Troubleshooting and Cyber Protection Josh Wheeler

Similar documents
ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

CYBER SECURITY: ALTITUDE DOES NOT MAKE YOU SAFE

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

CYBERSECURITY MADE SIMPLE

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

CHAPTER 8 SECURING INFORMATION SYSTEMS

Securing Information Systems

Cyber Security on Commercial Airplanes

Effective Strategies for Managing Cybersecurity Risks

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Security Awareness Training Courses

mhealth SECURITY: STATS AND SOLUTIONS

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Teradata and Protegrity High-Value Protection for High-Value Data

2017 Annual Meeting of Members and Board of Directors Meeting

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Personal Cybersecurity

Checklist: Credit Union Information Security and Privacy Policies

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Unique Phishing Attacks (2008 vs in thousands)

Cyber security tips and self-assessment for business

A Review Paper on Network Security Attacks and Defences

External Supplier Control Obligations. Cyber Security

Cyber Security Audit & Roadmap Business Process and

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

PCI Compliance. What is it? Who uses it? Why is it important?

Layer Security White Paper

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Sage Data Security Services Directory

Hacker Academy UK. Black Suits, White Hats!

The Cyber War on Small Business

CCISO Blueprint v1. EC-Council

716 West Ave Austin, TX USA

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

OPSEC and defense agains social engineering for devels, execs, and sart-ups

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cyber Attacks & Breaches It s not if, it s When

How Cyber-Criminals Steal and Profit from your Data

Web Application Security. Philippe Bogaerts

Cybersecurity program & best practices

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Securing Information Systems

ANATOMY OF AN ATTACK!

Certified Cyber Security Specialist

Cyber Security Stress Test SUMMARY REPORT

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Securing Your Data ATA Spec 42. Regan Brossard - The Boeing Company June 2017

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

Web Cash Fraud Prevention Best Practices

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Chapter 6 Network and Internet Security and Privacy

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Best Practices Guide to Electronic Banking

Industry 4.0 = Security 4.0?

5. Execute the attack and obtain unauthorized access to the system.

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Phishing Read Behind The Lines

Payment Card Compliance and Challenges

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Introduction to Information Security Dr. Rick Jerz

Cybersecurity The Evolving Landscape

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Exam : Title : ASAM Advanced Security for Account Managers Exam. Version : Demo

But it Was Such a Little Phish February 2016 Webinar

Cybowall Solution Overview

Reinvent Your 2013 Security Management Strategy

Securing Information Systems

Cybersecurity, safety and resilience - Airline perspective

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The Value of Automated Penetration Testing White Paper

TRUE SECURITY-AS-A-SERVICE

CYBER SECURITY AND MITIGATING RISKS

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Express Monitoring 2019

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Cyber Fraud What can you do about it?

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

Cybersecurity Today Avoid Becoming a News Headline

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Cybersecurity and Nonprofit

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

Unlocking the Power of the Cloud

Transcription:

May 4, 2016 Troubleshooting and Cyber Protection Josh Wheeler

Network Security

Network Security Risks Video

Network Security Risks Article

Network Security Risks Data stealing or disruption of network systems is a critical issue costing money, downtime and possible embarrassment to a company Methods range from social engineering attacks to theft of passwords and credentials, spam, malware and more.

Network Security Risks A threat is any event or action that could potentially result in the violation of a security requirement, policy, or procedure. Unintentional or unauthorized access or changes to data. Interruption of services. Damage to hardware. Unauthorized access or damage to facilities.

Network Security Risks Vulnerability is any condition that leaves a system open to attack. Vulnerabilities can come in a wide variety of forms, including: Improperly configured or installed hardware or software. Bugs in software or operating systems. Poorly designed networks. Poor physical security. Insecure passwords.

Network Security Risks An attack is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so.

Network Security Risks Measures must be taken within all environments for data to be secure Remote locations must follow the same policies set forth by a company Users have a responsibility to help secure data Being educated Following policies Knowledge of what you are connecting to

Network Security Risks Example Web browser add-ons are inherently trusted by users and are being targeted as vehicles for installation of malware

Network Security Risks Example Secure Passwords https://www.my1login.com/resources/password-strength-test/

Network Security Risks Common types of network threats Evil Twin/Rogue Access Points - Setup a fake wireless network to capture data Spear Phishing - Increased exposure due to limited controls Command and Control - Reduced controls allows tools to call home Advanced Persistent Threats (APT) Reduced Logging - Impedes forensic analysis if there is an event

Network Security Risks EVIL TWIN/ROGUE ACCESS POINTS A user unknowingly associates with a rouge or fake wireless access point which has the same name as the legitimate access point The intent is to capture/steal data passing through the rouge access point

