Upload
alyson-parker
View
224
Download
2
Embed Size (px)
Citation preview
Introduction to Systems Security
(January 12, 2015)
© Abdou Illia – Spring 2015
2
Learning Objectives
Discuss state of security threats in the U.S.
Discuss how to manage info security
Plan-Protect-Respond cycle
People-Technology-Policy approach
3
Preventing Security Threats
What can you do, as a user of computer connected to the Internet or as a business having a network that is connected to the Internet, to prevent security threats/attacks from occurring?
4
Preventing Security Threats Use anti-virus software
Use software firewall
Use hardware/appliance firewall
Use Intrusion Defense Systems
Use Intrusion Prevention Systems
Install OS updates
Install applications’ updates
Not open file attachments from unknown sources
Not click URL in emails from unknown sources
Social engineering tests/Mock phishing schemes
Awareness training
Acceptable computer use policy
Password policy
Etc.
5
Countermeasures
Tools used to thwart attacks
Also called safeguards, protections, and controls
Types of countermeasures Preventative
Detective
Corrective
Question: Match each of the countermeasures from the previous slide with its type.
6
Dominates security management thinking
The Plan-Protect-Respond cycle
Figure 2-6
6
How is the book organized?
7
8
2010/2011 CSI Security Report
Survey conducted by the Computer Security Institute (http://www.gocsi.com).
Copy of Survey report on course web site
Survey Summary online
9
10
Types of attacks: by % of respondents
11
2011 CSI Report (cont.)
12
CSI Survey (cont.)
13
14
Satisfaction with Security Technology (cont.)
15
16
Types of Technology Used (cont.)
17
2011 Sophos Security Threat Report
Malware* hosted on websites
* Malicious software
18
2011 Sophos Security Threat Report
Malware hosting countries
19
2011 Sophos Security Threat Report
Web server’s software affected
As of March 2011 Apache served 58% of all web servers
Apache available for Microsoft Windows, Novell NetWare and Unix-like OS
Web server softwareApache IIS SunONE
Operating System
Computer hardware
HDRAM chip
Processor
Web server computer
20
Summary Questions
1. What is Plan-Protect-Respond? How important is it for information security?
2. What is PTP?
3. What does malware refer to?
4. Systems running Microsoft operating systems are more likely to be attacked than others. T F
5. With Windows OS, you can use IIS or another web server software like Apache. T
F
6. What web server software is most affected by web threats today?