Network Securityp Resent at Ion
-
Upload
ankit-agrawal -
Category
Documents
-
view
217 -
download
0
Transcript of Network Securityp Resent at Ion
-
8/8/2019 Network Securityp Resent at Ion
1/17
Network Security 101 A Refresher CourseHow to keep your network safe NOW or be sorry later!
By Allan Pratt, MBA
Cyber-Tech Security [email protected]
-
8/8/2019 Network Securityp Resent at Ion
2/17
There are two extremes in Network safety:Absolute Security and Absolute open
Absolute security is: unplugged from the networkand power, locked in a safe, and thrown to thebottom of the ocean1
-
8/8/2019 Network Securityp Resent at Ion
3/17
4 Simple Rules Always keep your virus and Windows software updates on
Always keep your firewall on
Back up, Back up, Back up
Always keep your passwords and key phrases safe
-
8/8/2019 Network Securityp Resent at Ion
4/17
Better Safe Than Sorry Do not use common words or phrases for passwords
Do not keep your passwords written on a post-it taped toyour computer monitor
Back-up, back-up, back-up
-
8/8/2019 Network Securityp Resent at Ion
5/17
Strange But True You cannot secure a laptop until you secure the laptop
Make sure everyone follows the security plan, even the boss
Smart people can be stupid too, even HR
Who launched that virus?
-
8/8/2019 Network Securityp Resent at Ion
6/17
Human Nature
Also Called Social Engineering
Everyone Wants To Help
Passwords are meant to be a SECRET!
-
8/8/2019 Network Securityp Resent at Ion
7/17
Password Discovery Table
-
8/8/2019 Network Securityp Resent at Ion
8/17
Keep Your Email SafeMake sure to scan all email messages!
Do not open email from unknown sources or that you arenot expecting
Once they are in, only unplugging and reinstalling OS
will work New Type of Attack, Spear-Phising4
-
8/8/2019 Network Securityp Resent at Ion
9/17
Spear-Phishing Net Reconnaissance
Studying public Data
The email address is made to look like it is from a logicalsender
Harvesting The Data
Steals info and sends data to a Command and Control
Server4
-
8/8/2019 Network Securityp Resent at Ion
10/17
Keeping your data safe Identify and Authenticate
Use a Surge Protector
Safeguard against Unauthorized Access
Server-side protection
Password protect3
-
8/8/2019 Network Securityp Resent at Ion
11/17
-
8/8/2019 Network Securityp Resent at Ion
12/17
Wireless Networks
Turn off the SSID broadcast
Password protect your router
Do not leave MAC addresses open to others
Leave your hardware firewall on
Use matching vendors
Never use WEP protocols only the newer WPA2 and above
-
8/8/2019 Network Securityp Resent at Ion
13/17
Unprotected? Do you feel lucky?
One Security Expert maintains that 50% of unprotected
computers are compromised by an intruder within 12 minutes
Two devastating worms, Slammer and Nimda wreaked world-wide havoc in 10 and 30 minutes, respectively3
-
8/8/2019 Network Securityp Resent at Ion
14/17
Things to watch out for
System Crashes
Attempts to write to the system
Data Modification
Unexplained Poor System Performance6
-
8/8/2019 Network Securityp Resent at Ion
15/17
Best Practices
1. Do not pay more for your security than your
data is worth!
2. Password protect allof your important data!
-
8/8/2019 Network Securityp Resent at Ion
16/17
Final reminders:
Back-up, Back-up, Back-up
Never open a strange file or attachment
Always allow automatic updates You can never be too careful
Its not IF you lose your data, but a matter of
WHEN you lose your data
-
8/8/2019 Network Securityp Resent at Ion
17/17
Works Cited1. Curtin Matt, Introduction to Network Security, March 1997, page 8.2. Curtin Matt, Snake Oil Warning Signs: Encryption Software to Avoid
1996 -1998, page 5.
3. Vermaat, Discovering Computers, Fundamentals, Third Edition, Chapter10, pages 364, 368, 369, 374.4. BusinessWeek, Anatomy of a Spear-Phish, April 21, 2008, page 38.5. [Fraser 1997] Ed Fraser, RFC 2196, Site Security Handbook,
September 1997.6. Checking Microsoft Windows Systems for Signs of Compromise,
Simon Baker, UCL Computer Security Team; Patrick Green, OXCERTThomas Meyer, Garaidh Cochrane Version: 1.3.4, 10/28/2005.7. DEPARTMENT OF DEFENSE, STANDARD DEPARTMENT OF
DEFENSE TRUSTED COMPUTER SYSTEM EVALUATIONCRITERIA, DECEMBER l985 (DOD Orange book),
8. http://en.wikipedia.org/wiki/Network_security#column-one.