Security meeting 2012   ID Theft
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security meeting 2012 ID Theft

on

  • 170 views

 

Statistics

Views

Total Views
170
Views on SlideShare
170
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security meeting 2012 ID Theft Presentation Transcript

  • 1. ID TheftSecurity Meeting
  • 2. Agenda 1. ID Theft • Introduction • Types • Techniques • Causes 2. Compliance 3. Approach • Service • Features • IT Integration 4. Q & A11/05/2012 Security Meeting May 2012 2
  • 3. ID Theft Definition (Wikipedia): Identity theft is a form of stealing someones identity in which someone pretends to be someone else by assuming that persons identity, typically in order to access resources or obtain … other benefits in that persons name. AKA: Impersonating - meaning the person whose identity has been assumed by the identity thief.11/05/2012 Security Meeting May 2012 3
  • 4. Some Types • Finantial • Governamental • Social Network • Child • Smart Phone11/05/2012 Security Meeting May 2012 4
  • 5. Some Techniques • Stealling o IT Equipment o Credit Cards o (…) • Impersonating • Brute force attack weak passwords • Explore security breaches (browser flaws, malware, spyware) to steal information from computer11/05/2012 Security Meeting May 2012 5
  • 6. Some Techniques (I) • Hacking systems (servers, networks, databases, firewalls) • Improper privileges to companys employees, resulting in unauthorized access to sensitive data from these privileged users (internal unauthorized access) • (…)11/05/2012 Security Meeting May 2012 6
  • 7. Some Causes Organizations: • Don’t have an adequate security policy • Fail to preserve computer security • Fail to ensure network security (Firewall Management) • Fail do identify risks (Risk Management) • Relaxed access control policy • (…)11/05/2012 Security Meeting May 2012 7
  • 8. Risk Management11/05/2012 Security Meeting May 2012 8
  • 9. Compliance • Help protect business from risk • Increase IT Security • Used as benchmark to protect information • Automating compliance decrease audit time and stress o Keep configurations up- to-date (monitoring) o Detects undesirable changes • (…)11/05/2012 Security Meeting May 2012 9
  • 10. Compliance11/05/2012 Security Meeting May 2012 10
  • 11. Approach Traditional • Vendor solution • Go in, implement, customize & go out • Assistance & support Service • Configuration control • Compliance policy management • Change auditing • Real-time analysis of changes • Remediation, Reconciliation • Reporting11/05/2012 Security Meeting May 2012 11
  • 12. Approach11/05/2012 Security Meeting May 2012 12
  • 13. Approach Features • Provides compliance policies do manage user Ids o e.g. password strength and complexity checks • Proactive monitor IT security infrastructure (firewalls).11/05/2012 Security Meeting May 2012 13
  • 14. Approach11/05/2012 Security Meeting May 2012 14
  • 15. Approach • Continuous compliance o File integrity monitoring by detecting any change to a file or system setting. o Automating the repair of configurations that intentionally or accidentally fall from secure and compliant states • Generate an audit trail that logs the state of physical and virtual infrastructure, along with any actions taken to remediate out-of- compliance infrastructure.11/05/2012 Security Meeting May 2012 15
  • 16. Approach IT Infrastructure Integration • Supports a variety of IT Technology • OS with agent (HPUX, Solaris, RHEL, Windows) • Direct monitor Databases o Microsoft SQL Server o Oracle Database Server o Sybase Database Server o DB2 Database Server o (…)11/05/2012 Security Meeting May 2012 16
  • 17. Approach • Direct monitor Directory Servers (Microsoft, Novell, Sun, Generic LDAP…) • Network devices (Cisco, F5 BigIP, HP Procurve, Juniper, Nortel, …) • Supports others devices not listed (Agent less mode - with ssh)11/05/2012 Security Meeting May 2012 17
  • 18. How we do it11/05/2012 Security Meeting May 2012 18
  • 19. How we do it11/05/2012 Security Meeting May 2012 19
  • 20. Q&A Thank You! Luís Martins luis.martins@glintt.com