INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS

SECURITY THREATS

INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS

Protection of network & their services

Protects from: unauthorized modification, destruction, disclosure Ensures the network performs it functions correctly & no harmful side effect

To protect company assets. To gain a competitive advantage. To comply with regulatory requirements and fiduciary responsibilities. To keep your job

In 1999, a survey conducted jointly by the American Society for Industrial Security and PricewaterhouseCoopers (ASIS/PWC) reported that: Fortune 1000 companies lost more than $45 billion from

theft of "proprietary information. 45% of the respondents said that they had suffered a financial loss as a result of information loss, theft, or misappropriation. On average, the responding companies reported 2.45 incidents with an estimated cost of $500,000 per incident. The number of reported incidents per month had increased over the last 17 months.

The FBI/CSI survey received 521 responses from individuals in the computer security field.
30 % of the respondents reported an intrusion from an outside

source. 55% of the respondents reported an unauthorized intrusion by a source inside the organization. Of those respondents that reported a loss, the average loss from the theft of proprietary information increased from $1,677,000 in 1998 to $1,847,652 in 1999. The average loss from financial fraud rose from $388,000 in 1998 to over $1,400,000 in 1999. The total financial losses due to computer-related crime for the 521 respondents amounted to more than $120 million.

From Message Labs - 17 Jan, 2004

Processing between 50,000 and 60,000 new

copies per hour, "W32/Mydoom.A has exceeded the infamous SoBig.F virus in terms of copies intercepted, and the number continues to rise." Message Labs collected over 1.2 Million copies of W32/Mydoom.A-mm At its peak infection rate, about 1 in 12 emails on the Internet were MyDoom Viruses

From Trend Micro - 16 Jan, 2004

It is estimated that PC Viruses cost businesses

approximately $55 Billion in damages in 2003. The same calculations in were done in 2002 and 2001, at $20-30 Billion and $13 Billion, respectively.

Top 10 viruses
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

The Morris Worm The Concepts Virus CIH The Anna Kournikova Worm Iloveyou The Melissa Virus The Blaster Worm Netsky And Sasser OSX/Rsplug Trojan Storm Worm

*** Information courtesy of Sophos

Top 10 Spyware Malware

1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

New.net W32/Sdbot.ftp Cydoor W32/Netsky.P.worm BetterInet Trj/Qhost.gen Altnet W32/Gaobot.gen.worm Petro-Line Trj/Citifraud.A MarketScore Trj/Zapchast.D Virtumonde W32/Parite.B Media-motor W32/Netsky.D.worm Aveo-Attune W32/Sasser.ftp Aureate-Radiate VBS/Psyme.C

Sources : spotlightingnews.com 2006

Logon using strong password (encrypted login) File system install security patches regularly (install firewall) Data Communication restricted connection (do not open the network to the public without any monitoring) Administrative depending to the network security personnel (monitor the network traffic all the time)

INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS

Electronic Mail and News File transfer Remote Access to hosts Real time conferencing

Information Theft
Information theft, one disgruntled (dissatisfied)

employee who has either the desire to harm his or her employer or is motivated by financial gain to present an insider threat to the organization.

Unauthorised Disclosure
That an organization suspects some of its employees

of leaking confidential information to its competitor. It is also usually believed that its competitor actually planted spies within the organization in order to target and steal new product plans.

Information Warfare
Information warfare is the offensive and defensive use

of information and information system to deny, exploit, corrupt or destroy and adversarys information ,information-based processes, information systems and computer-based networks while protecting ones own.

Accidental data loss

Most common data loss cause, simply accidentally

deleting a file that wasn't supposed to be deleted. Caused by a careless employee or an untrained employee who did not know better.

INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS

A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide. Addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.

To inform users, staff and managers of their obligatory requirements for protecting technology and information assets. To provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy.

Site security administrator Information technology technical staff (e.g., Staff from computing center) Administrators of large user groups within the organization (e.g., Business divisions, computer science department within a university, etc.) Security incident response team Representatives of the user groups affected by the security policy Responsible management Legal counsel (if appropriate)

At a minimum, a good security usage policy should

Be readily accessible to all members of the organization. Define a clear set of security goals. Accurately define each issue discussed in the policy. Clearly show the organizations position on each issue. Describe the justification of the policy regarding each issue. Define under what circumstances the issue is applicable. State the roles and responsibilities of organizational members with regard to the described issue. Spell out the consequences of noncompliance with the described policy. Provide contact information for further details or clarification regarding the described issue. Define the users expected level of privacy. Include the organizations stance on issues not specifically defined.

Access to Internet-based Web server resources shall only be allowed for the express purpose of performing workrelated duties. This policy is to insure the effective use of networking resources and shall apply equally to all employees. This policy shall be enforced during both production and non-production time periods. All Web server access can be monitored by networking personnel, and employees may be required to justify Web server access to their direct supervisor. Failure to comply with this policy will result in the issuance of a written warning. For more information regarding what is considered appropriate Web server access of Internet resources, please consult your direct supervisor.

INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS

Insecure Architectures A misconfigured network is a primary entry point for unauthorized users. Broadcast Networks Using hardware (hubs, switch, router) without implement protection to save the data that has been processed there Centralized Servers central server can allow access to the entire network.

An attacker is someone who looks to steal or disrupt your assets. A hacker is someone with a deep understanding of computers and/or networking.

Internal threats Mobile and remote users Internet and TCP/IP Physical Phone attacks Social engineering

Authentication compromises. Improper input validation. Sniffing activities. Denial of Services (DoS) Exploiting physical access. Viruses, malware and Trojans.