Embed Size (px)
Citation preview
C.E.R.T.A corporate perspective
ERG meeting #20Network and Information Security
MALTA9th October 2009
Donald Tabone B.Sc (Hons)
2
The idea behind CERT
• Provide for post incident analysis
• Compliance with laws and regulations governing breaches
• Preservation of company goodwill
• Compliance – top down strategy
• Minimise company loss of revenue and customers
• Company reputation
The main corporate drivers for IS & CERT
The reality corporate IS faces
• 60% of corporate date resides unprotected on PC desktops and laptops
• Statistically 1-out-of-10 laptops are stolen with 12 months of purchase
• 66% of USB thumb drive owners report losing them – over 60% with private corporate data on them
• Data problem: Users want to access their data anytime, from anywhere
CCBill’s approach to IS ..1..
• Logical level
– Securing all endpoints – AV alone is no longer effective
– Employing dual-factor authentication for sensitive servers
– Instilling a security mindset throughout our SDLC
– Disallow USB and WiFi devices company-wide
– Automated user account de/provisioning
– HIDS implementations on secured servers
– Effective patch management
– Full-disk encryption for laptops
– End to end encryption (IPSEC, SSH, SSL etc..)
– Inherently redundant network architectures
Inherently redundant network architectures
PHOENIXAMSTERDAM
AUSTRALIAASHBURN
OVERALL OBJECTIVES• MAXIMISE NETWORK UPTIME • MINIMISE IMPACT TO OUR SYSTEMS
CCBill’s approach to IS ..2..
• Organisational level
– Business Continuity Planning (BCP)
– Periodic business impact analysis (BIA)
– Service level agreements -> transfer of risk
– Inherent fail-over strategies
– Separation of duties
– Periodic security awareness training
– Acceptable usage policy (AUP)
Security Monitoring
• Augments prevention, doesn’t replace it• Monitoring Incident response cycle
– Feedback from forensics into monitoring
• Policy review team• Effective change management procedures• Typical network monitoring tools
– Snort (IDS)– Ntop– Rancid CISCO logs– Splunk SIEM
• Periodic gap analysis by third parties• Syslog aggregation from all devices and endpoints
Syslog network topology
IS implementation challenges
• Balancing security with usability
• Minimising human error
• Instilling a security mindset
• Keeping abreast with technology shifts
• Mitigating and reducing risks to an acceptable level
• Preventing breaches
• Responding to incidents in a timely manner
• Enforcing confidentiality, integrity and availability
CERT challenges
• Post incident analysis is expensive and time consuming– Companies are sometimes ready to suffer the
brunt
• Time is money– Release today, get the business and patch
tomorrow
• Often, business strategies win hands down over security best practices
Q&A
THANK YOU!
