SlideShare uma empresa Scribd logo

Awareness

G
guest66dc5f

1. New technology such as USB drives and portable media devices pose new threats to information security. These devices are small, inexpensive, and can store large amounts of data. 2. Sensitive information has been stolen from U.S. military bases in Afghanistan by locals and sold in local bazaars. The stolen information has included names of spies, soldiers' personal information, and intelligence reports. 3. Proper marking, handling, and safeguarding of portable media devices and information is important to prevent compromises and protect national security. Classified media must be properly labeled according to regulations.

TecnologiaNegócios
1 de 54
Baixar para ler offline
New Technology New Threats “ Approved for Army release as a Training and Security Awareness product by CIO/G-6 quot; 1
New technology poses new threats to security! USB Pen USB Memory USB E-Pen Scanning Devices Drive Watch Audio Miniaturization Recorders Thumb Drive Video with USB Casio Watch Digital Media Devices connectivity Camera 2
Readily Available! Dimensions (inches) 1/8quot; x 1-7/16quot; x 1-11/16quot; Inexpensive Huge Storage Capacity 3
Small size - - - - Great impact! If each page were laid end to end, it or would extend 8000 thick books, or for 694 miles = 4,000,000 pages or or 1-7/16” Less than 1/8“ thick 1-11/16” 4
Getting yourself in the News! American investigators have paid thousands of dollars to buy back the stolen drives, according to shopkeepers outside the major military base here.. …. By Paul Watson, Los Angeles Times | April 15, 2006 A handful of of memory sticks are displayed by an Associated Press reporter at the bazaar outside the U.S. military base in Bagram. - (Shoaib Amin / AP) Just outside the main gate of the huge U.S. military base in Bagram, Afghanistan, shopkeepers at a bazaar peddle a range of goods, including computer drives with sensitive — even secret information — stolen from the base. About 2K Afghans are employed as office staff and laborers at the Bagram base 5
Thumb drives and media everywhere! …even in Bagram, Afghanistan 6
Magnetic Media Kills! - - New technology poses new threats One flash memory drive, sold for $40, holds the names, photos and phone numbers of people described as Afghan spies working for the military. Other thumb drives have been found to contain: …Social Security numbers listed next to the names of hundreds of Soldiers …names of senior Afghan ministers whom US intelligence agencies believe to be drug smugglers …list of 12 provincial officials the US reportedly wants removed from office One shopkeeper said, “They were all stolen from offices inside the base by the Afghans working there,” he said. “I get them all the time.” “Convenience Kills” 7 - GEN Schoomaker, CSA
Mark it and safeguard it! - - Basic document markings apply to all media 1. Computer disc must reflect the highest level of classification contained on the disc 2. Standard labels should be used for all levels of classification - if none available - - make your own. a. SF706 - Top Secret FOUO b. SF707 - Secret c. SF708 - Confidential d. SF709 - Classified AR 380-5 is e. SF710 - Unclassified clear, it is the users f. SF711 - Data Descriptor responsibility g. SF712 - Classified SCI to properly 3. No standard form (SF) and/or label(s) exist for control, handle, mark, and Compact Discs (CDs) transport information a. The SF labels prescribed for removable storage media may be used for the marking of classified CDs and their cases b. Classification must be conspicuously marked on the CD case Security Education, and the CD itself 4. Personal drives - - must be marked personal!! Training and Awareness - - Do It!! 8
Take Away’s What else do I need to know? Classify and label removable media IAW regulation and SOP USB drives and other removable, portable media devices are mostly self starting and may bypass systems security features when plugged in (Example: bypass scanning for viruses) No approved method of sanitizing, downgrading and declassifying these devices - - Destroy when no longer usable USB and other portable devices improve productivity and increase risk - - Know the risk Take action to reduce risk - mark it, safeguard it Report unauthorized use! Remember, the lives of your fellow Soldiers are in your hands! 9
Questions and Thoughts? 10
New Technology New Threats 11 “ Approved for Army release as a Training and Security Awareness product by CIO/G-6 quot;
Information Assurance Security Awareness Briefing After Slide Show starts, click your mouse or press the Page Down key on your keyboard to continue Note: THIS SLIDE SHOW WAS DONATED TO THE IA COMMUNITY BY: Strategic Planning & Information DISA Information Assurance Branch (SI22)
Overview • What is Information Assurance • General Security Guidance • Protecting Information • Reporting Violations • What can you do? 3
Are you the Problem or the Solution? 4
What is Information Assurance? Information Assurance is: “ Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation…providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” as defined by the CNSSI 4009, “ National Information Systems Security Glossary,” dated May 2003 5
What is Information Assurance? • Making sure the computer and the information is there when we need it (Availability). • Making sure the information we use, transmit, process, or stored has not been corrupted or adversely manipulated (Integrity). • Making sure we know who is using our computers and accessing our data (Authentication). • Making sure the information is protected from disclosure (Confidentiality). • Making sure the information is ‘tagged’ so when we send it – we know it got there, and the recipient knows who sent it (Nonrepudiation). 6
So, Why Are You Here? • DOD policy requires annual information assurance awareness training • Need to emphasize important security tasks and acceptable user practices 7
Your Mission…Should you decide to accept it… • Recognize your computing responsibilities. • Accept responsibility for protecting government information. • Recognize the challenges and threats that can harm our National Security. 8
Do you know what “OK” means? When you click “OK” : • You acknowledge that the information system you use is for “Official Government Use Only.” • Your computer and all of its information are subject to inspection. • Your actions are subject to continuous audit. 9
General Workstation Security • Protect your identity (User Id) • Use Strong Passwords – Make passwords 8 characters or longer • use capital letters, numbers, and punctuation symbols – Change passwords often • Always Lock your PC while leaving it unattended – Press Control+ALT+Delete and click the “Lock Workstation” Button • Use your Common Access Card (CAC) to digitally sign and encrypt your sensitive emails – Take your CAC with you when you leave your work area You are responsible for the data on your system at all times! 10
Prudent Network Security and Internet Practices • Email and Internet Use – Do not open emails from individuals that you do not recognize • Report suspicious emails to the DISANet Help Desk and your security manager. – Incidental personal use is permitted. • DISANet prohibits the use of Email or the Internet for: • Chain letters • Private commercial activities • Accessing pornographic or gambling sites • Participating in online auction activity • Political Activity • Illegal fraudulent or malicious activities • Any use which reflects adversely on DISA or any other DOD element • Virus Protection – Avoid attaching media from unfamiliar computing environments. – Ensure your workstation runs a daily virus scan. “Trust, but Verify” 11
