IT Applications Theory Slideshows

Presentation Transcript

Dangers to information and data Threats to information and data IT Applications Theory Slideshows By Mark Kelly, mark@vceit.com, , Vceit.com

Contents Deliberate activities Accidental activities Technical disappointment … amid … Storage Communication Disposal

Examples

Deliberate Actions Viruses/worms Trojans Rootkits Malware = Adware, spyware Theft of PCs and information Espionage Hackers Disgruntled representatives Denial of Service assaults Phishing Internet tricks

Viruses/worms Viruses join to EXE documents – uncommon now Worms go in email – independent. Basic at this point. Must have dependable antivirus scanner running with up and coming infection/worm definitions Free ones (Avira, AVG and so forth) regularly similarly in the same class as the enormous name ones.

Malware = 'Noxious programming' = Adware, spyware Adware – tracks web use to target promotions at clients. Not generally vindictive, but rather frequently gravely composed and surrey: backs PCs off or crashes them. Spyware – intentionally, stealthily screens clients' activities and can divert web surfing, change web settings, cripple firewalls and so forth

Trojans Named after the Trojan Horse Pretends to be safe programming – really is noxious Hides itself from recognition Often covered up in illicit downloads Can be gotten on malignant sites ("drive-by download")

Trojans (proceeded with) Trojan "Payload" can include: Keylogger – takes passwords, charge card #, bank points of interest Spam server – powers casualty PC to send spam DDOS – gets to be 'zombie PC' taking an interest in Distributed Denial of Service assault.

Rootkits Installed covertly Very difficult to identify and expel – they stow away. Initially used to screen programming or music permitting Gains extremely imply access to working framework Risky if programmer can assume control over a rootkit and utilize its close access to the OS for the programmer's advantage. (This has as of now happened)

Theft of PCs and information Thieves presumably simply need the PC, however extraordinary & profitable information is lost with the PC Sensitive information can be spilled Laptops, cell phones, USB hard plates, Flash drives are especially simple to take (or indiscreetly desert) Tip: don't utilize a tablet sack that makes its substance clear to everybody.

Prevention Physical security wall bolted entryways bars on windows cautions video reconnaissance fire identifiers fire quenchers equipped watchmen protect pooches

Prevention Physical security (proceeded with) security links or supports to screw down or attach PCs to furniture bolts on PC cases so they can't be opened and hard plates expelled stick up USB ports to anticipate convenient mass-stockpiling gadgets being connected to expulsion of floppy circle drives & optical drives from document server to keep the stacking of hacking devices UPS (uninterruptible power supply) basic link binds to bolt mouse link to a PC to dishearten burglary

Prevention Procedural security Not letting general society close PCs Not letting people in general observe what's on the screen Never signing in with an outcast viewing Shredding all paper squander

Prevention Procedural security Staff turn in keys before going on vacation Change passwords routinely Never give passwords via telephone or in email Never open sudden connections Monitor email to distinguish suspiciously substantial information fares or sending of passwords Mandate the utilization of corporate systems for reinforcements, filenaming and so on

Prevention Electronic security Usernames and passwords on PC startup, working framework, databases, Office reports Audit trails Encryption Biometric recognizable proof

Biometric Identification Keys and passwords just demonstrate somebody has the key or secret word, not that they are qualified for utilize them. Keys, passwords and so on can be stolen, replicated, lost, overlooked – fingerprints, eyes can't. Biometric ID guarantees that a man asking for get to is really the individual who was allowed get to

Biometric Identification: 100% remarkable and perpetual features* Fingerprints Retinal sweeps (veins at the back of the eye) Iris checks (shaded part at the front of the eye) Hand vein design *Yes – even between indistinguishable twins.

