The Need For IT Security

IT Security Awareness
Understand and follow FVT IT Security regulations and procedures
Understand the responsibility to protect organizational assets.
Understand and recognize potential security risks and violations.
Understand the best practices that keeps your computer and information secure.
Understand the value of both organizational and personal information.
Understand Value of Information
Confidentiality How important is it that this information be protected so
that unauthorized persons cannot access it?
Integrity How important is it that this information be protected from
intentional or accidental unauthorized changes?
Availability - How important is it that this information system be accessible
by authorized users whenever needed?


Why Should We Care?
You may make the following statements
or similar:
It is not my job, it is the IT departments job.
There is no risk, I do it at home all the time.
There is no harm in sharing my password with
the people I trust.


In a workplace environment you must
take responsibility for your own actions
when using technology in the company.
The IT department are here to support
you with your technical issues.





The Consequences
Major consequences that may occur:
Exploitation of companys intellectual property
by other competitors
Legal actions against Freudenberg Group
Damage or theft of company equipment's
Theft of Freudenbergs client information
Theft of YOUR personal information


FVT IT Security policies has been created
for this purpose. To enforce the rules to
ensure that IT risks are reduced and the
misuse of sensitive data are prevented.
Protecting you and the Freudenberg
Group.


Follow FVT IT Security Policies
As an employee at FVT you have the
responsibility to:
Protect Freudenberg Groups assets
Protect FVT business operations
Protect FVTs client information
Protect your personal information
Respect others data and information
Comply to FVT IT Security Policies and
Guidelines
Report any suspicious behavior within FVT to
your superior or general manager.


To review the IT Security Policies:
Click Here




Understanding Security Attacks
Understanding the basic fundamentals
of security attacks will allow you to be
more aware when using technological
devices such as your desktop PC,
laptop/notebook or mobile phone and
also allows you to protect yourself and
your colleagues.



Passive Attacks
It is the nature of eavesdropping or monitoring your data and actions performed on the Internet.
There are two types of passive attacks:

1. Release of Message Content


Security Attacks
The hacker reads the data you are
sending. This includes personal
messages, bank account details,
personal information.
2. Traffic Analysis


Security Attacks
The hacker observes the actions you
perform on the Internet. This
includes identifying websites you
visit, the people you send messages
to and the encryption security your
browser use to protect your
information.
Active Attacks
It is the nature of modifying your data or the creating false messages.
There are four types of active attacks:

1. Masquerade


Security Attacks
A hacker will impersonate as you,
performing unlawfully acts.
2. Reply


Security Attacks
A hacker captures your data and
sends it to its original receiver. This
action often used to spy without
the you noticing.
3. Modification of Messages


Security Attacks
A hacker captures your message
and makes changes to it and sends
it to the receiver.
4. Denial of Service


Security Attacks
A hacker prevents normal use of
communications in the system,
preventing you to access your data
or to use any system services.
Security Risks and Countermeasures
Common security threats to users within the workplace are:

Passwords

Social engineering

Email

Untrusted Software




Password Issue
Passwords are the first line of defense for authorization to data and information
Common problems:
Users often pick simple and easy passwords to remember which is easy to guess
Users use the same password for all their accounts
Users uses it all the time and,
Never changes it

Consequences:
Stealing confidential data
Modifying data
Misuse of your account
You will be held responsible for others actions
Password Length and Characters
For a strong password, it depends on the length and different characters used in your
password

Example: a password that is abc including case sensitive, will have 140,608 possible
combinations of guessing your password. A computer today, will be able to guess that
password in less than 30 seconds.

Password Protection
Use minimum of 8 characters
Use combination of numbers, letters and special characters
Use separate passwords for different accounts
Do not leave your passwords in an easy to view spot
Change your password regularly (every 30 days)
Do not give your passwords to other people


Social Engineering
Social Engineering is the art of tricking people to give up information:
Passwords or other sensitive information
Credit card numbers or other personal information
To gain access to unauthorized areas
Social Engineering comes in many forms:
Over the phone: Quick, easy and fairly cheap for scams
Via the Internet: Scams, fraud, via email or chatrooms
Snail mail: Scams and fraudulent letters asking you to provide personal information
In person: Trusting the person thought face to face communication, where they could be a fraud.



Social Engineering Tactic

Social Engineering Fundamentals
Do not give out confidential information without
verification.
Verify Authenticity:
The person is who they say they are.
The business is a real company.
The person actually works at that company.
The URL matches the one you are familiar with.
The persons duties matches their job responsibilities.
Do not put confidential information in the trash
without shredding it first.
Report any suspicious behavior to your superior
or general manager.