Network Security Risks SPEAR PHISHING An email which appears to be from a known individual or business but is not Typically targets a specific organization or group Intent is to get credit card, bank account numbers, passwords, trade secrets, etc. typically by clicking a link to enter information Increased exposure due to limited controls End user (employee) can decide to click the rouge link

Network Security Risks C O M M A N D A N D C O N T R O L M A LW A R E Malware gets unknowingly installed Conducts a call-home to fetch updated and instructions from the Command and Control servers Sends back stolen information

Network Security Risks C O M M A N D A N D C O N T R O L M A LW A R E Malware gets unknowingly installed Conducts a call-home to fetch updated and instructions from the Command and Control servers Sends back stolen information

Network Security Risks A D VA N C E D P E R S I S T E N T T H R E AT S ( A P T ) APT: a network attack in which a person gains access to a network (through a variety of sources) and resides undetected for an extended period of time Goal: steal data undetected vs. cause damage to the network Target: high-value sectors, such as national defense, manufacturing and finance

Network Security Risks NETWORK LOGGING AND MONITORING A security firm1 recently identified insufficient logging and monitoring as #6 on a list of top ten network security mistakes Sufficient logging and monitoring can help provide a quick explanation of why a security breach occurred and who may be involved Almost any device which is managed on a network can and should generate logs 1Fishnet Security

Network Security Risks NETWORK LOGGING AND MONITORING Top reasons to use network monitoring Be informed of your network status from anywhere Plan for upgrades or changes Diagnose problems quickly Make sure your security systems are operating properly 1Fishnet Security

Airplane Hacking

Network Security Risks Airplane hacking News reports of aircraft hacking and takeover are based off an April, 2015 - Government Accountability Office (GAO) report on aircraft network security revealed possible vulnerabilities within aircraft systems. Advised by cybersecurity and aviation experts. No mock-ups or system testing were carried out. FAA s Office of Safety has started reviewing rules for certifying the cybersecurity of all new aircraft avionics systems. Full report available at: http://www.gao.gov/products/gao-15-370 Report specifically addresses commercial aviation where cabin and flightdeck networks are known to be integrated

Network Security Risks AIRPLANE HACKING Boeing example (737-900) Onboard Network System (ONS) securely connects airline operations and maintenance with key airplane data and software parts. ONS integrates with IP-based satellite connectivity systems. Cockpit and Cabin share a common router Separated via a firewall

Security Compliance

Security Compliance M U LT I P L E I N T E R N E T G AT E W AY S ( C O N N E C T I O N S ) Multiple internet connections proves difficult without the proper setup: No single monitoring/filtering for exiting traffic No guaranteed compliance policy application No central logging capability Allows for multiple attack entry points

Security Compliance C O R P O R AT E G AT E W AY Security and compliance services delivered by the end user s security department and governed by their IT security policies Filtering Virus, email and program scanning Active monitoring Prevents un-compliant access Internet access is provided by the corporate data center or other exit (egress) point

SD Private Network

SD Private Network S D T I E R I I I D ATA C E N T E R Privately owned, secure data center for SD customers Allows customer s to secure their data from the aircraft, to the ground, to a chosen end point Data center to internet Data center to Corporate data center Data center to a chosen Corporate location Ensures your traffic travels a secure, known path

SD Private Network S D P R I VAT E R O U T I N G SD operated internet gateways (PoP) worldwide Amsterdam, New York, Florida, London Public, private, dynamic, static, US and Europe based IP addressing Based on Needs Private data routing for Ku, Ka, L-band

SD Private Network SECURE CONNECTIVITY The reality is users connect through unsecure locations. Including the aircraft Free Wi-Fi could potentially be a rouge access point. VPN connectivity is one solution to help secure data?

SD Private Network S D P R I VAT E R O U T I N G Secure connectivity Leased line connection from SD Data Center to Corporate HQ Aircraft data traffic is delivered directly to your corporate network Bypasses the public internet Your onboard operates completely within your corporate compliance requirements

SD Private Network S D D ATA C E N T E R I S C E R T I F I E D S E C U R E SSAE 16 SOC 1 Type 2 ISAE3402 Financial reporting assurance standards FISMA Compliant Protection of government information, operations and assets against natural or man-made threats Electronic Government Act of 2002 PCI Compliant Security for credit, debit, and cash card transactions HIPAA Compliant National Security standards to protect patient data

SD Private Network S D D ATA C E N T E R T E S T I N G Penetration testing (PEN testing) Proactive, authorized evaluation of an IT infrastructure s security and vulnerabilities Allows for identification and report of possible security vulnerabilities, both internal and external. Weekly testing is carried out by certified ethical hackers based at the SD Data Center Software and hardware modifications are tested for security. Ability to test end customer SDR configurations.

SD M O R E T H A N J U S T S AT C O M SD World Headquarters Premier Solutions Provider: Flight operations Cabin services Network security (compliance) Network Operations Center SD Secure Datacenter Hardware Training

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback