Upload
siddhesh-hedulkar
View
13
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Copyright © 2012 siddhesh Hedulkar
•What is Information Security?
•Why Information Security?
•Why should we concern?
•Foundation Of Information Security
•Basic Security Truths
•10 Immutable Laws of Security
•What is Hacking?
•Types Of Hackers?
•Steps Of Hacking
•Business Impact Of Hacking
•Countermeasures Copyright © 2012 siddhesh Hedulkar
Information security means protecting
information and information assets
against theft, loss, damage, unauthorized
access or modification
Copyright © 2012 siddhesh Hedulkar
•Overall financial losses from 530 survey respondents totalled $201,797,340.
•75% of organizations acknowledged financial loss, though only 47% could quantify them.
•More than 41.6% companies Experienced Security Incident
•Virus incidents (82 %) and insider abuse of network access or e-mail (i.e. pornography, pirated software, etc.) (75 %) still prevalent.
•76% of companies do not want to hire Information Security Consultants
Source: CSI/FBI Survey 2011
Copyright © 2012 siddhesh Hedulkar
•“We have a good firewall, an anti-virus and know the
people we work with.”
•“ We don’t transact on the Internet, so why would
anybody hack our systems over the Internet?”
•“No one could possibly be interested in my
information”
•“So many people are on the Internet, I'm just a face in
the crowd. No one would pick me out. “
• “I'm busy. I can't become a security expert--I don't
have time, and it's not important enough”
Copyright © 2012 siddhesh Hedulkar
Copyright © 2012 siddhesh Hedulkar
•Security isn’t binary
•Security is more than technology
•Security is always a continual process
•100 % security is not possible
•If an attacker wants to get inside your system, he/she will and
there is nothing you can do about it
•The only thing you can do is make it harder for him to get in
Copyright © 2012 siddhesh Hedulkar
Law #1: If a bad guy can persuade you to run his program on your
computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's
not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer,
it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's
not your website any more
Law #5: Weak passwords trump strong security Copyright © 2012 siddhesh Hedulkar
Law #6: A computer is only as secure as the administrator is
trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no
virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
Copyright © 2012 siddhesh Hedulkar
Unauthorized attempts to bypass the security
mechanisms of an information system or network
Copyright © 2012 siddhesh Hedulkar
•Black Hats
Individuals with extraordinary computing skills, resorting to malicious or
destructive activities. Also known as crackers
•White Hats
Individuals professing hacker skills and using them for defensive
purposes. Also known as security analysts
•Gray Hats
Individuals who work both offensively and defensively at various times
•Suicide HackersIndividuals who aim to bring down critical infrastructure
•Hacktivist
A hacktivist is a hacker who utilizes technology to announce a political
message. Web vandalism is not necessarily hacktivism.Copyright © 2012 siddhesh Hedulkar
Copyright © 2012 siddhesh Hedulkar
Reconnaissance
Scanning
Enumeration
Reconnaissance
Gaining Access
Escalating Privilege
Covering Tracks
Creating Backdoors
Denial of Service Copyright © 2012 siddhesh Hedulkar
Business Risk
Financial Lost
Public Image/Trust
Intellectual Capital
Employee/Customer
Privacy
Litigation
Legislative Violation
Copyright © 2012 siddhesh Hedulkar
•Get Firewall and Review configuration
•Practice Patch Management
•Proper network architecture and segregation
•Secure administrative access and correct
administrative privileges
•Secured configuration
•Backups and failover redundancy Copyright © 2012 siddhesh Hedulkar