02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

E
eLearning Consortium 電子學習聯盟eLearning Consortium 電子學習聯盟
學校網絡安全漏洞的評估 分享, 管理挑戰及趨勢 香港電訊有限公司 商業客戶業務總處 潘震宇先生 13th Jan, 2020
學校網絡安全漏 洞的評估分享, 管理挑戰及趨勢 Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
Introduction School IT Security Risk Assessment
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support HKT Web Vulnerability Assessment Service Web vulnerability assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering
COMPANY CONFIDENTIAL - HKT Internal use only HKT Web Vulnerability Assessment Service HKT Web Vulnerability Assessment Service is performed by a group of security certified engineers
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights 150+Hours of Scanning By using different Risk Assessment Tools and manual testing/review ~50Websites Internet-facing application of 20 schools 110+ Critical Vulnerabilities
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights Critical 3% High 14% Medium 28% Low 55% 4000+ Vulnerabilities 17% of vulnerabilities are Critical / High Vulnerabilities
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 39% 27% 63% Among the ~50 scanned systems…
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ SCHOOL OPERATON / REPUTATION
10+ years ago Challenges in Security Management IT Support
Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Challenges in Security Management Enterprises need to keep investing in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 20% 40% 60% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-… Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / IntrusionDDoS / Malicious Website Potential Security Threat is everywhere!!
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network ---- Separate Network -- Cloud- Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS ProtectionHKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager- Security Expert - Security Intelligence - Security Management Tools and Practice
• Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
- Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management
Any Questions?
COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support More HKT Enterprise Solution on social media Follow HKT Enterprise Solutions on LinkedIn & Facebook
Thank You
1 of 23

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

Download to read offline
Education

香港電訊有限公司 (HKT) 商業客戶業務總處 高級方案經理 潘震宇先生

E
eLearning Consortium 電子學習聯盟eLearning Consortium 電子學習聯盟

Recommended

08 Transform Endpoint Security with the World’s Most Secure PCs and Printers by
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and PrinterseLearning Consortium 電子學習聯盟
368 views14 slides
Information Security Awareness And Training Business Case For Web Based Solut... by
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Michael Kaishar, MSIA | CISSP
2.6K views8 slides
Executive Information Security Training by
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
1.2K views18 slides
Best Practices for Security Awareness and Training by
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
874 views36 slides
Cybersecurity education catalog sae september 2021 by
Cybersecurity education catalog sae september 2021Cybersecurity education catalog sae september 2021
Cybersecurity education catalog sae september 2021TrustwaveHoldings
1.3K views15 slides
Employee Awareness in Cyber Security - Kloudlearn by
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
145 views22 slides

More Related Content

What's hot

Proactive incident response by
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
2.2K views102 slides
information security awareness course by
information security awareness courseinformation security awareness course
information security awareness courseAbdul Manaf Vellakodath
646 views13 slides
Employee Security Awareness Program by
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness ProgramCommLab India – Rapid eLearning Solutions
7.5K views31 slides
Information security policy by
Information security policyInformation security policy
Information security policyBalachanderThilakar1
79 views4 slides
PACE-IT, Security+3.4: Summary of Wireless Attacks by
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPace IT at Edmonds Community College
733 views15 slides
Cybersecurity Training Seminars, 44 Courses : Tonex Training by
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingBryan Len
624 views58 slides

What's hot(20)

Proactive incident response by Brian Honan
Proactive incident responseProactive incident response
Proactive incident response
Brian Honan2.2K views
information security awareness course by Abdul Manaf Vellakodath
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath646 views
Employee Security Awareness Program by CommLab India – Rapid eLearning Solutions
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions7.5K views
Information security policy by BalachanderThilakar1
Information security policyInformation security policy
Information security policy
BalachanderThilakar179 views
PACE-IT, Security+3.4: Summary of Wireless Attacks by Pace IT at Edmonds Community College
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College733 views
Cybersecurity Training Seminars, 44 Courses : Tonex Training by Bryan Len
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len624 views
5 Step Data Security Plan for Small Businesses by Wilkins Consulting, LLC
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC1K views
IT & Network Security Awareness by The Network Support Company
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company743 views
Cyber Security 4.0 conference 30 November 2016 by InfinIT - Innovationsnetværket for it
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it529 views
IT Security and Risk Mitigation by Mukalele Rogers
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
Mukalele Rogers4.1K views
Security tools by arfan shahzad
Security toolsSecurity tools
Security tools
arfan shahzad1.1K views
Start With A Great Information Security Plan! by Tammy Clark
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark1.3K views
Securing your presence at the perimeter by Ben Rothke
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke752 views
Module0&1 intro-foundations-b by BbAOC
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC704 views
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S... by Robert Straus
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
Robert Straus390 views
Topic11 by Anne Starr
Topic11Topic11
Topic11
Anne Starr76 views
Threat Modelling And Threat Response by Vivek Jindaniya
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
Vivek Jindaniya65 views
Cyber security vs information assurance by Vaughan Olufemi ACIB, AICEN, ANIM
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM2.3K views
Cyber Security 2017 Challenges by Leandro Bennaton
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton20.6K views
D zone-cat-datasheet by Lindsay Carreau
D zone-cat-datasheetD zone-cat-datasheet
D zone-cat-datasheet
Lindsay Carreau17 views

