Cyber Criminal Methods & Prevention Techniques. By

Transcription

1 Cyber Criminal Methods & Prevention Techniques By

2 Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO & NIST Typical Remediation Costs

3 FBI / CSI Statistics Every Year Dollars are Lost due to Cyber Criminal Activity Greatest Loss = Proprietary Information Second Greatest Loss = Denial of Service

4 Elements to Protect Confidentiality Security Availability Integrity Availability

5 Everything is a Target Security Management Polices, Procedures & Awareness Policy Assessments Operational Framework Consulting Training & Consulting Application Vulnerability Assessments Code Reviews Application Hardening Centralized Tool Integration Centralized Monitoring Private Public Server Internal Network Vulnerability Assessments Intrusion Detection Wireless Design Consulting Intrusion Prevention Authentication & Authorization Perimeter Vulnerability Assessments Firewalls & Proxies Intrusion Detection VPN Remote Access Data Authentication Management Identity Management Data Privacy Vulnerability Assessments Intrusion Prevention Patch Management Anti-Virus & Anti-SPAM Mobile Client Security Server Hardening Authentication & Authorization

6 Cyber Criminals Motives Financial Rewards Politics Show Off Personal Gratification They know they can

7 Intruder Methods Web Site Research User Groups Staff Call Modems Read Trash Impersonated Someone You Trust Scan Your Systems War Drive Your Wireless

8 Intruder Methods Cont. Use Known and Unknown Exploits Viruses, Trojans & Worms Phishing Attack Partner Networks to Gain Access to Yours Sniff Your Traffic Brute Force Passwords Spam You Denial of Service

9 Most Common Items to Protect Intellectual Property Customer s s And Staff s s Privacy Confidential Data System Availability Reputation Regulatory Challenges

10 Assessment Benefits Roadmap Establishes Baseline Strengthens Security Provides Due Diligence Efficient Formal Audits Finds the Weak Areas

11 How To Identify and Prioritize Risk Holistic Approach Comprehensive reviews (infrastructure, server, application, etc.) Based on Organizational Security Policy, and taking full life cycle into account Consider people and processes, as well as technology Sensible, accessible documentation Helpful to executive decision-makers: explanation of risk in business terms Helpful to managers: project plans, prioritization of tasks Helpful to technical staff: clear standards, specific recommendations Threat Modeling Identifying assets Identifying threats Making qualitative (or quantitative) assessments of risk

12 Top Ten Security Risks 1. Policies & Procedures 2. Security Awareness 3. Access and Authorization 4. Patch Management 5. Mis-Configured Systems & Applications 6. Encryption & Digital Signatures 7. Incident Handling Processes 8. Disaster Recovery & Business Continuity 9. Physical Safeguards 10.Intentional Bypassing of Security Controls

13 Security Policies Communicate Your Organizations Commitment to Security Provide a Baseline and Roadmap for Security Controls Demonstrate Due Diligence All Pertinent Security Control Information Communicated Realistic Manageable Enforceable

14 Security Awareness A well trained user will assist your security efforts Time needs to be invested in user training A well trained user usually requires less help desk support

15 Access & Authorization Weak Passwords Sharing Accounts Not Enforced Easy to Exploit Prevention Strong Security Policies Utilize OS Complex Password Configuration Implement Technical Authorization, Authentication and Accounting Mechanisms (AAA) Implement Two-Factor Authentication

16 Patch Management Hard to Manage Less Window of Opportunity Exploits are coming too fast Can Break System Require Resources Prevention Strong Patch Management Mechanisms Automate Add Intrusion Prevention Mechanisms

17 Mis-Configured Systems Assure only needed or updated Services Strengthen SNMP Strings Secure Wireless Networks Remove Default Settings Filter Outgoing Access at Firewall

18 Encryption / Digital Signatures Protects Against: Forging Impersonation/ Spoofing Eavesdropping Intercepting Denial of Receipt or Send (Non-Repudiation)

19 Incident Handling Process Intrusion Prevention/Detection Anti-virus Mechanisms Logging/Auditing Strong Policies and Documentation

20 Disaster Recovery & Business Continuity Formal Plan Prioritized Systems Standard Backup Process Tested Backups Redundant Systems

21 Physical Safeguards Visitor Badges Building & Data Center Access/Monitoring Fire Prevention/Suppression & Detection UPS Testing and Load

22 Intentional By-Passing of Security Controls Installing Modems Wireless Networks Gotomypc or other remote access items Unauthorized Software Games, Screensavers, etc Prevention Strong Security Policies Centralized and Managed Intrusion Prevention Mechanisms Implement Network Admission Control

23 Importance of NIST & ISO National Institute of Standards & Technology Referenced Throughout Most Regulations Policies and Procedures Are Critical to NIST Best Practices ISO is Industry Recognized Standard for Security ISO Covers 10 Areas of Security Each ISO Area Has Individual Security Items If You Follow NIST and ISO You Would Have a Strong Security Posture and Should Pass Almost Every Audit Combine NIST Levels and ISO-17799

24 ISO Covered Areas Security Policies Organizational Security Asset Classification & Control Personnel Security Physical and Environmental Security Communications & Operations Management Access Control System Development & Maintenance Business Continuity Management Compliance

25 NIST Legend Level 1 control objective documented in a security policy Level 2 security controls documented as procedures Level 3 procedures have been implemented Level 4 procedures and security controls are tested and reviewed Level 5 procedures and security controls are fully integrated into a comprehensive program.

26 ISO Graph Sample 6 Actual Practice Peer Comparison NIST Level Business Continuity Business Continuity Management Process Business Continuity & Impact Analysis Writing & Implementing Continuity Plan Business Continuity Planning Framework Testing Maintaining & Reassessing BC Plan

27 Remediation Costs It is important to budget for remediation A security assessment without remediation efforts is a waste of time and money Remediation usually involves resource time and product cost It is important to budget for one time and reoccurring costs

28 Remediation First Steps Prioritize Risks and Remediation Steps Align Business and IT Strategies Establish Resources Internal, External, Products Establish Internal SLAs between IT and Business Units

29 Internet Links & Question/Answers Thank You