Security meeting 2012 ID Theft

228 views

Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

Security meeting 2012 ID Theft

  1. 1. ID TheftSecurity Meeting
  2. 2. Agenda 1. ID Theft • Introduction • Types • Techniques • Causes 2. Compliance 3. Approach • Service • Features • IT Integration 4. Q & A11/05/2012 Security Meeting May 2012 2
  3. 3. ID Theft Definition (Wikipedia): Identity theft is a form of stealing someones identity in which someone pretends to be someone else by assuming that persons identity, typically in order to access resources or obtain … other benefits in that persons name. AKA: Impersonating - meaning the person whose identity has been assumed by the identity thief.11/05/2012 Security Meeting May 2012 3
  4. 4. Some Types • Finantial • Governamental • Social Network • Child • Smart Phone11/05/2012 Security Meeting May 2012 4
  5. 5. Some Techniques • Stealling o IT Equipment o Credit Cards o (…) • Impersonating • Brute force attack weak passwords • Explore security breaches (browser flaws, malware, spyware) to steal information from computer11/05/2012 Security Meeting May 2012 5
  6. 6. Some Techniques (I) • Hacking systems (servers, networks, databases, firewalls) • Improper privileges to companys employees, resulting in unauthorized access to sensitive data from these privileged users (internal unauthorized access) • (…)11/05/2012 Security Meeting May 2012 6
  7. 7. Some Causes Organizations: • Don’t have an adequate security policy • Fail to preserve computer security • Fail to ensure network security (Firewall Management) • Fail do identify risks (Risk Management) • Relaxed access control policy • (…)11/05/2012 Security Meeting May 2012 7
  8. 8. Risk Management11/05/2012 Security Meeting May 2012 8
  9. 9. Compliance • Help protect business from risk • Increase IT Security • Used as benchmark to protect information • Automating compliance decrease audit time and stress o Keep configurations up- to-date (monitoring) o Detects undesirable changes • (…)11/05/2012 Security Meeting May 2012 9
  10. 10. Compliance11/05/2012 Security Meeting May 2012 10
  11. 11. Approach Traditional • Vendor solution • Go in, implement, customize & go out • Assistance & support Service • Configuration control • Compliance policy management • Change auditing • Real-time analysis of changes • Remediation, Reconciliation • Reporting11/05/2012 Security Meeting May 2012 11
  12. 12. Approach11/05/2012 Security Meeting May 2012 12
  13. 13. Approach Features • Provides compliance policies do manage user Ids o e.g. password strength and complexity checks • Proactive monitor IT security infrastructure (firewalls).11/05/2012 Security Meeting May 2012 13
  14. 14. Approach11/05/2012 Security Meeting May 2012 14
  15. 15. Approach • Continuous compliance o File integrity monitoring by detecting any change to a file or system setting. o Automating the repair of configurations that intentionally or accidentally fall from secure and compliant states • Generate an audit trail that logs the state of physical and virtual infrastructure, along with any actions taken to remediate out-of- compliance infrastructure.11/05/2012 Security Meeting May 2012 15
  16. 16. Approach IT Infrastructure Integration • Supports a variety of IT Technology • OS with agent (HPUX, Solaris, RHEL, Windows) • Direct monitor Databases o Microsoft SQL Server o Oracle Database Server o Sybase Database Server o DB2 Database Server o (…)11/05/2012 Security Meeting May 2012 16
  17. 17. Approach • Direct monitor Directory Servers (Microsoft, Novell, Sun, Generic LDAP…) • Network devices (Cisco, F5 BigIP, HP Procurve, Juniper, Nortel, …) • Supports others devices not listed (Agent less mode - with ssh)11/05/2012 Security Meeting May 2012 17
  18. 18. How we do it11/05/2012 Security Meeting May 2012 18
  19. 19. How we do it11/05/2012 Security Meeting May 2012 19
  20. 20. Q&A Thank You! Luís Martins luis.martins@glintt.com

×