Similar to 02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

Information security presentation by
Information security presentationInformation security presentation
Information security presentationHK IT solutions... unlimited...
1.1K views12 slides
Level3-ATC comSpark.tech Presentation Snapshot by
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation SnapshotAdvanced Technology Consulting (ATC)
1.3K views10 slides
Federal IT Initiatives - BDPA Conference Executive Panel by
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelBDPA Education and Technology Foundation
489 views35 slides
Didiet Cyber Security Consultant Portfolio - English by
Didiet Cyber Security Consultant Portfolio - EnglishDidiet Cyber Security Consultant Portfolio - English
Didiet Cyber Security Consultant Portfolio - EnglishDidiet Kusumadihardja
235 views15 slides
CV by
CVCV
CVTamaa Alneyadi
143 views6 slides

Similar to 02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。(20)

1 - HKT Reporting.pdf by eLearning Consortium 電子學習聯盟
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
eLearning Consortium 電子學習聯盟70 views
Information security presentation by HK IT solutions... unlimited...
Information security presentationInformation security presentation
Information security presentation
HK IT solutions... unlimited...1.1K views
Level3-ATC comSpark.tech Presentation Snapshot by Advanced Technology Consulting (ATC)
Level3-ATC comSpark.tech Presentation SnapshotLevel3-ATC comSpark.tech Presentation Snapshot
Level3-ATC comSpark.tech Presentation Snapshot
Advanced Technology Consulting (ATC)1.3K views
Federal IT Initiatives - BDPA Conference Executive Panel by BDPA Education and Technology Foundation
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
BDPA Education and Technology Foundation489 views
Didiet Cyber Security Consultant Portfolio - English by Didiet Kusumadihardja
Didiet Cyber Security Consultant Portfolio - EnglishDidiet Cyber Security Consultant Portfolio - English
Didiet Cyber Security Consultant Portfolio - English
Didiet Kusumadihardja235 views
CV by Tamaa Alneyadi
CVCV
CV
Tamaa Alneyadi143 views
Smart security solutions for SMBs by Jyothi Satyanathan
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan953 views
The Secure Path to Value in the Cloud by Denny Heaberlin by Cloud Expo
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
Cloud Expo449 views
CyberSecurity Update Slides by Jim Kaplan CIA CFE
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE293 views
Core.co.enterprise.deck.06.16.10 by Core Security Technologies
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
Core Security Technologies279 views
Cisco Managed Security by Srivatsan Desikan
Cisco Managed SecurityCisco Managed Security
Cisco Managed Security
Srivatsan Desikan1.3K views
03 學校網絡安全與防衛 by eLearning Consortium 電子學習聯盟
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
eLearning Consortium 電子學習聯盟380 views
Updated Resume by Robert Boston III Systems Administrator
Updated ResumeUpdated Resume
Updated Resume
Robert Boston III Systems Administrator198 views
NH Bankers 10 08 07 Kamens by kamensm02
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
kamensm02392 views
Pankaj's Resume Information Security Professional by Pankaj Kumar
Pankaj's Resume Information Security ProfessionalPankaj's Resume Information Security Professional
Pankaj's Resume Information Security Professional
Pankaj Kumar101 views
Huwei Cyber Security Presentation by Peter921148
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
Peter92114834 views
Information Security in Schools - Recommended Practice (January 2019) by eLearning Consortium 電子學習聯盟
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
eLearning Consortium 電子學習聯盟184 views
M Kamens Iia Financial Services Presentation At Disney by kamensm02
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
kamensm02349 views
S nandakumar by IPPAI
S nandakumarS nandakumar
S nandakumar
IPPAI208 views
S nandakumar_banglore by IPPAI
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI813 views

