This document summarizes the seven bad things people do that endanger their network security, as presented by SAGE Computer Associates, Inc. The seven mistakes are: 1) having no security policies, 2) using bad passwords, 3) lacking virus protection, 4) not having backups, 5) inadequate protection against hackers, 6) not keeping software patched and up-to-date, and 7) unrestrained email and instant messaging. For each mistake, the document provides explanations of the issues and risks and suggestions on how SAGE can help, such as creating security policies, evaluating passwords, auditing backups, and providing free initial services to assess security problems.
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on servers and review the previous 3 weeks. Librarians and anyone else in a library
Slides produced for a workshop on measures to use to protect your computer and system security. By Computer Troubleshooters, Dayton, Ohio. February 15, 2014
Paige Boshell, Partner and Team Leader for the firm's Privacy and Information Security Team, and Erik Rasmussen, Associate Managing Director for Kroll Cyber Security, a global industry leader in forensics investigations and response, will discuss recent data breach trends and how businesses may mitigate the risks posed by these threats.
Jennifer Brooks and Rodney Sabrsula break down Personal Web Safety in this presentation. They'll review Password Security, Virus Scanners and more! This is need-to-know information to guard your identity online.
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on servers and review the previous 3 weeks. Librarians and anyone else in a library
Slides produced for a workshop on measures to use to protect your computer and system security. By Computer Troubleshooters, Dayton, Ohio. February 15, 2014
Paige Boshell, Partner and Team Leader for the firm's Privacy and Information Security Team, and Erik Rasmussen, Associate Managing Director for Kroll Cyber Security, a global industry leader in forensics investigations and response, will discuss recent data breach trends and how businesses may mitigate the risks posed by these threats.
Jennifer Brooks and Rodney Sabrsula break down Personal Web Safety in this presentation. They'll review Password Security, Virus Scanners and more! This is need-to-know information to guard your identity online.
<p>Security design is an important, but often neglected, component of system design. In this session, Douglas Crockford, creator of Javascript Object Notation, will outline the security issues that must be considered in the architecture of Ajax applications.</p>
<p>The design of the browser did not anticipate the needs of multiparty applications. The browser’s security model frustrates useful activities and allows some very dangerous activities. This talk will look at the small set of options before us that will determine the future of the Web.<br />
During this session, attendees will:</p>
<ul>
<li>Learn why effective security is an inherent feature of good design;</li>
<li>Experience a real-time demo of a Ajax client/server system based on sound security principles</li>
<li>See how to apply secure design to rich web applications.</li>
</ul>
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ).
After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).
A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.
As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases.
Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts: The Underrated Web-Danger
Testing and Exploiting Backup-File Artifacts with BFAC
BFAC Homepage: https://github.com/mazen160
Blog Post: http://blog.mazinahmed.net/2016/08/backup-file-artifacts.html
This is the brief description on Ethical Hacking.
You can surely download it & do ask me if any queries regarding any topic , will answer it soon as possible...
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
<p>Security design is an important, but often neglected, component of system design. In this session, Douglas Crockford, creator of Javascript Object Notation, will outline the security issues that must be considered in the architecture of Ajax applications.</p>
<p>The design of the browser did not anticipate the needs of multiparty applications. The browser’s security model frustrates useful activities and allows some very dangerous activities. This talk will look at the small set of options before us that will determine the future of the Web.<br />
During this session, attendees will:</p>
<ul>
<li>Learn why effective security is an inherent feature of good design;</li>
<li>Experience a real-time demo of a Ajax client/server system based on sound security principles</li>
<li>See how to apply secure design to rich web applications.</li>
</ul>
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ).
After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).
A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.
As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases.
Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts: The Underrated Web-Danger
Testing and Exploiting Backup-File Artifacts with BFAC
BFAC Homepage: https://github.com/mazen160
Blog Post: http://blog.mazinahmed.net/2016/08/backup-file-artifacts.html
This is the brief description on Ethical Hacking.
You can surely download it & do ask me if any queries regarding any topic , will answer it soon as possible...
