SlideShare a Scribd company logo

Dos and Dont to be followed to protect information and technology

Download as PPT, PDF
S
ssuser3baba2

Dos and Dont about IT, How to Protect Infrastrcure

Technology
1 of 37
Download to read offline
1
2
3
4
5
Most read
6
Most read
7
8
Most read
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 Cyber Security Awareness
Overview  What is Cyber Security?  RBI Framework  Security Layers  Security Threats  Security Measures  Dos and Don'ts  Conclusion
What is Cyber Security?  Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data
Security Myths  Myths -Firewalls make your data secure. Encryption makes your data secure. Hackers cause most security breaches.  In fact, 80% of data loss is caused by insiders. In fact, encryption is only one approach to securing data. Security also requires access control, data integrity, system availability, and auditing.  In fact, 40% of Internet break-ins occur in spite of a firewall being in place!!!!
Security Triad Ensuring that data is protected from unauthorized access Ensuring that data can be modified only by appropriate mechanisms The degree to which authorized users can access information for legitimate purposes
Points of Concerns in Banking • Letting vendors define “good security” • Underestimating the required security expertise •Lack of operational Security • Assigning untrained people to maintain security • Relying primarily on a firewall. • Firstly think of budget concerns, neglecting the value of their information and organizational reputations. • Authorizing reactive, short-term fixes so problems re-emerge rapidly
- Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset – Threat: Something that can potentially cause damage to the organization, IT Systems or network. – Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat Defining the risks , threats and vulnerabilities
Cyber Security Framework by RBI
Security Layers
Physical Security  Physical Security is the fundamental layer of security.  Physical security describes measures that are designed to prevent unauthorized physical access to data, equipment, resources and personal and protect the same from physical damage or harm.  This includes protection from natural and man-made disasters which includes fires, floods, theft accidents etc.  Physical Security is often overlooked because of more technical logical breaches.
Physical Security
Physical Security  Preventing physical security breach is the prime concern of the administrators.  Following are the devices that are associated with the Physical Security of the premises. 1. Boom Barrier 2. CCTV 3. Visitor Management System (VMS) 4. RFID 5. Biometric Scanners 6. Digital Locks
LOGICAL SECURITY
Passwords  Use Strong Passwords using combination of Uppercase Lower Case Numerical and Special Characters  Never use pets name, birthdates, telephone nos, names, dictionary words etc  Never share a password – don’t store a password on internet or on local computer  Good Password – S@{h!n~ -  Make it something you can visualize. It’s easier to remember that way  The more personal the better. “mY5orit3$hirt’sR3d” (my favorite shirt is red)
PROTECTING DATA AND ASSETS –Branches Perspective • Secure your Documents and DATA • Restrict USB Access on All Computers at Branches • Use Your E mails Securely • Report Any Unusual Instances to Head Office. • Use Strong Passwords • Never Share the Password • Lock your computer before you leave your Desk • Update your Antivirus Regularly – In case the Software is not getting Updated inform IT Department • Lock your Cabin after leaving premise. • Keep an Eye on suspicious behavior of others at work.
Symptoms of being infected with a virus ! 1. You see unexpected messages or images. 2. You hear unexpected sounds, played at random. 3. Programs start unexpectedly. 4. Your personal firewall tells you that an application has tried to connect to the Internet (and it’s not a program that you ran). 5. Your friends tell you that they have received e-mail messages from your address and you haven’t sent them anything. 6. Your computer ‘freezes’ frequently, or programs start running slowly. 7. You get lots of system error messages. 8. The operating system will not load when you start your computer. 9. You notice that files or folders have been deleted or changed. 10.You notice hard disk access (shown by one of the small flashing lights) when you’re not aware of any programs running. 11.Your web browser behaves erratically, e.g. you can’t close a browser window.
Just in case if you are infected… • Disconnect the infected computer from the Internet. • Isolate the machine. Nothing comes in nothing goes out. • Update anti-virus signatures (Don’t use the compromised machine) • Start the computer in safe mode and perform extensive scanning • Use anti-virus program for removing the malicious program. • If automated removal doesn’t yield result, closely observe the behavior of your computer. • Make a note of all the programs which start automatically when the computer boots up. • Search for suspicious entries. Delete the registry entries which correspond to suspicious entries. • Use tools like curr ports or command like netstat to monitor opened TCP/IP and UDP ports on the local computer. • Terminate the processes which seems to be suspicious. • For damage beyond repair… Reinstall OS and be vigilant !
Types f Attacks  DoS and DDoS it is aimed at preventing authorized, legitimate users from accessing services on the network. A DoS attack can be initiated by sending invalid data to applications or network services until the server hangs or simply crashes. The most common form of a DoS attack is TCP attacks.  A network attacker can increase the enormity of a DoS attack by initiating the attack against a single network from multiple computers or systems. This type of attack is known as a distributed denial of service (DDoS) attack. Network administrators can experience great difficulty in fending off DDoS attacks, simply because blocking all the attacking computers, can also result in blocking authorized users.
DDos
MAN IN THE MIDDLE  MITM It occurs when a cracker eavesdrops on a secure communication session and monitors, captures and controls the data being sent between the two parties communicating. The attacker attempts to obtain information so that he/she can impersonate the receiver and sender.
MITM
MITM
MPLS Internet MPLS Internet Mobile 4G Mobile Banking Branch Computer Firewall Firewall Attacker Attacker Attacker Attacker Server Server Man in the Middle DLP Phishing Vishing Virus Malware Trojan Rouge Software Network Intrusion Credential Hack Software Flaw Network Sniffing Credential Hack Network Attack DOS DDOS Port Scan and penetration Misconfigured Network Wrong Routing Tables Carrier Side Wire Tapping
SSL- HTTPS • A PAD LOCK Represents SSL – Secure Socket Layer • The Technology Ensures that the communication between the webserver and the Client is Encrypted. • The Technology Ensures that the website is 100 %Genuine • The Technology protects the Confidential Data entered by the consumer , even the internet service provider does not know about it. • Its Save and protects from Man in the Middle.
User Frauds Phishing Phishing Sites Identity Theft Shoulder Surfing Identity Stealing Online Frauds Nigerian Frauds Online Lottery Employment Frauds Online Data Entry Frauds Internet Frauds Credit Card /Debit Card Frauds Document Forgery
Phishing
Phishing
Phishing
INSIDER ATTACK
Social Engineering Do’s and Don’ts
Security Measures  Security Awareness  Encryption  Strong Passwords  Up to date Antivirus  Next Gen Firewall / UTM  Mobile Device Management  Network Monitoring  Policy Framework
Encryption Cryptography The field of study related to encoded information (comes from Greek word for "secret writing") Encryption The process of converting plaintext into cipher text Decryption The process of converting cipher text into plaintext
Encryption
Digital Signature
Policy Framework  Policy frame work ensures the integrity and security with in the organization  Frameworks such as ISO 27001, BSI, PCIDSS,PADSS etc. ensure and standardize security practices.  It reduces the chances of loopholes in the infrastructure.  Policy and Procedures helps the organization to mitigate with the security threats.
Conclusion  Conduct Security Awareness Programs, Educate Employees.  Secure the premises  Deploy Antivirus software  Deploy Firewall/UTM  Deploy Network Monitoring Tools  Deploy Security Frame Work  Secure Identity and Personal Information.  Get the It systems audited for extra loopholes and vulnerabilities.
THANK YOU