What is P2P and What is the Risk? • Peer-to-Peer file sharing is technology that allows users to typically share music/video files. • It is risky! It bypasses security or control mechanisms. • Opens DOD networks to attacks and intrusions! 12
What are the Dangers of P2P? • The default settings of P2P applications share all documents and media files on your machine. – This causes the potential for disclosure of sensitive information. • P2P applications create open doors that may be remotely exploited to compromise DOD systems. • P2P software puts excessive strain on the network resources. – This will overwhelm our infrastructure already operating at 90% capacity. • P2P file exchanges generally violate international copyright laws. 13
What should I do? Don’t Use it! • ASD (NII) Memo, Elimination of Unauthorized Peer-to- Peer File Sharing Applications Across DOD, 13 April 2004. • There are many legal and security issues, and there is no mission essential aspect to P2P applications. • DO NOT USE P2P software on government assets • Forbidden software includes (but is not limited to): Napster ARES IRC Chat Relay Kazaa Limewire BitTorrent Morpheus Gnutella 14
Got Wireless? • DOD Directive 8100.2, quot;Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG),quot; – This directive outlines the DOD wireless policy to ensure a secure use of wireless technology throughout the agency. 15
Does this Apply to Me? • This Policy Applies to all – DOD Personnel, Contractors, and visitors that have access to DOD Information. – All (government owned/used) commercial wireless devices, services and technologies including but not limited to: • Messaging Devices • Laptops with WiFi • Any other wireless device • Cellular or PCS Devices capable of storing, processing, • Audio/Video Recorders or transmitting information • Personal Data Assistants Exempted are: –The Detection Segment of a PED – Receive only pagers •The signal between a barcode – GPS Receivers reader and receiver – Hearing Aids, Pace makers, other •A TV remote and television implanted medical devices or – RF Identification Tags (both personal life support systems Active and Passive) 16
What are my Duties? Employee Owned Equipment Government Owned Equipment • Enable Wired Equivalent • Do not process Privacy (WEP) on all government information on laptops, PDAs and personally owned laptops, wireless access points. PDAs, or cell phones. • When computers are • Do not attempt to connect plugged into the personally owned wireless network, disable any devices to government wireless cards. networks. • Enable Encryption on all • Turn off camera phones wireless transmissions and PDAs with camera • Turn off wireless modules in classified devices in classified areas. areas. Never transmit CLASSIFIED data using a wireless device! 17
What is Information? • Information is: Any knowledge that can be communicated regardless of its physical form or characteristic. • Information is classified by the degree of damage which would be caused if the information was revealed. There are 3 levels of classification: – TOP SECRET - unauthorized disclosure could cause exceptionally grave damage to national security. – SECRET - unauthorized disclosure could cause serious damage to national security. – CONFIDENTIAL - unauthorized disclosure could cause damage to national security. • Sensitive Compartmented Information (SCI): • Requires more stringent security protection. 18 • Protects intelligence sources and methods.
What is Information? (Con’t) • “Controlled Unclassified Information” is the DOD term used to define sensitive information such as: – For Official Use Only (FOUO) – Contract Sensitive – Proprietary 19
Protection of Computerized Information • At Rest • In Transit • In Process 20
Information At Rest Information can be stored on: Backup Tapes CDs or Floppy Disks Printers with memory Printed Documents Fax Machines WEB Pages Computer Hard Drives Handheld Devices DOD treats all media as documents. 21
MARK STORAGE MEDIA Mark computer components and media with: is edium This m • SF 710 Unclassified T SECRE • SF 708 - Confidential NT RNM E • SF 707 - Secret GOVE HE US Y OF T 707 OPERT SF PR • SF 706 - Top Secret ed s ifi mi ss ediu AL a cl sm Thi is D TI FIE m T iu EN SI ed N S NM sm DE A T hi EN ER CL NM T V FI R N VE O U G GO S S N EU U ) TH (1-87 E 08 CO H7 OF 710 T F SF TY S F PER O This medium is classified O TY PR ER P RO P TOP SECRET PROPERTY OF THE US GOVERNMENT SF 706 22
The Fundamentals of Marking • Documents must be marked SECRET according to Classification Level or Information Sensitivity. OFFICE OF THE SECRETARY OF DEFENSE WASHNGTON ,DC • Markings must be conspicuous! date – Large/Bold lettering MEMORANDUM FOR DASD (I&S) SUBJECT: Classification Markings (U) – Use no abbreviations 1. (U) This is an example of a document that contains originally classified information. Standard markings are required for all documents as shown here. These markings include: • Classification/sensitivity of a. (U) Portion marking(s) for each section of a document to reflect the classification of the information. When using subsections such as shown here, individual markings are used. When subsections are not marked, the information is protected at the level of protection shown by the documents must “stand out” - overall section. either electronically or stamped b. (U) Overall markings must be CONSPICUOUS AND LARGE/BOLD. c. (U) A quot;Classified byquot; line that includes the name or personal identifier and Position Of the manually. originator. d. (S) A reason for classification MUST BE USED. • Mark top & bottom of each page. e. (U) A quot;Declassify onquot; line that indicates the following: – FOR OFFICIAL USE ONLY (FOUO) is (1) The date or event for declassification not to exceed 10 years. (2) The date that is 10 years from the date of the original decision. marked on the bottom of page only (3) An extension beyond the initial 10 years of classification. (4) An authorized and applicable exemption category( ies). – FOUO guidance please visit https://datahouse.disa.mil/gc/fouo.html 2. (S) If this paragraph contained quot;Secretquot; information, the portion would be marked with the designation quot;Squot; in parentheses. If the paragraph contained quot;Confidentialquot; information, the portion would be marked with the designation quot;Cquot; in parentheses. • Paragraph, portion, and title Classified by : Emmett Paige, Jr . ASD(C31) markings may be abbreviated. Reason: 1.5 (a) and (d) * Declassify on: December 31, xxxx ** – (U) UNCLASSIFIED SECRET – (C) CONFIDENTIAL • Sample of paragraph marking23 – (S) SECRET – (TS) TOP SECRET
Marking Your IT Equipment DISA Form 205 “No Classified” CLASSIFIED Standard THIS MEDIUM IS CLASSIFIED Form 707 SECRET PROPERTY OF THE US GOVERNMENT Keep ALL labels in clearly identifiable locations. 24
Information in Transit Encrypt Email with CAC HELLO THE INTERNET IS ALWAYS WATCHING Decrypt Email with CAC Use your Common Access Card (CAC) to: • Digitally Sign Emails HELLO • Encrypt Emails • Decrypt Emails Sign and Encrypt ALL sensitive DOD information! 25
What’s a Spillage? • It is a form of System Contamination. • It is the Improper storage, transmission or processing of CLASSIFIED information on an UNCLASSIFIED system or via a communications path. – Most common occurrence is transmission via email. 26