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Free ebook! Discussions around cybersecurity can be complex, but everyone must know that you should stay safe online, regardless of your technical expertise. This ebook gives you some essential tips for keeping yourself and your data secure on the internet.
ebook download link: https://zcu.io/nsTr
What else does it cover?
If you have been considering what steps you can take to protect yourself from threats, you’ll get great insights about what types of common risks exist and how you can prepare for them.
- Security Measures for General Public
- Security Measures for Remote Employees
- Common Cybersecurity Risks For Business By Employees
- Cybersecurity Career Opportunities for Tech Enthusiasts
Stay Safe in the Cyberspace!
#freeebook #ebook #cybersecurity #cybersecurityawareness #security #cybersecurity #cloudsecurity #infosec #privacy #datasecurity #cyberattack #databreach #dataprotection #digital #security #phishing #informationsecurityawareness #informationsecurity
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
Computer Security Guide to Pc Security
“Your Info Guide to Beefing Up Your Personal Computer’s Safety From Malicious Threats
As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Computer Security is very important
How to Protect Your PC from Malware, Ransomware, VirusHabFg
Your info guide to beefing up your personal computer’s safety from malicious threats! Inside this eBook, you will discover the topics about protecting your computer’s system, fighting spam, spyware & adware, phishing & identity theft, computer viruses… and anti-viruses, protection you can afford and so much more!
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
Cerdant’s Director of Engineering, Joshua Skeens, presented the best ‘bets’ to increase your security odds. Josh warned customers to stop gambling with their data, and cautioned against weak, guessable passwords stating, “Use 2-Factor Authentication everywhere!” The first step in creating the best security posture possible for your business will always be just getting started, and to keep momentum Josh suggests implementing 1 new security practice each week.
A Webinar on cyber Security Awareness and Digital Safety is hosted on the 7th of June, 2020. Sthir Yuwa in association with Information Security Response Team Nepal and Center For Cyber Security Research and Innovation conducted successfully. There were almost 70 participants on this webinar.
Similar to 7 Things People Do To Endanger Their Networks (20)
3. Presented by SAGE Computer
Associates, Inc.
SAGE Computer Associates, Inc.:
– In business for 19 years
– Hundred person-years of experience
– Worked with many businesses
– Certified Security Administrator on staff
– Certified Microsoft Engineers on staff
– Certified Novell Engineers on staff
4. Take away from today‘s talk
Nothing is secure
However, NO HEADS IN THE SAND
Inexpensive steps you can take NOW
Even on your home PC.
5. ―There is nothing more
secure than a computer which
is not connected to the
network ---
and powered off!‖
6. What are the Seven Things?
No Policies
Bad Passwords
No Virus Protection
No Backup
Inadequate protection against hackers
Don‘t keep up with patches/fixes
Unrestrained e-mail/instant messaging
7. Mistake #1: No Policies
• Data Security: Do you know who sees and has access to
what data? And should they have that level of access?
• Termination policies: Disgruntled employees are the second
most common source of network sabotage
• Remote access: A common hole in network security
• Computer usage: Non-business activities that open your
network up to attack
• Internet usage: You know there‘s LOTS of bad stuff out
there – but do you know just how much?
• Confidentiality awareness: Think about what your
employees know about your business
• Hire the right people! It‘s more important than you may
think
8. Internet Usage at Work
Productivity Issues:
– Cyber-loafing accounts for 30% to 40% of
lost worker productivity (Business Week)
– 90% of those surveyed indicated that they view non-work related
web sites during work hours. (Vaultreports.com)
Resource use
– Downloading music/videos takes A LOT of network resources
9. More Reasons to Care
Legal Liability
– One in five men and one in eight women
admitted using their work computers as their
primary lifeline to sexually explicit material
online (MSNBC)
– Since the company is the one that gave
employees access, the company is liable …
unless the company can show it took reasonable
steps to prevent problems (Corporate Politics
on the Internet: Connection without
Controversy)
10. Implement the Policies!
– Appropriate Security on the Network
• Administrative/Supervisor rights
• Appropriate Security for users
11. More Confidentiality Awareness
Training
- particularly to address Social Engineering
―outside hackers use of psychological tricks on
legitimate users of computer systems to get
passwords/user-ids to get access to systems‖
www.morehouse.org/hin/blckcrwl/hack/soceng.txt
12. Mistake #1: No Policies
How can we help?