More Related Content

PPTX
Cyber security
ankit yadav
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
PPTX
Cyber security
ZwebaButt
 
PPTX
iIIBF Cyber Security Presentation 2.pptx
NarinderKumarBhasin
 
PPT
Chapter1 intro network_security_sunorganised
Bule Hora University
 
PPTX
Cyber security
Nimesh Gajjar
 
Cyber security
ankit yadav
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Cyber security
ZwebaButt
 
iIIBF Cyber Security Presentation 2.pptx
NarinderKumarBhasin
 
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Cyber security
Nimesh Gajjar
 

Similar to Dos and Dont to be followed to protect information and technology (20)

PPT
chapter 1 security.ppt
girmawodajo
 
PPTX
Network Security Basics in networking to learn
amansinght675
 
DOCX
Seguridad web -articulo completo- ingles
isidro luna beltran
 
PPTX
Security Architectures and Models.pptx
RushikeshChikane2
 
PPTX
LIS3353 SP12 Week 9
Amanda Case
 
PPTX
Lecture 2.pptx
MuhammadRehan856177
 
PPT
Essentials Of Security
xsy
 
PDF
Sec0001 .pdf
mah902110
 
PPTX
It security the condensed version
Brian Pichman
 
PPTX
Lecture 2.pptx
MuhammadRehan856177
 
PPT
2.4.1 - Intro to Cyber Security for students.ppt
rameshselvarajkkp
 
PPT
Security - Chapter 1.ppt
WorknehEdimealem
 
PPTX
Cyber Security Briefing
Marshall Frett Jr.
 