Why is Spillage a ‘Hot Topic?’ • Can result in denial of service. • Handled incorrectly – can result in costly mistakes. • Agency numbers: – FY 2002: 27 – FY 2003: 21 – FY 2004: 25 (as of 2 Sep 04) • Resource intensive. – It takes 3 weeks to close a spillage. • Impacts the security of DOD missions. 27
Cost of Recovery: 1 Incident Time Spent Researching Compromise 16 hours $ 418.40 20 Mailboxes Involved; 15 minutes to Clear Each 5 hours $ 130.75 Scrub Operations (first server only) 7 hours $ 366.10 Additional Servers Scrubbed 6 hours $ 156.90* Daily Backups Lost 3 $1800.00** Additional Hours 19 hours $ 496.85*** TOTAL $3369.00 * Add .5 hours for each additional server ** Tapes cost $65-$85 each (estimate 8 tapes per day) ***Trouble Shooting/Additional Measures 28 Activities responsible for incidents will PAY for the cleanup!
Why is This Happening? • Users are not reading Email completely. • Electronic media is not being marked properly. • File names or subject headers do not reveal content sensitivity of information. • Rules for “data aggregation”/derivatively classifying are not well understood. • Individuals are unaware of classification guides/guidance. • Improper storage, transmission, processing of classified information. • All DISA personnel are PERSONALLY responsible for protecting sensitive and classified information. Bottom Line: THESE INCIDENTS MUST STOP! 29
Processing Classified Information • Workstation allowed to process classified information if: – In approved open storage area. – Contains removable hard disk in unsecured area. – Not connected to unclassified Local Area Network/Wide Area Network. • e.g., DISANet • Ensure access is controlled. – use approved passwords and change periodically. • Never transfer information from a classified to an unclassified system without authorization from the Chief Information Officer. • Never use personally owned computers to process classified information. 30
Connecting to a CLASSIFIED Network • Workstation must have a removable hard drive – This requirement can be waived if there is a proof of “Open Storage” • Monitors must face away from any opening – If this can not be accomplished, an approved privacy screen must be used • All doors and windows near CLASSIFIED assets must be covered • CLASSIFIED CPU’s should be at least 3 feet from UNCLASSIFIED CPU’s Keep CLASSIFIED information from other’s view! 31
NEVER Take CLASSIFIED Material Home • If you do, you could: – Be subjected to an espionage investigation. – Lose your access or security clearance. – Lose your job. – Be prosecuted pursuant to statute(s). CLASSI FIED 32
Safeguarding - When Not in Secure Storage • Keep CLASSIFIED material in your possession at all times until it is either passed to a trusted person or stored in an approved storage container. • You must be an approved courier when transporting CLASSIFIED material outside of your building. – Ensure material is double-wrapped before leaving building. • All documents must be properly marked and protected by cover sheets. • NEVER leave classified information unattended. • NEVER discuss classified information on non-secure telephones. • NEVER discuss, read, or work with classified information in public places.33
Security Containers • Store and protect classified information in GSA- approved safes. • Memorize combinations: they are classified and cannot be written down or carried on your person. • SF 700, “Security Container Information” records emergency contact information of all individuals having access to safe. 34
Destruction • Dispose all classified paper, diskettes, and other classified waste in “burn bags.” • Cross-cut shredding also authorized method of destruction – must be on NSA list of approved shredders. • TS requires destruction certificates. • Send Hard Drives to NSA: Attn: CMC – degaussing Suite 36875 9800 Savage Rd. Ft George Meade, MD 20755 35
Reporting Computer Security Incidents Security Incident • An attempt to exploit a national security system; may involve fraud, waste, or abuse; compromise of information; loss or damage of property or information; or denial of service. – Security incidents include: • penetration of computer systems • exploitation of vulnerabilities • introduction of computer viruses or other forms of malicious code. If an incident occurs: • Gather all pertinent information. – time, details, person(s) involved, actions taken, etc. • Report it to the computer help desk. • Site administrators should notify NetDefense [DOD-CERT]. • If a violation of law is evident or suspected, the incident must also be reported to both security and law enforcement organizations for appropriate action. Report ALL Suspicious Activity!! 36
Reporting Suspicious Activities • Report suspicious persons or circumstances immediately to your supervisor, Facility Security Manager or the Security Division (MPS6). • Be alert for: – surveillance attempts. – suspicious persons or activities. – individuals using unauthorized recording devices. 37
Let’s Review 38
To Improve our Security Program • Be a strong link in the security chain! • Keep passwords safe! Adhere to password standards. • Separate government work from personal activities. • Working from home? Scan your removable media for viruses when you come back to the office (if you are using your home computer). Keep your government work on government-provided media – don’t leave it on your home hard drive. • Watch what you upload and download from the INTERNET or where you ‘travel’ on the WEB...your computer activity is subject to monitoring. • Adhere to DISA email standards. 39
To Improve our Security Program (cont.) • Separate classified from unclassified information. Use classification guidance when regrading classified information. Label your diskettes! • Keep track of your removable media. Store them when not in use. • Watch your file transmissions! Make sure the files you transfer or the email you send is appropriate for the sensitivity of that network! • Turn on your screensavers and activate password protection. Keep your files and access to the network safe! • Report anomalies. Requests for information from unknown sources (foreign countries), destroyed, infected or corrupted files, missing computer hardware, etc. Report this to your Information Assurance Manager and to the Help Desk. • Traveling with a government computer? Keep track of it! 40
Conclusion • Strictly follow DOD and DISA security guidance. If you don’t know - ask! • Contact your Security Manager, Information Assurance Manager (IAM), or the Security Division (MP6) for assistance. • Pay Attention to Detail. • Be Alert. • Be Aware! Security is your responsibility! 41
We’re Almost Done! 42
Do you want credit? I certify that I have read and understand the material presented in this slideshow. I acknowledge that I am responsible for knowing and following the information presented in this guide. Upon completion of viewing this slideshow click on quot;SUBMITquot; and complete the form, this will certify that you have read and understood the material contained in this slideshow. If a POP-UP box appears informing you that quot;This form is being submitted using e-mail. Submitting this form will reveal our e-mail address to the recipient, and will send the form data without encrypting if for privacy. You may continue or cancel this submission.quot; Click OK. Another box will appear quot;A program is trying to automatically send e-mail on your behalf. Do you want ot allow this?, If this is unexpected, it may be a virus and you should choose quot;NOquot;. quot; Click quot;YESquot;, if you click quot;NOquot; you will not get credit for completing this required briefing. 43 Press the Esc key on your keyboard to exit Slideshow. SUBMIT
End, IA

