Transcript Document
Cyber Criminal Methods &
Prevention Techniques
By
[email protected]
[email protected]
Meeting Agenda
Trends
Attacker Motives and Methods
Areas of Concern
Typical Assessment Findings
ISO-17799 & NIST
Typical Remediation Costs
FBI / CSI Statistics
Every Year Dollars are Lost due to Cyber Criminal
Activity
Greatest Loss = Proprietary Information
Second Greatest Loss = Denial of Service
Elements to Protect
Confidentiality
Security
Integrity
Availability
Availability
Everything is a Target
Polices, Procedures & Awareness
Policy Assessments
Operational Framework Consulting
Training & Consulting
Security Management
Application
Centralized Tool Integration
Centralized Monitoring
Private
Vulnerability Assessments
Code Reviews
Application Hardening
Internal Network
Vulnerability Assessments
Intrusion Detection
Wireless Design Consulting
Intrusion Prevention
Authentication & Authorization
Server
Data
Authentication Management
Identity Management
Data Privacy
Vulnerability Assessments
Intrusion Prevention
Patch Management
Anti-Virus & Anti-SPAM
Mobile Client Security
Server Hardening
Authentication & Authorization
Public
Perimeter
Vulnerability Assessments
Firewalls & Proxies
Intrusion Detection
VPN Remote Access
Cyber Criminals Motives
Financial Rewards
Politics
Show Off
Personal Gratification
They know they can
Intruder Methods
Web Site Research
User Groups
Email Staff
Call Modems
Read Trash
Impersonated Someone You Trust
Scan Your Systems
War Drive Your Wireless
Intruder Methods Cont.
Use Known and Unknown Exploits
Viruses, Trojans & Worms
Phishing
Attack Partner Networks to Gain Access to Yours
Sniff Your Traffic
Brute Force Passwords
Spam You
Denial of Service
Most Common Items to Protect
Intellectual Property
Customer’s And Staff’s Privacy
Confidential Data
System Availability
Reputation
Regulatory Challenges
Assessment Benefits
Roadmap
Establishes Baseline
Strengthens Security
Provides Due Diligence
Efficient Formal Audits
Finds the Weak Areas
How To Identify and Prioritize Risk
Holistic Approach
Comprehensive reviews (infrastructure, server, application,
etc.)
Based on Organizational Security Policy, and taking full life
cycle into account
Consider people and processes, as well as technology
Sensible, accessible documentation
Helpful to executive decision-makers: explanation of risk in
business terms
Helpful to managers: project plans, prioritization of tasks
Helpful to technical staff: clear standards, specific
recommendations
Threat Modeling
Identifying assets
Identifying threats
Making qualitative (or quantitative) assessments of risk
Top Ten Security Risks
1. Policies & Procedures
2. Security Awareness
3. Access and Authorization
4. Patch Management
5. Mis-Configured Systems & Applications
6. Encryption & Digital Signatures
7. Incident Handling Processes
8. Disaster Recovery & Business Continuity
9. Physical Safeguards
10.Intentional Bypassing of Security Controls
Security Policies
Communicate Your Organizations Commitment to
Security
Provide a Baseline and Roadmap for Security
Controls
Demonstrate Due Diligence
All Pertinent Security Control Information
Communicated
Realistic – Manageable
Enforceable
Security Awareness
A well trained user will assist your security efforts
Time needs to be invested in user training
A well trained user usually requires less help desk
support
Access & Authorization
Weak Passwords
Sharing Accounts
Not Enforced
Easy to Exploit
Prevention
• Strong Security Policies
• Utilize OS Complex Password Configuration
• Implement Technical Authorization, Authentication
and Accounting Mechanisms (AAA)
• Implement Two-Factor Authentication
Patch Management
Hard to Manage
Less Window of Opportunity
Exploits are coming too fast
Can Break System
Require Resources
Prevention
• Strong Patch Management Mechanisms – Automate
• Add Intrusion Prevention Mechanisms
Mis-Configured Systems
Assure only needed or updated Services
Strengthen SNMP Strings
Secure Wireless Networks
Remove Default Settings
Filter Outgoing Access at Firewall
Encryption / Digital Signatures
Protects Against:
• Forging
• Impersonation/
Spoofing
• Eavesdropping
• Intercepting
• Denial of Receipt or Send (Non-Repudiation)
Incident Handling Process
Intrusion Prevention/Detection
Anti-virus Mechanisms
Logging/Auditing
Strong Policies and Documentation
Disaster Recovery & Business Continuity
Formal Plan
Prioritized Systems
Standard Backup Process
Tested Backups
Redundant Systems
Physical Safeguards
Visitor Badges
Building & Data Center Access/Monitoring
Fire Prevention/Suppression & Detection
UPS Testing and Load
Intentional By-Passing of Security Controls
Installing
•
•
•
•
Modems
Wireless Networks
Gotomypc or other remote access items
Unauthorized Software – Games, Screensavers,
etc
Prevention
• Strong Security Policies
• Centralized and Managed Intrusion Prevention
Mechanisms
• Implement Network Admission Control
Importance of NIST & ISO-17799
National Institute of Standards & Technology
Referenced Throughout Most Regulations
Policies and Procedures Are Critical to NIST Best
Practices
ISO-17799 is Industry Recognized Standard for
Security
ISO-17799 Covers 10 Areas of Security
Each ISO-17799 Area Has Individual Security
Items
If You Follow NIST and ISO-17799 You Would Have
a Strong Security Posture and Should Pass Almost
Every Audit
Combine NIST 800-26 Levels and ISO-17799
ISO-17799 Covered Areas
Security Policies
Organizational Security
Asset Classification & Control
Personnel Security
Physical and Environmental Security
Communications & Operations Management
Access Control
System Development & Maintenance
Business Continuity Management
Compliance
NIST Legend
Level 1 –
control objective documented in a security policy
Level 2 –
security controls documented as procedures
Level 3 –
procedures have been implemented
Level 4 –
procedures and security controls are tested and reviewed
Level 5 –
procedures and security controls are fully integrated into a
comprehensive program.
ISO-17799 Graph Sample
Business Continuity
6
5
Actual Practice
Peer Comparison
4
NIST Level
3
2
1
0
Business Continuity
Management Process
Business Continuity &
Impact Analysis
Writing & Implementing
Continuity Plan
Business Continuity
Planning Framework
Testing Maintaining &
Reassessing BC Plan
Remediation Costs
It is important to budget for remediation
A security assessment without remediation efforts
is a waste of time and money
Remediation usually involves resource time and
product cost
It is important to budget for one time and
reoccurring costs
Remediation – First Steps
Prioritize Risks and Remediation Steps
Align Business and IT Strategies
Establish Resources – Internal, External, Products
Establish Internal SLAs between IT and Business
Units
Internet Links & Question/Answers
www.berbee.com
www.cisco.com
www.ibm.com
www.microsoft.com
www.rsa.com
www.gocsi.com
www.sans.org
www.nist.gov
Thank
You