SlideShare a Scribd company logo

Security Primer

Download as PPTX, PDF
P
puleen

The document discusses traditional and digital views of security, types of security breaches like phishing and cross-site scripting, and security terminology like encryption and firewalls. It provides examples of data breaches at retailers and on Facebook. The author introduces themselves and shares contact information and resources on IT security best practices.

TechnologyNews & Politics
1 of 12
“To Serve & Protect” Puleen Patel November 6, 2010
 Introduction  Traditional View  The Map of The Web  Digital View  Types of Breaches  Security Terminologies  Questions
 My name is Puleen,  Technology is my passion  During the day a Canadian Bank lets me apply, learn and grow my passion  At other times
 Protection of Content ◦ Belongings  Jewels, Car, Money… ◦ Information  Financial, Bills, Will… ◦ Communication  Voice conversations, Messages, Letters…
 Protection of Content ◦ Physical Assets  Servers, Workstations, Laptops… ◦ Software & Intellectual Assets  Applications, Code, Databases… ◦ Channels  IM, Email, Web, Mobile… ◦ Social *NEW*  Facebook, MySpace, Flickr, Picasa…
 Network ◦ IP Spoofing / Maquerading ◦ Packet Sniffing ◦ Denial of Service Attacks ◦ …  Application ◦ Login / Password ◦ Email ◦ SQL Injection ◦ Session Hijacking ◦ Cross-Site Scripting ◦ Phishing ◦ …
 Encryption ◦ Secure Socket Layer (SSL / HTTPS) ◦ Secure FTP (SFTP) ◦ Secure Email (Digital Signatures) ◦ Public Key Interchange (PKI / Digital Certificates)  Firewalls / Gateways  Virtual Private Networks (VPN)
 In 2007, parent company of Winner / HomeSense had 2 million visa card numbers in Canada and 20 million globally stolen by fraudsters  Phishing sites attempt to send emails that take users to legitimate looking websites which are setup to capture confidential information  May 2010, a security exploit was discovered which allowed capturing Facebook friends list, email addresses and other data by way of Cross Site Scripting (XSS)  IT security breaches at Canadian firms account for an average annual loss of $834,149, a figure that reflects a 97 per cent increase from the $423,469 average cost reported in 2008, according to a national study released Tuesday.
 http://puleen.com  http://blog.puleen.com  puleen@gmail.com  @puleen
 Making Sense of Security - http://www.technicalinfo.net/index.html  Web Application Security - http://www.phpwact.org/security/web_application_security  Apache Security - http://www.apachesecurity.net/  IT Security Best Practices - http://www.internet.com/IT/Security/BestPractices  Best Computer Security Practices of Home, Home Office, Small Business and Telecommuters - http://www.sans.org/reading_room/whitepapers/hsoffice/co mputer-security-practices-home-home-office-small- business-telecommuters_616  Security Best Practices for Twitter applications - http://dev.twitter.com/pages/security_best_practices

Recommended

Cyber Safety Class 9
Cyber Safety Class 9Cyber Safety Class 9
Cyber Safety Class 9
NehaRohtagi1
 
Informatics practices (1)
Informatics practices (1)Informatics practices (1)
Informatics practices (1)
abdul talha
 
PreventingPhishing
PreventingPhishingPreventingPhishing
PreventingPhishing
KioWare Kiosk Software
 
Krishna cyber safety
Krishna cyber safetyKrishna cyber safety
Krishna cyber safety
Jana Jiwan Secondary School, Khairahani-2, Chainpur
 
001 ho basic computer
001 ho basic computer001 ho basic computer
001 ho basic computer
Franklin Sondakh
 
Exploring Data Privacy - SQL Saturday Louisville 2011
Exploring Data Privacy - SQL Saturday Louisville 2011Exploring Data Privacy - SQL Saturday Louisville 2011
Exploring Data Privacy - SQL Saturday Louisville 2011
John Magnabosco
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
webhostingguy
 
INTERNET PRIVACY
INTERNET PRIVACYINTERNET PRIVACY
INTERNET PRIVACY
Milan Kapoor
 

Recommended

Cyber Safety Class 9
Cyber Safety Class 9Cyber Safety Class 9
Cyber Safety Class 9
NehaRohtagi1
 
Informatics practices (1)
Informatics practices (1)Informatics practices (1)
Informatics practices (1)
abdul talha
 
PreventingPhishing
PreventingPhishingPreventingPhishing
PreventingPhishing
KioWare Kiosk Software
 
Krishna cyber safety
Krishna cyber safetyKrishna cyber safety
Krishna cyber safety
Jana Jiwan Secondary School, Khairahani-2, Chainpur
 
001 ho basic computer
001 ho basic computer001 ho basic computer
001 ho basic computer
Franklin Sondakh
 
Exploring Data Privacy - SQL Saturday Louisville 2011
Exploring Data Privacy - SQL Saturday Louisville 2011Exploring Data Privacy - SQL Saturday Louisville 2011
Exploring Data Privacy - SQL Saturday Louisville 2011
John Magnabosco
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
webhostingguy
 
