The state of being protected against the unauthorized use of information, especially electronic data, or the measures are taken to achieve this.
"the growing use of mobile applications is posing a risk to information security"
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Malware attacks and data thefts are on the rise as evident from the recent news headlines. The mere use of antivirus software wouldn’t serve the purpose. The reason being, antivirus programs block attacks by using patterns or signatures to identify malicious software code. This signature-based detection was successful when the threats were lesser and spread over a good time frame.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
This presentation is intended to increase awareness of Extension Agents to the threats of scams and malware on the Internet. In addition it covers some ways to stay protected from such threats.
A presentation made during the international Youth Exchange called Digital Danger and financed Erasmus+ Programme through Dům zahraniční spolupráce and the European Union
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
Cyberattacks against small and midsize organizations have increased from 11 percent to 15 percent in 2020, according to an Avast survey. Nonprofits are no exception to this alarming trend, which results in lost productivity, damaged reputations, and serious financial implications. Whether you’re a one-person IT team or a nontechnical concerned stakeholder, this webinar will help you
- Protect your organization from common malware attacks
- Set up a strong cybersecurity strategy for your organization
- Identify solutions to help minimize cyberattack risks
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
2. Protecting Your PC, Privacy and Self
“The minute you dial in to your Internet service provider or
connect to a DSL or cable modem, you are casting your
computer adrift in a sea of millions of other computers – all
of which are sharing the world's largest computer network,
the Internet. Most of those computers are cooperative and
well behaved, but some are downright nasty. Only you can
make sure your computer is ready for the experience.”
Daniel Appleman, Always Use Protection, A Teen's Guide to
Safe Computing, (2004 – Apress)
3. Purpose of This Discussion
Provide an overview of:
– What information security is
– The challenges to InfoSec
– The latest trends
– Best practices to help protect your digital
assets
– The need for Information Security
professionals
– CyberWATCH
4. What Is Information Security?
Process by which digital information assets are
protected
Topic areas: Policies and procedures,
authentication, attacks, remote access, E-mail,
Web, wireless, devices, media/medium, secure
architectures, IDSes/IPSes, operating systems,
secure code, Cryptography, physical security,
digital media analysis…
5. Understanding the Importance of
Information Security
Prevents data theft
Avoids legal consequences of not securing
information
Maintains productivity
Foils cyberterrorism
Thwarts identity theft
6. Challenges
A number of trends illustrate why security is
becoming increasingly difficult:
– Speed of attacks
– Sophistication of attacks
– Faster detection of weaknesses
– Distributed attacks
– Difficulties of patching
7. Latest Trends
Identity theft
Malware
Patch Management failures
Distributed Denial of Service
8. Latest Trends - Identity Theft
Crime of the 21st
century
Involves using someone’s personal information, such as
social security numbers, to establish bank or credit card
accounts that are then left unpaid, leaving the victim with
the debts and ruining their credit rating
National, state, and local legislation continues to be
enacted to deal with this growing problem:
– The Fair and Accurate Credit Transactions Act of
2003 is a federal law that addresses identity theft
9. Latest Trends - Identity Theft - continued
Phishing is a method used by identity thieves to
obtain financial information from a computer user
The word “phishing” was made up by hackers as a
cute word to use for the concept of fishing for
information
One of the most lucrative forms of spamming
Often used in conjunction with spoofed Web sites
10. Latest Trends - Identity Theft - continued
According to the Identity Theft Resource Center, a
victim of identity theft spends an average of more
than 600 hours and $1,400 of out-of-pocket
expenses restoring their credit by contacting credit
bureaus, canceling credit cards, and negotiating
with creditors
11. Latest Trends - Malicious Software
(Malware)
Designed to operate without the computer user’s
permission
May change or destroy data
May operate hardware without authorization
Can hijack your Web browser
Might steal information or otherwise aggravate a
computer user or organization
12. Malware: 2006 at a Glance
1 in 91 E-mails is viral (2006); down from 1 in 44
(2005)
New Trojans outweigh Windows viruses & worms
