Troubleshooting and Cyber Protection Josh Wheeler

Transcription

1 May 4, 2016 Troubleshooting and Cyber Protection Josh Wheeler

2 Network Security

3 Network Security Risks Video

4 Network Security Risks Article

5 Network Security Risks Data stealing or disruption of network systems is a critical issue costing money, downtime and possible embarrassment to a company Methods range from social engineering attacks to theft of passwords and credentials, spam, malware and more.

6 Network Security Risks A threat is any event or action that could potentially result in the violation of a security requirement, policy, or procedure. Unintentional or unauthorized access or changes to data. Interruption of services. Damage to hardware. Unauthorized access or damage to facilities.

7 Network Security Risks Vulnerability is any condition that leaves a system open to attack. Vulnerabilities can come in a wide variety of forms, including: Improperly configured or installed hardware or software. Bugs in software or operating systems. Poorly designed networks. Poor physical security. Insecure passwords.

8 Network Security Risks An attack is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so.

9 Network Security Risks Measures must be taken within all environments for data to be secure Remote locations must follow the same policies set forth by a company Users have a responsibility to help secure data Being educated Following policies Knowledge of what you are connecting to

10 Network Security Risks Example Web browser add-ons are inherently trusted by users and are being targeted as vehicles for installation of malware

11 Network Security Risks Example Secure Passwords

12 Network Security Risks Common types of network threats Evil Twin/Rogue Access Points - Setup a fake wireless network to capture data Spear Phishing - Increased exposure due to limited controls Command and Control - Reduced controls allows tools to call home Advanced Persistent Threats (APT) Reduced Logging - Impedes forensic analysis if there is an event

13 Network Security Risks EVIL TWIN/ROGUE ACCESS POINTS A user unknowingly associates with a rouge or fake wireless access point which has the same name as the legitimate access point The intent is to capture/steal data passing through the rouge access point

14 Network Security Risks SPEAR PHISHING An which appears to be from a known individual or business but is not Typically targets a specific organization or group Intent is to get credit card, bank account numbers, passwords, trade secrets, etc. typically by clicking a link to enter information Increased exposure due to limited controls End user (employee) can decide to click the rouge link

15 Network Security Risks C O M M A N D A N D C O N T R O L M A LW A R E Malware gets unknowingly installed Conducts a call-home to fetch updated and instructions from the Command and Control servers Sends back stolen information

16 Network Security Risks C O M M A N D A N D C O N T R O L M A LW A R E Malware gets unknowingly installed Conducts a call-home to fetch updated and instructions from the Command and Control servers Sends back stolen information

17 Network Security Risks A D VA N C E D P E R S I S T E N T T H R E AT S ( A P T ) APT: a network attack in which a person gains access to a network (through a variety of sources) and resides undetected for an extended period of time Goal: steal data undetected vs. cause damage to the network Target: high-value sectors, such as national defense, manufacturing and finance

18 Network Security Risks NETWORK LOGGING AND MONITORING A security firm1 recently identified insufficient logging and monitoring as #6 on a list of top ten network security mistakes Sufficient logging and monitoring can help provide a quick explanation of why a security breach occurred and who may be involved Almost any device which is managed on a network can and should generate logs 1Fishnet Security

19 Network Security Risks NETWORK LOGGING AND MONITORING Top reasons to use network monitoring Be informed of your network status from anywhere Plan for upgrades or changes Diagnose problems quickly Make sure your security systems are operating properly 1Fishnet Security

20 Airplane Hacking

21 Network Security Risks Airplane hacking News reports of aircraft hacking and takeover are based off an April, Government Accountability Office (GAO) report on aircraft network security revealed possible vulnerabilities within aircraft systems. Advised by cybersecurity and aviation experts. No mock-ups or system testing were carried out. FAA s Office of Safety has started reviewing rules for certifying the cybersecurity of all new aircraft avionics systems. Full report available at: Report specifically addresses commercial aviation where cabin and flightdeck networks are known to be integrated

22 Network Security Risks AIRPLANE HACKING Boeing example ( ) Onboard Network System (ONS) securely connects airline operations and maintenance with key airplane data and software parts. ONS integrates with IP-based satellite connectivity systems. Cockpit and Cabin share a common router Separated via a firewall

23 Security Compliance

24 Security Compliance M U LT I P L E I N T E R N E T G AT E W AY S ( C O N N E C T I O N S ) Multiple internet connections proves difficult without the proper setup: No single monitoring/filtering for exiting traffic No guaranteed compliance policy application No central logging capability Allows for multiple attack entry points

25 Security Compliance C O R P O R AT E G AT E W AY Security and compliance services delivered by the end user s security department and governed by their IT security policies Filtering Virus, and program scanning Active monitoring Prevents un-compliant access Internet access is provided by the corporate data center or other exit (egress) point

26 SD Private Network

27 SD Private Network S D T I E R I I I D ATA C E N T E R Privately owned, secure data center for SD customers Allows customer s to secure their data from the aircraft, to the ground, to a chosen end point Data center to internet Data center to Corporate data center Data center to a chosen Corporate location Ensures your traffic travels a secure, known path

28 SD Private Network S D P R I VAT E R O U T I N G SD operated internet gateways (PoP) worldwide Amsterdam, New York, Florida, London Public, private, dynamic, static, US and Europe based IP addressing Based on Needs Private data routing for Ku, Ka, L-band

29 SD Private Network SECURE CONNECTIVITY The reality is users connect through unsecure locations. Including the aircraft Free Wi-Fi could potentially be a rouge access point. VPN connectivity is one solution to help secure data?

30 SD Private Network S D P R I VAT E R O U T I N G Secure connectivity Leased line connection from SD Data Center to Corporate HQ Aircraft data traffic is delivered directly to your corporate network Bypasses the public internet Your onboard operates completely within your corporate compliance requirements

31 SD Private Network S D D ATA C E N T E R I S C E R T I F I E D S E C U R E SSAE 16 SOC 1 Type 2 ISAE3402 Financial reporting assurance standards FISMA Compliant Protection of government information, operations and assets against natural or man-made threats Electronic Government Act of 2002 PCI Compliant Security for credit, debit, and cash card transactions HIPAA Compliant National Security standards to protect patient data

32 SD Private Network S D D ATA C E N T E R T E S T I N G Penetration testing (PEN testing) Proactive, authorized evaluation of an IT infrastructure s security and vulnerabilities Allows for identification and report of possible security vulnerabilities, both internal and external. Weekly testing is carried out by certified ethical hackers based at the SD Data Center Software and hardware modifications are tested for security. Ability to test end customer SDR configurations.

33 SD M O R E T H A N J U S T S AT C O M SD World Headquarters Premier Solutions Provider: Flight operations Cabin services Network security (compliance) Network Operations Center SD Secure Datacenter Hardware Training

34