Recomendados

2013 Ford Flex for Sale NJ | Ford Dealer Keyport
2013 Ford Flex for Sale NJ | Ford Dealer Keyport2013 Ford Flex for Sale NJ | Ford Dealer Keyport
2013 Ford Flex for Sale NJ | Ford Dealer KeyportTom's Ford
 
0304bbbweb
0304bbbweb0304bbbweb
0304bbbwebguest66dc5f
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2guest66dc5f
 
LeWeb 3 Conference Summary
LeWeb 3 Conference Summary LeWeb 3 Conference Summary
LeWeb 3 Conference SummaryVanina Delobelle
 
O Que Mudar Em Pombal
O Que Mudar Em Pombal O Que Mudar Em Pombal
O Que Mudar Em Pombal nelsolopes
 
Present
PresentPresent
PresentKaito
 
Ch2 Ppt Lect 1
Ch2 Ppt Lect 1Ch2 Ppt Lect 1
Ch2 Ppt Lect 1guest6d238a
 
Linked In Basics
Linked In BasicsLinked In Basics
Linked In Basicsgusrblanco
 

Recomendados

2013 Ford Flex for Sale NJ | Ford Dealer Keyport
2013 Ford Flex for Sale NJ | Ford Dealer Keyport2013 Ford Flex for Sale NJ | Ford Dealer Keyport
2013 Ford Flex for Sale NJ | Ford Dealer KeyportTom's Ford
 
0304bbbweb
0304bbbweb0304bbbweb
0304bbbwebguest66dc5f
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2guest66dc5f
 
LeWeb 3 Conference Summary
LeWeb 3 Conference Summary LeWeb 3 Conference Summary
LeWeb 3 Conference SummaryVanina Delobelle
 
O Que Mudar Em Pombal
O Que Mudar Em Pombal O Que Mudar Em Pombal
O Que Mudar Em Pombal nelsolopes
 
Present
PresentPresent
PresentKaito
 
Ch2 Ppt Lect 1
Ch2 Ppt Lect 1Ch2 Ppt Lect 1
Ch2 Ppt Lect 1guest6d238a
 
Linked In Basics
Linked In BasicsLinked In Basics
Linked In Basicsgusrblanco
 
USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive securityjin88lin
 
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 IssueVR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 IssueVR-Zone .com
 
Banana pi bpi-m1 user manual
Banana pi bpi-m1 user manualBanana pi bpi-m1 user manual
Banana pi bpi-m1 user manualwang lion
 
Java ring
Java ringJava ring
Java ringAkshaya Akshaya
 
INPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICESINPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICESADIL KHAN
 
Investor Slideset
Investor SlidesetInvestor Slideset
Investor SlidesetGordonNuttall
 
Mobile Privacy And Security
Mobile Privacy And SecurityMobile Privacy And Security
Mobile Privacy And SecurityJames Wernicke
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest VersionPrueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest VersionGraciela Bilat
 
Micromedia Powerpoint2
Micromedia Powerpoint2Micromedia Powerpoint2
Micromedia Powerpoint2dimopoulos09
 
