Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.

Deliveringthebestinzservices,skills,securityandsoftware.

NetworkandEndpointSecurityRuiMiguelFeio– SeniorTechnicalLead

Agenda• NetworkandEndpointSecurity– whatisit?• Problemsandrisks• Impactandcostofasecuritybreach• HowtoimplementNetworkandEndpointSecurity?• EndpointSecuritymanagement• Challenges• Realexampleofanineffectiveimplementation• OnlineworldandHackers• Networkandendpointsecurityonthemainframe

WhoamI?

RUIMIGUELFEIO

• SeniorTechnicalLeadatRSMPartners• BasedintheUKbuttravelsallovertheworld• 18yearsexperience workingwithmainframes• StartedwithIBMasanMVSSysProgrammer• Specialistinmainframesecurity• Experienceinotherplatforms

TechnologicalandSocialEvolution

• Societyisevermoredependentontechnologytofunction• There’saprevalenceforstoringdataindigitalformat• Globalisationisnotonlyasocial-economicevent,butdigitalaswell

(Internet)

ImageSource:paleoplan.com

Thedigitalnetwork

• Networksecurityreferstotechnologiesandprocessesthatareusedtokeepdigitalnetworksingood,secureworkingorder.

• Endpointsecurityreferstoanydevicethatconnectstothedigitalnetwork,fromserverstodesktops,mobiledevices,andanyotherdevicethatisnetwork-enabled.

• Assuch,NetworkandEndpointSecurityaimstoprotectandensurethenormalfunctioningofthedigitalnetworkanddevicesconnectedtoit.

NetworkandEndpointSecurity

• Wecanonlysecurewhatwe‘control’:– Companydigitalnetwork– Devicesconnectedtothecompany’s

digitalnetwork

• Isthisenough?No,weshouldalsoconsider:– People– Businesspartners– Serviceproviders– Physicalsecurity

Securingourinterests

• Misconfiguredhardware/software• Lackofknowledgeandresources• Defaultsettings• Humanfactor• Cybercriminals• Systemsnotup-to-date• Solutionsnotfitforpurpose• Lackofinterest• Outofsupportsoftware/hardware

Problemsleadtosecurityrisks

• OS/2wasacomputeroperatingsystem,initiallycreatedbyMicrosoftandIBM,thenlaterdevelopedbyIBMexclusively.

• ThefirstversionofOS/2wasreleasedinDecember1987andnewerversionswerereleaseduntilDecember2001.

• OS/2wentoutofsupportinDecember2006.• OS/2isstillusedtodaybyaUKBanktorunone

ofitscriticalapplication.• There’snoplantohaveitmovedintoadifferent

platform.

HaveyoueverheardofOS/2?

• Asecuritybreachcanhavedevastatingeffectstothecompany:– Reputation– Exposureofconfidentialdataand

information– Financial

• Itcanevencompromisetheexistenceofthecompany

ImpactofaSecurityBreach

Costofasecuritybreach

https://www-03.ibm.com/security/infographics/data-breach/

Costofasecuritybreach

https://www-03.ibm.com/security/infographics/data-breach/

Costofasecuritybreach

https://www-03.ibm.com/security/infographics/data-breach/

Costofasecuritybreach

https://www-03.ibm.com/security/infographics/data-breach/

HowtoSecure?

YourLogoYourLogo

SECURITY

Processes

Analysis

Education

Review

Monitor

Alerting

Audit& Testing

Improve

EndpointSecurityManagement

http://cybersec.buzz/endpoint-security-sizzling-however/

TheChallenges

Mentalities

OnaPenTestatoneofthetop5USbanks:• Clientwasconvincedtheyhadatopoftheart

networksecuritysystem.• IdecidedtounplugEthernetcablefromoneof

theterminalsandconnectittomylaptop• Thiswentwithoutdetection• Iwasabletorunaportscanonthemainframe

withoutdetection• Thiswasjustthebeginning!!...

Whenyouthinkyougotitright...

OnaPenTestatoneofthetop5USbanks:• Clientwasconvincedtheyhadatopoftheart

networksecuritysystem.• IdecidedtounplugEthernetcablefromoneof

theterminalsandconnectittomylaptop• Thiswentwithoutdetection• Iwasabletorunaportscanonthemainframe

withoutdetection• Thiswasjustthebeginning!!...

Whenyouthinkyougotitright...

Vulnerabilities24highrisk

25mediumrisk2lowrisk

OffWithTheirHeads!!

• Isitenoughtoprotectthecompany’sdigitalnetworkanddevices?

• Haveyouconsiderinternalbreaches?

• Howabouttheonlineservicesyouuse?

• Isyoursitereallysecure?

• Iseveryonefollowingthesecurityprocedures?

Thebigquestions

• Mostonlineservices(Google,socialmedia,etc)collectdata:– Typeofdevice(OS,Webbrowser,device

type,etc)– Location

• Thisdatacanbeusedto:– Developuser/companyprofiles– Customisedads– Customisedwhatwesee(WYSIWYG)

TheOnline’World’

• CompaniesareaprimetargetforHackers• Socialmediaisasourceofinformation• Datacollectedonlinecanbeusedto

compromiseyoursystems• Hackershavetime,patience,andinmany

cases,resources• It’snotamatterofifyouwillbehacked,it’s

amatterofwhatwillyoudowhenyouare?

TheHackersarecomingforyou

Hackers’resources

Socialengineering

http://www.social-engineer.org/social-engineering/social-engineering-infographic/

Hackers’resources

NetworkandEndpointsecurityonthemainframe• SERVAUTHclass:

– STACK– PORT– NETACCESS

• PolicyAgent• AT-TLS• IPSEC• IPFiltering• IntrusionDetectionServices

• DefenceManagerDaemon• TrafficRegulationManagementDaemon• SyslogDaemon(SyslogD)• SNAenvironment• EnterpriseEdition(EE)connectionsmake

surewhotheyareconnectedtoandwhataccessthe3rd partieshas

• InternalTelnetconnections

NetworkandEndpointsecurityonthemainframe

• Implementalertingsystems(IBMzSecure,Vanguard,…)

• Monitoringsystems• Performonaregularbasis:

– Securityaudits– Penetrationtestings– Securityremediations– Recertification

• Reviewprocessesandprocedures• Educateandtrainyourresources

Mainframe– Whatelse?

• Reviewyoursecuritypoliciesacrosstheboard• Reviewyourtechnologicalestate• Provideregulartrainingandawareness• Keepyoursystemsup-to-date• Segregateanddonotallowdevicesthatdonotmeet

theminimumsecurityrequirements• Performregularsecurityaudits,andpentests• Payspecialattentiontodefaultsettings• Alwaysassumeyou’vealreadybeenhacked!

Beforewego,aquickreview

Questions?

RuiMiguelFeio,RSMPartnersruif@rsmpartners.commobile:+44(0)7570911459www.rsmpartners.com

Contact

www.linkedin.com/in/rfeio