4:1
13. Top 10 Malware Threats in 2006 –
January-June
1. *W32/Sober-Z: 22.4% (at its peak accounted for 1 in every 13
emails)
2. W32/Netsky-P: 12.2% (hardest hitting virus in 2004)
3. W32/Zafi-B: 8.9%
4. *W32/Nyxem-D: 5.9%
5. W32/Mytob-FO: 3.3%
6. W32/Netsky-D: 2.4%
7. W32/Mytob-BE: 2.3%
8. W32/Mytob-EX: 2.2%
9. W32/Mytob-AS: 2.2%
10. W32/Bagle-Zip: 1.9%
11. Others: 36.3%
*Worms
15. Malware Trends - Spyware
Advertisement-focused applications that, much like
computer worms, install themselves on systems with
little or no user interaction
While such an application may be legal, it is usually
installed without the user’s knowledge or informed
consent
A user in an organization could download and install a
useful (often “free”) application from the Internet and in
doing so, unwittingly install a spyware component
16. Malware Trends – Spyware - continued
Apart from privacy concerns, the greatest issue
presented by spyware is its use of your computer’s
resources and bandwidth
This translates into lost work as you wait for your
computer to finish a task, lost time as you slowly
browse the Internet, and can even necessitate a call for
service by a technician
The time and money lost while eradicating spyware
often exceeds all other forms of malware and spam
combined
17. Malware Trends - Keyloggers
Used to capture user’s keystrokes:
– AKA Key stoke Logging
Hardware and software-based
Useful purposes:
– Help determine sources of errors on system
– Measure employee productivity on certain
clerical tasks
18. Malware Trends - Rootkits
Is a set of software tools intended to conceal running
processes, files or system data, thereby helping an intruder
to maintain access to a system while avoiding detection
Often modify parts of the operating system or install
themselves as drivers or kernel modules
Are known to exist for a variety of operating systems
Are difficult to detect
19. Malware Trends - Mobile Malware
Increase in the number of mobile phone viruses
being written
Insignificant compared to the much larger number
of viruses being written which target Windows
desktop computers
20. Malware Trends - Combined Attack
Mechanisms
Speed at which malware can spread combined w/a
lethal payload
SPAM with spoofed Web sites
Trojans installing bot software
Trojans installing backdoors
21. Latest Trends - Patch Management
Failures
Shift towards patching versus testing
In the next few years, it is estimated that 90% of
cyber attacks will continue to exploit known
security flaws for which a fix is available or a
preventive measure known
22. Latest Trends - Patch Management
Failures - continued
Why? Doesn’t scale well and isn’t cost-effective:
– A survey by the Yankee Group found that the
average annual cost of patching ranges from
$189-$254 per patch for each computer
– The cost is primarily a result of lost productivity
while the patch is applied and for technician
installation costs. Patching costs in large
organizations can exceed $50 million per year
23. Latest Trends - SPAM
January 24, 2004 - Bill Gates predicted that spam
would be “a thing of the past” within two years –
the threat remains alive
No end in sight:
– According to Ferris Research, by 2007, the
percentage of spam E-mails will increase to 70%
of the total E-mail messages sent
24. Latest Trends - Vulnerability Exploitation
Operating system attacks still in vogue:
– Vista
– Mac OS X
Increase in attacks taking advantage of security
holes in other products:
– Desktop tools
– Alternative Web browsers
– Media applications
– Microsoft Office applications
25. Latest Trends - Ransomware
Type of malware that encrypts the victim’s data,
demanding ransom for its restoration
Crypto virology predates ransomware
26. Latest Trends - Distributed Denial of
Service (DDoS)
Use hundreds of infected hosts on the Internet to
attack the victim by flooding its link to the Internet
or depriving it of resources
A PC becomes a zombie when a bot, or automated
program, is installed on it, giving the attacker access
and control and making the PC part of a zombie
network, or botnet
27. Latest Trends - DDoS - continued
One of the most high profile botnets of 2005 was
created by the Zotob worm which achieved
worldwide notoriety in August when leading media
organizations including ABC, The Financial Times,
and The New York Times fell prey to it
28. Best Practices to Help Protect
Your Digital Assets
Anti-virus software
Anti-spyware software
Windows and applications updates
Security bundles
Personal firewalls
Wireless
Other best practices
29. Anti-Virus Software
Install and maintain anti-virus software. Use the
software regularly
Microsoft claims that fewer than 30% of all users
have up-to-date anti-virus software installed
Most AV manufacturers have information and alert
pages where you can find "primers" on malware, as
well as alerts to the most current threats
31. Anti-Spyware Software
Install and maintain anti-spyware software
