• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security meeting 2012   ID Theft
 

Security meeting 2012 ID Theft

on

  • 133 views

 

Statistics

Views

Total Views
133
Views on SlideShare
133
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security meeting 2012   ID Theft Security meeting 2012 ID Theft Presentation Transcript

    • ID TheftSecurity Meeting
    • Agenda 1. ID Theft • Introduction • Types • Techniques • Causes 2. Compliance 3. Approach • Service • Features • IT Integration 4. Q & A11/05/2012 Security Meeting May 2012 2
    • ID Theft Definition (Wikipedia): Identity theft is a form of stealing someones identity in which someone pretends to be someone else by assuming that persons identity, typically in order to access resources or obtain … other benefits in that persons name. AKA: Impersonating - meaning the person whose identity has been assumed by the identity thief.11/05/2012 Security Meeting May 2012 3
    • Some Types • Finantial • Governamental • Social Network • Child • Smart Phone11/05/2012 Security Meeting May 2012 4
    • Some Techniques • Stealling o IT Equipment o Credit Cards o (…) • Impersonating • Brute force attack weak passwords • Explore security breaches (browser flaws, malware, spyware) to steal information from computer11/05/2012 Security Meeting May 2012 5
    • Some Techniques (I) • Hacking systems (servers, networks, databases, firewalls) • Improper privileges to companys employees, resulting in unauthorized access to sensitive data from these privileged users (internal unauthorized access) • (…)11/05/2012 Security Meeting May 2012 6
    • Some Causes Organizations: • Don’t have an adequate security policy • Fail to preserve computer security • Fail to ensure network security (Firewall Management) • Fail do identify risks (Risk Management) • Relaxed access control policy • (…)11/05/2012 Security Meeting May 2012 7
    • Risk Management11/05/2012 Security Meeting May 2012 8
    • Compliance • Help protect business from risk • Increase IT Security • Used as benchmark to protect information • Automating compliance decrease audit time and stress o Keep configurations up- to-date (monitoring) o Detects undesirable changes • (…)11/05/2012 Security Meeting May 2012 9
    • Compliance11/05/2012 Security Meeting May 2012 10
    • Approach Traditional • Vendor solution • Go in, implement, customize & go out • Assistance & support Service • Configuration control • Compliance policy management • Change auditing • Real-time analysis of changes • Remediation, Reconciliation • Reporting11/05/2012 Security Meeting May 2012 11
    • Approach11/05/2012 Security Meeting May 2012 12
    • Approach Features • Provides compliance policies do manage user Ids o e.g. password strength and complexity checks • Proactive monitor IT security infrastructure (firewalls).11/05/2012 Security Meeting May 2012 13
    • Approach11/05/2012 Security Meeting May 2012 14
    • Approach • Continuous compliance o File integrity monitoring by detecting any change to a file or system setting. o Automating the repair of configurations that intentionally or accidentally fall from secure and compliant states • Generate an audit trail that logs the state of physical and virtual infrastructure, along with any actions taken to remediate out-of- compliance infrastructure.11/05/2012 Security Meeting May 2012 15
    • Approach IT Infrastructure Integration • Supports a variety of IT Technology • OS with agent (HPUX, Solaris, RHEL, Windows) • Direct monitor Databases o Microsoft SQL Server o Oracle Database Server o Sybase Database Server o DB2 Database Server o (…)11/05/2012 Security Meeting May 2012 16
    • Approach • Direct monitor Directory Servers (Microsoft, Novell, Sun, Generic LDAP…) • Network devices (Cisco, F5 BigIP, HP Procurve, Juniper, Nortel, …) • Supports others devices not listed (Agent less mode - with ssh)11/05/2012 Security Meeting May 2012 17
    • How we do it11/05/2012 Security Meeting May 2012 18
    • How we do it11/05/2012 Security Meeting May 2012 19
    • Q&A Thank You! Luís Martins luis.martins@glintt.com