introduction to information security
DESCRIPTION
A short talk about Information Security, mainly focusing on start-ups and entrepreneurs. Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.TRANSCRIPT
![Page 1: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/1.jpg)
An Introduction to Information Security – What?
http://www.shaolintiger.com http://www.darknet.org.uk
@ShaolinTiger & @THEdarknet on Twitter
![Page 2: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/2.jpg)
So who am I? Founder & Writer
- Top 5 infosec blog in the world- 40,000+ RSS Subscribers- 11,000+ Twitter followers- http://www.darknet.org.uk
![Page 3: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/3.jpg)
Co-Founded Security-Forums.com
- Top 3 infosec forum in the World- Founded in 2002 to get out of Usenet- Sold in 2004 to windowsecurity.com
![Page 4: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/4.jpg)
What is Information Security?
- It is quite a vague term – but it can be defined.
C
AI
![Page 5: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/5.jpg)
CIA?
Confidentiality
Integrity
Availability
![Page 6: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/6.jpg)
Confidentiality
- If confidentiality is breached it’s generally classified as a ‘leak’- Can have legal implications- Bad for your reputation- Hacker only needs read access
![Page 7: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/7.jpg)
Integrity
- Less common but more serious- Can cause persistent problems- Possible to remain undetected for a long period- Hacker does need write access
![Page 8: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/8.jpg)
Availability
- This is what DDoS attacks do- Usually short term but VERY damaging- Hard to solve- Hacker needs no access
![Page 9: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/9.jpg)
What can I do?
- Passwords, passwords passwords!
- This is THE most important thing
![Page 10: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/10.jpg)
Use a password manager
This will help you to: Generate, maintain & manage strong passwords Use different passwords for every site/service Manage password access for your company Change passwords when employees leave Use KeepassX, LastPass, 1Password or Passpack
![Page 11: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/11.jpg)
Resource Management
- People can be bad, make sure all master accounts are under the company not under individuals
- Separate access so changes can be logged- This is especially critical for tech services such
as:- Github- Amazon Web Services- Linode- Bitbucket- Dropbox
- Anywhere that your code/resources are stored
![Page 12: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/12.jpg)
Turn on MAX Security- Pretty much all services like AWS/Github etc support 2FA (Two factor authentication)
PLEASE TURN IT ON!
If not you could end up like Code Spaces.
![Page 13: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/13.jpg)
Education
- The weakest part of any organisation is always the human element, known in infosec as ‘wetware’
- Prone to social engineering
- If you are a company owner or the tech go-to person, it’s your job to educate
![Page 14: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/14.jpg)
Safe Coding Practises
- Use a framework
- Don’t EVER EVER EVER EVER trust user input
- Always Hash passwords
- Build your APIs with Authentication
- Check ‘OWASP Top 10’ for more info
![Page 15: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/15.jpg)
DDoS Protection
- Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month)
- There are various services that you can look at to mitigate against DDoS attacks:
- http://www.incapsula.com/- https://www.cloudflare.com/- http://www.akamai.com/
![Page 16: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/16.jpg)
Platform Security
- ALWAYS keep the core up to date- If you can use a specialist host (WPengine/Page.ly)- Use as few plugins as possible- NEVER pirate themes/plugins as they often contain
malware
![Page 17: Introduction to Information Security](https://reader031.vdocuments.us/reader031/viewer/2022020716/556251b2d8b42a6c368b4ffd/html5/thumbnails/17.jpg)
The END!
Questions?
Stalk me @ShaolinTiger or @THEdarknet on Twitter
If you are interested in Infosec – http://fb.me/darknetorguk
This preso will be on http://slideshare.net/shaolintiger