Use the software regularly
Sunbelt Software: Counterspy
Webroot Software: Spy Sweeper
Trend Micro: Anti-Spyware
Hijack This (freeware)
Lavasoft: Ad-Aware SE Personal (freeware)
Spybot: Search & Destroy (freeware)
Microsoft: Windows Defender (freeware)
32. Updating Windows and Other
Applications
Microsoft Update: Web site where users can
download updates for various Windows-related
products
For the most part, it’s automated
Check to see it’s working properly
Install vendor-specific patches for applications
(e.g., iTunes, Google Desktop)
33. Security Bundles
Can include: Anti-virus software, personal firewall
software, anti-spyware software, content
filtering/parental control, pop-up blockers, anti-
spam capabilities
Can be difficult for the average user to setup:
– Leads to incorrect configurations providing a
false sense of security
34. Security Bundles - continued
McAfee: Internet Security Suite
Symantec: Norton Internet Security
Computer Associates: eTrust EZ Armor
Trend Micro: PC-cillian Internet Security
ZoneAlarm: Internet Security Suite
F-Secure: Internet Security
MicroWorld: eScan Internet Security Suite
Panda Software: Panda Internet Security
Softwin BitDefender Professional Edition
eXtendia Security Suite
35. Personal Firewalls
Software installed on an end-user's PC which
controls communications to and from the user's
PC
Permits or denies communications based on a
security policy the user sets
Use for handheld devices as well (Airscanner,
Bluefire)
36. Personal Firewall Programs
Zone Labs
Symantec’s Norton Personal Firewall
Sunbelt’s Kerio Personal Firewall
Tiny Software’s Tiny Personal Firewall
Mac OS X
Windows XP (with Service Pack 2)
37. Living in a Wireless World
By 2007, >98% of all notebooks will be wireless-enabled
Serious security vulnerabilities have been created by wireless
data technology:
– Unauthorized users can access the wireless signal from
outside a building and connect to the network
– Attackers can capture and view transmitted data (including
encrypted data)
– Employees in the office can install personal wireless
equipment and defeat perimeter security measures
38. Wireless Security Best Practices
Implement MAC-address filtering
Turn off unnecessary services (telnet, HTTP)
Change default SSID/Disable SSID broadcasts
Change default channel
Disable DHCP on access point
Use encryption (usually not enabled by default on most
access points
Change default admin username and password
Specify the number of clients that can connect to the
access point
39. Other Best Practices
When not using your PC, turn it off
View your E-mail as text only; disable the
function that automatically views E-mail as
HTML
Do not automatically open attachments
Do not run software programs of unknown origin
Delete chain E-mails and junk mail. Do not
forward or reply to any of them
40. Other Best Practices - continued
Never reply back to an E-mail to "unsubscribe" or
to remove yourself from an unknown list. This lets
the spammers know that they have reached a live
E-mail address and your spam mail will increase
Back up your critical data and documents
regularly – thumb drives and CDs are cheap
41. The Need for Information Security
Professionals
No matter how hard we try to do the
aforementioned, there will still be the need for
information security professionals
Information security personnel are in short supply;
those in the field are being rewarded well
42. The Need for Information Security
Professionals – continued
Security budgets have been spared the drastic
cost-cutting that has plagued IT since 2001
Companies recognize the high costs associated
with weak security and have decided that
prevention outweighs cleanup
Regulatory compliance is also driving the need for
more qualified professionals
43. CyberWATCH
Cybersecurity: Washington Area Technician and
Consortium Headquarters
NSF ATE-funded 4 year project that includes
community colleges, four-year schools, high
schools, local, state, and federal government
agencies, and businesses in the Baltimore,
Washington D.C., and Northern Virginia regions
44. CyberWATCH - continued
Addressing the challenges and concerns in
education and the business industry:
– The shortage of security professionals
– A perceived lack of business and team-work
skills among IT professionals
– The lack of a cybersecurity curriculum at many
higher education institutions
45. CyberWATCH - continued
Professional development for faculty, high school
teachers, students, and staff will benefit
populations that are traditionally least likely to
major in fields requiring a
cybersecurity/information security component
-Source: http://www.sophos.com/security/top-10/200606summary.html
-Sober-Z: masqueraded as an email from the FBI or CIA claiming that the recipient is believed to have accessed illegal Websites.
-Nyxem-D: (AKA Kama Sutra); spread via email posing as obscene pictures and sex movies.