INTERNET PRIVACY
INTERNET PRIVACYINTERNET PRIVACY
INTERNET PRIVACY
Milan Kapoor
 
Cyber crime (do's&dont's)
Cyber crime (do's&dont's)Cyber crime (do's&dont's)
Cyber crime (do's&dont's)
Nigel D'souza
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy
 
Online Security and How to Make Money Online
Online Security and How to Make Money Online Online Security and How to Make Money Online
Online Security and How to Make Money Online
Nader Alkeinay
 
Cyper crime
Cyper crimeCyper crime
Cyper crime
kirupasuchi1996
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Cybersecurity for children
Cybersecurity for childrenCybersecurity for children
Cybersecurity for children
Saurav Jha
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
alxdvs
 
Guidelines For Ethical Nudging In Password Authentication
Guidelines For Ethical Nudging In Password AuthenticationGuidelines For Ethical Nudging In Password Authentication
Guidelines For Ethical Nudging In Password Authentication
SM Nurnobi
 
Is your privacy, private?
Is your privacy, private?Is your privacy, private?
Is your privacy, private?
DionShawMSPM
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internet
devashishicai
 
Matt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity TheftMatt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity Theft
guest3151b0
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
Donald E. Hester
 
Hackers
HackersHackers
Hackers
Alvaro Cipriano
 
Hackers
HackersHackers
Hackers
guesta04f59b
 
Hackers
HackersHackers
Hackers
yozusaki
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
Atlantic Security Conference
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 

More Related Content

What's hot

Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
alxdvs
 

What's hot (9)

Cyber crime (do's&dont's)
Cyber crime (do's&dont's)Cyber crime (do's&dont's)
Cyber crime (do's&dont's)
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 Assignment
 
Online Security and How to Make Money Online
Online Security and How to Make Money Online Online Security and How to Make Money Online
Online Security and How to Make Money Online
 
Cyper crime
Cyper crimeCyper crime
Cyper crime
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Cybersecurity for children
Cybersecurity for childrenCybersecurity for children
Cybersecurity for children
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
 
Guidelines For Ethical Nudging In Password Authentication
Guidelines For Ethical Nudging In Password AuthenticationGuidelines For Ethical Nudging In Password Authentication
Guidelines For Ethical Nudging In Password Authentication
 
Is your privacy, private?
Is your privacy, private?Is your privacy, private?
Is your privacy, private?
 

Similar to Security Primer

Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 

Similar to Security Primer (20)

Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internet
 
Matt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity TheftMatt Luallen Explains What, How and Responding to Identity Theft
Matt Luallen Explains What, How and Responding to Identity Theft
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Phishing
PhishingPhishing
Phishing
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

Security Primer

  • 1. “To Serve & Protect” Puleen Patel November 6, 2010
  • 2.  Introduction  Traditional View  The Map of The Web  Digital View  Types of Breaches  Security Terminologies  Questions
  • 3.  My name is Puleen,  Technology is my passion  During the day a Canadian Bank lets me apply, learn and grow my passion  At other times
  • 4.  Protection of Content ◦ Belongings  Jewels, Car, Money… ◦ Information  Financial, Bills, Will… ◦ Communication  Voice conversations, Messages, Letters…
  • 5.
  • 6.  Protection of Content ◦ Physical Assets  Servers, Workstations, Laptops… ◦ Software & Intellectual Assets  Applications, Code, Databases… ◦ Channels  IM, Email, Web, Mobile… ◦ Social *NEW*  Facebook, MySpace, Flickr, Picasa…
  • 7.  Network ◦ IP Spoofing / Maquerading ◦ Packet Sniffing ◦ Denial of Service Attacks ◦ …  Application ◦ Login / Password ◦ Email ◦ SQL Injection ◦ Session Hijacking ◦ Cross-Site Scripting ◦ Phishing ◦ …
  • 8.  Encryption ◦ Secure Socket Layer (SSL / HTTPS) ◦ Secure FTP (SFTP) ◦ Secure Email (Digital Signatures) ◦ Public Key Interchange (PKI / Digital Certificates)  Firewalls / Gateways  Virtual Private Networks (VPN)
  • 9.  In 2007, parent company of Winner / HomeSense had 2 million visa card numbers in Canada and 20 million globally stolen by fraudsters  Phishing sites attempt to send emails that take users to legitimate looking websites which are setup to capture confidential information  May 2010, a security exploit was discovered which allowed capturing Facebook friends list, email addresses and other data by way of Cross Site Scripting (XSS)  IT security breaches at Canadian firms account for an average annual loss of $834,149, a figure that reflects a 97 per cent increase from the $423,469 average cost reported in 2008, according to a national study released Tuesday.
  • 10.
  • 12.  Making Sense of Security - http://www.technicalinfo.net/index.html  Web Application Security - http://www.phpwact.org/security/web_application_security  Apache Security - http://www.apachesecurity.net/  IT Security Best Practices - http://www.internet.com/IT/Security/BestPractices  Best Computer Security Practices of Home, Home Office, Small Business and Telecommuters - http://www.sans.org/reading_room/whitepapers/hsoffice/co mputer-security-practices-home-home-office-small- business-telecommuters_616  Security Best Practices for Twitter applications - http://dev.twitter.com/pages/security_best_practices