Transcript Document

Cyber Criminal Methods &
Prevention Techniques
By
[email protected]
[email protected]
Meeting Agenda






Trends
Attacker Motives and Methods
Areas of Concern
Typical Assessment Findings
ISO-17799 & NIST
Typical Remediation Costs
FBI / CSI Statistics
 Every Year Dollars are Lost due to Cyber Criminal
Activity
 Greatest Loss = Proprietary Information
 Second Greatest Loss = Denial of Service
Elements to Protect
Confidentiality
Security
Integrity
Availability
Availability
Everything is a Target
Polices, Procedures & Awareness
Policy Assessments
Operational Framework Consulting
Training & Consulting
Security Management
Application
Centralized Tool Integration
Centralized Monitoring
Private
Vulnerability Assessments
Code Reviews
Application Hardening
Internal Network
Vulnerability Assessments
Intrusion Detection
Wireless Design Consulting
Intrusion Prevention
Authentication & Authorization
Server
Data
Authentication Management
Identity Management
Data Privacy
Vulnerability Assessments
Intrusion Prevention
Patch Management
Anti-Virus & Anti-SPAM
Mobile Client Security
Server Hardening
Authentication & Authorization
Public
Perimeter
Vulnerability Assessments
Firewalls & Proxies
Intrusion Detection
VPN Remote Access
Cyber Criminals Motives





Financial Rewards
Politics
Show Off
Personal Gratification
They know they can
Intruder Methods








Web Site Research
User Groups
Email Staff
Call Modems
Read Trash
Impersonated Someone You Trust
Scan Your Systems
War Drive Your Wireless
Intruder Methods Cont.








Use Known and Unknown Exploits
Viruses, Trojans & Worms
Phishing
Attack Partner Networks to Gain Access to Yours
Sniff Your Traffic
Brute Force Passwords
Spam You
Denial of Service
Most Common Items to Protect






Intellectual Property
Customer’s And Staff’s Privacy
Confidential Data
System Availability
Reputation
Regulatory Challenges
Assessment Benefits






Roadmap
Establishes Baseline
Strengthens Security
Provides Due Diligence
Efficient Formal Audits
Finds the Weak Areas
How To Identify and Prioritize Risk
 Holistic Approach
Comprehensive reviews (infrastructure, server, application,
etc.)
Based on Organizational Security Policy, and taking full life
cycle into account
Consider people and processes, as well as technology
 Sensible, accessible documentation
Helpful to executive decision-makers: explanation of risk in
business terms
Helpful to managers: project plans, prioritization of tasks
Helpful to technical staff: clear standards, specific
recommendations
 Threat Modeling
 Identifying assets
 Identifying threats
 Making qualitative (or quantitative) assessments of risk
Top Ten Security Risks
1. Policies & Procedures
2. Security Awareness
3. Access and Authorization
4. Patch Management
5. Mis-Configured Systems & Applications
6. Encryption & Digital Signatures
7. Incident Handling Processes
8. Disaster Recovery & Business Continuity
9. Physical Safeguards
10.Intentional Bypassing of Security Controls
Security Policies
 Communicate Your Organizations Commitment to
Security
 Provide a Baseline and Roadmap for Security
Controls
 Demonstrate Due Diligence
 All Pertinent Security Control Information
Communicated
 Realistic – Manageable
 Enforceable
Security Awareness
 A well trained user will assist your security efforts
 Time needs to be invested in user training
 A well trained user usually requires less help desk
support
Access & Authorization
 Weak Passwords
 Sharing Accounts
 Not Enforced
 Easy to Exploit
 Prevention
• Strong Security Policies
• Utilize OS Complex Password Configuration
• Implement Technical Authorization, Authentication
and Accounting Mechanisms (AAA)
• Implement Two-Factor Authentication
Patch Management
 Hard to Manage
 Less Window of Opportunity
 Exploits are coming too fast
 Can Break System
 Require Resources
 Prevention
• Strong Patch Management Mechanisms – Automate
• Add Intrusion Prevention Mechanisms
Mis-Configured Systems
 Assure only needed or updated Services
 Strengthen SNMP Strings
 Secure Wireless Networks
 Remove Default Settings
 Filter Outgoing Access at Firewall
Encryption / Digital Signatures
Protects Against:
• Forging
• Impersonation/
Spoofing
• Eavesdropping
• Intercepting
• Denial of Receipt or Send (Non-Repudiation)
Incident Handling Process
 Intrusion Prevention/Detection
 Anti-virus Mechanisms
 Logging/Auditing
 Strong Policies and Documentation
Disaster Recovery & Business Continuity
 Formal Plan
 Prioritized Systems
 Standard Backup Process
 Tested Backups
 Redundant Systems
Physical Safeguards
 Visitor Badges
 Building & Data Center Access/Monitoring
 Fire Prevention/Suppression & Detection
 UPS Testing and Load
Intentional By-Passing of Security Controls
 Installing
•
•
•
•
Modems
Wireless Networks
Gotomypc or other remote access items
Unauthorized Software – Games, Screensavers,
etc
 Prevention
• Strong Security Policies
• Centralized and Managed Intrusion Prevention
Mechanisms
• Implement Network Admission Control
Importance of NIST & ISO-17799
 National Institute of Standards & Technology
Referenced Throughout Most Regulations
 Policies and Procedures Are Critical to NIST Best
Practices
 ISO-17799 is Industry Recognized Standard for
Security
 ISO-17799 Covers 10 Areas of Security
 Each ISO-17799 Area Has Individual Security
Items
 If You Follow NIST and ISO-17799 You Would Have
a Strong Security Posture and Should Pass Almost
Every Audit
 Combine NIST 800-26 Levels and ISO-17799
ISO-17799 Covered Areas










Security Policies
Organizational Security
Asset Classification & Control
Personnel Security
Physical and Environmental Security
Communications & Operations Management
Access Control
System Development & Maintenance
Business Continuity Management
Compliance
NIST Legend
 Level 1 –
control objective documented in a security policy
 Level 2 –
security controls documented as procedures
 Level 3 –
procedures have been implemented
 Level 4 –
procedures and security controls are tested and reviewed
 Level 5 –
procedures and security controls are fully integrated into a
comprehensive program.
ISO-17799 Graph Sample
Business Continuity
6
5
Actual Practice
Peer Comparison
4
NIST Level
3
2
1
0
Business Continuity
Management Process
Business Continuity &
Impact Analysis
Writing & Implementing
Continuity Plan
Business Continuity
Planning Framework
Testing Maintaining &
Reassessing BC Plan
Remediation Costs
 It is important to budget for remediation
 A security assessment without remediation efforts
is a waste of time and money
 Remediation usually involves resource time and
product cost
 It is important to budget for one time and
reoccurring costs
Remediation – First Steps
 Prioritize Risks and Remediation Steps
 Align Business and IT Strategies
 Establish Resources – Internal, External, Products
 Establish Internal SLAs between IT and Business
Units
Internet Links & Question/Answers








www.berbee.com
www.cisco.com
www.ibm.com
www.microsoft.com
www.rsa.com
www.gocsi.com
www.sans.org
www.nist.gov
Thank
You