enhancing information security strengthening 提升 加強 · secaas : security risk assessment...
TRANSCRIPT
![Page 1: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/1.jpg)
ENHANCING INFORMATION SECURITY
& STRENGTHENING USER EDUCATION
提升學校資訊保安及加強用戶教育黃健威老師(Albert Wong)
資訊科技教育領袖協會(AiTLE)主席
英華書院(YWC)資訊科技統籌及電腦科老師
手提 / Whatsapp:9028 9443 / 電郵:[email protected]
![Page 2: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/2.jpg)
HOT again
![Page 3: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/3.jpg)
NOT YET INCLUDING OTHERS
(like ransomware)
![Page 4: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/4.jpg)
BUT IN FACTNOT NEW
![Page 5: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/5.jpg)
![Page 6: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/6.jpg)
![Page 7: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/7.jpg)
![Page 8: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/8.jpg)
![Page 9: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/9.jpg)
![Page 10: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/10.jpg)
![Page 11: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/11.jpg)
![Page 12: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/12.jpg)
https://www.edb.gov.hk/tc/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-
edu/Information-Security/information-security-in-school.html
![Page 13: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/13.jpg)
![Page 14: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/14.jpg)
https://www.ogcio.gov.hk/en/our_work
/information_cyber_security/governme
nt/doc/G3.pdf
![Page 15: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/15.jpg)
![Page 16: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/16.jpg)
![Page 17: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/17.jpg)
![Page 18: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/18.jpg)
ENHANCING INFORMATION SECURITY
& STRENGTHENING USER EDUCATION
提升學校資訊保安及加強用戶教育黃健威老師(Albert Wong)
資訊科技教育領袖協會(AiTLE)主席
英華書院(YWC)資訊科技統籌及電腦科老師
手提 / Whatsapp:9028 9443 / 電郵:[email protected]
![Page 19: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/19.jpg)
TODAY EXPERIENCE SHARING BASED ON
• SECaaS
• School IT Management
• School ICT / CL Teaching
![Page 20: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/20.jpg)
SECaaS
• “Security as a Service” pilot project
• user training
• security check and audit
![Page 21: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/21.jpg)
SECaaS
• “Security as a Service” pilot project
• user training
• security check and audit
![Page 22: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/22.jpg)
SECaaS : Website Security Check
• Critical
• The unauthorized disclosure of information could be expected to have
a severe or catastrophic adverse effect on organizational operations,
organizational assets, or individuals. Exploit is trivial and/or readily
available. Probability of exploit is high.
• High
• The unauthorized disclosure of information could be expected to have
a severe or catastrophic adverse effect on organizational operations,
organizational assets, or individuals.
![Page 23: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/23.jpg)
SECaaS : Website Security Check•Medium
• The unauthorized disclosure of information could be expected
to have a serious adverse effect on organizational
operations, organizational assets, or individuals.
• Low
• The unauthorized disclosure of information could be expected
to have a limited adverse effect on organizational
operations, organizational assets, or individuals.
![Page 24: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/24.jpg)
SECaaS : Website Security Check
• CMS for Website
• Using cookie to store username and password
• especially for CMS admin page
• allows attackers do unlimited brute-force attack
![Page 25: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/25.jpg)
SECaaS : Website Security Check
• CMS for Website
• some non-school-related news
• exists in the website's database
• or even accessible webpages
![Page 26: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/26.jpg)
SECaaS : Security Risk Assessment
• IT Security Policy
• Access Control
• Security Incident Management
• Vulnerability Scan
• Web Penetration Test
![Page 27: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/27.jpg)
SECaaS : Security Risk Assessment
• IT Security Policy
• Access Control
• Security Incident Management
• Vulnerability Scan
• Web Penetration Test
![Page 28: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/28.jpg)
![Page 29: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/29.jpg)
學校資訊容易因
網頁伺服器未進
行加密及有效認
證
在傳輸過程中被
駭客截取
令學生或家長個
人資料外泄。
![Page 30: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/30.jpg)
USER EDUCATION : PASSWORD HANDLING
Teaching ICT :
social implication
![Page 31: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/31.jpg)
![Page 32: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/32.jpg)
![Page 33: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/33.jpg)
![Page 34: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/34.jpg)
![Page 35: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/35.jpg)
CONTENT
•Who are we ?
•Where are we ?
• IT in education vs computer subject
• Systems managed by IT in education
• Not related to IT in education
• Your first system in YWC : eClass
• Your first system login
![Page 36: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/36.jpg)
CONTENT
•Who are we ?
•Where are we ?
