SlideShare uma empresa Scribd logo

Computer Security Primer - Eric Vanderburg - JURINNOV

Transferir como PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Computer Security Primer - Eric Vanderburg - JURINNOV

Tecnologia
1 de 24
Computer Security Primer Eric Vanderburg Director, Information Systems and Security Computer Forensic and Investigation Services JURINNOV LTD
Objectives • Identify who is responsible for information security • Describe security principles • Use effective authentication methods • Control access to computer systems • Audit information security schemes 2
Identifying Who Is Responsible for Information Security • When an organization secures its information, it completes a few basic tasks: 3 • It must analyze its assets and the threats these assets face from threat agents • It identifies its vulnerabilities and how they might be exploited • It regularly assesses and reviews the security policy to ensure it is adequately protecting its information
Identifying Who Is Responsible for Information Security (continued) • Bottom-up approach: major tasks of securing information are accomplished from the lower levels of the organization upwards • This approach has one key advantage: the bottom-level 4 employees have the technical expertise to understand how to secure information
Identifying Who Is Responsible for Information Security (continued) 5 • Top-down approach starts at the highest levels of the organization and works its way down • A security plan initiated by top-level managers has the backing to make the plan work
Identifying Who Is Responsible for Information Security (continued) 6 • Chief information security officer (CISO): helps develop the security plan and ensures it is carried out •Human firewall: describes the security-enforcing role of each employee
Understanding Security Principles •Ways information can be attacked: • Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet • Spies can use social engineering • Employees can guess other user’s passwords • Hackers can create back doors • Protecting against the wide range of attacks calls for a wide range of defense mechanisms 7
Layering 8 • Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Information security likewise must be created in layers • All the security layers must be properly coordinated to be effective
Limiting 9 • Limiting access to information reduces the threat against it • Only those who must use data should have access to it • Access must be limited for a subject (a person or a computer program running on a system) to interact with an object (a computer or a database stored on a server) • The amount of access granted to someone should be limited to what that person needs to know or do
Diversity 10 • Diversity is closely related to layering • You should protect data with diverse layers of security, so if attackers penetrate one layer, they cannot use the same techniques to break through all other layers • Using diverse layers of defense means that breaching one security layer does not compromise the whole system
Diversity (continued) • You can set a firewall to filter a specific type of traffic, such as all inbound traffic, and a second firewall on the same system to filter another traffic type, such as outbound traffic • Using firewalls produced by different vendors creates even greater diversity 11
Obscurity • Obscuring what goes on inside a system or organization and avoiding clear patterns of behavior make attacks from the outside difficult 12
Simplicity •Complex security systems can be difficult to understand, troubleshoot, and feel secure about • The challenge is to make the system simple from the inside but complex from the outside 13
Using Effective Authentication Methods • Information security rests on three key pillars: 14 • Authentication • Access control • Auditing
Using Effective Authentication Methods (continued) • Authentication: 15 • Process of providing identity • Can be classified into three main categories: what you know, what you have, what you are • Most common method: providing a user with a unique username and a secret password
Username and Password (continued) • ID management: 16 • User’s single authenticated ID is shared across multiple networks or online businesses • Attempts to address the problem of users having individual usernames and passwords for each account (thus, resorting to simple passwords that are easy to remember) • Can be for users and for computers that share data
Tokens • Token: security device that authenticates the user by having the appropriate permission embedded into the token itself • Passwords are based on what you know, tokens are based on what you have • Proximity card: plastic card with an embedded, thin metal strip that emits a low-frequency, short-wave radio signal 17
Biometrics • Uses a person’s unique characteristics to authenticate them • Is an example of authentication based on what you are • Human characteristics that can be used for identification include: 18 • Fingerprint – Face • Hand – Iris • Retina – Voice
Certificates • The key system does not prove that the senders are actually who they claim to be • Certificates let the receiver verify who sent the message • Certificates link or bind a specific person to a key • Digital certificates are issued by a certification authority (CA), an independent third-party organization 19
Mutual Authentication • Two-way authentication (mutual authentication) can be used to combat identity attacks, such as man-in-the-middle 20 and replay attacks • The server authenticates the user through a password, tokens, or other means
Multifactor Authentication • Multifactor authentication: implementing two or more types of authentication • Being strongly proposed to verify authentication of cell phone users who use their phones to purchase goods and services 21
Controlling Access to Computer Systems • Restrictions to user access are stored in an access control list (ACL) • An ACL is a table in the operating system that contains the access rights each subject (a user or device) has to a particular system object (a folder or file) 22
Auditing Information Security Schemes • Two ways to audit a security system 23 • Logging records which user performed a specific activity and when • System scanning to check permissions assigned to a user or role; these results are compared to what is expected to detect any differences
For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: Eric.Vanderburg@jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 24

