Computer Security: Cyber Essentials KAMI VANIEA 1

Similar documents
Cyber Essentials Questionnaire Guidance

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Requirements for IT Infrastructure

Cyber Essentials. Requirements for IT Infrastructure. QG Adaption Publication 25 th July 17

How Breaches Really Happen

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

CS 356 Operating System Security. Fall 2013

ANATOMY OF AN ATTACK!

Juniper Vendor Security Requirements

Cyber security tips and self-assessment for business

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

Cyber Security. Our part of the journey

Information Security Controls Policy

Total Security Management PCI DSS Compliance Guide

LOGmanager and PCI Data Security Standard v3.2 compliance

Payment Card Industry (PCI) Data Security Standard

Network Defenses 21 JANUARY KAMI VANIEA 1

Addressing PCI DSS 3.2

Network Defenses 21 JANUARY KAMI VANIEA 1

Cybersecurity The Evolving Landscape

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

HikCentral V1.3 for Windows Hardening Guide

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

K12 Cybersecurity Roadmap

Dissecting Data Breaches. What Keeps Going Wrong?

epldt Web Builder Security March 2017

Altius IT Policy Collection Compliance and Standards Matrix

PT Unified Application Security Enforcement. ptsecurity.com

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Altius IT Policy Collection Compliance and Standards Matrix

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

NEN The Education Network

Cyber Security Updates and Trends Affecting the Real Estate Industry

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Locking down a Hitachi ID Suite server

Cyber Essentials - Requirements for IT Infrastructure Questionnaire

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

WHO AM I? Been working in IT Security since 1992

6 Vulnerabilities of the Retail Payment Ecosystem

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

PRACTICING SAFE COMPUTING AT HOME

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Cyber Security Stress Test SUMMARY REPORT

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Security Audit What Why

Google Cloud Platform: Customer Responsibility Matrix. April 2017

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Checklist: Credit Union Information Security and Privacy Policies

Securing Today s Mobile Workforce

Simple and Powerful Security for PCI DSS

Define information security Define security as process, not point product.

Managing an Active Incident Response Case. Paul Underwood, COO

Instructor: Eric Rettke Phone: (every few days)

Reviewing the 2017 Verizon DBIR

External Supplier Control Obligations. Cyber Security

Securing the SMB Cloud Generation

Cyber Security Update Recent Events in the Wild and How Can We Prepare?

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

HikCentral V.1.1.x for Windows Hardening Guide

1) Are employees required to sign an Acceptable Use Policy (AUP)?

7.16 INFORMATION TECHNOLOGY SECURITY

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

CIS Controls Measures and Metrics for Version 7

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Network Defenses KAMI VANIEA 1

Integrated Access Management Solutions. Access Televentures

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

Exposing The Misuse of The Foundation of Online Security

Google Cloud Platform: Customer Responsibility Matrix. December 2018

CYBERSECURITY RISK LOWERING CHECKLIST

PCI Compliance. What is it? Who uses it? Why is it important?

How NOT To Get Hacked

mhealth SECURITY: STATS AND SOLUTIONS

Endpoint Protection : Last line of defense?

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Web Cash Fraud Prevention Best Practices

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Process System Security. Process System Security

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Take Risks in Life, Not with Your Security

Are You Avoiding These Top 10 File Transfer Risks?

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

SECURITY PRACTICES OVERVIEW

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Easy-to-Use PCI Kit to Enable PCI Compliance Audits

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Transcription:

Computer Security: Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 1

First, the news http://www.sbrcentre.co.uk/images/site_images/20522_small BusinessTheCyberRiskReportVoRFINALFeb2016.pdf http://www.informationisbeautiful.net/visualizations/worldsbiggest-data-breaches-hacks/ KAMI VANIEA 2

KAMI VANIEA 3

10 large steps are too complex for small companies. KAMI VANIEA 4

KAMI VANIEA 5

Cyber Security Essentials KAMI VANIEA 6

Cyber Security Essentials KAMI VANIEA 7

Cyber Essentials Certification Self-assessment External vulnerability scan by an approved tester Internal vulnerability scan by an approved tester KAMI VANIEA 8

Cyber Essentials provides a good summary of what basic level protection looks like. KAMI VANIEA 9

Cyber Essentials Controls KAMI VANIEA 10

Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 11

Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers More Secure Sample Network Personal Devices Boundary Firewalls DMZ Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 12

Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 13

A system which is unspecified can never be wrong, it can only be surprising. KAMI VANIEA 14

Step 1: Decide what you are going to protect and what is out of scope. KAMI VANIEA 15

Scope boundary Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 16

Cyber Security Essentials KAMI VANIEA 17

Secure Configuration Objectives: Computers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role. Default settings are not necessarily secure. Predefined passwords can be widely known. KAMI VANIEA 18

Secure Configuration 1. Unnecessary user accounts should be removed or disabled. 2. Any default password for a user account should be changed to an alternative, strong password. 3. Unnecessary software should be removed or disabled. 4. The auto-run feature should be disabled. 5. A personal firewall (or equivalent) should be enabled on desktop PCs and laptops, and configured to disable (block) unapproved connections by default. KAMI VANIEA 19

Scope boundary Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 20

Configuration is a real problem Misc Errors Crimeware Insider Misue Physical Theft/Loss Web App Attacks Denial of Service Cyber-espionage POS Intrusions Payment Card Services 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% Verizon 2015 Data Breach Investigations Report KAMI VANIEA 21

Server configuration error left the data world readable http://uk.reuters.com/article/ususa-voters-breachidukkbn0ub1e020151229 KAMI VANIEA 22