Request a copy of our sample policies for:
- Internet Usage
- E-mail Usage
- Virus Protection
and get SAGE to help you implement it
13. Mistake #1: No Policies
How can we help?
Internet Monitoring
– Monitor where people go on the Internet
– Create reports
– Block offensive/other sites- list updated 2x/week
– Block specific kinds of traffic (music, photographs,
etc)
– Block specific addresses
– Block specific users
– Block usage during specific times
14. Mistake #2: Bad Passwords
– 40% of all passwords are the word
‗password‘
– Difficult passwords are hard to administer
http://www.slac.stanford.edu/comp/security/password.html
15. Password Guidance
Password No-No’s:
less than eight characters
a word found in a dictionary (English or foreign)
a common usage word such as names of family, pets, friends,
co-workers, fantasy characters, etc.
Computer terms and names, commands, sites, companies,
hardware, software.
Birthdays/other personal information such as addresses and
phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts,
123321, etc.
Any of the above spelled backwards.
Any of the above preceded or followed by a digit (e.g., secret1,
1secret)
16. Password Guidance
Password Suggestions (Strong passwords)
Contain both upper and lower case characters (e.g., a-z, A-Z)
Have digits and punctuation characters as well as letters e.g., 0-9,
!@#$%^&*()_+|~-= {}[]:quot;;'<>?,./)
Are at least eight alphanumeric characters long.
Are not a word in any language, slang, dialect, jargon, Are not
based on personal information, names of family, etc.
Easily remembered. One way to do this is create a password
based on a song title, affirmation, or other phrase. For example,
the phrase might be: quot;This May Be One Way To Rememberquot; and
the password could be: quot;TmB1w2R!quot; or quot;Tmb1W>r~quot;
17. Mistake #2: Bad Passwords
How We Can Help:
Password Cracking Tool:
L0phtCrack
www.sunbelt-software.com
-Runs in the background
-Can collect all passwords, given enough time
We will run this for you and
help you implement a policy
19. Mistake #3: No Virus Protection
Different threats under the same name:
– Virus
– Worm
– Trojan horse
– Malicious code
– Blended Threat
– Hoax
– Denial of Service DoS (not a virus)
20. Virus Security
Example of malicious code
From: Microsoft Corporation Security Center
<rdquest12@microsoft.com>
To: Microsoft Customer <'customer@yourdomain.com'>
Subject: Internet Security Update
Attachment: q216309.exe
Microsoft Customer,
this is the latest version of security update, the quot;7
Mar 2002 Cumulative Patchquot; update which eliminates all
known security vulnerabilities affecting Internet
Explorer and MS Outlook/Express as well as six new
vulnerabilities, and is discussed in Microsoft Security
Bulletin MS02-005. Install now to protect your computer
from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.
Description of several well-know vulnerabilities:
Would have recognized this as a threat?
21. Virus Security
Anti-Virus software
MUST BE UPDATED!!
Home users need it as much as business users
By subscription- TrendMicro, Symantec, other
vendors
22. Virus Security
Business users should be set up to update
automatically without ‗human intervention‘
Training
Many websites, ‗kits‘ available to write your own
viruses
– http://orbita.starmedia.com/~lautaroml/virus.html
23. Virus Security
Turn off the Preview Pane in Outlook
– Click on View, unclick ‗preview pane‘
Turn off disk and printer sharing in Windows
– Start button, click ‗Settings‘, ‗Control Panel‘
‗Network‘ and make sure ‗share disk‘ and ‗share
printer‘ are NOT checked
24. Mistake #3: Virus Security
How We Can Help
Virus Software Audit
Network Audit
25. Mistake #4: No Backup
Most people believe this is covered, BUT
– Data stored on local drives
– Data not restorable
– Tapes not taken off site
– Not enough data backed up
– Open files not handled
28. Mistake #5: Inadequate
Protection Against Hackers
Firewalls
– Blocks incoming traffic
– From free to millions $$$$
EVERYONE MUST HAVE ONE
www.zonelabs.com – Software (home)
www.sonicwall.com – Appliance (business)
29. Mistake #5: Inadequate
Protection Against Hackers-
If you host your own website
Incoming Web Traffic
– SSL certificates
– Different type of firewall
– Data available for customers on your website has to be
segregated from the rest of the company data
– Outsourcing
30. Internet Security
What to ask your outsourced web hoster
– Power back up
– Internet connection redundancy
– Which firewall?
