Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Unit 32: Networked Systems Security

No description
by

on 20 March 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Unit 32: Networked Systems Security

LO3: Understand organisational aspects of network security
A: Policies and procedures.
B: User responsibilities.
C: Education of IT professionals.
D: Physical security of systems.
E: Risk assessment and reduction.
LO4: Be able to apply system security
A: Administration.
B: Algorithms.
C: Transport.
D: Application.
E: Filtering.
F: Test.
LO2: Know about security related hardware and software.
A: Email systems.
B: Wireless systems.
C: Networked devices.
D: Transmission media.
E: Personal access control.
F: Security control at device level.
G: Encryption.
H: Intrusion detection systems
LO1: Know the types and sources of network attacks
A: Attacks
B: Sources of attacks
Introduction
Unit 32 learning outcomes:
1: Know the types and sources of network attacks.
2: Know about security related hardware and software.
3: Understand organisational aspects of network security.
4: Be able to apply system security.
Unit 32: Networked Systems Security
LO1 A: Attacks
DoS / DDoS - Denial of Service (/Distributed)
Spyware
Viruses
Worms
Brute Force
Back door
Spoofing
Mathematical
Software exploitation
Rootkits
Trojans
Adware
Class Activity 2:
In groups of three find two different security attacks reported in the news recently (the past year).

Create a presentation of those attacks to present to the rest of the group. These are to include what type of attack it was, what happened, the implications, who was affected and possible causes/sources.

You can use the following to create your presentation:
PowerPoint (With a design, not plain)
Prezi - Like PowerPoint but more design options
Bitstrips - comic strip software.
Sources of attacks
Internal e.g. disaffected staff.

External e.g. via internet connections or through unsecured wireless access point, viruses introduced by email.
Attacks where you least expect them.
Glossary of Terms
On Moodle there is a link to the glossary. I will be adding the terms for the different types of attacks.

You will be able to make comments on them and so I expect to see some on there in regards to the different attacks.

Access here: http://moodle.hrc.ac.uk/mod/glossary/view.php?id=78546
Class Activity 1:
In pairs research the two types of attack that you have been given and take down notes or create a short presentation to present to the rest of the group. These are to include:
What they are.
What they do.
How they are implemented.

These will then need to be added to a glossary (which you will be shown later) for reference when you are working on Assignment 1 Task 1.
Sources:
News websites e.g. BBC News, Sky News, Guardian.
LO2A: Email systems
Security features e.g.secure MIME, spam, hoaxing, relay agents.
LO2B: Wireless systems
Security features e.g. site surveys, MAC association, WEP/WPA keys, TKIP
LO2C: Networked devices
Security features e.g. router, switch, wireless access point.
LO2D: Transmission media
Issues e.g. use of shielding (how it affects the data transfer through the cabling).
LO2G: Encryption
e.g. encrypting files for confidentiality, encryption with application-specific tools, recovering encrypted data.
LO2H: Intrusion detection systems
Devices e.g. firewalls, virus protection, spyware protection, file monitoring, folder monitoring, use of honeypots, alarms.
LO2E: Personal access control
Devices e.g. biometrics, passwords, usernames, permissions, digital signatures.
LO2F: Security control at device level
Access control e.g. protocols, log in, certificates.
LO3A: Policies and procedures
Monitoring.
Education and training.
Backup and recovery schemes.
Configuring and upgrading software.
Setting up file and folder permissions.
LO3B: User Responsibilities
Adherence to specific guidelines e.g. strength of password, installation of new software.
LO3C: Education of IT professionals..
Maintenance of skills.
Knowledge of exploits.
Application of updates and patches.
LO3D: Physical security of system
Lock and key.
Logging of entry.
Secure room environments.
Authentication of individual.
LO3E: Risk assessment and reduction
Potential risks.
Penetration testing.
Security audits.
LO4A: Administration
Procedures e.g. implementing a password policy, locking down user accounts, securing administrator's permissions, protecting against viruses, restricting access to critical services, installing or upgrading software.
Setting up file and folder permissions.
LO4B: Algorithms
Types e.g. private/public key encryption, DES, 3DES, RSA, hashing.
LO4C: Transport
Methods e.g. IPSEC, GRE, VPN
LO4D: Application
e.g. certificates, trust memberships.
LO4E: Filtering
e.g firewalls. access control lists.
LO4F: Test
Test for functionality.
Test for performance e.g. does the security measure slow down system functions.
Full transcript