Submit Search
Upload
Information Security Lesson 3 - Basics - Eric Vanderburg
•
Download as PPT, PDF
•
0 likes
•
497 views
Eric Vanderburg
Follow
Information Security Lesson 3 - Basics - Eric Vanderburg
Read less
Read more
Technology
Business
Report
Share
Report
Share
1 of 19
Download now
Recommended
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
International Electrotechnical Commission (IEC)
Pci Req
Pci Req
Namrata Arora
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
Recommended
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
International Electrotechnical Commission (IEC)
Pci Req
Pci Req
Namrata Arora
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
Maurice Dawson
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
Secured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation Automation
Nirmal Thaliyil
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
Scada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
Jim Gilsinn
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
Security Architecture
Security Architecture
Joben Domingo
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Agence du Numérique (AdN)
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
Securing Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
IoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
12 steps to_cloud_security
12 steps to_cloud_security
Wisecube AI
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
20-security.ppt
20-security.ppt
ajajkhan16
More Related Content
What's hot
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
Secured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation Automation
Nirmal Thaliyil
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
Scada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
Jim Gilsinn
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
Security Architecture
Security Architecture
Joben Domingo
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Agence du Numérique (AdN)
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
James Nesbitt
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
Securing Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
IoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
12 steps to_cloud_security
12 steps to_cloud_security
Wisecube AI
What's hot
(20)
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Secured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation Automation
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Scada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Security Architecture
Security Architecture
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Cyber Resilient Systems Representative Solutions for Trustworthy Systems
Industrial Control Security USA Sacramento California Oct 13/14
Industrial Control Security USA Sacramento California Oct 13/14
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Securing Industrial Control Systems
Securing Industrial Control Systems
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
IoT/M2M Security
IoT/M2M Security
12 steps to_cloud_security
12 steps to_cloud_security
Similar to Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
20-security.ppt
20-security.ppt
ajajkhan16
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
security in is.pptx
security in is.pptx
selvapriyabiher
ISBB_Chapter6.pptx
ISBB_Chapter6.pptx
AmanSoni665879
Information Security
Information Security
sonykhan3
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Inductive Automation
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Inductive Automation
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
Ccna sec 01
Ccna sec 01
EduclentMegasoftel
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
IEC62443.pptx
IEC62443.pptx
233076
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
Chapter08
Chapter08
Muhammad Ahad
Similar to Information Security Lesson 3 - Basics - Eric Vanderburg
(20)
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
20-security.ppt
20-security.ppt
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
security in is.pptx
security in is.pptx
ISBB_Chapter6.pptx
ISBB_Chapter6.pptx
Information Security
Information Security
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Ccna sec 01
Ccna sec 01
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
IEC62443.pptx
IEC62443.pptx
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Chapter08
Chapter08
More from Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
More from Eric Vanderburg
(20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Recently uploaded
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Recently uploaded
(20)
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Information Security Lesson 3 - Basics - Eric Vanderburg
1.
Information Security Chapter 3 Security
Basics Information Security © 2006 Eric Vanderburg
2.
• Approaches – Bottom-up –
Top-down • Human firewall – a security conscious individual. – Uses strong passwords – Hygienic – Watches for suspicious activity – Aware of changes to their computer Information Security © 2006 Eric Vanderburg
3.
Layering • Many defense
mechanisms are in place surrounding an asset – – – – – – – – Edge firewall Host firewall Intrusion detection system File permissions Required usernames and passwords Segmented network Audit trails Honeypots • Layers should be coordinated so they do not negatively impact one another when implemented Information Security © 2006 Eric Vanderburg
4.
Limiting • You should
only have access to what you need for your role. • Subject – person or a computer program • Object – computer or database • Proper division of duties Information Security © 2006 Eric Vanderburg
5.
Diversity • Layers of
similar security mechanisms are easy to conquer because the same strategy can be used on each. • A breach in one area does not compromise the entire system. Information Security © 2006 Eric Vanderburg
6.