– Data back up
– Business questions
– How can I make changes?
– Register your URL in YOUR name
32. Mistake #6: Not Keeping Up
with Patches/Service Packs
Difficult to Keep Pace—But Imperative
– Your lack of patching can help spread viruses to other
networks
– Workstation updates are now part of the problem too
33. Mistake #6: Staying Current-
How we can help
Penetration Testing
– Check for documented vulnerabilities
34. Mistake #7: Unrestrained Email,
Instant Messaging
―E-mail is like sending a postcard on the Internet‖
– Can be read by many people (your ISP, any system
admin at any server along the message path, your
employer, the US Government using
Carnivore/Echelon or other software).
http://www.surfcontrol.com/business/products
– Can be re-sent to someone else, looking like it came
from you.
35. Solution to E-Mail Security
PGP ―Pretty Good Privacy‖
– Download free copy at www.pgpi.org
– Go see Phil at http://web.mit.edu/prz/
Digital ID
digitalid.verisign.com
36. E-Mail Security
Email Gaffes
-BBC sports executive sends ―I think they‘re both crap‖ email
(about two on-camera execs) to entire BBC sports staff (500
people)
-London lawyer forwards message from his girlfriend re:
―intimate act‖- his colleague forwards it to others, in hours,
spread across whole Internet. 6 people suspended from their
jobs.
Email Protocol/Guidance
– http://www.bmcc.cc.or.us/cs/cs125e/notes/etiq.htm
– http://www.cio.com/archive/120100/diff.html
37. Instant Messaging (IM)
AOL Instant Messaging/ICQ/Yahoo
Messenger/MSN Messenger/ other packages
– The good news?
• they‘re free
– The bad news?
• Completely not secure
• People can pretend to be who they are not
• With no policies in place, users have no guidelines on what
they can/cannot say
38. Instant Messaging Security
Centralize it
– Log the traffic
– Encrypt the traffic (PGP has a module for this)
– Establish policies
OR
Block it
39. Steganography
―Embedding secret messages in other files in a way that
prevents an observer from learning anything unusual is
taking place‖
– Greek soldiers tattooed maps on their heads, and then
grew their hair out
– Romans obscured messages by applying layers of wax
onto the tablets on which they were written, then melted the
wax to read the message.
– Osama bin Laden and his associates have been using
steganography to hide terrorist plans inside pornography
and MP3 files freely distributed over the Internet.
40. Resources
Pretty Good Privacy for email: www.pgpi.org
Firewalls
– www.zonelabs.com (free personal firewall)- see this link for
article about it:
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,287
0704,00.html
– http://www.firewall.com/ good general site for tech info
Virus software
– www.symantec.com
– www.trendmicro.com
(don‘t use the free trial-pay for the real software)
42. Our Offer
When you fill out the evaluation form, you can choose
one of the services at no charge:
Policy creation
1.
Virus protection audit
2.
Backup Audit
3.
Open Port Scan
4.
Patch/Service Pack Audit
5.
Internet Monitoring Pilot
6.
Network Audit
7.
43. Don‘t Let the Perfect Interfere
with the Good:
Download the policies if you don‘t already have
them
Choose one of the free services on the evaluation
form to get started measuring the problem.
Download the free firewall (zonelabs.com) and
the not-free virus software for your home PC