• Like
  • Save

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

How secure are your IT systems? (Darrell Burkey, CASE)

  • 300 views
Uploaded on

Presentation at Making Links Conference 2010 in Perth, Western Australia. …

Presentation at Making Links Conference 2010 in Perth, Western Australia.

www.makinglinks.org.au

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
300
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ‘ How Secure Are Your IT Systems’ “ What are the real threats and how to manage them” Darrell Burkey Unix Systems Administrator - GIAC Security Essentials Certification [email_address]
  • 2. “ IT Resources for the Community by the Community” CASE was formed to assist individuals and community organisations in making better use of information technology to accomplish their goals. Today’s discussions will be specific to experiences from the community sector and relate to systems and configurations most commonly used by small to medium non-profit organisations.
  • 3. Limited resources Staff issues Unpatched software Outdated equipment Viruses and malware False authority
  • 4. Define Your Risk Risk = Threat x Vulnerability Defense in Depth No one solution will be effective What they want Anything from random vandalism to obtaining resources and information for use in organised crime
  • 5. Basic Theory The CASE Acid Test Can you put an axe through it and continue to work without loss of data or productivity? How To Pass The Test Establish a robust, fault tolerant server-to-peer network based on ‘best practice’ solutions maintained by qualified technical staff working to your specific needs and goals. Isolate Workstations Proper network design will isolate your workstations from connecting directly to external networks
  • 6. Basic Theory © Medical Networking Solutions LLC
  • 7. Social Engineering A Typical Scam Email Intercepted by Server Warning: This message has had one or more attachments removed Warning: (3YMH6JJY.exe, 3YMH6JJY.zip). Warning: Please read the "tucan_net-Attachment-Warning.txt" attachment(s) for more information. Dear Microsoft Customer, Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus. Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation. Regards, Microsoft Windows Agent #2 (Hollis) Microsoft Windows Computer Safety Division
  • 8. What Works for Us
    • Servers based on open source software maintained by qualified staff have the potential to address the most critical of issues:
    • Reliability
    • Security - firewall, monitoring, reporting
    • Timely technical support
    • Low initial costs
    • Low ongoing costs
    • Services to meet a variety of needs
  • 9. False Authority “ I swear this is true. It happened to my brother. He opened the email and not only did it erase his hard drive but all his house plants died and the food in his refrigerator went off! Make sure you send this message to everyone in your address book to warn all your friends so it doesn’t happen to them.” “ I don’t know anything about IT but here’s what we are going to do because...”
  • 10. Improved Decisions
    • Ask for qualifications
    • Ask for examples of work
    • Ask about membership to professional bodies such as the ACS and SAGE
    • Be aware of possible bias
    • Consider an IT audit
  • 11. Support Your Staff
    • Do you have an Acceptable Use Policy?
    • What training do you provide?
    • How well is your IT documented?
    • Do you have a password policy?
    • Knowledge empowers!
    • Ensure you have appropriate support
  • 12. Questions?