SlideShare una empresa de Scribd logo

Computerworld Conference (2002)

Skeeve Stevens
Skeeve Stevens

Computerworld Conference (2002)

Tecnología
1 de 16
Descargar para leer sin conexión
Hackers Why? Who? What do they want? Where are you most vulnerable? SKEEVE STEVENS [Former(?) Hacker] I.T Security Consultant Specialising in Security Theory, Trends, Policy, Disaster Prevention Email: skeeve@skeeve.org www.skeeve.org Copyright © 2002 by Skeeve Stevens All Rights Reserved
! Australian Computer Crime and Security Survey (May 02) n  ACCS Survey (only every survey of its kind in .au) reports more than 67% of respondents have been attacked/hacked during the 2001 period – 7% higher than the U.S in the same period. ! InternetWeek n  50% of U.S Corporations have had 30 or more penetrations n  60% lost up to $200K/intrusion ! Federal Computing World n  Over 50% of (U.S) Federal government agencies report unauthorised access (some are massive numbers) ! FBI/Computer Security Institute n  48% of all attacks originated from within the organization ! WarRoom Research Survey n  90% of Fortune 500 companies in the U.S surveyed admitted to inside security breaches ! Very few companies will talk. Too much fear of losing investor confidence and perhaps panicking the customer base (i.e. banks) Networks Under Assault
Why? - Hacker Motivations ! There are many different motivations to hack n  Experimentation and desire to learn n  “Gang” mentality n  Psychological needs (i.e.. to be noticed?) n  Misguided trust in other individuals n  Altruistic reasons n  Self-gratification n  Revenge and malicious reasons n  Emotional issues n  Desire to embarrass the target (many reasons) n  “Joyriding” n  “Scorekeeping” n  Espionage (corporate, governmental) n  Criminal – Stalking, Intimidation, Hostage, Blackmail
Types of Hackers Shades of Grey - Are all Hackers Bad? ! Black Hats (The Bad Ones) n  Professional Crackers (Crime Gangs) n  Corporate Espionage (Criminal in a suit – more common than companies realise – everyone has a competitor.) n  e-Terrorists (with or without a motivation [eco-hackers]) n  ? ! White Hats (The Good Ones) n  Corporate Security n  Tiger Teams (with reputations – ISS) n  Big 5 Audit/Testing Teams (PWC, etc) n  Law Enforcement Hackers / Military eSecurity ! Grey Hats (The Not-so-Bad / Not-so-Good Ones) n  Depends who’s paying n  Freelancers – to the highest bidder, which can include LEAs
Who are the Hackers? ! 49% are inside employees or contractors on the internal network ! 17% come from dial-up (still inside people) ! 34% are from Internet or an external connection to another company of some sort ! The major area of financial loss in hacking is internal: more money is lost via internal hacking and exploitation (by a factor of 30 or more) ! Most of the hacking that is done is from technical personnel in technical positions within the company
Perimeter Security Is Not Enough ! Even the best perimeter firewall can be breached ! What happens to your corporate assets if the perimeter is breached? ! What protects your internal network if the perimeter security fails? Most Businesses = Nothing ! How do you know you have been breached? Most Businesses = Never Know INTERNET Firewall External Router Internal Servers Production Network Desktops Workstations
Perimeter Security Is Not Enough ! Many companies with “insider access” - dissolve the perimeter protection (firewalls): n  customers, consultants, contractors, temps, supply chain partners, employees – unhappy / rogue (espionage) / snoopy (the curious/ambitious) / terminated (fired) ! Many widely disseminated vulnerabilities, backdoors, firewall holes, firewall pole vaults - such as dial-up modems, shareware password crackers ! Majority of breaches and financial losses - from those with “insider access”
Typical Inside Network Attacks ! Insider attack ! Social engineering ! Virus infiltration ! Denial of Service ! OS or application bug ! Infiltration via passwords ! Infiltration via “no security” ! Spoofing ! Trojan horse ! Brute force ! Stealth infiltration ! Protocol flaw or exploit
Biggest Mistakes in Internal Security ! Everybody trusts everybody ! “Any” theory: “We don’t have anything anyone would want anyway” – never true ! No internal monitoring of any kind ! No internal intrusion detection ! No internal network isolation methods ! No separation of critical networks or subnetworks via VLAN or VPNs ! Infrastructure ignorance
Network Security IS a Serious Issue ! $202 Billion Lost every year by companies to “e-Crime” in the US, Australian/rest of the world statistics are hard to estimate. ! 90% of e-Crime financial losses are INTERNAL ! U.S. Government alone will experience over 300,000 Internet attacks this year, Australian Government has not publicised any numbers ! Hundreds of thousands of websites contain some form of Hacker Tools / Information ! e-Crimes are estimated to take place every 20 seconds...
eSecurity / Hacking Insurance Policies ! Yes, you can actually buy hacking insurance policies for some situations ! One level allows for liability reduction due to protective measures taken (What sort of firewalls / policies / operating systems / training / etc…) ! Another provides a vendor security warranty level of assurance ! Others on their way…
????????????Future Server Threats ! Digital Nervous System components ! Infrastructure Dependencies n  Index Server/LDAP Servers n  Terminal Server with thin clients n  Exchange servers being used for office and workgroup flow applications n  DNS and other naming services servers n  Voice over IP (VoIP) n  Telephony servers for desktop telephony n  Netmeeting / Video collaboration servers n  NT servers being implemented in factories and industrial networks for process control. These require real-time network security features ! Home implementations for broadband/DSL access ! Small business via broadband/DSL access ! Seasonal threats (holiday hacker gangs)
$ Information Store A company’s most valuable assets are on its Information Store An attack on your Information Store can result in: Loss of access Loss of data integrity Theft of data Loss of privacy Legal liability Loss of Confidence (Owners/Stock market/Customers) Financial Loss (Fraud) Financials HR Records Patient Medical Records R&D Information Legal Records
Summary (I) ! It is a matter of “when” not a matter of “if” you will be attacked or hacked - the statistics are against you ! Internal network security is still the most pervasive corporate threat ! Many different levels of security are necessary to deal with the threats ! Apply internal security in proper measure to meet the actual or perceived threat environment
Summary (II) ! A Hacker can be anyone – an employee with a grudge, a contractor, a family member. They just want something they are not supposed to have. ! Hacking is gaining access to anything you shouldn’t have access to, using means you shouldn’t be using (illegal?) ! eSecurity is as important as real security. If you have a security guard to protect you, you should have an eSecurity guard. ! Many different levels of security are necessary to deal with the threats
Computerworld Conference (2002)

