Welcome the audience and thank them for coming. Introduce self. Briefly overview what the presentation is about (“How big a problem is Internet security for your business and what you can do about it.”) GENERAL NOTES: Text in double quotes (“text”) are suggested wordings for delivering the information on the slide. Text in square brackets ([text]) are stage directions and not meant to be repeated aloud.
Before starting the introduction – get to know your audience by asking the following questions: Size How many have 1-5 employees? How many have 6-10 employees? How many have 10-20 employees? Greater than 20 employees? No employees? Size of computer network? How many of you have computers connected on a network? Have a file server and/or an email server? How many of you have a wireless network? A virtual private network? How many of you either work remotely or have employees who work remotely, and exchange files with onsite employees? What did you come here to learn about today – any specific concerns that we should address as we go through the presentation? Deirdre – will write down the list as you go….
“ Raise your hands if you had an e-mail address in 1995.” “ Now, keep your hands raised if you had web access in 1995.” “ Now, keep your hands raised if you had a business website in 1995.” [Comment on how few hands are up.] [Continue by reading off the figures for current email addresses, web use, and business websites.] “ The Internet has changed business dynamics forever .”
“ I don’t have to tell you that computer security Risks are on the rise, but here are some ways that you might not have known can lead to security problems.” [read down list] “ With all these risks, the security of your business is up to YOU.”
(Hesham – all this content is from the report including the reasons why these assaults are so costly.) Since August 2003, 4 of the top 5 most financially damaging assaults have occurred. Why? Continual sophistication of malicious code Use of blended attack methods Volume of new attacks increasing Organizations lack of security
“ One important thing to understand is that there are many different kinds of Risks out there. Let’s break these Riskss into three categories: Malicious code, Hackers, and Time wasters. We’ll define each of these some more.” [read list]
“Malicious code can take one of three forms, a virus, a worm or a Trojan horse” [Read definitions for each] Sharing Experience from the audience
“We all know about hackers from the news media. Here are some of the things they can do to a business.” [read list and definitions] Sharing Experience from the audience
“Finally, there are time wasters. These may seem trivial, but we’ll discuss in a moment why you should guard against these just as you would malicious code or hackers.” [read list and definitions] Sharing Experience from the audience
This graph shows (a) the evolution of computer virus/worm threats with respect to their speed of replication (blue line) and (b) the evolution of antivirus technology with respect to the speed of response (red line). The horizontal axis is measured in years, from 1990 to 2005. The vertical axis actually shows two different sets of times (both have the same time scale as indicated on the left-axis). The left vertical axis (blue text), shows how long it takes for a malicious code to reach “contagion” status, where it has infected a critical number of the vulnerable machines. The right vertical axis shows how long it takes to provide a signature for a malicious threat. CLICK : You can see how malicious code has evolved from slow-spreading program viruses to ultra-fast spreading flash worms. The point at which the curve drops sharply, between network worms and flash worms, is the inflection point where these threats can no longer be adequately prevented with traditional security technology.
Here was have some statistics showing how the rate of spread of computer worms has grown. The high-profile Code Red threat, released in mid-2001, doubled its infection rate every 37 minutes. Less than two years later, the Slammer worm, released in January of 2003, doubled its infection rate every 8.5 seconds! At this rate, Slammer was able to infect 90% of unprotected servers across the Internet in just 10 minutes. Many of the fastest-spreading threats exploit known vulnerabilities or “holes” in the operating system which have been publicly announced. The time between the announcement of a known vulnerability and the release of a threat targeting that vulnerability is also diminishing. During the summer of 2003, the Blaster threat was released just 27 days after the associated vulnerability was announced, the shortest such time period ever. As this time period shrinks in the future, industry’s ability to respond will be increasingly difficult. Finally, the recent MyDoom worm infected email systems across the world – at its peak, 1 out of every 12 emails on the Internet carried MyDoom. Clearly, the newest threats are spreading orders of magnitude too fast for any response-based security mechanism to stop. And the threats of the future could make even Slammer seem slow by comparison. We need to find fundamentally new ways to stop the bullet. Code Red, Slammer references:http://news.com.com/2009-1001-983540.html Blaster reference: Symantec Internet Security Threat Report MyDoom reference: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci946423,00.html
“Now let’s talk about some simple, effective measures that you can take right now. We’ll start with some security software ideas.” “We’ve talked about antivirus software. But have you put it on all of your computers? Even one unprotected computer can cause problems. Have you checked for new virus definitions--these are profiles of new and evolving viruses--lately? You should do it daily or have the automatic update setting on. You should also scan the system weekly.” “As we mentioned previously, firewall software should go up not only on your router, but also on each desktop, laptop, and server. You may also want to think about a firewall hardware or “appliance”: some firewall appliances also contain other helpful security features, such as VPN or intrusion detection.” “Keep an eye out for security updates for software that you have installed. You need to install patches and fixes ASAP. Also use the latest operating systems for all of your equipment. The latest systems tend to get the most updates and are usually the most virus-resistant to begin with.” “In addition to addressing software, you should be thinking about how you handle computer security.” “You should use strong passwords for password-protected data. By strong passwords, I mean passwords with at least eight characters including letters, numbers, and symbols like the dollar sign or percent symbol.” “Also, be careful when you open your e-mail If you use Microsoft Outlook, Outlook Express or some other programs, you should disable the preview pane that shows you what’s in the e-mail before you open it.” “Before you open an attachment, even if it’s from a known source, think about it. Does the attachment have a strange extension, those three letters AFTER the period? Don’t open it, ESPECIALLY if the extension is EXE. This is an application. Unless you know EXACTLY what this application does, it could cause a lot of problems.” “Don’t open junk mail. This is a common method of intrusion.” “If you open an unsolicited email and it offers you a link to unsubscribe, DON’T. That’s often a trick that hackers use to determine if they’ve reached a valid e-mail address.” “Some of you may have heard recent news reports about phishing. This is when a hacker poses as a legitimate company, such as your bank. They ask you for personal information such as your social security number. If you get a request for personal information from a legitimate company, we encourage you to call them and see if they sent the message.”
