Transcript Intro to Sys Security

Introduction to
Systems Security
(January 11, 2016)
© Abdou Illia – Spring 2016
Learning Objectives
 Discuss state of security threats in the U.S.
 Discuss how to manage info security

Plan-Protect-Respond cycle

People-Technology-Policy approach
2
Preventing Security Threats
What can you do, as a user of a
computer connected to the
Internet or as a business having
a network that is connected to
the Internet, to prevent security
threats/attacks from occurring?
3
Preventing Security Threats

Use anti-virus software

Use software firewall

Use hardware/appliance firewall

Use Intrusion Defense Systems

Use Intrusion Prevention Systems

Install OS updates

Install applications’ updates

Not open file attachments from unknown sources

Not click URL in emails from unknown sources

Social engineering tests/Mock phishing schemes

Awareness training

Acceptable computer use policy

Password policy

Etc.
4
Countermeasures
 Tools used to thwart attacks
 Also called safeguards, protections, and controls
 Types of countermeasures

Preventative

Detective

Corrective
 Question: Match each of the countermeasures
from the previous slide with its type.
5
The Plan-Protect-Respond cycle
Figure 2-6
Dominates security management thinking
6
6
How is the book organized?
7
2012/2013 CSI Security Report
Survey Summary online
 Survey conducted by the Computer Security
Institute (http://www.gocsi.com).
 Copy of Survey report on course web site
8
9
Types of attacks: by % of respondents
10
2013 CSI Report (cont.)
11
CSI Survey (cont.)
12
13
Satisfaction with Security Technology (cont.)
14
15
Types of Technology Used (cont.)
16
2014 Sophos Security Threat Report
 Malware* hosted on websites
17
* Malicious software
2014 Sophos Security Threat Report
 Malware hosting countries
18
2014 Sophos Security Threat Report
 Web server’s software affected
Web server software
Apache IIS SunONE
Operating System
Computer hardware
RAM chip
HD
Processor
Web server computer
 As of March 2014 Apache served 58% of all web servers
 Apache available for Microsoft Windows, Novell NetWare and Unix-like OS
19
Summary Questions
1.
What is Plan-Protect-Respond? How important is it
for information security?
2.
What is PTP?
3.
What does malware refer to?
4.
Systems running Microsoft operating systems are
more likely to be attacked than others.
T
F
5.
With Windows OS, you can use IIS or another web
server software like Apache.
T
F
6.
What web server software is most affected by web
threats today?
20