Recomendados

Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 

Recomendados

Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...North Texas Chapter of the ISSA
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Plus Consulting
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessAde Ismail Isnan
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 

Más contenido relacionado

La actualidad más candente

NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...North Texas Chapter of the ISSA
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Plus Consulting
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 

La actualidad más candente (20)

NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
NTXISSACSC3 - Evolution of Cyber Threats and Defense Approaches by Antony Abr...
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
Data breach
Data breachData breach
Data breach
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, Future
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 

Similar a Computerworld Conference (2002)

Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Grant Barker
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hackingsatish kumar
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 

Similar a Computerworld Conference (2002) (20)

Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
Cyber security
Cyber securityCyber security
Cyber security
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLER
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Why_TG
Why_TGWhy_TG
Why_TG
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 

Más de Skeeve Stevens

Building an Elastic Fabric
Building an Elastic FabricBuilding an Elastic Fabric
Building an Elastic FabricSkeeve Stevens
 
Elastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsElastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsSkeeve Stevens
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC FabricsSkeeve Stevens
 
Future of Wearable Technology
Future of Wearable TechnologyFuture of Wearable Technology
Future of Wearable TechnologySkeeve Stevens
 
Service Provider Models using the NBN
Service Provider Models using the NBNService Provider Models using the NBN
Service Provider Models using the NBNSkeeve Stevens
 
World Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkWorld Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkSkeeve Stevens
 
The Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesThe Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesSkeeve Stevens
 
IPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableIPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableSkeeve Stevens
 
Social Media Trends and the Network
Social Media Trends and the NetworkSocial Media Trends and the Network
Social Media Trends and the NetworkSkeeve Stevens
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
Wholesale Options for Small ISPs
Wholesale Options for Small ISPsWholesale Options for Small ISPs
Wholesale Options for Small ISPsSkeeve Stevens
 