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位 by
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位eLearning Consortium 電子學習聯盟
146 views163 slides
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代? by
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?eLearning Consortium 電子學習聯盟
435 views130 slides
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf by
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdfeLearning Consortium 電子學習聯盟
38 views31 slides
1. How Data Analytics Transforming Digital Marketing - Saron Leung by
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron LeungeLearning Consortium 電子學習聯盟
75 views54 slides
HKTVMall: Leading Technology Evolution for eCommerce Industry by
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryeLearning Consortium 電子學習聯盟
664 views47 slides
How Blockchain affecting us - Dr Sin.pdf by
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfeLearning Consortium 電子學習聯盟
222 views51 slides

More from eLearning Consortium 電子學習聯盟(20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位 by eLearning Consortium 電子學習聯盟
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
eLearning Consortium 電子學習聯盟146 views
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代? by eLearning Consortium 電子學習聯盟
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
eLearning Consortium 電子學習聯盟435 views
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf by eLearning Consortium 電子學習聯盟
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
eLearning Consortium 電子學習聯盟38 views
1. How Data Analytics Transforming Digital Marketing - Saron Leung by eLearning Consortium 電子學習聯盟
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
eLearning Consortium 電子學習聯盟75 views
HKTVMall: Leading Technology Evolution for eCommerce Industry by eLearning Consortium 電子學習聯盟
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
eLearning Consortium 電子學習聯盟664 views
How Blockchain affecting us - Dr Sin.pdf by eLearning Consortium 電子學習聯盟
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
eLearning Consortium 電子學習聯盟222 views
5-Hot-Chain Bento.pdf by eLearning Consortium 電子學習聯盟
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
eLearning Consortium 電子學習聯盟83 views
4-Herbal ID.pdf by eLearning Consortium 電子學習聯盟
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
eLearning Consortium 電子學習聯盟51 views
3-VisualSonic.pdf by eLearning Consortium 電子學習聯盟
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
eLearning Consortium 電子學習聯盟58 views
2-kNOw Touch.pdf by eLearning Consortium 電子學習聯盟
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
eLearning Consortium 電子學習聯盟58 views
1-C-POLAR Air Filter.pdf by eLearning Consortium 電子學習聯盟
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
eLearning Consortium 電子學習聯盟158 views
3 - Interaction between Cyber Security and School IT Policy .pdf by eLearning Consortium 電子學習聯盟
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
eLearning Consortium 電子學習聯盟87 views
2 - ELC學校網絡安全與防護.pdf by eLearning Consortium 電子學習聯盟
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
eLearning Consortium 電子學習聯盟81 views
07 2020 網絡安全趨勢和安全小貼士 by eLearning Consortium 電子學習聯盟
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
eLearning Consortium 電子學習聯盟403 views
06 網絡安全挑戰與防衛 by eLearning Consortium 電子學習聯盟
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
eLearning Consortium 電子學習聯盟370 views
04 提升網絡安全 - 為電子學習打造先決條件 by eLearning Consortium 電子學習聯盟
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
eLearning Consortium 電子學習聯盟378 views
Experience Sharing on School Pentest Project (Updated) by eLearning Consortium 電子學習聯盟
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟476 views
Security Incident Handling for Schools by eLearning Consortium 電子學習聯盟
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟302 views
高可寧的保安安排 by eLearning Consortium 電子學習聯盟
高可寧的保安安排高可寧的保安安排
高可寧的保安安排
eLearning Consortium 電子學習聯盟199 views
Experience Sharing on School Pentest Project by eLearning Consortium 電子學習聯盟
Experience Sharing on School Pentest ProjectExperience Sharing on School Pentest Project
Experience Sharing on School Pentest Project
eLearning Consortium 電子學習聯盟202 views

Recently uploaded

Pharmaceutical Analysis PPT (BP 102T) by
Pharmaceutical Analysis PPT (BP 102T) Pharmaceutical Analysis PPT (BP 102T)
Pharmaceutical Analysis PPT (BP 102T) yakshpharmacy009
116 views29 slides
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE... by
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...Nguyen Thanh Tu Collection
100 views91 slides
MercerJesse3.0.pdf by
MercerJesse3.0.pdfMercerJesse3.0.pdf
MercerJesse3.0.pdfjessemercerail
163 views6 slides
Gross Anatomy of the Liver by
Gross Anatomy of the LiverGross Anatomy of the Liver
Gross Anatomy of the Liverobaje godwin sunday
89 views12 slides
Guess Papers ADC 1, Karachi University by
Guess Papers ADC 1, Karachi UniversityGuess Papers ADC 1, Karachi University
Guess Papers ADC 1, Karachi UniversityKhalid Aziz
105 views17 slides
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023 by
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023A Guide to Applying for the Wells Mountain Initiative Scholarship 2023
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023Excellence Foundation for South Sudan
87 views26 slides

