M7 internet security

468 views
358 views

Published on

Security

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
468
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

M7 internet security

  1. 1. IntroductionMaster Class 7Internet SecurityJosep Bardallo
  2. 2. 2NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security: DefinitionsInternet security is a branch of computersecurity specifically related to theInternet, involving Web Server securitybut also network security on a moregeneral level as it applies to otherapplications or operating systems on awhole. Also called Cybersecurity.Its objective is to establish rules andmeasures to use against attacks over theInternet.
  3. 3. 3NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security: DefinitionsFrom Internet Security Glossary, Version 2 (rfc4949)Security is about protect resources
  4. 4. 4NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security: DefinitionsSecure Web Services is about secure CIA:From NIST: Guide to Secure Web Services (SP800-95)
  5. 5. 5NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security: DefinitionsThreat, attack and Vulnerability:From CISSP Guide to Security Essentials
  6. 6. 6NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security: Evolution• From Information Security toInformation Assurance (process ofcontinuous Analysis and RiskManagement• Information assurance (IA) is thepractice of assuring informationand managing risks related to theuse, processing, storage, andtransmission of information ordata and the systems andprocesses used for thosepurposes. Information assuranceincludes protection of theintegrity, availability,authenticity, non-repudiation andconfidentiality of user data. Ituses physical, technical andadministrative controls toaccomplish these tasks
  7. 7. 7NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security ThreatsMain Cybersecurity Threats•Threats against information• Spy• Information Theft• Identity Theft• Fraud• APT (advanced Persistent threats)•Threats against infrastructure• Critical Infrastructures attacks• Networks and systems attacks• Industrial systems attacks• Malware infection• Third party attacks
  8. 8. 8NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security Threats: 2012 Real data
  9. 9. 9NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloAttack types From States From private entities Terrorism, political or ideological attacks Hacktivism: Professional Hacking Low profile attack Insiders attacks
  10. 10. 10NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloState promoted Attacks Estonia 2007 Russia to Georgia (2008) before terrestrialinvasion Israel/USA to Iran with Stuxnet USA classified networks from Chinese hackers
  11. 11. 11NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloProfessional Hacking: DDoS, trojan DDoS http://www.youtube.com/watch?v=c9MuuW0HfS
  12. 12. 12NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Trojan13 / 11 / 2012Josep Bardallo
  13. 13. 13NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloProfessional Hacking: Socks bot
  14. 14. 14NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloProfessional Hacking: Spam service
  15. 15. 15NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Botnet13 / 11 / 2012Josep Bardallo
  16. 16. 16NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Zeus Botnet13 / 11 / 2012Josep Bardallo
  17. 17. 17NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Any kind of hacking13 / 11 / 2012Josep Bardallo
  18. 18. 18NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Value of Hacked PC13 / 11 / 2012Josep Bardallo
  19. 19. 19NetworkingServices&infr.//MasterinICTStrategicManagementProfessional Hacking: Top attack method by vertical13 / 11 / 2012Josep Bardallo
  20. 20. 20NetworkingServices&infr.//MasterinICTStrategicManagementLow profile attacks: More easy13 / 11 / 2012Josep Bardallohttp://builtwith.com/  Easy to obtain info from any web
  21. 21. 21NetworkingServices&infr.//MasterinICTStrategicManagementLow profile attacks: More easy. Steps13 / 11 / 2012Josep Bardallohttp://www.t1shopper.com/tools/port-scan//  Easy to open ports
  22. 22. 22NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloData Breachs in 2012 Global Payments (1.5 million records) Yahoo! (450k passwords) Wyndham Hotels (600k credit cards) eHarmony (1.5 millions passwords) Linkedin (6.5 millions passwords) Zappos (24 millions records) Gamigo (3 millions records) Texas Attorney General’s Office (6.6 million recors)Average insurance cost per databreach: $3.7M
  23. 23. 23NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloMalware 31,6 Worldwide PC infected by malware 24% infected by a Trojan (16% in Spain)
  24. 24. 24NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloNew attacks
  25. 25. 25NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloToday Threats
  26. 26. 26NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloDefense technologies ?
  27. 27. 27NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security Defense Technologies
  28. 28. 28NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security Defense Technologies
  29. 29. 29NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security Defense Technologies
  30. 30. 30NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloInternet Security Defense Technologies
  31. 31. 31NetworkingServices&infr.//MasterinICTStrategicManagement13 / 11 / 2012Josep BardalloBibliography http://www.ietf.org/rfc/rfc2828.txt http://tools.ietf.org/html/rfc4949 http://www.itu.int/rec/T-REC-X.800-199103-I/e http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf http://www.ismsforum.es/ficheros/descargas/informe-scsi1348666221.pdf http://www.t1shopper.com/tools/port-scan/ http://builtwith.com/ http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf http://www.businessinsurance.com/article/20121009/NEWS07/121009907?template=smartphoneart http://www.netdiligence.com/files/CyberClaimsStudy-2012sh.pdf http://pandalabs.pandasecurity.com/es/principales-amenazas-para-tu-ordenador-troyanos-infografia/ http://www.cloudtweaks.com/2012/10/cloud-infographic-safeguarding-the-internet/ http://www.akamai.com/html/technology/dataviz1.html https://www.bit9.com/cyber-security/graphic.php http://www.reg8.net/users/0012/expo2011/gartners_hype_cycle_special__215667.pdf

×