Wearables Discussion
Wearables DiscussionWearables Discussion
Wearables DiscussionJeffrey Paul
 
Clape n
Clape nClape n
Clape nJoy Dhar
 
Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Originalguest66dc5f
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhoneguest66dc5f
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collectionguest66dc5f
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number platesguest66dc5f
 
David-FPGA
David-FPGADavid-FPGA
David-FPGAguest66dc5f
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefoxguest66dc5f
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windowsguest66dc5f
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Lawguest66dc5f
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsguest66dc5f
 

Mais conteúdo relacionado

Semelhante a Awareness

USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive securityjin88lin
 
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 IssueVR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 IssueVR-Zone .com
 
Banana pi bpi-m1 user manual
Banana pi bpi-m1 user manualBanana pi bpi-m1 user manual
Banana pi bpi-m1 user manualwang lion
 
INPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICESINPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICESADIL KHAN
 
Mobile Privacy And Security
Mobile Privacy And SecurityMobile Privacy And Security
Mobile Privacy And SecurityJames Wernicke
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest VersionPrueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest VersionGraciela Bilat
 
Micromedia Powerpoint2
Micromedia Powerpoint2Micromedia Powerpoint2
Micromedia Powerpoint2dimopoulos09
 
Wearables Discussion
Wearables DiscussionWearables Discussion
Wearables DiscussionJeffrey Paul
 

Semelhante a Awareness (12)

USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive security
 
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 IssueVR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
VR-Zone Technology News | Stuff for the Geeks! Feb 2011 Issue
 
Banana pi bpi-m1 user manual
Banana pi bpi-m1 user manualBanana pi bpi-m1 user manual
Banana pi bpi-m1 user manual
 
Java ring
Java ringJava ring
Java ring
 
INPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICESINPUT OUTPUT AND STORAGE DEVICES
INPUT OUTPUT AND STORAGE DEVICES
 
Investor Slideset
Investor SlidesetInvestor Slideset
Investor Slideset
 
Mobile Privacy And Security
Mobile Privacy And SecurityMobile Privacy And Security
Mobile Privacy And Security
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest VersionPrueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
Prueba De IngléS De Adelanto De 6 To AñO April 2008 Latest Version
 
Micromedia Powerpoint2
Micromedia Powerpoint2Micromedia Powerpoint2
Micromedia Powerpoint2
 
Wearables Discussion
Wearables DiscussionWearables Discussion
Wearables Discussion
 
Clape n
Clape nClape n
Clape n
 

Mais de guest66dc5f

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Originalguest66dc5f
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhoneguest66dc5f
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collectionguest66dc5f
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number platesguest66dc5f
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefoxguest66dc5f
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windowsguest66dc5f
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Lawguest66dc5f
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsguest66dc5f
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toasterguest66dc5f
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniquesguest66dc5f
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flawsguest66dc5f
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07guest66dc5f
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002guest66dc5f
 

Mais de guest66dc5f (20)

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Original
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhone
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collection
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number plates
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefox
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Code
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Law
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_laws
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toaster
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flaws
 
CostofWarinIraq
CostofWarinIraqCostofWarinIraq
CostofWarinIraq
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
golf
golfgolf
golf
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002
 