Recently uploaded(20)

Pharmaceutical Analysis PPT (BP 102T) by yakshpharmacy009
Pharmaceutical Analysis PPT (BP 102T) Pharmaceutical Analysis PPT (BP 102T)
Pharmaceutical Analysis PPT (BP 102T)
yakshpharmacy009116 views
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE... by Nguyen Thanh Tu Collection
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
Nguyen Thanh Tu Collection100 views
MercerJesse3.0.pdf by jessemercerail
MercerJesse3.0.pdfMercerJesse3.0.pdf
MercerJesse3.0.pdf
jessemercerail163 views
Gross Anatomy of the Liver by obaje godwin sunday
Gross Anatomy of the LiverGross Anatomy of the Liver
Gross Anatomy of the Liver
obaje godwin sunday89 views
Guess Papers ADC 1, Karachi University by Khalid Aziz
Guess Papers ADC 1, Karachi UniversityGuess Papers ADC 1, Karachi University
Guess Papers ADC 1, Karachi University
Khalid Aziz105 views
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023 by Excellence Foundation for South Sudan
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023A Guide to Applying for the Wells Mountain Initiative Scholarship 2023
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023
Excellence Foundation for South Sudan87 views
Interaction of microorganisms with vascular plants.pptx by MicrobiologyMicro
Interaction of microorganisms with vascular plants.pptxInteraction of microorganisms with vascular plants.pptx
Interaction of microorganisms with vascular plants.pptx
MicrobiologyMicro58 views
Ask The Expert! Nonprofit Website Tools, Tips, and Technology.pdf by TechSoup
Ask The Expert! Nonprofit Website Tools, Tips, and Technology.pdf Ask The Expert! Nonprofit Website Tools, Tips, and Technology.pdf
Ask The Expert! Nonprofit Website Tools, Tips, and Technology.pdf
TechSoup 62 views
unidad 3.pdf by MarcosRodriguezUcedo
unidad 3.pdfunidad 3.pdf
unidad 3.pdf
MarcosRodriguezUcedo138 views
Meet the Bible by Steve Thomason
Meet the BibleMeet the Bible
Meet the Bible
Steve Thomason81 views
Education of marginalized and socially disadvantages segments.pptx by GarimaBhati5
Education of marginalized and socially disadvantages segments.pptxEducation of marginalized and socially disadvantages segments.pptx
Education of marginalized and socially disadvantages segments.pptx
GarimaBhati547 views
Thanksgiving!.pdf by EnglishCEIPdeSigeiro
Thanksgiving!.pdfThanksgiving!.pdf
Thanksgiving!.pdf
EnglishCEIPdeSigeiro568 views
Creative Restart 2023: Atila Martins - Craft: A Necessity, Not a Choice by Taste
Creative Restart 2023: Atila Martins - Craft: A Necessity, Not a ChoiceCreative Restart 2023: Atila Martins - Craft: A Necessity, Not a Choice
Creative Restart 2023: Atila Martins - Craft: A Necessity, Not a Choice
Taste52 views
Java Simplified: Understanding Programming Basics by Akshaj Vadakkath Joshy
Java Simplified: Understanding Programming BasicsJava Simplified: Understanding Programming Basics
Java Simplified: Understanding Programming Basics
Akshaj Vadakkath Joshy663 views
EILO EXCURSION PROGRAMME 2023 by info33492
EILO EXCURSION PROGRAMME 2023EILO EXCURSION PROGRAMME 2023
EILO EXCURSION PROGRAMME 2023
info33492208 views
Nelson_RecordStore.pdf by BrynNelson5
Nelson_RecordStore.pdfNelson_RecordStore.pdf
Nelson_RecordStore.pdf
BrynNelson550 views
ANGULARJS.pdf by ArthyR3
ANGULARJS.pdfANGULARJS.pdf
ANGULARJS.pdf
ArthyR352 views
Six Sigma Concept by Sahil Srivastava.pptx by Sahil Srivastava
Six Sigma Concept by Sahil Srivastava.pptxSix Sigma Concept by Sahil Srivastava.pptx
Six Sigma Concept by Sahil Srivastava.pptx
Sahil Srivastava51 views
12.5.23 Poverty and Precarity.pptx by mary850239
12.5.23 Poverty and Precarity.pptx12.5.23 Poverty and Precarity.pptx
12.5.23 Poverty and Precarity.pptx
mary850239514 views
JRN 362 - Lecture Twenty-Two by Rich Hanley
JRN 362 - Lecture Twenty-TwoJRN 362 - Lecture Twenty-Two
JRN 362 - Lecture Twenty-Two
Rich Hanley39 views

