... agenda
Introduction for the security
Networks and exchanges of data
Computer security
The risks
The attacks
Social Engineering
Categories of attacks
Parades for the attacks
The security architecture
An ... ?
Question 2 : How the persons use the services ?
Introduction for the security
Networks and exchanges of data
Computer security
The risks
Networks and exchanges of data
For the exchange ... data and
information. For the live of the company, they're critical.
If in the network, the security is bad, the information
can be divulged and the system's properties.
Question 1 :...
... Computersecurity should support the mission of the organization.
2. Computersecurity is an integral element of sound management.
3. Computersecurity should be cost-effective.
4. Computersecurity ... Foundation for Federal ComputerSecurity Programs . 7
Chapter 2
ELEMENTS OF COMPUTER SECURITY
2.1 ComputerSecurity Supports the Mission of the Organization.
9
2.2 ComputerSecurity is an Integral ... applicable security practices.
3.2 ComputerSecurity Management
The ComputerSecurity Program Manager (and support staff) directs the organization's day-to-
day management of its computer security...
... about
computer security. This information pertains to security events, as well as to the characteristics of
computer and network systems themselves. Unfortunately, much of this computer security
information ... in
the field of computersecurity tend to be unique to different individuals and organizations. In other
words, a “common language” has yet to emerge in the field of computersecurity [LiJ97:154]
∗
. ... Donald Parker, “A Summary of Computer Misuse Techniques,”
Proceedings of the 12
th
National ComputerSecurity Conference, 1989.
[NRC91] National Research Council, Computers at Risk: Safe Computing...
... days of computer
security:
• Audit function - oversight
• Mainframe usage accounting and
system log analysis
• Often an accounting function
separate from IT
Short Form
• In 5 years, security ... talk
• Some History
• Current State of Security
• Some Extrapolation
Drivers
• Overinvestment in late 1990s
• VCs fund (approximately) 200
security start-ups
• Security market is about $20 bn
• Subtract ... has already largely happened in
the enterprise except for website
security
• Patch management and antivirus are
desktop security
Regulation: The Effect
• Compliance dollars are being
spent...
... software
on one computer, make backup copy, and sell software
after removing from computer
Computer Security Risks
What is a
What is a
computer security risk
computer security risk
?
?
p. ... (RSI)
Computer addiction
Computer addiction
—when
—when
computer consumes entire social
computer consumes entire social
life
life
Computer addiction
Computer addiction
—when
—when
computer ...
Chapter 11 Objectives
Describe the types of computersecurity risks
Describe the types of computersecurity risks
Identify ways to safeguard against computer
viruses, worms, Trojan horses, denial...
... auditors.
18
Physical Security. The physical security office is
usually responsible for developing and enforcing
appropriate physical security controls, in
consultation with computersecurity management,
program ... cycle. A long-term
survey of computer- related economic losses conducted by Robert Courtney, a computer security
consultant and former member of the Computer System Security and Privacy Advisory ... these issues make it necessary to reassess the
security of computer systems.
2.8 ComputerSecurity is Constrained by Societal Factors.
The ability of security to support the mission of the organization(s)...
... disposing of
computer security log data. This section of the document discusses the needs and challenges in computer
security log management. Section 2.1 explains the basics of computersecurity ... logs contain records related to computer security;
common examples of these computersecurity logs are audit logs that track user authentication attempts
and security device logs that record ...
storage, the security needs for the data, and the time and resources needed for staff to analyze the logs.
4-10
GUIDE TO COMPUTERSECURITY LOG MANAGEMENT
2. Introduction to Computer Security...
... Windows 2000/XP computers following a clone
operation. Each Windows 95, 98, or Me computer can be assigned a unique
name. Each Windows NT or 2000/XP computer can be assigned a unique
computer name ... file
■
Wattcp.cfg key words
152 Updating Security Identifiers (SIDs) and computer names
Using Ghost Walker
145Updating Security Identifiers (SIDs) and computer names
Loss of access to external ... operate on a network. This is
achieved using the Security Identifier (SID) and computer name. When you
restore an image onto a number of client computers, you must assign unique
identifiers as...
... of various computer and security logs
Page 14 of 39
Snortsnarf
This package is available at: http://www.silicondefense.com/snortsnarf/
The meaning of various computer and security logs ... various computer and security logs
Page 15 of 39
Shadow log
More information is available at: http://www.tcpdump.org and
http://www.nswc.navy.mil/ISSEC/CID/
The meaning of various computer ... a complete, integrated
security and privacy suite.
More information available at: http://www.symantec.com/sabu/nis/nis_fe/
The meaning of various computer and security logs
Page 27 of...
... developing its security plan.
These common elements include network security, computer (or
“host”) security, middleware and directory services, and application-
based security. An IT security architecture ... interconnect multiple computers and networks. These
hubs retransmit all network traffic to all computers connected to
that hub. The security implication is that if one computer has its
security compromised ... improving cam-
pus network security. As we shall see next, once a computer has been
compromised it can be used for a variety of dangerous practices.
Host-Based Security
A computer, often referred...