Cyber Security Essentials KAMI VANIEA 24

Boundary firewalls and internet gateways Objectives: Information, applications and computers within the organization's internal networks should be protected against unauthorized access and disclosure from the internet, using boundary firewalls, internet gateways or equivalent network devices. Boundary devices are the first line of defense. Firewall rules can be used to stop basic attacks before they even reach the internal network. KAMI VANIEA 25

Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Boundary devices Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 26

Boundary firewalls and internet gateways 1. Change default administrator passwords for all network devices and firewalls. 2. Each rule that allows network traffic to pass through the firewall should be subject to approval by an authorized individual and documented. 3. Unapproved services, or services that are typically vulnerable to attack, should be disabled (blocked) by the boundary firewall by default. 4. Firewall rules that are no longer required should be removed or disabled in a timely manner. 5. The administrative interface used to manage boundary firewall configuration should not be accessible from the internet. KAMI VANIEA 27

Windows 8 Firewall rules KAMI VANIEA 28

Two people sat out in a parking lot and breached the network which had no real security http://www.nbcnews.com/id/17 871485/ns/technology_and_scie nce-security/t/tj-maxx-theft- believed-largest-hack-ever/#.ufi- HaRYtmg KAMI VANIEA 29

Cyber Security Essentials KAMI VANIEA 30

Access control and administrative privilege management Objectives: accounts, particularly those with special access privileges should be assigned only to authorized individuals, managed effectively and provide the minimum level of access to applications, computers and networks. Principle of least privilege only give users access they need. Admin accounts have the most access, if one gets compromised it can lead to large scale loss of information. KAMI VANIEA 31

Access control and administrative privilege management 1. All user account creation should be subject to a provisioning and approval process. 2. Special access privileges should be restricted to a limited number of authorized individuals. 3. Details about special access privileges should be documented, kept in a secure location and reviewed on a regular basis. 4. Admin accounts should only be used to perform legitimate admin activities, and should not be granted access to email or the internet. 5. Admin accounts should be configured to require a password change on a regular basis. 6. Each user should authenticate using a unique username and strong password before being granted access to applications, computers and network devices. 7. accounts and special access privileges should be removed or disabled when no longer required or after a pre-defined period of inactivity. KAMI VANIEA 32

Low security devices Critical device Security device Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 33

Investigation ongoing, current theory is that employees fell for a phishing attack KAMI VANIEA 34

One of the US companies that manages credit scores sold data to a person who ran an online ID Theft service. http://krebsonsecurity.com/2013/10 /experian-sold-consumer-data-to-idtheft-service/ KAMI VANIEA 35

Cyber Security Essentials KAMI VANIEA 36

Malware protection Objectives: Computers exposed to the internet should be protected against malware infection through the use of malware protection software. Todays Firewalls are very good, most malicious software must be invited in by a user opening an email, browsing a compromised website, or connecting compromised media. Protection software continuously monitors the computer for known malicious programs. KAMI VANIEA 37

Malware protection Install anti-malware software on all computers that are connected to or capable of connecting to the internet. Update anti-malware software on all computers. Configure anti-malware software to scan files automatically upon access and scan web pages when being accessed. Regularly scan all files. Anti-malware software should prevent connections to malicious websites on the internet. KAMI VANIEA 38

Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 39

Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary devices Boundary Firewall Email, web and application servers Databases Router Home PC Internet 3 rd party server KAMI VANIEA 40

Malicious payloads were being delivered to around 300,000 users per hour. The company guesses that around 9 percent of those, or 27,000 users per hour, were being infected. https://www.washingtonpost.com/blogs/the-switch/wp/2014/01/04/thousands-of-visitors-to-yahoo-com-hit-with-malware-attack-researchers-say

Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious Instead of serving ordinary ads, the Yahoo's servers reportedly sends users an exploit kit. https://www.washingtonpost.com/blogs/the-switch/wp/2014/01/04/thousands-of-visitors-to-yahoo-com-hit-with-malware-attack-researchers-say

Cyber Security Essentials KAMI VANIEA 43

Patch management Objectives: Software running on computers and network devices should be kept up-to-date and have the latest security patches installed. Vulnerabilities in software are patched through updates. If you don t install the update, the vulnerability is not patched. However, patching can cause compatibility problems. So you should always test the patches. KAMI VANIEA 44

Patch management 1. Software running on computers and network devices on the internet should be licensed and supported to ensure security patches for known vulnerabilities are made available. 2. Updates to software running on computers and network devices should be installed in a timely manner. 3. Out-of-date software should be removed. 4. All security patches for software should be installed in a timely manner. KAMI VANIEA 45

A. Nappa, R. Johnson, L. Bilge, J. Caballero, and T. Dumitraș, The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching, in IEEE Symposium on Security and Privacy, San Jose, CA, 2015. Vulnerability survival Vulnerability half life

Vulnerability survival The % of computers patched X days after disclosure. A. Nappa, R. Johnson, L. Bilge, J. Caballero, and T. Dumitraș, The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching, in IEEE Symposium on Security and Privacy, San Jose, CA, 2015.

Heartbleed 600,000 vulnerable serves initially 300,000 vulnerable one month later 300,000 vulnerable two months later 200,000 vulnerable one year later Errata Security Blog http://blog.erratasec.com/2014/06/300k-vulnerable-to-heartbleed-two.html KAMI VANIEA 48

Scope boundary Sample Network Mobile Devices Wireless Access Point Desktop PCs and laptops Card Readers Personal Devices Boundary Firewall Email, web and application servers Databases Router Home PC Home Router Internet 3 rd party server KAMI VANIEA 50

Questions KAMI VANIEA 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback