Security Awareness Challenges of Security - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Security Awareness Challenges of Security

Description:

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties in ... – PowerPoint PPT presentation

Number of Views:139
Avg rating:3.0/5.0
Slides: 20
Provided by: engNeneA6
Category:

less

Transcript and Presenter's Notes

Title: Security Awareness Challenges of Security


1
Security AwarenessChallenges of Security
  • No single simple solution to protecting computers
    and securing information
  • Different types of attacks
  • Difficulties in defending against these attacks

2
Todays Security Attacks
  • Typical monthly security newsletter
  • Malicious programs
  • E-mail attachments
  • Booby-trapped Web pages are growing at an
    increasing rate
  • Mac computers can be the victim of attackers

3
Todays Security Attacks (contd.)
  • Security statistics
  • Millions of credit and debit card numbers stolen
  • Number of security breaches continues to rise

4
Difficulties in Defending Against Attacks
  • Speed of attacks
  • Greater sophistication of attacks
  • Simplicity of attack tools
  • Quicker vulnerabilities detected
  • Delays in patching products
  • Distributed attacks
  • User confusion

5
Who Are the Attackers?
  • Divided into several categories
  • Hackers
  • Script kiddies
  • Spies
  • Employees
  • Cybercriminals
  • Cyberterrorists

6
Hackers
  • Debated definition of hacker
  • Identify anyone who illegally breaks into or
    attempts to break into a computer system
  • Person who uses advanced computer skills to
    attack computers only to expose security flaws
  • White Hats

7
Script Kiddies
  • Unskilled users
  • Use automated hacking software
  • Do not understand the technology behind what they
    are doing
  • Often indiscriminately target a wide range of
    computers

8
Spies
  • Person who has been hired to break into a
    computer and steal information
  • Do not randomly search for unsecured computers
  • Hired to attack a specific computer or system
  • Goal
  • Break into computer or system
  • Take the information without drawing any
    attention to their actions

9
Employees
  • Reasons for attacks by employees
  • Show company weakness in security
  • Retaliation
  • Money
  • Blackmail
  • Carelessness

10
Cybercriminals
  • Loose-knit network of attackers, identity
    thieves, and financial fraudsters
  • Motivated by money
  • Financial cybercrime categories
  • Stolen financial data
  • Spam email to sell counterfeits, etc.

11
Cyberterrorists
  • Motivated by ideology

12
Attacks and Defences
  • Same basic steps are used in most attacks
  • Protecting computers against these steps
  • Calls for five fundamental security principles

13
Steps of an Attack
  • Probe for information
  • Penetrate any defences
  • Modify security settings
  • Circulate to other systems
  • Paralyse networks and devices

14
Defences Against Attacks
  • Layering
  • If one layer is penetrated, several more layers
    must still be breached
  • Each layer is often more difficult or complicated
    than the previous
  • Useful in resisting a variety of attacks
  • Limiting
  • Limiting access to information reduces the threat
    against it
  • Technology-based and procedural methods

15
Defences Against Attacks (contd.)
  • Diversity
  • Important that security layers are diverse
  • Breaching one security layer does not compromise
    the whole system
  • Obscurity
  • Avoiding clear patterns of behavior make attacks
    from the outside much more difficult
  • Simplicity
  • Complex security systems can be hard to
    understand, troubleshoot, and feel secure about

16
Building a Comprehensive Security Strategy
  • Block attacks
  • Strong security perimeter
  • Part of the computer network to which a personal
    computer is attached
  • Local security important too
  • Update defences
  • Continually update defenses to protect
    information against new types of attacks

17
Building a Comprehensive Security Strategy
(contd.)
  • Minimise losses
  • Realise that some attacks will get through
    security perimeters and local defenses
  • Make backup copies of important data
  • Business recovery policy
  • Send secure information
  • Scramble data so that unauthorized eyes
    cannot read it
  • Establish a secure electronic link between the
    sender and receiver

18
Summary
  • Attacks against information security have grown
    exponentially in recent years
  • Difficult to defend against todays attacks
  • Information security definition
  • That which protects the integrity,
    confidentiality, and availability of information
  • Main goals of information security
  • Prevent data theft, thwart identity theft, avoid
    the legal consequences of not securing
    information, maintain productivity, and foil
    cyberterrorism

19
Summary (contd.)
  • Several types of people are typically behind
    computer attacks
  • Five general steps that make up an attack
  • Practical, comprehensive security strategy
    involves four key elements
Write a Comment
User Comments (0)
About PowerShow.com