View
86
Download
2
Category
Preview:
DESCRIPTION
Citation preview
ID Theft
Security Meeting
11/05/2012 2
1. ID Theft • Introduction • Types • Techniques • Causes
2. Compliance 3. Approach
• Service • Features • IT Integration
4. Q & A
Agenda
Security Meeting May 2012
11/05/2012 3
Definition (Wikipedia): Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain … other benefits in that person's name. AKA: Impersonating - meaning the person whose identity has been assumed by the identity thief.
ID Theft
Security Meeting May 2012
11/05/2012 4
• Finantial • Governamental • Social Network • Child • Smart Phone
Some Types
Security Meeting May 2012
11/05/2012 5
• Stealling o IT Equipment o Credit Cards o (…)
• Impersonating • Brute force attack weak passwords • Explore security breaches (browser flaws,
malware, spyware) to steal information from computer
Some Techniques
Security Meeting May 2012
11/05/2012 6
• Hacking systems (servers, networks, databases, firewalls)
• Improper privileges to company's employees, resulting in unauthorized access to sensitive data from these privileged users (internal unauthorized access)
• (…)
Some Techniques (I)
Security Meeting May 2012
11/05/2012 7
Organizations: • Don’t have an adequate security policy • Fail to preserve computer security • Fail to ensure network security (Firewall
Management) • Fail do identify risks (Risk Management) • Relaxed access control policy • (…)
Some Causes
Security Meeting May 2012
11/05/2012 8
Risk Management
Security Meeting May 2012
11/05/2012 9
• Help protect business from risk • Increase IT Security • Used as benchmark to protect information • Automating compliance decrease audit time and
stress o Keep configurations up- to-date (monitoring) o Detects undesirable changes
• (…)
Compliance
Security Meeting May 2012
11/05/2012 10
Compliance
Security Meeting May 2012
11/05/2012 11
Traditional • Vendor solution • Go in, implement, customize & go out • Assistance & support
Service • Configuration control • Compliance policy management • Change auditing • Real-time analysis of changes • Remediation, Reconciliation • Reporting
Approach
Security Meeting May 2012
11/05/2012 12 Security Meeting May 2012
Approach
11/05/2012 13
Features • Provides compliance policies do manage user
Ids o e.g. password strength and complexity
checks • Proactive monitor IT security infrastructure
(firewalls).
Security Meeting May 2012
Approach
11/05/2012 14 Security Meeting May 2012
Approach
11/05/2012 15
• Continuous compliance o File integrity monitoring by detecting any
change to a file or system setting. o Automating the repair of configurations
that intentionally or accidentally fall from secure and compliant states
• Generate an audit trail that logs the state of physical and virtual infrastructure, along with any actions taken to remediate out-of-compliance infrastructure.
Security Meeting May 2012
Approach
11/05/2012 16
IT Infrastructure Integration • Supports a variety of IT Technology • OS with agent (HPUX, Solaris, RHEL, Windows) • Direct monitor Databases
o Microsoft SQL Server o Oracle Database Server o Sybase Database Server o DB2 Database Server o (…)
Security Meeting May 2012
Approach
11/05/2012 17
• Direct monitor Directory Servers (Microsoft, Novell, Sun, Generic LDAP…)
• Network devices (Cisco, F5 BigIP, HP Procurve, Juniper, Nortel, …)
• Supports others devices not listed (Agent less mode - with ssh)
Security Meeting May 2012
Approach
11/05/2012 18 Security Meeting May 2012
How we do it
11/05/2012 19 Security Meeting May 2012
How we do it
Recommended