Último

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 

Awareness

  • 1. New Technology New Threats “ Approved for Army release as a Training and Security Awareness product by CIO/G-6 quot; 1
  • 2. New technology poses new threats to security! USB Pen USB Memory USB E-Pen Scanning Devices Drive Watch Audio Miniaturization Recorders Thumb Drive Video with USB Casio Watch Digital Media Devices connectivity Camera 2
  • 3. Readily Available! Dimensions (inches) 1/8quot; x 1-7/16quot; x 1-11/16quot; Inexpensive Huge Storage Capacity 3
  • 4. Small size - - - - Great impact! If each page were laid end to end, it or would extend 8000 thick books, or for 694 miles = 4,000,000 pages or or 1-7/16” Less than 1/8“ thick 1-11/16” 4
  • 5. Getting yourself in the News! American investigators have paid thousands of dollars to buy back the stolen drives, according to shopkeepers outside the major military base here.. …. By Paul Watson, Los Angeles Times | April 15, 2006 A handful of of memory sticks are displayed by an Associated Press reporter at the bazaar outside the U.S. military base in Bagram. - (Shoaib Amin / AP) Just outside the main gate of the huge U.S. military base in Bagram, Afghanistan, shopkeepers at a bazaar peddle a range of goods, including computer drives with sensitive — even secret information — stolen from the base. About 2K Afghans are employed as office staff and laborers at the Bagram base 5
  • 6. Thumb drives and media everywhere! …even in Bagram, Afghanistan 6
  • 7. Magnetic Media Kills! - - New technology poses new threats One flash memory drive, sold for $40, holds the names, photos and phone numbers of people described as Afghan spies working for the military. Other thumb drives have been found to contain: …Social Security numbers listed next to the names of hundreds of Soldiers …names of senior Afghan ministers whom US intelligence agencies believe to be drug smugglers …list of 12 provincial officials the US reportedly wants removed from office One shopkeeper said, “They were all stolen from offices inside the base by the Afghans working there,” he said. “I get them all the time.” “Convenience Kills” 7 - GEN Schoomaker, CSA
  • 8. Mark it and safeguard it! - - Basic document markings apply to all media 1. Computer disc must reflect the highest level of classification contained on the disc 2. Standard labels should be used for all levels of classification - if none available - - make your own. a. SF706 - Top Secret FOUO b. SF707 - Secret c. SF708 - Confidential d. SF709 - Classified AR 380-5 is e. SF710 - Unclassified clear, it is the users f. SF711 - Data Descriptor responsibility g. SF712 - Classified SCI to properly 3. No standard form (SF) and/or label(s) exist for control, handle, mark, and Compact Discs (CDs) transport information a. The SF labels prescribed for removable storage media may be used for the marking of classified CDs and their cases b. Classification must be conspicuously marked on the CD case Security Education, and the CD itself 4. Personal drives - - must be marked personal!! Training and Awareness - - Do It!! 8
  • 9. Take Away’s What else do I need to know? Classify and label removable media IAW regulation and SOP USB drives and other removable, portable media devices are mostly self starting and may bypass systems security features when plugged in (Example: bypass scanning for viruses) No approved method of sanitizing, downgrading and declassifying these devices - - Destroy when no longer usable USB and other portable devices improve productivity and increase risk - - Know the risk Take action to reduce risk - mark it, safeguard it Report unauthorized use! Remember, the lives of your fellow Soldiers are in your hands! 9
  • 11. New Technology New Threats 11 “ Approved for Army release as a Training and Security Awareness product by CIO/G-6 quot;
  • 12. Information Assurance Security Awareness Briefing After Slide Show starts, click your mouse or press the Page Down key on your keyboard to continue Note: THIS SLIDE SHOW WAS DONATED TO THE IA COMMUNITY BY: Strategic Planning & Information DISA Information Assurance Branch (SI22)
  • 13. Overview • What is Information Assurance • General Security Guidance • Protecting Information • Reporting Violations • What can you do? 3
  • 14. Are you the Problem or the Solution? 4
  • 15. What is Information Assurance? Information Assurance is: “ Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation…providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” as defined by the CNSSI 4009, “ National Information Systems Security Glossary,” dated May 2003 5
  • 16. What is Information Assurance? • Making sure the computer and the information is there when we need it (Availability). • Making sure the information we use, transmit, process, or stored has not been corrupted or adversely manipulated (Integrity). • Making sure we know who is using our computers and accessing our data (Authentication). • Making sure the information is protected from disclosure (Confidentiality). • Making sure the information is ‘tagged’ so when we send it – we know it got there, and the recipient knows who sent it (Nonrepudiation). 6
  • 17. So, Why Are You Here? • DOD policy requires annual information assurance awareness training • Need to emphasize important security tasks and acceptable user practices 7
  • 18. Your Mission…Should you decide to accept it… • Recognize your computing responsibilities. • Accept responsibility for protecting government information. • Recognize the challenges and threats that can harm our National Security. 8
  • 19. Do you know what “OK” means? When you click “OK” : • You acknowledge that the information system you use is for “Official Government Use Only.” • Your computer and all of its information are subject to inspection. • Your actions are subject to continuous audit. 9
  • 20. General Workstation Security • Protect your identity (User Id) • Use Strong Passwords – Make passwords 8 characters or longer • use capital letters, numbers, and punctuation symbols – Change passwords often • Always Lock your PC while leaving it unattended – Press Control+ALT+Delete and click the “Lock Workstation” Button • Use your Common Access Card (CAC) to digitally sign and encrypt your sensitive emails – Take your CAC with you when you leave your work area You are responsible for the data on your system at all times! 10
  • 21. Prudent Network Security and Internet Practices • Email and Internet Use – Do not open emails from individuals that you do not recognize • Report suspicious emails to the DISANet Help Desk and your security manager. – Incidental personal use is permitted. • DISANet prohibits the use of Email or the Internet for: • Chain letters • Private commercial activities • Accessing pornographic or gambling sites • Participating in online auction activity • Political Activity • Illegal fraudulent or malicious activities • Any use which reflects adversely on DISA or any other DOD element • Virus Protection – Avoid attaching media from unfamiliar computing environments. – Ensure your workstation runs a daily virus scan. “Trust, but Verify” 11
  • 22. What is P2P and What is the Risk? • Peer-to-Peer file sharing is technology that allows users to typically share music/video files. • It is risky! It bypasses security or control mechanisms. • Opens DOD networks to attacks and intrusions! 12