E-mail Vulnerabilities
E-mails are like postcards, they are both easy to intercept and read and/or changed.
All e-mails are insecure, as e-mails cost little to nothing, millions of people have uses
it. For this reasons, e-mails are one of many targets for exploitations.
There are several concerns when using e-mails:
Privacy
Spam
Chain
Offensive Content
Viruses





E-mail Privacy Concerns
Email passes through a number of networks to its destination. It may travel through
a location where IT security is unregulated. This is a potential security risk and your
e-mails can be read by anyone who is able to access the network between you and
its destination. You may encrypt your e-mail but there are other easier ways to
reduce e-mail security risks.
Do not send confidential information or files using e-mail!
If you send files, ensure it is encrypted using file compression program with a strong password.


E-mail Spam Concerns
Spam is the Internet version of junk mail and it can cause a nuisance in an
organization. If you are getting spam:
Do not respond to spam e-mail.
Report to IT administrator about the spam e-mail.
Delete the spam e-mail.

E-mail Chain Concerns
Chain e-mails are letters that promises a
reward, by asking you to send the email to
others for your chance to win a prize.
Under no circumstance do you forward its
e-mail. Chain e-mails are used to collect
more e-mails to send spam e-mails.
Some chain e-mails may even offer you to
visit a website to register, where they will
steal your given details. Under no
circumstance do you click on any links
from unknown senders
E-mail Offensive Concerns
When your e-mail is prone to spam and chain e-mails, you will most likely receive
offensive materials that are either offensive comments or images, racial slurs, or
anything that would offend someone on the basis of his or her age, sexual
orientation, religion or political beliefs.
Inform your IT Administrator that you are receiving spam e-mails
Delete these e-mails
E-mail Virus Concerns
The effect of viruses passed through by
email can range from simple annoyance
to serious destruction. Viruses are spread
via attachments. And if you unknowingly
opened it activates these viruses and
cause it to infect the computer system
and the entire organizations network and
devices.
Do not open any suspicious e-mails and
attachments from unknown senders

E-mail Security Fundamentals
Minimize use of sending attachments.
Be suspicious of unknown senders e-mails.
Be VERY suspicious of unknown senders e-
mails with an executable programs.
Never respond to spam or unknown senders
e-mails.
Do not include confidential information in e-
mail.
Notify IT administrator that you are receiving
infected emails.




Policies On E-mailing
E-mails plays a vital role in business communication. Ensure you take the time to
select the recipient correctly in your e-mails as an e-mail cannot be recalled.
Please note that transfer of sensitive information by e-mail is recommended to be
encrypted first before sending.
Emails may be business documents that have to be archived. Keep this in mind
before you delete any e-mails.
It is not permitted to automatically forward e-mails to external e-mail address.
Special permission for particular necessities has to be approved by your superior
and the IT security officer




Untrusted Software
It may be difficult to differentiate the difference
between trusted and untrusted software.
However, it the responsibility for IT staffs to
identify these for you and either provide you
the approval to install a software or install the
software themselves.
Never install any software into companys equipment
such as Desktop PC and notebooks without
confirmation and approval by the IT department. In
such cases, they may install the software for you.
Note that untrusted software may contain
harm viruses what will cause various of
problems with the computer system and the
companys network
Main Malicious Programs
Malicious Programs Description
Virus Replicates itself when activated causing the system performance
to slow down, crash applications and corrupt/change files.
Worm Spreads itself onto other computers through the network by
exploiting security vulnerabilities.
Logical Bomb A code inserted into a piece of software that may intentionally
delete files or change system configurations.
Trojan Horse Exploits authorizations of a system allows hackers to get in.
Key-logger Records your key-strokes and sends them to the hacker. It
activates when you are trying to enter your online bank account.
Spyware Collects information from your computer to another computer.
Adware Popup advertisement on your computer and redirecting your
browser to another website.
Anti-Virus Software
Protects your computer from malicious programs
Other anti-virus software
Untrusted Software Fundamentals
Do not download executable programs from untrusted websites
Do not accept or use unlicensed software
Do not allow access to your computer by people whom you do not trust
Do not ignore abnormal computer functionalities
Report any abnormalities on your computer system to your IT administrator
Back up essential files
Delete suspicious emails







Firewalls
A firewall provides an additional layer of defense, insulating the internal systems from
external networks. The firewall is inserted between the premises network and the
Internet to establish a controlled link and to create an outer security wall or
perimeter.





The aim of this perimeter is to protect the internal network from Internet-based
attacks and to provide a single choke point where security and auditing can be
imposed. The firewall may be a single computer system or a set of two or more
systems that cooperate to perform the firewall function.


Firewalls
The design goals for a firewall:
1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by
physically blocking all access to the local network except via the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3. The firewall itself is immune to penetration. This implies the use of a hardened system with a secured
operating system. Trusted computer systems are suitable for hosting a firewall and often required in
government applications.