View
215
Download
1
Category
Tags:
Preview:
Citation preview
Cyber Criminal Methods & Prevention Techniques
ByLarry.Boettger@Berbee.comMatt.Jach@Berbee.com
Meeting Agenda
Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation Costs
FBI / CSI Statistics
Every Year Dollars are Lost due to Cyber Criminal Activity
Greatest Loss = Proprietary Information
Second Greatest Loss = Denial of Service
Availability
Integrity Availability
Confidentiality
Security
Elements to Protect
Everything is a Target
PublicPrivate
Internal Network
Server
Application
Vulnerability AssessmentsFirewalls & ProxiesIntrusion DetectionVPN Remote Access
Vulnerability AssessmentsIntrusion DetectionWireless Design ConsultingIntrusion PreventionAuthentication & Authorization
Perimeter
Vulnerability AssessmentsIntrusion PreventionPatch ManagementAnti-Virus & Anti-SPAMMobile Client SecurityServer HardeningAuthentication & Authorization
Data
Authentication ManagementIdentity ManagementData Privacy
Vulnerability AssessmentsCode ReviewsApplication Hardening
Polices, Procedures & Awareness
Policy AssessmentsOperational Framework ConsultingTraining & Consulting
Security Management
Centralized Tool IntegrationCentralized Monitoring
Cyber Criminals Motives
Financial Rewards Politics Show Off Personal Gratification They know they can
Intruder Methods
Web Site Research User Groups Email Staff Call Modems Read Trash Impersonated Someone You Trust Scan Your Systems War Drive Your Wireless
Intruder Methods Cont.
Use Known and Unknown Exploits Viruses, Trojans & Worms Phishing Attack Partner Networks to Gain Access to Yours Sniff Your Traffic Brute Force Passwords Spam You Denial of Service
Most Common Items to Protect
Intellectual Property Customer’s And Staff’s Privacy Confidential Data System Availability Reputation Regulatory Challenges
Assessment Benefits
Roadmap Establishes Baseline Strengthens Security Provides Due Diligence Efficient Formal Audits Finds the Weak Areas
How To Identify and Prioritize Risk Holistic Approach
Comprehensive reviews (infrastructure, server, application, etc.)Based on Organizational Security Policy, and taking full life cycle into accountConsider people and processes, as well as technology
Sensible, accessible documentationHelpful to executive decision-makers: explanation of risk in business termsHelpful to managers: project plans, prioritization of tasksHelpful to technical staff: clear standards, specific recommendations
Threat Modeling Identifying assets Identifying threats Making qualitative (or quantitative) assessments of risk
Top Ten Security Risks
1. Policies & Procedures2. Security Awareness3. Access and Authorization4. Patch Management5. Mis-Configured Systems & Applications6. Encryption & Digital Signatures7. Incident Handling Processes8. Disaster Recovery & Business Continuity9. Physical Safeguards10.Intentional Bypassing of Security Controls
Security Policies
Communicate Your Organizations Commitment to Security
Provide a Baseline and Roadmap for Security Controls
Demonstrate Due Diligence
All Pertinent Security Control Information Communicated
Realistic – Manageable
Enforceable
Security Awareness
A well trained user will assist your security efforts
Time needs to be invested in user training
A well trained user usually requires less help desk support
Access & Authorization Weak Passwords
Sharing Accounts
Not Enforced
Easy to Exploit
Prevention• Strong Security Policies• Utilize OS Complex Password Configuration• Implement Technical Authorization, Authentication
and Accounting Mechanisms (AAA)• Implement Two-Factor Authentication
Patch Management
Hard to Manage
Less Window of Opportunity
Exploits are coming too fast
Can Break System
Require Resources
Prevention• Strong Patch Management Mechanisms – Automate• Add Intrusion Prevention Mechanisms
Mis-Configured Systems
Assure only needed or updated Services
Strengthen SNMP Strings
Secure Wireless Networks
Remove Default Settings
Filter Outgoing Access at Firewall
Encryption / Digital Signatures
Protects Against:
• Forging
• Impersonation/Spoofing
• Eavesdropping
• Intercepting
• Denial of Receipt or Send (Non-Repudiation)
Incident Handling Process
Intrusion Prevention/Detection
Anti-virus Mechanisms
Logging/Auditing
Strong Policies and Documentation
Disaster Recovery & Business Continuity
Formal Plan
Prioritized Systems
Standard Backup Process
Tested Backups
Redundant Systems
Physical Safeguards
Visitor Badges
Building & Data Center Access/Monitoring
Fire Prevention/Suppression & Detection
UPS Testing and Load
Installing • Modems• Wireless Networks• Gotomypc or other remote access items• Unauthorized Software – Games, Screensavers,
etc
Prevention• Strong Security Policies• Centralized and Managed Intrusion Prevention
Mechanisms• Implement Network Admission Control
Intentional By-Passing of Security Controls
Importance of NIST & ISO-17799
National Institute of Standards & Technology Referenced Throughout Most Regulations
Policies and Procedures Are Critical to NIST Best Practices
ISO-17799 is Industry Recognized Standard for Security
ISO-17799 Covers 10 Areas of Security Each ISO-17799 Area Has Individual Security Items If You Follow NIST and ISO-17799 You Would Have
a Strong Security Posture and Should Pass Almost Every Audit
Combine NIST 800-26 Levels and ISO-17799
ISO-17799 Covered Areas
Security Policies Organizational Security Asset Classification & Control Personnel Security Physical and Environmental Security Communications & Operations Management Access Control System Development & Maintenance Business Continuity Management Compliance
NIST Legend
Level 1 – control objective documented in a security policy
Level 2 – security controls documented as procedures
Level 3 – procedures have been implemented
Level 4 – procedures and security controls are tested and reviewed
Level 5 – procedures and security controls are fully integrated into a comprehensive program.
ISO-17799 Graph Sample
Business Continuity
0
1
2
3
4
5
6
Business ContinuityManagement Process
Business Continuity &Impact Analysis
Writing & ImplementingContinuity Plan
Business ContinuityPlanning Framework
Testing Maintaining &Reassessing BC Plan
Actual Practice
Peer Comparison
NIST Level
Remediation Costs
It is important to budget for remediation
A security assessment without remediation efforts is a waste of time and money
Remediation usually involves resource time and product cost
It is important to budget for one time and reoccurring costs
Remediation – First Steps
Prioritize Risks and Remediation Steps
Align Business and IT Strategies
Establish Resources – Internal, External, Products
Establish Internal SLAs between IT and Business Units
Internet Links & Question/Answers
Thank You
www.berbee.com www.cisco.com www.ibm.com www.microsoft.com www.rsa.com www.gocsi.com www.sans.org www.nist.gov
Recommended