Add to collection(s) Add to saved
  1. Business
  2. Management

Ch10

advertisement 
Network Security
Announcements
• Review Assignment - Assessment 3 (due Tuesday, before
class)
• Assessment 3 – Next Thursday
Reminders:
• Network Design Project
• No more than 2 per group
• Proposals due on the day of presentation
• Sign-ups shortly
2
Basics of Network Security
• Anti-virus / Anti-Spyware
• Access Controls
• Firewall
• Intrusion Protection/Detection Systems
• Identify fast spreading threats
• Virtual Private Networks
3
Access Controls
• The four processes of access control
Firewalls
Example: Packet Filtering Firewalls
Intrusion Detection and
Prevention Systems (IDPS)
Intrusion Detection and Prevention Systems (cont’d.)
STUXNET
STUXNET – How it Worked
Stuxnet
What was it?
How did it spread and how far?
What are the implications?
Stuxnet
Precursors:
What should we do now?
Target – What Happened?
Target – How did it happen?
Target – How could it have been stopped?
Target – Modern Day Hacking
Security Discussion
•
•
•
•
•
•
TJ Maxx
RSA
Epsilon
Gawker
Wikileaks
HB Gary
17
11.1 Corporate Security: TJ Maxx
• War-Driving to seek vulnerabilities in wireless
networks
• Breaches took place all the way back to 2005
• Albert Gonzalez was mastermind
• 2005 -2007 sold as many as 170 million ATM/Credit Card #s
• Typically used SQL injection to launch packet sniffing
• Now serving 20 years in a federal prison
11.1 Corporate Security: RSA
• Security companies are often the target of many
hackers.
• Another case of phishing emails to get into the
company
• Excel Spreadsheet had a Zero-day exploit
• Exploit took advantage of Adobe Flash allowing them
to install a remote administration tool
• Used remote admin tool to get deeper information
11.1 Corporate Security: Epsilon
• Occurred earlier this year
• Primary purpose for stealing
• Phishing – maquerading as a trustworthy
entity to gain access to information
• Form of Social Engineering
• Carried out by email spoofing
11.1 Passwords: Gawker Hack
• After hack, the Wall Street Journal Examine a number of
passwords (188,279) and here are some of the most
commonly found:
•
•
•
•
•
password
qwerty
letmein
trustno1
passw0rd
Can anyone guess the most commonly used?
11.1 Corporate Security: Higher Ed Threats
• Mobile Devices
• Social Media Viruses (hilarious video attack through FB)
• Virtualization
• Embedded devices (number of devices connected to the
network)
• Consumerization of IT (personal devices for
organizational use)
11.1 Corporate Security: Wikileaks
• Exposed major security flaws in the US
government
•
•
•
Not standardized across agencies
No user restrictions on copying data
Minimal monitoring of users accessing sensitive data
• Recently, new measures are in place to alleviate
problems.
• Bradley Manning trial begins December 16th
11.1 Corporate Security: HB Gary
• Found a flaw in content management system
• Used an SQL Injection to gain access
• Numerous issues with the system allowed hackers to
obtain two passwords: the CEO (Aaron Barr) and COO
(Ted Vera)
• Key takeaway: passwords!
• Don’t use short, easily deciphered
• Use different passwords for different accounts
Related documents
Security Awareness for ISACA
Security Awareness for ISACA
Ch10b
Ch10b
Homework 3 Solutions
Homework 3 Solutions
PowerPoint Presentation template kit
PowerPoint Presentation template kit
Technology does not end harassment
Technology does not end harassment
“Interesting Tidbits about Technology” October 2013 Volume 1
“Interesting Tidbits about Technology” October 2013 Volume 1
Internet Safety - CFFinfo
Internet Safety - CFFinfo
Diagram of TJ Maxx Store Layout
Diagram of TJ Maxx Store Layout
W32.Stuxnet Dossier Security Response Nicolas Falliere, Liam O Murchu, and Eric Chien
W32.Stuxnet Dossier Security Response Nicolas Falliere, Liam O Murchu, and Eric Chien
Download
advertisement