02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。

  • 2. 學校網絡安全漏 洞的評估分享, 管理挑戰及趨勢 Agenda 1. Introduction 2. Assessment Result Sharing and Insight 3. Challenges in Security Management 4. Trends in Security Management 5. Q &A
  • 4. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support HKT Web Vulnerability Assessment Service Web vulnerability assessment lifecycle Vulnerability Analysis Manual Review Report and Recommendations Information Gathering
  • 5. COMPANY CONFIDENTIAL - HKT Internal use only HKT Web Vulnerability Assessment Service HKT Web Vulnerability Assessment Service is performed by a group of security certified engineers
  • 6. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights 150+Hours of Scanning By using different Risk Assessment Tools and manual testing/review ~50Websites Internet-facing application of 20 schools 110+ Critical Vulnerabilities
  • 7. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Result Highlights Critical 3% High 14% Medium 28% Low 55% 4000+ Vulnerabilities 17% of vulnerabilities are Critical / High Vulnerabilities
  • 8. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Top Security Impact Vulnerabilities Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - SSL/TLS version - OS version - PHP version - Apache version …etc 39% 27% 63% Among the ~50 scanned systems…
  • 9. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Security Risk Impact Code (SQL) Injection Cross-site Scripting (XSS) Using Outdated Components with Known Vulnerabilities - Data Leakage / Loss - Content Defacement - Malicious code injection - Malware / Ransomware Infection - Black Listing ➔ SCHOOL OPERATON / REPUTATION
  • 10. 10+ years ago Challenges in Security Management IT Support
  • 11. Nowadays IT Support More User Touch Point More System More Data (More Security Risk) Challenges in Security Management
  • 12. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Challenges in Security Management Enterprises need to keep investing in Cyber Security Success factors that can strengthen your organization’s cybersecurity posture in the next three years 0% 20% 40% 60% Improvement in technologies Improvement in staffing Increase in funding Cyber intelligence improvements Improvement in threat sharing Reduction in the compliance burden Ability to minimize employee-… Reduction in complexity Increase in C-level support Cybersecurity leadership Other Complexity Recruitment $$ Ponemon Institute Research Report, 2018
  • 13. Trends in Security Management How to Survive in the challenging Security Management? You CANNOT do it all by yourself, find a TRUSTED PARTNER for Security Management
  • 14. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access VIRUS / MALWARE INTRUSION RANSOMWARE / Email SPAM / Email Spoofing DoS / IntrusionDDoS / Malicious Website Potential Security Threat is everywhere!!
  • 15. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access -- Separate Network -- -- Separate Network ---- Separate Network -- Cloud- Based Firewall / Web Filtering UTM Firewall Email Security / Application Server EDR NGAV Multi-Dimension Security Protection
  • 16. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support “Security-Centric”- Security Management Everywhere ISP Internet Service Provider Perimeter Core Networking End Point Devices/BYOD School Devices School Wi-Fi service School core network School Firewall BYOD Devices Service Gateways User Remote Access DDoS / Malicious Website 1. Centralized Security Log collection and monitoring 2. Automation of security alert and incident recording 3. Remote support for incident recording and assist Security Management Comprehensive Managed Security Service
  • 17. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support Key components on Security Management People Technology Process Secure Connectivity DDoS ProtectionHKT Internet Platform HKT Private Network Network Security System Security Endpoint Protection Application Control Secure On-Premises Solution HKT School HelpDesk / Security Operation Center
  • 18. Security Operation Center Tier 1 Tier 2 Tier 3 SOC Manager- Security Expert - Security Intelligence - Security Management Tools and Practice
  • 19. • Occurred on 12-May-2017 (Friday night) • Take action to disable related firewall TCP ports (139 & 445) in ALL school wifi circuits • Completed all school wifi circuits (400+) on 15-May-2017 (Monday) • Informed schools that HKT already take action to block the TCP ports via Phone & Email • Prepare user guide / preventive actions and sent to schools for them to take action on school’s ITED network School Helpdesk
  • 20. - Security Risk will keep EVOLVING Key Takeaways - PERIODIC Security Risk Assessment is important - You CANNOT do it all by yourself - Find a TRUTSED PARTNER for security management
  • 22. COMPANY CONFIDENTIAL - HKT Internal use only Ongoing Support More HKT Enterprise Solution on social media Follow HKT Enterprise Solutions on LinkedIn & Facebook