Recomendados

5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
Data Security
Data SecurityData Security
Data Security
AkNirojan
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
CreatorsCircle
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 

Recomendados

5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
Data Security
Data SecurityData Security
Data Security
AkNirojan
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
CreatorsCircle
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
Kabul Education University
 
06. security concept
06. security concept06. security concept
06. security concept
Muhammad Ahad
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
E business security
E business securityE business security
E business security
Sameer Sharma
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
Eduardo Cambinda
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
Al Balqa Applied University
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
Kabul Education University
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
akhand Akhandenator
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
Adetula Bunmi
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
Faizan Janjua
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
 
null Pune meet - Evading Firewalls: Tunneling
null Pune meet - Evading Firewalls: Tunnelingnull Pune meet - Evading Firewalls: Tunneling
null Pune meet - Evading Firewalls: Tunneling
n|u - The Open Security Community
 

Mais conteúdo relacionado

Mais procurados

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 

Mais procurados (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
 
06. security concept
06. security concept06. security concept
06. security concept
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
E business security
E business securityE business security
E business security
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
 
Network security
Network securityNetwork security
Network security
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 

Destaque

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

Destaque (17)

A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
null Pune meet - Evading Firewalls: Tunneling
null Pune meet - Evading Firewalls: Tunnelingnull Pune meet - Evading Firewalls: Tunneling
null Pune meet - Evading Firewalls: Tunneling
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Modem technology
Modem technologyModem technology
Modem technology
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Semelhante a Computer Security Primer - Eric Vanderburg - JURINNOV

MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
Cis326week1lesson1
Cis326week1lesson1Cis326week1lesson1
Cis326week1lesson1
Fahad_1
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
Keamanan informasi
Keamanan informasiKeamanan informasi
Keamanan informasi
Nova Novelia
 

Semelhante a Computer Security Primer - Eric Vanderburg - JURINNOV (20)

security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Cis326week1lesson1
Cis326week1lesson1Cis326week1lesson1
Cis326week1lesson1
 
Computer security
Computer securityComputer security
Computer security
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information Security
Information SecurityInformation Security
Information Security
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
Unit four .pptx
Unit four .pptxUnit four .pptx
Unit four .pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Keamanan informasi
Keamanan informasiKeamanan informasi
Keamanan informasi
 
Unit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptxUnit-4-User-Authentication.pptx
Unit-4-User-Authentication.pptx
 

Mais de Eric Vanderburg

Mais de Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Computer Security Primer - Eric Vanderburg - JURINNOV