Obscurity • • • • Practices should be
secret Source code should be protected Keep usernames secret Train employees not to reveal information Information Security © 2006 Eric Vanderburg
7.
Simplicity • Simple from
the inside, complex from the outside. – Well structured design – Trained employees – Documented Information Security © 2006 Eric Vanderburg
8.
Authentication • • • • • Proving you are
who you say you are What you know (password, pin, personal info) What you have (card, token, RFID) What you are (biometrics) Username and password – simplest and most common – SSO (Single Sign On) – reduce number of logons because one username/password can be used for all systems and associated databases and logon is transparent once a user logs on to their client system. Information Security © 2006 Eric Vanderburg
9.
Authentication • Token – Magnetic
strip card – RFID card – Number sequencer • Biometrics – – – – – – – Fingerprint Facial scan Retina / Iris scan Hand print Voice Pheromones Blood • Biometrics is expensive, time consuming, error prone, and hard to use. Information Security © 2006 Eric Vanderburg
10.
Authentication • Certificates – Binds
a person to a key – Personal info is provided to obtain the cert – Provided by a trusted CA (Certification Authority) – Encrypted with CA private key for validity and hashed for integrity – Usage will be specified in the certificate – Certificates expire and must be renewed – CTL (Certificate Trust List) – CRL (Certificate Revocation List) Information Security © 2006 Eric Vanderburg
11.
Authentication • Kerberos – Developed
at MIT – AS (Authentication Server) – gives out TGT (Ticket Granting Ticket) and resides on the KDC (Key Distribution Center) – Present the TGT to a TGS (Ticket Granting Service) to receive a service ticket for a resource. – Everything is time stamped Information Security © 2006 Eric Vanderburg
12.
Authentication • CHAP (Challenge
Handshake Authentication Protocol) – Server sends a challenge (piece of data) – Client runs an algorithm using a shared secret on the data and returns it. – The server runs the same algorithm to see if the client knows the shared secret • Mutual Authentication – Client authenticates to server – Server authenticates to client – Helps protect against Man in the middle attacks and hijacking – MSCHAP v2 Information Security © 2006 Eric Vanderburg
13.
Authentication • Multifactor authentication –
Have more than one form of authentication as described before. • What you know • What you have • What you are Information Security © 2006 Eric Vanderburg
14.
Access Control • Controlled
by the OS • ACL (Access Control List) – For each file – Can be configured on network access devices • ACE( Access Control Entry) – row in the ACL with a user and associated permission Information Security © 2006 Eric Vanderburg
15.
Permissions • • • • • • Full Control Modify Read List folder
contents Read & Execute (folder contents & read) Write (Create files and folders) Information Security © 2006 Eric Vanderburg
16.
Access Control • MAC
(Mandatory Access Control) – permissions are rights are specified and cannot be changed. • DAC (Discretionary Access Control) – users can assign permissions as they see fit. • RBAC (Role Based Access Control) – Roles are given permissions and users inherit those permissions by belonging to a role. Groups should mirror a role or functions of a role. Information Security © 2006 Eric Vanderburg
17.
Auditing • Logging –
event viewer (Windows) • System Scanning – Checks to make sure a user does not exceed their permissions Information Security © 2006 Eric Vanderburg
18.
Acronyms • • • • • • • • • ACE, Access Control
Entry AS, Authentication Server CA, Certification Authority CHAP, Challenge Handshake Authentication Protocol CISO, Chief Information Security Officer DAC, Discretionary Access Control MAC, Mandatory Access Control RBAC, Role Based Access Control SSO, Single Sign On Information Security © 2006 Eric Vanderburg
19.
Acronyms • KDC, Key
Distribution Center • TGT, Ticket Granting Ticket • TGS, Ticket Granting Service Information Security © 2006 Eric Vanderburg
Download now