Cyber Security 2010 THE THREATS! THE FUTURE!

Transcription

1 Cyber Security 2010 THE THREATS! THE FUTURE! Tom Barberio - Enterprise Technology Manager (CIO) Synerfac Technical Staffing March 16, 2010 Special Presentation to University of Delaware CIS DEPT Graduate Students

2 Thomas J Barberio Tom Barberio - Enterprise Technology Manager (CIO) Synerfac Technical Staffing Special Security Advisor to FlexIP Advisory Board Member of CIO Panel Everything Channel BS, MS Computer Science / Data Security MCSE, MCITP, CISSP, CCNE,CCDE, CCDE CCIE Security

3 Synerfac Technical Staffing COMPANY PROFILE Since 1987, Synerfac has been a trusted provider of comprehensive staffing services to leading companies nationwide. Clients include small, medium and enterprise businesses Provides Contract, Contract to Direct & Direct Placements Specializes in IT, Engineering & Scientific staffing and recruitment 14 offices and conducting business nationwide Microsoft Certified Partner

4 Cyber Security Our way of life depends on a reliable cyberspace Intellectual property is being downloaded at an alarming rate Cyberspace is now a warfare domain Attacks increasing at an exponential rate (e.g. Conficker) Fundamental network and system vulnerabilities cannot be fixed quickly Entire industries exist to Band Aid over engineering and operational weaknesses (Microsoft Patches 64 vulenrbilitesa in 1 month) Reactive VS Proactive Industry impacts can be costly and Dangerous to public (EX TSA Breach)

5 Govt Response Comprehensive National Cyber Initiative (CNCI) Department of Homeland Security Reorganization Smart Grid Cyber Security Initiative Public-Private Partnerships Defense Industrial Base (DIB) Health Care EMR 2013 Deadline (Many) Legislative Proposals PROBLEM!!! Not secure how can we proceed??? Bureaucracy at its best DC politics, BUT DC uneducated!

6 Cloud Computing Wave of the future for business of all sizes. -Efficient, cost effective, easy to maintain. Security issues remain prevalent! Issues that formerly only effected 1 APP now have ability to effect entire collection of APPS & cross platform architecture. Virtualization ti opens up doors for more Machine Level security issues; meaning shifting more responsibility to hardware manufactures.

7 Cyber Attack # s

8 Cyber Attack # s Topics of Spam Q Topics of Spam Q Pharmacy 81% Degrees 1.3% Replica 5.4% Casino 1% Enhancers 2.3% Weight Loss 0.4% Phishing 2.3% Other 6.3%

9 Cyber Attack # s

10 Top 20 ways of Attack (Not in order) Attack Control Summary Comments 1. Scan for unprotected Maintain inventory of Find devices that can be systems on networks authorized and unauthorized exploited to gain access to devices on networks other interconnected systems. 2. Scan for vulnerable versions of software Maintain inventory of authorized and unauthorized software 3. Scan for software with weak Implement secure configurations configurations for HW/SW computer devices 4. Scan for network devices with exploitable vulnerabilities Implement secure configurations for network devices (routers, switches, firewalls, etc.) Find software versions that are able to be exploited remotely to gain entry to other systems. Original configurations from vendors often have inadequate security controls enabled. Network devices often become less securely configured over time unless they are diligently maintained. 5. Attack boundary devices Implement multi layered Attackers attempt to exploit boundary defenses boundary systems (e.g., DMZ or network perimeter) to gain access to network or interrelated networks

11 Top 20 ways of Attack (Not in order) Attack Control Summary Comments 6. Attack without being detected and maintain Maintain and monitor audit logs Weak protection of or inadequate logging and long term access due to weak audit logs monitoring permits attackers to hide actions 7. Attack web based or Robust security controls Longstanding gcode other application software and testing of application software weaknesses (e.g., SQL injection, buffer overflows) can be exploited 8. Gain administrator privileges to control target machines Implement controlled use of administrator privileges Attacks exploit weak protection or control over administrator privileges 9. Gain access to sensitive data that is not adequately yprotected Implement controlled access based on need to know Once inside a system, attackers exploit weak access controls 10. Exploit newly discovered and unpatched vulnerabilities Continuous vulnerability assessment and remediation Attackers exploit the time between vulnerability discovery and patching

12 Top 20 ways of Attack (Not in order) Attack Control Summary Comments 16. Map networks looking for Implement secure network Look for unprotected (i.e., vulnerabilities engineering weak) links or weak filtering/controls in network 17. Attack networks and systems by exploiting vulnerabilities undiscovered by target system personnel Conduct penetration tests to evaluate and exercise defenses df Attack exploits social engineering and inability bl of system to respond to automated attacks 18. Attack systems or Implement effective cyber True magnitude and impact of organizations that have no or incident response capabilities attack can be masked by poor attack response inadequate response 19. Change system configurations and/or data so Implement data and system recovery procedures Leave backdoors or data errors that permit future attacks or that organization cannot disrupt operations restore it properly 20. Exploit poorly trained or Conduct skills assessment and Attacks focus on manipulating poorly skilled employees ensure adequate training across the enterprise end users, administrators, security operators, programmers, or even system owners

13 DEMO TIME! Disclaimer: PLEASE NOTE ALL DEMOS YOU ARE ABOUT TO SEE ARE FOR INFORMATIONAL PURPOSES ONLY. THE KNOWLEDGE GAINED FROM THESE DEMOS SHOULD BE FOR EDUCATIONAL USES ONLY! THE PRESENTER AND ANY AFFILIATES TAKE NO THE PRESENTER, AND ANY AFFILIATES TAKE NO REASONABILITY FOR YOUR ACTIONS!

14 DEMO TIME! Windows 7 Laptop Secure????????????????

15 DEMO TIME! re=fvw

16 DEMO TIME! Easy Distribution via regular !!

17 Wrap Up Private Sector and Gov Sector HAVE to approach together not individually. Business have to take the threat seriously and ACT! The landscape changes daily! New talent is overdue to enter the field and it needs to happen now! Uniformity of standards and protocol is key! Perhaps most radical action BUT best solution is limiting web access unless security is met!

18 Contact Info CONTACT ME Tom Barberio com ext 118 Please Visit our website hundred of new jobs nationwide posted daily! Follow us on Twitter: Acknowledgement: g 20 Ways of Attack web grids provided by John M Gilligan Group