PPT
Security Of Information Assets and why it matters.ppt
hellasassin
 
PPT
IT-Security Awareness and Training session
sameerroushan
 
PPTX
Cyber Security Awareness Program.pptx
Dinesh582831
 
PDF
Cyber Security.pdf
preethajoseph5
 
PPTX
Data security
Soumen Mondal
 
PPTX
Computer security and
Rana Usman Sattar
 
PPTX
Information Systems.pptx
KnownId
 
chapter 1 security.ppt
girmawodajo
 
Network Security Basics in networking to learn
amansinght675
 
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Security Architectures and Models.pptx
RushikeshChikane2
 
LIS3353 SP12 Week 9
Amanda Case
 
Lecture 2.pptx
MuhammadRehan856177
 
Essentials Of Security
xsy
 
Sec0001 .pdf
mah902110
 
It security the condensed version
Brian Pichman
 
Lecture 2.pptx
MuhammadRehan856177
 
2.4.1 - Intro to Cyber Security for students.ppt
rameshselvarajkkp
 
Security - Chapter 1.ppt
WorknehEdimealem
 
Cyber Security Briefing
Marshall Frett Jr.
 
Security Of Information Assets and why it matters.ppt
hellasassin
 
IT-Security Awareness and Training session
sameerroushan
 
Cyber Security Awareness Program.pptx
Dinesh582831
 
Cyber Security.pdf
preethajoseph5
 
Data security
Soumen Mondal
 
Computer security and
Rana Usman Sattar
 
Information Systems.pptx
KnownId
 
Ad

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Approach and Philosophy of On baking technology
30anthuong17
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation theory and applications.pdf
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Cloud computing and distributed systems.
kkkkkhan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
A Presentation on Artificial Intelligence
memembruh336
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Teaching material agriculture food technology
LiaRayya
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Ad

