Upload
rui-miguel-feio
View
59
Download
0
Embed Size (px)
Citation preview
Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.
Deliveringthebestinzservices,skills,securityandsoftware.
NetworkandEndpointSecurityRuiMiguelFeio– SeniorTechnicalLead
Agenda• NetworkandEndpointSecurity– whatisit?• Problemsandrisks• Impactandcostofasecuritybreach• HowtoimplementNetworkandEndpointSecurity?• EndpointSecuritymanagement• Challenges• Realexampleofanineffectiveimplementation• OnlineworldandHackers• Networkandendpointsecurityonthemainframe
WhoamI?
RUIMIGUELFEIO
• SeniorTechnicalLeadatRSMPartners• BasedintheUKbuttravelsallovertheworld• 18yearsexperience workingwithmainframes• StartedwithIBMasanMVSSysProgrammer• Specialistinmainframesecurity• Experienceinotherplatforms
TechnologicalandSocialEvolution
• Societyisevermoredependentontechnologytofunction• There’saprevalenceforstoringdataindigitalformat• Globalisationisnotonlyasocial-economicevent,butdigitalaswell
(Internet)
ImageSource:paleoplan.com
Thedigitalnetwork
• Networksecurityreferstotechnologiesandprocessesthatareusedtokeepdigitalnetworksingood,secureworkingorder.
• Endpointsecurityreferstoanydevicethatconnectstothedigitalnetwork,fromserverstodesktops,mobiledevices,andanyotherdevicethatisnetwork-enabled.
• Assuch,NetworkandEndpointSecurityaimstoprotectandensurethenormalfunctioningofthedigitalnetworkanddevicesconnectedtoit.
NetworkandEndpointSecurity
• Wecanonlysecurewhatwe‘control’:– Companydigitalnetwork– Devicesconnectedtothecompany’s
digitalnetwork
• Isthisenough?No,weshouldalsoconsider:– People– Businesspartners– Serviceproviders– Physicalsecurity
Securingourinterests
• Misconfiguredhardware/software• Lackofknowledgeandresources• Defaultsettings• Humanfactor• Cybercriminals• Systemsnotup-to-date• Solutionsnotfitforpurpose• Lackofinterest• Outofsupportsoftware/hardware
Problemsleadtosecurityrisks
• OS/2wasacomputeroperatingsystem,initiallycreatedbyMicrosoftandIBM,thenlaterdevelopedbyIBMexclusively.
• ThefirstversionofOS/2wasreleasedinDecember1987andnewerversionswerereleaseduntilDecember2001.
• OS/2wentoutofsupportinDecember2006.• OS/2isstillusedtodaybyaUKBanktorunone
ofitscriticalapplication.• There’snoplantohaveitmovedintoadifferent
platform.
HaveyoueverheardofOS/2?
• Asecuritybreachcanhavedevastatingeffectstothecompany:– Reputation– Exposureofconfidentialdataand
information– Financial
• Itcanevencompromisetheexistenceofthecompany
ImpactofaSecurityBreach
Costofasecuritybreach
https://www-03.ibm.com/security/infographics/data-breach/
Costofasecuritybreach
https://www-03.ibm.com/security/infographics/data-breach/
Costofasecuritybreach
https://www-03.ibm.com/security/infographics/data-breach/
Costofasecuritybreach
https://www-03.ibm.com/security/infographics/data-breach/
HowtoSecure?
YourLogoYourLogo
SECURITY
Processes
Analysis
Education
Review
Monitor
Alerting
Audit& Testing
Improve
EndpointSecurityManagement
http://cybersec.buzz/endpoint-security-sizzling-however/
TheChallenges
Mentalities
OnaPenTestatoneofthetop5USbanks:• Clientwasconvincedtheyhadatopoftheart
networksecuritysystem.• IdecidedtounplugEthernetcablefromoneof
theterminalsandconnectittomylaptop• Thiswentwithoutdetection• Iwasabletorunaportscanonthemainframe
withoutdetection• Thiswasjustthebeginning!!...
Whenyouthinkyougotitright...
OnaPenTestatoneofthetop5USbanks:• Clientwasconvincedtheyhadatopoftheart
networksecuritysystem.• IdecidedtounplugEthernetcablefromoneof
theterminalsandconnectittomylaptop• Thiswentwithoutdetection• Iwasabletorunaportscanonthemainframe
withoutdetection• Thiswasjustthebeginning!!...
Whenyouthinkyougotitright...
Vulnerabilities24highrisk
25mediumrisk2lowrisk
OffWithTheirHeads!!
• Isitenoughtoprotectthecompany’sdigitalnetworkanddevices?
• Haveyouconsiderinternalbreaches?
• Howabouttheonlineservicesyouuse?
• Isyoursitereallysecure?
• Iseveryonefollowingthesecurityprocedures?
Thebigquestions
• Mostonlineservices(Google,socialmedia,etc)collectdata:– Typeofdevice(OS,Webbrowser,device
type,etc)– Location
• Thisdatacanbeusedto:– Developuser/companyprofiles– Customisedads– Customisedwhatwesee(WYSIWYG)
TheOnline’World’
• CompaniesareaprimetargetforHackers• Socialmediaisasourceofinformation• Datacollectedonlinecanbeusedto
compromiseyoursystems• Hackershavetime,patience,andinmany
cases,resources• It’snotamatterofifyouwillbehacked,it’s
amatterofwhatwillyoudowhenyouare?
TheHackersarecomingforyou
Hackers’resources
Socialengineering
http://www.social-engineer.org/social-engineering/social-engineering-infographic/
Hackers’resources
NetworkandEndpointsecurityonthemainframe• SERVAUTHclass:
– STACK– PORT– NETACCESS
• PolicyAgent• AT-TLS• IPSEC• IPFiltering• IntrusionDetectionServices
• DefenceManagerDaemon• TrafficRegulationManagementDaemon• SyslogDaemon(SyslogD)• SNAenvironment• EnterpriseEdition(EE)connectionsmake
surewhotheyareconnectedtoandwhataccessthe3rd partieshas
• InternalTelnetconnections
NetworkandEndpointsecurityonthemainframe
• Implementalertingsystems(IBMzSecure,Vanguard,…)
• Monitoringsystems• Performonaregularbasis:
– Securityaudits– Penetrationtestings– Securityremediations– Recertification
• Reviewprocessesandprocedures• Educateandtrainyourresources
Mainframe– Whatelse?
• Reviewyoursecuritypoliciesacrosstheboard• Reviewyourtechnologicalestate• Provideregulartrainingandawareness• Keepyoursystemsup-to-date• Segregateanddonotallowdevicesthatdonotmeet
theminimumsecurityrequirements• Performregularsecurityaudits,andpentests• Payspecialattentiontodefaultsettings• Alwaysassumeyou’vealreadybeenhacked!
Beforewego,aquickreview
Questions?
RuiMiguelFeio,[email protected]:+44(0)7570911459www.rsmpartners.com
Contact
www.linkedin.com/in/rfeio