“Some more security practices.” “Be careful when you surf. Enable the security settings in your browser. In Microsoft Internet Explorer, there’s an item labeled ‘Internet Options’ on the ‘Tools’ menu. Set your browser to a high security setting.” “Don’t give up personal information to a website unless you see that the site is encrypted. Look for a small padlock or key icon in the browser’s toolbar.” “Don’t click on pop-up ads.” “Make sure you back up your data. For really critical data, back it up daily, whether to a CD-ROM or DVD-ROM or some kind of tape system.” “Lastly, back up other data on a regular basis so that if trouble happens, you’ll be able to keep on going with a minimum of disruption.” “As we said, remote and wireless connections are especially vulnerable. Here are some things you can do to minimize risk.” “For people who connect to the office network from the outside, require the use of VPN, a Virtual Private Network. With a VPN, hackers can’t exploit a hole in network.” “Your remote users should be using antivirus software and personal firewall software on their machines as well. You might want to require that they have these set up before you grant them remote access.” “You can also use a VPN to secure the connection between the wireless and wired network.” “That wired router may require a firewall of its own.” “For encryption, enable the wireless security protocol. WPA is currently the security standard and we recommend using it. The old standard, WEP, is not nearly as secure. Try to use WPA.” “Again, wireless access should require a strong password.” “One thing that certainly hasn’t changed with the times is good, old-fashioned theft. People can still walk off with equipment if it isn’t bolted down, so make sure that you secure portable electronics with cable locks and don’t leave them unattended.” “Most operating systems give you the option of locking the screen when you walk away and requiring a password to get back in. We recommend using that feature.” “Keep track of who has keys or access to equipment.” “Remember those back-ups we suggested you make? Keep ‘em offsite in a secure location.” “Lastly, a burglar alarm for your business is often a good idea.”
We’ve reached an inflection point where the latest threats now spread orders of magnitude faster than our ability to respond with traditional technology
months days hrs mins secs Contagion Period 1990 Time 2005 Program Viruses Macro Viruses E-mail Worms Network Worms Flash Worms Contagion Period
Threat Sophistication Code Red doubled its infection rate every 37 minutes. Slammer doubled every 8.5 seconds, and infected 90% of unprotected servers in 10 minutes! At its peak, 1 out of every 12 emails was infected with MyDoom! Blaster razed networks just 27 days after the vulnerability was publicly disclosed!
Understanding Your Vulnerabilities Internet Gateway
Understanding Your Vulnerabilities File Server / Mail Server
How to calculate the cost of a virus infecting your network and damaging your information
List the number employees in your business
Calculate an average hourly compensation per employee
Think about what files and work might need to be re-created after a loss: customer database, client reports, project files, and schedules, contracts, etc.
Estimate the amount of time required to re-create lost databases, financial files, and other work per employee
Multiply the time required by the number of employees affected by the average hourly compensation
This is the cost of one virus damaging desktop files one time only – It doesn’t include the cost to have your software or hardware professionally repaired or replaced.
Calculating the Impact on Your Business $10,500 Annual Cost to Business ($875/person x 12 = $10,500 ) $875 Annual Cost to Business / Worker ( 35 hours x $25/hr = $875 ) 35 hours Total Annual Hours / Person ( 20 + 15 = 35 ) 15 hours Viruses: Annual Downtime / Person 20 hours Spam: Minutes Each Day / Person: 5 Hours Each Year / Person: 5 x 4 = 20 $25.00/hour Average Hourly Wage 12 Number of Employees