Embed Size (px)
Citation preview
Cross Security Group Presented by: Thomas Carrozza
Senior Systems Engineer
AgendaAgenda
• Business Drivers
• Threat Overview
• Cross Service Offerings
• Wrap Up / Questions
Security Business DriversSecurity Business Drivers
Voice and Data are now applications running on 1 network; this is
convergence.
Your Network
“Is it safe? Is it secure?”
Security Business DriversSecurity Business Drivers
Ultimately, what are we protecting?
Information
PredatorsPredators
Security Business DriversSecurity Business Drivers
• Viruses/worms/hackers have caused more than $55 Billion in damages in the last 12 months
• Federal and State Laws/Regulations Pose Financial and Personal Risk– HIPAA (Health Care)– SOX (Financial Governance)– Gramm-Leach-Blilely- GLBA (Information Security)
• Human Error- Data Theft or Lost Data as a Result of Human Error– Dept of Veterans Affairs- Recently lost names, social security
numbers, and dates of birth for up to 26.5 million Veterans
• VoIP Deployment has opened up additional holes into the data network
• Wireless Network Deployments have blurred the definition of “Perimeter”
Threats—Total OverloadThreats—Total Overload
Denial of ServiceDenial of Service
DoS Attacks Up 50%DoS Attacks Up 50%
Day Zero AttacksDay Zero Attacks
Day Zero Attacks– Day Zero Attacks– Increasing in Speed, Increasing in Speed, Sophistication and Level Sophistication and Level of Stealthof Stealth
Policy and Human ErrorPolicy and Human Error
AFP Published Photo AFP Published Photo after Katrina- leading after Katrina- leading to immediate Credit to immediate Credit Card TheftCard Theft
PhishingPhishing
Phishing Increased 39% in Phishing Increased 39% in
Last 6 MonthsLast 6 Months
ExtortionExtortion
Wireless and MobilityWireless and Mobility• Wardriving
– Laptop/GPS and software to discover open 802.11 networks
• Warwalking
– iPAQ/GPS and software
• Warchalking
– Symbols indicates wireless settings to others
• Rogue Access Points
Security ThreatsSecurity Threats
• Toll Fraud• Viruses/Worms• Hackers• Espionage• Denial of Service
(DOS)• Man in the Middle
• Extortion• PDA Theft• Podslurping• Bluetooth Access• Wireless Bleed Over• Rogue Modem Usage• IP Packet Hi-Jacking
• To help our customers address these security concerns, Cross has formed the Cross Security Group (CSG).
• Cross’ Core Offerings are:– Security Jumpstart– Converged Network Security Assessment– Network Security Consulting
Cross Security Group (CSG)Cross Security Group (CSG)
• Security Jumpstart is an assessment of the External Network that identifies and prioritizes vulnerabilities
• Customers receive:– Executive Report of Network Security– Top 10 Threats to the Network Report– Threat Matrix of Vulnerabilities– Web Intelligence Report– Full Technical Report– Current Network Map– Outbriefing of the State of Security on Your Network
• Performed Remotely- Price: $2,000. Onsite available upon request for added cost.
Security JumpstartSecurity Jumpstart
Converged Network Converged Network Security Assessments (CNSA)Security Assessments (CNSA)
• CNSA is a holistic assessment focusing on both the voice and the data network, in order to expose any security associated with a converged network.
• The assessment covers:– External Security Assessment– Internal Security Assessment– Wireless Assessment– Bluetooth Assessment– Rogue Modem Assessment– IDS Assessment– SAN’s Assessment– VoIP Assessment– Penetration Testing
Cross Security TeamCross Security Team
• Chief Security Officer—Joseph Seanor– 10 years Central Intelligence Agency, CIC/CNC– Department of Justice Telecom Security Staff– Private Investigator for 14 years– 7 years America Online’s Senior Investigator– Learning Tree Instructor on: IDS, Firewalls, Windows Security.– Author of 6 books on computer and crime– 7th book out “The Black Book on Corporate Security” --
Converged Network Security– Avaya Security Managing Consultant 3 years – CBS radio national correspondent– 2 patents pending
Cross Security TeamCross Security Team
• Security Analyst– Security Consultant Avaya– DISA Network Consultant– America Online Network Security engineer– Software programmer
• Developed software for DOD, to be reviewed by NSA• Developed Kerberos software for AOL
– NSA IAM certified
• Certified Security Engineers – CCIE- Security– CISSPs– CCSPs– Global Information Assurance Certifications (GIAC)– Government Clearance
Always AskAlways Ask
Your Network
“Is it safe? Is it secure?”
Questions?www.crosstelecom.com
