Department of Revenue - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Department of Revenue

Description:

Hackers. Insufficiently trained employees. Forms of Attack. Sniffing. Password cracking ... Passwords too short/simple/obvious ... – PowerPoint PPT presentation

Number of Views:14
Avg rating:3.0/5.0
Slides: 16
Provided by: Reve94
Category:

less

Transcript and Presenter's Notes

Title: Department of Revenue


1
Department of Revenue
H_at_king! Lessons for Management by Department
of Revenue Internal Audit
2
Presentation Objectives
  • Identify Electronic Intruders
  • Demonstrate their methods
  • Propose a plan of defense

3
Systems involved
  • Unix/Linux Systems
  • Microsoft NT Networks
  • Novell Network
  • Mainframe Systems

4
Protection Methods
  • Login ID and Password.
  • Encryption
  • Secure transmission

5
Why secure systems/data?
  • Maintain Data Integrity by preventing
  • unauthorized modifications
  • data corruption (viruses, etc)
  • Prevent Theft
  • privacy violation
  • information theft (SS, credit card, etc)
  • Maintain Service

6
How is data accessible?
  • Internet
  • Dialup Access
  • Physical Connection (Network Outlet)

7
Identifying the Electronic Intruders
  • Disgruntled employees
  • Contractors
  • Hackers
  • Insufficiently trained employees

8
Forms of Attack
  • Sniffing
  • Password cracking
  • Syncflood
  • Ping of Death
  • Feature Exploitation
  • Port Scanning
  • Social Engineering

9
Demonstrations
10
Vulnerabilities
  • Passwords too short/simple/obvious
  • Login accounts of people no longer in the
    organization being left activated
  • Lack of Data Encryption
  • Lack of system monitoring tools
  • Insufficiently trained security/audit personnel

11
Vulnerabilities (continued)
  • Shared login accounts (passwords)
  • Dialup login password is a general password
  • Not using screen savers

12
PreventionManagement Perspective
  • Tone at the top
  • Organizational structure
  • Budgeting
  • External Review (Penetration Tests)
  • Recovery Plan

13
PreventionTechnical Perspective
  • Reliable data backup (including testing the
    backed-up data)
  • Hardware redundancy/clustering
  • System monitoring/sniffing
  • Diligent maintenance of accounts (user, admin,
    and system accounts)
  • Physically restrict core systems

14
Conclusion
There is no such thing as 100 secure. However,
it is important that we at least not carelessly
leave doors unlocked. The greater importance
is not how to keep an intruder out, but is to
assume that an intruder can get in. Efforts
should be focused on addressing all possible
damages that an intruder can inflict. We need to
develop an Insurance Policy that can restore
anything lost or damaged. Then, we need to
be able to say that we took reasonable
precautions.
15
Thank you
This has been a presentation by the Department
of Revenues Internal Audit Section. We hope you
found this presentation educational
and insightful. Surf and be safe
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Department of Revenue" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!