Less dependable biometric highlights: not one of a kind, or may change after some time Face acknowledgment You've seen clones Voice acknowledgment Easy to impersonate voices Walk (stride) acknowledgment Can be practiced

Prevention Electronic security Use swipe cards rather than keys Most inns utilize them now Cards can be deauthorised instantly when lost or if a man is thought to be a hazard Can be customized to just open certain entryways at specific circumstances of day (e.g. not following 5pm or on ends of the week or when its client is on vacations)

Espionage Political – can debilitate national security Industrial – take contender's mysteries Encryption can make stolen information futile to unapproved individuals. See: SSL RSA, PGP Public Key encryption

Hackers Motives used to be popularity, accomplishment, praise Usually now sorted out wrongdoing rings intending to take cash

Hackers can control PCs traded off by Trojans – take financial balance information, charge card numbers, passwords and so on Will offer the data or utilize it themselves Defense = firewall to avert programmer enacting or being accounted for to by an introduced Trojan

F i r e w a l s Block the majority of the 65,535 correspondence ports that are normally open and can be entered by programmers Make a PC undetectable to port sniffing programming Built into most home switches – great & simple security from approaching dangers

F i r e w a l s Software firewalls (e.g. Zone Alarm) likewise piece unapproved active movement (e.g. a trojan mailing its keylogger information back to a programmer) Software firewalls can require preparing to show them what projects are permitted to send information.

Disgruntled workers "Displeased" = sulky, disappointed, looking for retribution (e.g. simply been terminated or shouted at) Can do hurt with imprudence or dynamic malevolence May take information to hurt manager and offer to new boss Solution: evacuate arrange/information get to benefits before sacking individuals! Review trails record all system activities & who was capable.

Distributed Denial of Service assault Usually set up by programmer taking control of zombie PCs contaminated by Trojan Hacker can guide numerous zombies to barrage server with Pings or information solicitations to the point it can't adapt and can't work appropriately

Distributed Denial of Service assault DDOS frequently went for political, religious, individual adversaries Not numerous resistances against DDOS: stay up with the latest and security gaps fixed.

Phishing 'Social building' Depends on naïveté of casualties Often utilizes unnerve strategies, e.g. Your financial balance has been bargained This (fake) Paypal exchange has happened You have to confirm your login

Phishing Can persuade – fake site logins look genuine Solution: instruct workers; never click a connection in a suspicious email

Internet tricks Rely on casualty's mankind (e.g. fake foundations) or covetousness (e.g. Nigerian "419" trick) People give financial balance information or give straightforwardly Can be physical hazard if tricksters bait casualty to their nation and hold them prisoner Solution: instruct clients; don't accept 'pipe dream' offers

Accidental activities Incompetent representatives "Misplaced" information Natural calamities

Incompetent workers One of the most widely recognized dangers to information Poorly-prepared staff devastate a bigger number of information than any number of programmers Good expectations won't bring back erased information Train clients completely; give great documentation

Incompetent workers Only give clients enough access to information so they can carry out their employment (progressive information get) as far as possible the harm they can do Use great programming that commits errors harder to make

"Misplaced" information Poor record taking care of strategies can prompt to records being difficult to discover without gigantic inquiries May not be pulverized , but rather information is similarly out of reach. Arrangement: appropriately arranged and implemented record and organizer naming plan Version control – to anticipate overwriting late reports with old information.

"Characteristic" catastrophes E.g. fire, surge, tremor, falling tree, runaway truck, control surge, revolt, war, lightning Uninterruptible Power Supply (UPS) can sift through risky power surges to ensure equipment, and adapt to power outages Disaster may not be preventable, but rather can be recuperated from with a decent information catastrophe recuperation arrange…

Disaster Recovery Plan Relies on reinforcements. Viable reinforcements must be: Regular (incremental day by day, full reinforcement week after week) Tested (with test information, not genuine information!) Stored offsite Key recuperation information ought to likewise be put away offsite Insurance organization, strategy number and so on Details of reinforcement programming and equipment to permit reestablish and so forth

Disaster Recovery Plan Any DDRP must be tried to discover shortcomings or oversights Perform test reestablishes of went down information Practice fire drills Ensure that the crisis overseer watchword works Test smoke alerts, thief cautions Ensure crisis contacts rundown is a la mode and so on

Technical Failure Hardware disappointment (e.g. hard plate crash, document server disappointment) Operating framework disappointment Software disappointment

Hardware Failure Typically: hard circle, control supplies (moving parts age rapidly) Also: circuit sheets (weld joints dry out and break) Solution: repetitive gear (e.g. two power supplies, NICs) Solution: great condition Air molded server room UPS to anticipate control surges

Software Failure OS crash or application disappointment can bring about information misfortune if work in advance has not be