• IT in education vs computer subject
• Systems managed by IT in education
• Not related to IT in education
• Your first system in YWC : eClass
• Your first system login
![Page 37: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/37.jpg)
![Page 38: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/38.jpg)
![Page 39: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/39.jpg)
![Page 40: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/40.jpg)
![Page 41: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/41.jpg)
http://gettingtolean.com/wp-
content/uploads/2016/01/iu-
5.jpeg
![Page 42: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/42.jpg)
![Page 43: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/43.jpg)
![Page 44: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/44.jpg)
![Page 45: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/45.jpg)
![Page 46: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/46.jpg)
![Page 47: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/47.jpg)
![Page 48: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/48.jpg)
![Page 49: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/49.jpg)
![Page 50: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/50.jpg)
![Page 51: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/51.jpg)
SECaaS : Security Risk Assessment
• IT Security Policy
• Access Control
• Security Incident Management
• Vulnerability Scan
• Web Penetration Test
![Page 52: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/52.jpg)
![Page 53: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/53.jpg)
SECaaS : Security Risk Assessment
• Communications Security
• System acquisition, development &
maintenance
![Page 54: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/54.jpg)
SECaaS : Security Risk Assessment
• Communications Security
• Cleartext submission of password
• System acquisition, development &
maintenance
• Password field submitted using GET method
![Page 55: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/55.jpg)
SECaaS : Security Risk Assessment
• Password field submitted using GET method
• This page contains a form with a password field
• This form submits user data using the GET method
• Contents of the password field will appear in the URL
• Even HTTPS is applied to the server
• Password will not completely safe from others
• GET request will be logged in browser history or log
files
![Page 56: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/56.jpg)
SECaaS : Security Risk Assessment
• The effect is
• Get one, hack many
![Page 57: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/57.jpg)
![Page 58: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/58.jpg)
https://www.aitle.org.hk/?p=5983
![Page 59: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/59.jpg)
Other coming AiTLE events
• AiTLE X AWS : HOUR OF CODE (With Career Chat / Sharing)
Workshop For Students
• https://www.aitle.org.hk/?p=6069
• AiTLE EVENT : MDM Selection and Migration
• https://www.aitle.org.hk/?p=6081
• AiTLE SEMINAR : School Information Security Seminar
• https://www.aitle.org.hk/?p=6079
![Page 60: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/60.jpg)
Other coming AiTLE events
• AiTLE + HKITDA : Student Innovation And Technology Award
學生科技創意大賽(SITA)
• https://www.aitle.org.hk/?p=6031
![Page 61: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/61.jpg)
Other coming AiTLE events
•AiTLE SEMINAR : School Information Security
Seminar• Date : 2019-12-17 (TUE)
• Time : 1800-2030
• Venue : HKPC• Content :
• Security API and Security Scoring (HKPC)
• How to protect sensitive data while set up school website and IT systems? (UDomain)
• Free WebScan Services - Introduction and Teachers' sharing on usage
• Onsite Registration for [ FREE Security Scoring services ] & [ FREE WebScan Services ]
• Speakers :
• Professional(s) from HKPC, Udomain, ASTRI,HKIRC
• Teacher enjoyed the services of Free WebScan services
• https://www.aitle.org.hk/?p=6079
![Page 62: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/62.jpg)
HOT again Solutions ???
![Page 63: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/63.jpg)
就最近咁多學校伺服器被 HACK,資料外洩,不如大家諗吓學校有啲乜野可以做,讓大家留意。例如:
•儘可能停用可以停用並對街的伺服器
•重新檢視 FIREWALL ACL,看看有沒有之前 RULES
其實已經無用(例如一些之前因試用設備或系統
時開放的 IP 或 PORT, WEBSAMS TRAINING 7010
不用對街的)
![Page 64: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/64.jpg)
就最近咁多學校伺服器被 HACK,資料外洩,不如大家諗吓學校有啲乜野可以做,讓大家留意。例如:
•風頭火勢,停咗 WEBSAMS對街之開放(RESTRICT
TO CONNECTION ONLY FROM ITED NETWORK OR
EVEN FROM WEBSAMS SEGMENT ONLY)
•WEBSAMS TRAINING INSTANCE 唔用的話,最好
UNINSTALL
![Page 65: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/65.jpg)
就最近咁多學校伺服器被 HACK,資料外洩,不如大家諗吓學校有啲乜野可以做,讓大家留意。例如:
•將不同系統內多餘(或可被替代)的個人資料刪去(例如運動會程式內之「出生日期(用來計 GRADE」及「身份証號碼(用作 DEFAULT WEBLOGIN
PASSWORD)」
•更新 SERVER (WINDOWS) 及 PACKAGES (LINUX) , 盡可能不使用已無 / 將無 SUPPORT 版本,例如 WINDOWS
SERVER 2008 或更早版本
![Page 66: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/66.jpg)
就最近咁多學校伺服器被 HACK,資料外洩,不如大家諗吓學校有啲乜野可以做,讓大家留意。例如:
•在 SERVERS 減少或停止使用非官方 PLUG IN (例如
WORDPRESS OR CMS 系統)及非官方 PACKAGES
AND UPDATE CHANNEL (針對 LINUX 系統)
•更改網絡設備之登入資訊,切勿使用 DEFAULT
PASSWORD (OR EVEN USERNAME)
![Page 67: ENHANCING INFORMATION SECURITY STRENGTHENING 提升 加強 · SECaaS : Security Risk Assessment •Password field submitted using GET method •This page contains a form with a password](https://reader033.vdocuments.site/reader033/viewer/2022043005/5f8c154066beae49d65786cc/html5/thumbnails/67.jpg)
Mr. Albert WongIT Manager & Teacher, Ying Wa College (YWC)
Chairman, Association of IT Leaders in Education (AiTLE)Email : 9028 9443 / [email protected]
Website: https://www.aitle.org.hk