdou Illia, Fall 2006.

Documents

1 Review For Final © Abdou Illia (Spring 2009). 2 Computer Hardware.

1 Review For Final © Abdou Illia (Spring 2009). 2 Computer Hardware.

Documents

1 Review For Exam 2 (Slides) (Summary Questions) © Abdou Illia, Fall 2006.

1 Review For Exam 2 (Slides) (Summary Questions) © Abdou Illia, Fall 2006.

Documents

1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.

1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.

Documents

Review For Exam 3 © Abdou Illia – Spring 2014. The Elements of Cryptography.

Review For Exam 3 © Abdou Illia – Spring 2014. The Elements of Cryptography.

Documents

April 29, 2010 Review For Final MIS 4600 – MBA 5880 - © Abdou Illia.

April 29, 2010 Review For Final MIS 4600 – MBA 5880 - © Abdou Illia.

Documents