Andrew Stephen

1 / 30
About This Presentation
Title:

Andrew Stephen

Description:

Security in an Age of Innovation. Creating connections by optimising ... TJX Cos. in Framingham, Mass., to repeatedly purloin information about customers. ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 31
Provided by: andrews55

less

Transcript and Presenter's Notes

Title: Andrew Stephen


1
GOVIS Conference 2007
Andrew Stephen Principal Consultant,
Security Optimation andrew.stephen_at_optimation.co
.nz http//www.optimation.co.nz/
2
Security in an Age of Innovation
  • (In)Security in the Government Sector
  • Losing Things
  • The Web
  • Wireless
  • In Summary

3
Security in an Age of Innovation
4
Security in an Age of Innovation
Symantec Government Internet Security Threat
Report March 2006
5
Security in an Age of Innovation
Derived from Symantec Government Internet
Security Threat Report March 2006
6
Security in an Age of Innovation
Symantec Internet Security Threat Report March
2006
7
Security in an Age of Innovation
Excerpt from AusCERT 2006 Computer Crime and
Security Survey
8
Security in an Age of Innovation
9
Security in an Age of Innovation
  • IRD has 'lost' 106 computers
  • NZPA Friday, 20 April 2007
  • The Inland Revenue Department doesn't know where
    106 of its computers are.
  • National Party MP Gerry Brownlee revealed the
    IRD's plight yesterday, releasing an official
    response to a parliamentary question
  • "Inland Revenue holds 8488 desktop and laptop
    computers. As at April 2006, 106 (1.2 per cent)
    of these computers could not be located, 32 of
    these were deemed to be obsolete. This number is
    expected to reduce in the future due to the
    implementation of additional tracking software."

http//stuff.co.nz/4031725a11.html
10
Security in an Age of Innovation
  • Information Classification and Handling

11
Security in an Age of Innovation
  • Asset Management

12
Security in an Age of Innovation
  • Full Disk Encryption

13
Security in an Age of Innovation
  • Laptop tracking and Remote Kill

14
Security in an Age of Innovation
15
Security in an Age of Innovation
I made this up
16
Security in an Age of Innovation
I made this up
17
Security in an Age of Innovation
Sixty-six percent of vulnerabilities disclosed
during this period affected Web applications.
Symantec March 2007 Internet Security Threat
Report
18
Security in an Age of Innovation
Better Development Practices
19
Security in an Age of Innovation
Access by everyone, from everywhere
20
Security in an Age of Innovation
Secure Access Appliances
21
Security in an Age of Innovation
How to identify bad traffic?
22
Security in an Age of Innovation
Application Layer Firewalls
23
Security in an Age of Innovation
24
Security in an Age of Innovation
Case Study
War driver sparks Otago DHB network security
review Anonymous tipster claims it's possible to
access patient files over WiFi By Juha Saarinen,
Auckland Tuesday, 10 April, 2007 An anonymous
war driver has told Computerworld that its
possible to access internal systems through the
wireless service run by the Otago District Health
Board (ODHB). As a result, the Dunedin hospital
authority may have to review the security
arrangements relating to its wi-fi pilot.
25
Security in an Age of Innovation
Another Case Study
BREAKING THE CODEHow Credit-Card Data Went Out
Wireless Door Biggest Known Theft Came from
Retailer With Old, Weak Security By JOSEPH
PEREIRAMay 4, 2007 Page A1 The biggest known
theft of credit-card numbers in history began two
summers ago outside a Marshalls discount clothing
store near St. Paul, Minn. There, investigators
now believe, hackers pointed a telescope-shaped
antenna toward the store and used a laptop
computer to decode data streaming through the air
between hand-held price-checking devices, cash
registers and the store's computers. That helped
them hack into the central database of Marshalls'
parent, TJX Cos. in Framingham, Mass., to
repeatedly purloin information about customers.
http//online.wsj.com/article_email/SB117824446226
991797-lMyQjAxMDE3NzA4NDIwNDQ0Wj.html
26
Security in an Age of Innovation
Other Wireless Threats
27
Security in an Age of Innovation
  • The top cause of data or financial loss, is loss
    of equipment.
  • Enforce a comprehensive Information
    Classification and Handling Policy.
  • Asset Tracking and Management
  • Full disk Encryption

28
Security in an Age of Innovation
  • A Large majority of vulnerabilities are in Web
    Applications
  • Improve Development Practices
  • Independent review of new apps
  • Security appliances help with old and new
    applications.
  • Application Firewalls becoming more important

29
Security in an Age of Innovation
  • Wireless networks are common and often easy to
    break.
  • Plan deployments carefully get advice.
  • Use WPA2 and an EAP
  • Install Wireless Intrusion Prevention
  • Even if you dont want wireless.

30
Security in an Age of Innovation
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Andrew Stephen" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!