Dos and Dont to be followed to protect information and technology

  • 2. Overview  What is Cyber Security?  RBI Framework  Security Layers  Security Threats  Security Measures  Dos and Don'ts  Conclusion
  • 3. What is Cyber Security?  Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data
  • 4. Security Myths  Myths -Firewalls make your data secure. Encryption makes your data secure. Hackers cause most security breaches.  In fact, 80% of data loss is caused by insiders. In fact, encryption is only one approach to securing data. Security also requires access control, data integrity, system availability, and auditing.  In fact, 40% of Internet break-ins occur in spite of a firewall being in place!!!!
  • 5. Security Triad Ensuring that data is protected from unauthorized access Ensuring that data can be modified only by appropriate mechanisms The degree to which authorized users can access information for legitimate purposes
  • 6. Points of Concerns in Banking • Letting vendors define “good security” • Underestimating the required security expertise •Lack of operational Security • Assigning untrained people to maintain security • Relying primarily on a firewall. • Firstly think of budget concerns, neglecting the value of their information and organizational reputations. • Authorizing reactive, short-term fixes so problems re-emerge rapidly
  • 7. - Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset – Threat: Something that can potentially cause damage to the organization, IT Systems or network. – Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat Defining the risks , threats and vulnerabilities
  • 10. Physical Security  Physical Security is the fundamental layer of security.  Physical security describes measures that are designed to prevent unauthorized physical access to data, equipment, resources and personal and protect the same from physical damage or harm.  This includes protection from natural and man-made disasters which includes fires, floods, theft accidents etc.  Physical Security is often overlooked because of more technical logical breaches.
  • 12. Physical Security  Preventing physical security breach is the prime concern of the administrators.  Following are the devices that are associated with the Physical Security of the premises. 1. Boom Barrier 2. CCTV 3. Visitor Management System (VMS) 4. RFID 5. Biometric Scanners 6. Digital Locks
  • 14. Passwords  Use Strong Passwords using combination of Uppercase Lower Case Numerical and Special Characters  Never use pets name, birthdates, telephone nos, names, dictionary words etc  Never share a password – don’t store a password on internet or on local computer  Good Password – S@{h!n~ -  Make it something you can visualize. It’s easier to remember that way  The more personal the better. “mY5orit3$hirt’sR3d” (my favorite shirt is red)
  • 15. PROTECTING DATA AND ASSETS –Branches Perspective • Secure your Documents and DATA • Restrict USB Access on All Computers at Branches • Use Your E mails Securely • Report Any Unusual Instances to Head Office. • Use Strong Passwords • Never Share the Password • Lock your computer before you leave your Desk • Update your Antivirus Regularly – In case the Software is not getting Updated inform IT Department • Lock your Cabin after leaving premise. • Keep an Eye on suspicious behavior of others at work.
  • 16. Symptoms of being infected with a virus ! 1. You see unexpected messages or images. 2. You hear unexpected sounds, played at random. 3. Programs start unexpectedly. 4. Your personal firewall tells you that an application has tried to connect to the Internet (and it’s not a program that you ran). 5. Your friends tell you that they have received e-mail messages from your address and you haven’t sent them anything. 6. Your computer ‘freezes’ frequently, or programs start running slowly. 7. You get lots of system error messages. 8. The operating system will not load when you start your computer. 9. You notice that files or folders have been deleted or changed. 10.You notice hard disk access (shown by one of the small flashing lights) when you’re not aware of any programs running. 11.Your web browser behaves erratically, e.g. you can’t close a browser window.
  • 17. Just in case if you are infected… • Disconnect the infected computer from the Internet. • Isolate the machine. Nothing comes in nothing goes out. • Update anti-virus signatures (Don’t use the compromised machine) • Start the computer in safe mode and perform extensive scanning • Use anti-virus program for removing the malicious program. • If automated removal doesn’t yield result, closely observe the behavior of your computer. • Make a note of all the programs which start automatically when the computer boots up. • Search for suspicious entries. Delete the registry entries which correspond to suspicious entries. • Use tools like curr ports or command like netstat to monitor opened TCP/IP and UDP ports on the local computer. • Terminate the processes which seems to be suspicious. • For damage beyond repair… Reinstall OS and be vigilant !
  • 18. Types f Attacks  DoS and DDoS it is aimed at preventing authorized, legitimate users from accessing services on the network. A DoS attack can be initiated by sending invalid data to applications or network services until the server hangs or simply crashes. The most common form of a DoS attack is TCP attacks.  A network attacker can increase the enormity of a DoS attack by initiating the attack against a single network from multiple computers or systems. This type of attack is known as a distributed denial of service (DDoS) attack. Network administrators can experience great difficulty in fending off DDoS attacks, simply because blocking all the attacking computers, can also result in blocking authorized users.
  • 19. DDos
  • 20. MAN IN THE MIDDLE  MITM It occurs when a cracker eavesdrops on a secure communication session and monitors, captures and controls the data being sent between the two parties communicating. The attacker attempts to obtain information so that he/she can impersonate the receiver and sender.
  • 21. MITM
  • 22. MITM
  • 23. MPLS Internet MPLS Internet Mobile 4G Mobile Banking Branch Computer Firewall Firewall Attacker Attacker Attacker Attacker Server Server Man in the Middle DLP Phishing Vishing Virus Malware Trojan Rouge Software Network Intrusion Credential Hack Software Flaw Network Sniffing Credential Hack Network Attack DOS DDOS Port Scan and penetration Misconfigured Network Wrong Routing Tables Carrier Side Wire Tapping
  • 24. SSL- HTTPS • A PAD LOCK Represents SSL – Secure Socket Layer • The Technology Ensures that the communication between the webserver and the Client is Encrypted. • The Technology Ensures that the website is 100 %Genuine • The Technology protects the Confidential Data entered by the consumer , even the internet service provider does not know about it. • Its Save and protects from Man in the Middle.
  • 25. User Frauds Phishing Phishing Sites Identity Theft Shoulder Surfing Identity Stealing Online Frauds Nigerian Frauds Online Lottery Employment Frauds Online Data Entry Frauds Internet Frauds Credit Card /Debit Card Frauds Document Forgery
  • 31. Security Measures  Security Awareness  Encryption  Strong Passwords  Up to date Antivirus  Next Gen Firewall / UTM  Mobile Device Management  Network Monitoring  Policy Framework
  • 32. Encryption Cryptography The field of study related to encoded information (comes from Greek word for "secret writing") Encryption The process of converting plaintext into cipher text Decryption The process of converting cipher text into plaintext
  • 35. Policy Framework  Policy frame work ensures the integrity and security with in the organization  Frameworks such as ISO 27001, BSI, PCIDSS,PADSS etc. ensure and standardize security practices.  It reduces the chances of loopholes in the infrastructure.  Policy and Procedures helps the organization to mitigate with the security threats.
  • 36. Conclusion  Conduct Security Awareness Programs, Educate Employees.  Secure the premises  Deploy Antivirus software  Deploy Firewall/UTM  Deploy Network Monitoring Tools  Deploy Security Frame Work  Secure Identity and Personal Information.  Get the It systems audited for extra loopholes and vulnerabilities.