  • 23. What are the Dangers of P2P? • The default settings of P2P applications share all documents and media files on your machine. – This causes the potential for disclosure of sensitive information. • P2P applications create open doors that may be remotely exploited to compromise DOD systems. • P2P software puts excessive strain on the network resources. – This will overwhelm our infrastructure already operating at 90% capacity. • P2P file exchanges generally violate international copyright laws. 13
  • 24. What should I do? Don’t Use it! • ASD (NII) Memo, Elimination of Unauthorized Peer-to- Peer File Sharing Applications Across DOD, 13 April 2004. • There are many legal and security issues, and there is no mission essential aspect to P2P applications. • DO NOT USE P2P software on government assets • Forbidden software includes (but is not limited to): Napster ARES IRC Chat Relay Kazaa Limewire BitTorrent Morpheus Gnutella 14
  • 25. Got Wireless? • DOD Directive 8100.2, quot;Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG),quot; – This directive outlines the DOD wireless policy to ensure a secure use of wireless technology throughout the agency. 15
  • 26. Does this Apply to Me? • This Policy Applies to all – DOD Personnel, Contractors, and visitors that have access to DOD Information. – All (government owned/used) commercial wireless devices, services and technologies including but not limited to: • Messaging Devices • Laptops with WiFi • Any other wireless device • Cellular or PCS Devices capable of storing, processing, • Audio/Video Recorders or transmitting information • Personal Data Assistants Exempted are: –The Detection Segment of a PED – Receive only pagers •The signal between a barcode – GPS Receivers reader and receiver – Hearing Aids, Pace makers, other •A TV remote and television implanted medical devices or – RF Identification Tags (both personal life support systems Active and Passive) 16
  • 27. What are my Duties? Employee Owned Equipment Government Owned Equipment • Enable Wired Equivalent • Do not process Privacy (WEP) on all government information on laptops, PDAs and personally owned laptops, wireless access points. PDAs, or cell phones. • When computers are • Do not attempt to connect plugged into the personally owned wireless network, disable any devices to government wireless cards. networks. • Enable Encryption on all • Turn off camera phones wireless transmissions and PDAs with camera • Turn off wireless modules in classified devices in classified areas. areas. Never transmit CLASSIFIED data using a wireless device! 17
  • 28. What is Information? • Information is: Any knowledge that can be communicated regardless of its physical form or characteristic. • Information is classified by the degree of damage which would be caused if the information was revealed. There are 3 levels of classification: – TOP SECRET - unauthorized disclosure could cause exceptionally grave damage to national security. – SECRET - unauthorized disclosure could cause serious damage to national security. – CONFIDENTIAL - unauthorized disclosure could cause damage to national security. • Sensitive Compartmented Information (SCI): • Requires more stringent security protection. 18 • Protects intelligence sources and methods.
  • 29. What is Information? (Con’t) • “Controlled Unclassified Information” is the DOD term used to define sensitive information such as: – For Official Use Only (FOUO) – Contract Sensitive – Proprietary 19
  • 30. Protection of Computerized Information • At Rest • In Transit • In Process 20
  • 31. Information At Rest Information can be stored on: Backup Tapes CDs or Floppy Disks Printers with memory Printed Documents Fax Machines WEB Pages Computer Hard Drives Handheld Devices DOD treats all media as documents. 21
  • 32. MARK STORAGE MEDIA Mark computer components and media with: is edium This m • SF 710 Unclassified T SECRE • SF 708 - Confidential NT RNM E • SF 707 - Secret GOVE HE US Y OF T 707 OPERT SF PR • SF 706 - Top Secret ed s ifi mi ss ediu AL a cl sm Thi is D TI FIE m T iu EN SI ed N S NM sm DE A T hi EN ER CL NM T V FI R N VE O U G GO S S N EU U ) TH (1-87 E 08 CO H7 OF 710 T F SF TY S F PER O This medium is classified O TY PR ER P RO P TOP SECRET PROPERTY OF THE US GOVERNMENT SF 706 22
  • 33. The Fundamentals of Marking • Documents must be marked SECRET according to Classification Level or Information Sensitivity. OFFICE OF THE SECRETARY OF DEFENSE WASHNGTON ,DC • Markings must be conspicuous! date – Large/Bold lettering MEMORANDUM FOR DASD (I&S) SUBJECT: Classification Markings (U) – Use no abbreviations 1. (U) This is an example of a document that contains originally classified information. Standard markings are required for all documents as shown here. These markings include: • Classification/sensitivity of a. (U) Portion marking(s) for each section of a document to reflect the classification of the information. When using subsections such as shown here, individual markings are used. When subsections are not marked, the information is protected at the level of protection shown by the documents must “stand out” - overall section. either electronically or stamped b. (U) Overall markings must be CONSPICUOUS AND LARGE/BOLD. c. (U) A quot;Classified byquot; line that includes the name or personal identifier and Position Of the manually. originator. d. (S) A reason for classification MUST BE USED. • Mark top & bottom of each page. e. (U) A quot;Declassify onquot; line that indicates the following: – FOR OFFICIAL USE ONLY (FOUO) is (1) The date or event for declassification not to exceed 10 years. (2) The date that is 10 years from the date of the original decision. marked on the bottom of page only (3) An extension beyond the initial 10 years of classification. (4) An authorized and applicable exemption category( ies). – FOUO guidance please visit https://datahouse.disa.mil/gc/fouo.html 2. (S) If this paragraph contained quot;Secretquot; information, the portion would be marked with the designation quot;Squot; in parentheses. If the paragraph contained quot;Confidentialquot; information, the portion would be marked with the designation quot;Cquot; in parentheses. • Paragraph, portion, and title Classified by : Emmett Paige, Jr . ASD(C31) markings may be abbreviated. Reason: 1.5 (a) and (d) * Declassify on: December 31, xxxx ** – (U) UNCLASSIFIED SECRET – (C) CONFIDENTIAL • Sample of paragraph marking23 – (S) SECRET – (TS) TOP SECRET
  • 34. Marking Your IT Equipment DISA Form 205 “No Classified” CLASSIFIED Standard THIS MEDIUM IS CLASSIFIED Form 707 SECRET PROPERTY OF THE US GOVERNMENT Keep ALL labels in clearly identifiable locations. 24
  • 35. Information in Transit Encrypt Email with CAC HELLO THE INTERNET IS ALWAYS WATCHING Decrypt Email with CAC Use your Common Access Card (CAC) to: • Digitally Sign Emails HELLO • Encrypt Emails • Decrypt Emails Sign and Encrypt ALL sensitive DOD information! 25
  • 36. What’s a Spillage? • It is a form of System Contamination. • It is the Improper storage, transmission or processing of CLASSIFIED information on an UNCLASSIFIED system or via a communications path. – Most common occurrence is transmission via email. 26
  • 37. Why is Spillage a ‘Hot Topic?’ • Can result in denial of service. • Handled incorrectly – can result in costly mistakes. • Agency numbers: – FY 2002: 27 – FY 2003: 21 – FY 2004: 25 (as of 2 Sep 04) • Resource intensive. – It takes 3 weeks to close a spillage. • Impacts the security of DOD missions. 27