Why Being a Small ISP is still Viable
Why Being a Small ISP is still ViableWhy Being a Small ISP is still Viable
Why Being a Small ISP is still ViableSkeeve Stevens
 

Más de Skeeve Stevens (14)

Building an Elastic Fabric
Building an Elastic FabricBuilding an Elastic Fabric
Building an Elastic Fabric
 
The Cloud ISP
The Cloud ISPThe Cloud ISP
The Cloud ISP
 
Elastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPsElastic Fabrics & Cloud ISPs
Elastic Fabrics & Cloud ISPs
 
Wholesale services over VxC Fabrics
Wholesale services over VxC FabricsWholesale services over VxC Fabrics
Wholesale services over VxC Fabrics
 
Future of Wearable Technology
Future of Wearable TechnologyFuture of Wearable Technology
Future of Wearable Technology
 
Service Provider Models using the NBN
Service Provider Models using the NBNService Provider Models using the NBN
Service Provider Models using the NBN
 
World Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening TalkWorld Youth Day 2008 - Lightening Talk
World Youth Day 2008 - Lightening Talk
 
The Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile DevicesThe Impact of Social Media with Mobile Devices
The Impact of Social Media with Mobile Devices
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 
IPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the InevitableIPv6 Readiness - Preparing for the Inevitable
IPv6 Readiness - Preparing for the Inevitable
 
Social Media Trends and the Network
Social Media Trends and the NetworkSocial Media Trends and the Network
Social Media Trends and the Network
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Wholesale Options for Small ISPs
Wholesale Options for Small ISPsWholesale Options for Small ISPs
Wholesale Options for Small ISPs
 
Why Being a Small ISP is still Viable
Why Being a Small ISP is still ViableWhy Being a Small ISP is still Viable
Why Being a Small ISP is still Viable
 

Último

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Último (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Computerworld Conference (2002)

