1 / 17

The First Computer

Internet and Network Vulnerability Scanning with ISS Part 1- Evolution of Computer Security FAE/NYSSCPA June 11, 2002 Bruce H. Nearon, CPA Director of Information Technology Security Auditing. The First Computer. 1822 - Charles Babbage The difference engine Navigational tables.

bern
Download Presentation

The First Computer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet and Network Vulnerability Scanning with ISSPart 1- Evolution of Computer Security FAE/NYSSCPAJune 11, 2002Bruce H. Nearon, CPADirector of Information Technology Security Auditing bnearon@jhcohn.com 973-403-6955

  2. The First Computer • 1822 - Charles Babbage • The difference engine • Navigational tables bnearon@jhcohn.com 973-403-6955

  3. WW II Battle of the North Atlantic 1943 – The Enigma Machine Alan Turing The code breakers bnearon@jhcohn.com 973-403-6955

  4. The Cold War 1958 - SAGE bnearon@jhcohn.com 973-403-6955

  5. The Space Race 1960’s Apollo Program IBM 360 bnearon@jhcohn.com 973-403-6955

  6. Let the games begin 1970’s - A generation of programmers raised on video games bnearon@jhcohn.com 973-403-6955

  7. The End of Computer Security The Internet Modems IBM PC LANS WANS WWW Netscape Windows 95 bnearon@jhcohn.com 973-403-6955

  8. Mainframe Era Military Government Banks Insurance Security Integrity Confidentiality Rocket scientists Few users Windows Era Games Hobbyists Small business Ease of use Click kiddies 500 million users Mainframe era vs. Windows era bnearon@jhcohn.com 973-403-6955

  9. Hackers bnearon@jhcohn.com 973-403-6955

  10. NTHack FAQ v2The Unofficial NTHack FAQ.Beta Version 2. Compiled by Simple Nomad www.nmrc.org/faqs/nt/ News: Insurer: WindowsNT a high risk56 percent of all the successful, documented hack attacks occurred on systems using Microsoft. www.zdnet.com/zdnn/stories/news/0,4586,2766045,00.html . News: How Do I Hack Thee?How Do I Hack Thee? By Bill Machrone PC Magazine ... helpful crackers is L0phtCrack, which cracks WindowsNT passwords from a workstation.www.zdnet.com/zdnn/stories/comment/0,5859,2385238,00.html 101 Ways to Hack into WindowsNT A study by Shake Communications Pty Ltd www.info-sec.com/OSsec/OSsec_042898e_j.html-ssi Britney's NThack guide It was much easier to hack a WindowsNT box than i ever imagined, and after years being a sys admin, this was scary thought indeed. www.interphaze.org/bits/britneysnthackguide.html bnearon@jhcohn.com 973-403-6955

  11. OK, I’m sold what should I do? • Start with the Board of Directors • Does the Board take an interest in IT security? • Does the Board ask senor management the tough questions about IT security? • Does the Board know what to ask? • Same questions for the CEO and CFO. bnearon@jhcohn.com 973-403-6955

  12. The Tough Questions • Has the company done an IT security risk assessment? • How does senior management know that the network is secure? • Has the Board communicated their expectations regarding security? • What level of security is expected? • Has there been an assessment of IT security done independent of the IT department? bnearon@jhcohn.com 973-403-6955

  13. Organizational Red Flags • Does the CIO report to the CFO? • Is there an IT steering committee made up of senior management? • What is senior management’s philosophy regarding IT security? • Is IT security left up to the IT department? bnearon@jhcohn.com 973-403-6955

  14. More Red Flags • Are there written IT security policies and procedures? • Has the company adopted a System Development Life Cycle (SDLC) standard? • Does the CFO know which users can change financial data? • Are audit logs enabled, reviewed, and retained? • Does someone independent of IT review the logs? bnearon@jhcohn.com 973-403-6955

  15. More Red Flags • How many people in the IT department have ADMIN, ROOT, ALL OBJECT, or SUPERUSER rights? • Is there an up-to-date IT asset inventory list? bnearon@jhcohn.com 973-403-6955

  16. Wrap-up • Security –Today’s systems were never designed to be secure. • You have to secure them yourself. • The key to security is the Board and senior management understanding security, taking responsibility for it, and communicating their expectations. bnearon@jhcohn.com 973-403-6955

  17. Questions? Thank you! bnearon@jhcohn.com 973-403-6955

More Related