  • 38. Cost of Recovery: 1 Incident Time Spent Researching Compromise 16 hours $ 418.40 20 Mailboxes Involved; 15 minutes to Clear Each 5 hours $ 130.75 Scrub Operations (first server only) 7 hours $ 366.10 Additional Servers Scrubbed 6 hours $ 156.90* Daily Backups Lost 3 $1800.00** Additional Hours 19 hours $ 496.85*** TOTAL $3369.00 * Add .5 hours for each additional server ** Tapes cost $65-$85 each (estimate 8 tapes per day) ***Trouble Shooting/Additional Measures 28 Activities responsible for incidents will PAY for the cleanup!
  • 39. Why is This Happening? • Users are not reading Email completely. • Electronic media is not being marked properly. • File names or subject headers do not reveal content sensitivity of information. • Rules for “data aggregation”/derivatively classifying are not well understood. • Individuals are unaware of classification guides/guidance. • Improper storage, transmission, processing of classified information. • All DISA personnel are PERSONALLY responsible for protecting sensitive and classified information. Bottom Line: THESE INCIDENTS MUST STOP! 29
  • 40. Processing Classified Information • Workstation allowed to process classified information if: – In approved open storage area. – Contains removable hard disk in unsecured area. – Not connected to unclassified Local Area Network/Wide Area Network. • e.g., DISANet • Ensure access is controlled. – use approved passwords and change periodically. • Never transfer information from a classified to an unclassified system without authorization from the Chief Information Officer. • Never use personally owned computers to process classified information. 30
  • 41. Connecting to a CLASSIFIED Network • Workstation must have a removable hard drive – This requirement can be waived if there is a proof of “Open Storage” • Monitors must face away from any opening – If this can not be accomplished, an approved privacy screen must be used • All doors and windows near CLASSIFIED assets must be covered • CLASSIFIED CPU’s should be at least 3 feet from UNCLASSIFIED CPU’s Keep CLASSIFIED information from other’s view! 31
  • 42. NEVER Take CLASSIFIED Material Home • If you do, you could: – Be subjected to an espionage investigation. – Lose your access or security clearance. – Lose your job. – Be prosecuted pursuant to statute(s). CLASSI FIED 32
  • 43. Safeguarding - When Not in Secure Storage • Keep CLASSIFIED material in your possession at all times until it is either passed to a trusted person or stored in an approved storage container. • You must be an approved courier when transporting CLASSIFIED material outside of your building. – Ensure material is double-wrapped before leaving building. • All documents must be properly marked and protected by cover sheets. • NEVER leave classified information unattended. • NEVER discuss classified information on non-secure telephones. • NEVER discuss, read, or work with classified information in public places.33
  • 44. Security Containers • Store and protect classified information in GSA- approved safes. • Memorize combinations: they are classified and cannot be written down or carried on your person. • SF 700, “Security Container Information” records emergency contact information of all individuals having access to safe. 34
  • 45. Destruction • Dispose all classified paper, diskettes, and other classified waste in “burn bags.” • Cross-cut shredding also authorized method of destruction – must be on NSA list of approved shredders. • TS requires destruction certificates. • Send Hard Drives to NSA: Attn: CMC – degaussing Suite 36875 9800 Savage Rd. Ft George Meade, MD 20755 35
  • 46. Reporting Computer Security Incidents Security Incident • An attempt to exploit a national security system; may involve fraud, waste, or abuse; compromise of information; loss or damage of property or information; or denial of service. – Security incidents include: • penetration of computer systems • exploitation of vulnerabilities • introduction of computer viruses or other forms of malicious code. If an incident occurs: • Gather all pertinent information. – time, details, person(s) involved, actions taken, etc. • Report it to the computer help desk. • Site administrators should notify NetDefense [DOD-CERT]. • If a violation of law is evident or suspected, the incident must also be reported to both security and law enforcement organizations for appropriate action. Report ALL Suspicious Activity!! 36
  • 47. Reporting Suspicious Activities • Report suspicious persons or circumstances immediately to your supervisor, Facility Security Manager or the Security Division (MPS6). • Be alert for: – surveillance attempts. – suspicious persons or activities. – individuals using unauthorized recording devices. 37
  • 49. To Improve our Security Program • Be a strong link in the security chain! • Keep passwords safe! Adhere to password standards. • Separate government work from personal activities. • Working from home? Scan your removable media for viruses when you come back to the office (if you are using your home computer). Keep your government work on government-provided media – don’t leave it on your home hard drive. • Watch what you upload and download from the INTERNET or where you ‘travel’ on the WEB...your computer activity is subject to monitoring. • Adhere to DISA email standards. 39
  • 50. To Improve our Security Program (cont.) • Separate classified from unclassified information. Use classification guidance when regrading classified information. Label your diskettes! • Keep track of your removable media. Store them when not in use. • Watch your file transmissions! Make sure the files you transfer or the email you send is appropriate for the sensitivity of that network! • Turn on your screensavers and activate password protection. Keep your files and access to the network safe! • Report anomalies. Requests for information from unknown sources (foreign countries), destroyed, infected or corrupted files, missing computer hardware, etc. Report this to your Information Assurance Manager and to the Help Desk. • Traveling with a government computer? Keep track of it! 40
  • 51. Conclusion • Strictly follow DOD and DISA security guidance. If you don’t know - ask! • Contact your Security Manager, Information Assurance Manager (IAM), or the Security Division (MP6) for assistance. • Pay Attention to Detail. • Be Alert. • Be Aware! Security is your responsibility! 41
  • 53. Do you want credit? I certify that I have read and understand the material presented in this slideshow. I acknowledge that I am responsible for knowing and following the information presented in this guide. Upon completion of viewing this slideshow click on quot;SUBMITquot; and complete the form, this will certify that you have read and understood the material contained in this slideshow. If a POP-UP box appears informing you that quot;This form is being submitted using e-mail. Submitting this form will reveal our e-mail address to the recipient, and will send the form data without encrypting if for privacy. You may continue or cancel this submission.quot; Click OK. Another box will appear quot;A program is trying to automatically send e-mail on your behalf. Do you want ot allow this?, If this is unexpected, it may be a virus and you should choose quot;NOquot;. quot; Click quot;YESquot;, if you click quot;NOquot; you will not get credit for completing this required briefing. 43 Press the Esc key on your keyboard to exit Slideshow. SUBMIT