  • 1. Hackers Why? Who? What do they want? Where are you most vulnerable? SKEEVE STEVENS [Former(?) Hacker] I.T Security Consultant Specialising in Security Theory, Trends, Policy, Disaster Prevention Email: skeeve@skeeve.org www.skeeve.org Copyright © 2002 by Skeeve Stevens All Rights Reserved
  • 2. ! Australian Computer Crime and Security Survey (May 02) n  ACCS Survey (only every survey of its kind in .au) reports more than 67% of respondents have been attacked/hacked during the 2001 period – 7% higher than the U.S in the same period. ! InternetWeek n  50% of U.S Corporations have had 30 or more penetrations n  60% lost up to $200K/intrusion ! Federal Computing World n  Over 50% of (U.S) Federal government agencies report unauthorised access (some are massive numbers) ! FBI/Computer Security Institute n  48% of all attacks originated from within the organization ! WarRoom Research Survey n  90% of Fortune 500 companies in the U.S surveyed admitted to inside security breaches ! Very few companies will talk. Too much fear of losing investor confidence and perhaps panicking the customer base (i.e. banks) Networks Under Assault
  • 3. Why? - Hacker Motivations ! There are many different motivations to hack n  Experimentation and desire to learn n  “Gang” mentality n  Psychological needs (i.e.. to be noticed?) n  Misguided trust in other individuals n  Altruistic reasons n  Self-gratification n  Revenge and malicious reasons n  Emotional issues n  Desire to embarrass the target (many reasons) n  “Joyriding” n  “Scorekeeping” n  Espionage (corporate, governmental) n  Criminal – Stalking, Intimidation, Hostage, Blackmail
  • 4. Types of Hackers Shades of Grey - Are all Hackers Bad? ! Black Hats (The Bad Ones) n  Professional Crackers (Crime Gangs) n  Corporate Espionage (Criminal in a suit – more common than companies realise – everyone has a competitor.) n  e-Terrorists (with or without a motivation [eco-hackers]) n  ? ! White Hats (The Good Ones) n  Corporate Security n  Tiger Teams (with reputations – ISS) n  Big 5 Audit/Testing Teams (PWC, etc) n  Law Enforcement Hackers / Military eSecurity ! Grey Hats (The Not-so-Bad / Not-so-Good Ones) n  Depends who’s paying n  Freelancers – to the highest bidder, which can include LEAs
  • 5. Who are the Hackers? ! 49% are inside employees or contractors on the internal network ! 17% come from dial-up (still inside people) ! 34% are from Internet or an external connection to another company of some sort ! The major area of financial loss in hacking is internal: more money is lost via internal hacking and exploitation (by a factor of 30 or more) ! Most of the hacking that is done is from technical personnel in technical positions within the company
  • 6. Perimeter Security Is Not Enough ! Even the best perimeter firewall can be breached ! What happens to your corporate assets if the perimeter is breached? ! What protects your internal network if the perimeter security fails? Most Businesses = Nothing ! How do you know you have been breached? Most Businesses = Never Know INTERNET Firewall External Router Internal Servers Production Network Desktops Workstations
  • 7. Perimeter Security Is Not Enough ! Many companies with “insider access” - dissolve the perimeter protection (firewalls): n  customers, consultants, contractors, temps, supply chain partners, employees – unhappy / rogue (espionage) / snoopy (the curious/ambitious) / terminated (fired) ! Many widely disseminated vulnerabilities, backdoors, firewall holes, firewall pole vaults - such as dial-up modems, shareware password crackers ! Majority of breaches and financial losses - from those with “insider access”
  • 8. Typical Inside Network Attacks ! Insider attack ! Social engineering ! Virus infiltration ! Denial of Service ! OS or application bug ! Infiltration via passwords ! Infiltration via “no security” ! Spoofing ! Trojan horse ! Brute force ! Stealth infiltration ! Protocol flaw or exploit
  • 9. Biggest Mistakes in Internal Security ! Everybody trusts everybody ! “Any” theory: “We don’t have anything anyone would want anyway” – never true ! No internal monitoring of any kind ! No internal intrusion detection ! No internal network isolation methods ! No separation of critical networks or subnetworks via VLAN or VPNs ! Infrastructure ignorance
  • 10. Network Security IS a Serious Issue ! $202 Billion Lost every year by companies to “e-Crime” in the US, Australian/rest of the world statistics are hard to estimate. ! 90% of e-Crime financial losses are INTERNAL ! U.S. Government alone will experience over 300,000 Internet attacks this year, Australian Government has not publicised any numbers ! Hundreds of thousands of websites contain some form of Hacker Tools / Information ! e-Crimes are estimated to take place every 20 seconds...
  • 11. eSecurity / Hacking Insurance Policies ! Yes, you can actually buy hacking insurance policies for some situations ! One level allows for liability reduction due to protective measures taken (What sort of firewalls / policies / operating systems / training / etc…) ! Another provides a vendor security warranty level of assurance ! Others on their way…
  • 12. ????????????Future Server Threats ! Digital Nervous System components ! Infrastructure Dependencies n  Index Server/LDAP Servers n  Terminal Server with thin clients n  Exchange servers being used for office and workgroup flow applications n  DNS and other naming services servers n  Voice over IP (VoIP) n  Telephony servers for desktop telephony n  Netmeeting / Video collaboration servers n  NT servers being implemented in factories and industrial networks for process control. These require real-time network security features ! Home implementations for broadband/DSL access ! Small business via broadband/DSL access ! Seasonal threats (holiday hacker gangs)
  • 13. $ Information Store A company’s most valuable assets are on its Information Store An attack on your Information Store can result in: Loss of access Loss of data integrity Theft of data Loss of privacy Legal liability Loss of Confidence (Owners/Stock market/Customers) Financial Loss (Fraud) Financials HR Records Patient Medical Records R&D Information Legal Records
  • 14. Summary (I) ! It is a matter of “when” not a matter of “if” you will be attacked or hacked - the statistics are against you ! Internal network security is still the most pervasive corporate threat ! Many different levels of security are necessary to deal with the threats ! Apply internal security in proper measure to meet the actual or perceived threat environment
  • 15. Summary (II) ! A Hacker can be anyone – an employee with a grudge, a contractor, a family member. They just want something they are not supposed to have. ! Hacking is gaining access to anything you shouldn’t have access to, using means you shouldn’t be using (illegal?) ! eSecurity is as important as real security. If you have a security guard to protect you, you should have an eSecurity guard. ! Many different levels of security are necessary to deal with the threats