  • 1. Computer Security Primer Eric Vanderburg Director, Information Systems and Security Computer Forensic and Investigation Services JURINNOV LTD
  • 2. Objectives • Identify who is responsible for information security • Describe security principles • Use effective authentication methods • Control access to computer systems • Audit information security schemes 2
  • 3. Identifying Who Is Responsible for Information Security • When an organization secures its information, it completes a few basic tasks: 3 • It must analyze its assets and the threats these assets face from threat agents • It identifies its vulnerabilities and how they might be exploited • It regularly assesses and reviews the security policy to ensure it is adequately protecting its information
  • 4. Identifying Who Is Responsible for Information Security (continued) • Bottom-up approach: major tasks of securing information are accomplished from the lower levels of the organization upwards • This approach has one key advantage: the bottom-level 4 employees have the technical expertise to understand how to secure information
  • 5. Identifying Who Is Responsible for Information Security (continued) 5 • Top-down approach starts at the highest levels of the organization and works its way down • A security plan initiated by top-level managers has the backing to make the plan work
  • 6. Identifying Who Is Responsible for Information Security (continued) 6 • Chief information security officer (CISO): helps develop the security plan and ensures it is carried out •Human firewall: describes the security-enforcing role of each employee
  • 7. Understanding Security Principles •Ways information can be attacked: • Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet • Spies can use social engineering • Employees can guess other user’s passwords • Hackers can create back doors • Protecting against the wide range of attacks calls for a wide range of defense mechanisms 7
  • 8. Layering 8 • Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Information security likewise must be created in layers • All the security layers must be properly coordinated to be effective
  • 9. Limiting 9 • Limiting access to information reduces the threat against it • Only those who must use data should have access to it • Access must be limited for a subject (a person or a computer program running on a system) to interact with an object (a computer or a database stored on a server) • The amount of access granted to someone should be limited to what that person needs to know or do
  • 10. Diversity 10 • Diversity is closely related to layering • You should protect data with diverse layers of security, so if attackers penetrate one layer, they cannot use the same techniques to break through all other layers • Using diverse layers of defense means that breaching one security layer does not compromise the whole system
  • 11. Diversity (continued) • You can set a firewall to filter a specific type of traffic, such as all inbound traffic, and a second firewall on the same system to filter another traffic type, such as outbound traffic • Using firewalls produced by different vendors creates even greater diversity 11
  • 12. Obscurity • Obscuring what goes on inside a system or organization and avoiding clear patterns of behavior make attacks from the outside difficult 12
  • 13. Simplicity •Complex security systems can be difficult to understand, troubleshoot, and feel secure about • The challenge is to make the system simple from the inside but complex from the outside 13
  • 14. Using Effective Authentication Methods • Information security rests on three key pillars: 14 • Authentication • Access control • Auditing
  • 15. Using Effective Authentication Methods (continued) • Authentication: 15 • Process of providing identity • Can be classified into three main categories: what you know, what you have, what you are • Most common method: providing a user with a unique username and a secret password
  • 16. Username and Password (continued) • ID management: 16 • User’s single authenticated ID is shared across multiple networks or online businesses • Attempts to address the problem of users having individual usernames and passwords for each account (thus, resorting to simple passwords that are easy to remember) • Can be for users and for computers that share data
  • 17. Tokens • Token: security device that authenticates the user by having the appropriate permission embedded into the token itself • Passwords are based on what you know, tokens are based on what you have • Proximity card: plastic card with an embedded, thin metal strip that emits a low-frequency, short-wave radio signal 17
  • 18. Biometrics • Uses a person’s unique characteristics to authenticate them • Is an example of authentication based on what you are • Human characteristics that can be used for identification include: 18 • Fingerprint – Face • Hand – Iris • Retina – Voice
  • 19. Certificates • The key system does not prove that the senders are actually who they claim to be • Certificates let the receiver verify who sent the message • Certificates link or bind a specific person to a key • Digital certificates are issued by a certification authority (CA), an independent third-party organization 19
  • 20. Mutual Authentication • Two-way authentication (mutual authentication) can be used to combat identity attacks, such as man-in-the-middle 20 and replay attacks • The server authenticates the user through a password, tokens, or other means
  • 21. Multifactor Authentication • Multifactor authentication: implementing two or more types of authentication • Being strongly proposed to verify authentication of cell phone users who use their phones to purchase goods and services 21
  • 22. Controlling Access to Computer Systems • Restrictions to user access are stored in an access control list (ACL) • An ACL is a table in the operating system that contains the access rights each subject (a user or device) has to a particular system object (a folder or file) 22
  • 23. Auditing Information Security Schemes • Two ways to audit a security system 23 • Logging records which user performed a specific activity and when • System scanning to check permissions assigned to a user or role; these results are compared to what is expected to detect any differences
  • 24. For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: Eric.Vanderburg@jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 24