Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com
Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation Costs
FBI / CSI Statistics Every Year Dollars are Lost due to Cyber Criminal Activity Greatest Loss = Proprietary Information Second Greatest Loss = Denial of Service
Elements to Protect Confidentiality Security Availability Integrity Availability
Everything is a Target Security Management Polices, Procedures & Awareness Policy Assessments Operational Framework Consulting Training & Consulting Application Vulnerability Assessments Code Reviews Application Hardening Centralized Tool Integration Centralized Monitoring Private Public Server Internal Network Vulnerability Assessments Intrusion Detection Wireless Design Consulting Intrusion Prevention Authentication & Authorization Perimeter Vulnerability Assessments Firewalls & Proxies Intrusion Detection VPN Remote Access Data Authentication Management Identity Management Data Privacy Vulnerability Assessments Intrusion Prevention Patch Management Anti-Virus & Anti-SPAM Mobile Client Security Server Hardening Authentication & Authorization
Cyber Criminals Motives Financial Rewards Politics Show Off Personal Gratification They know they can
Intruder Methods Web Site Research User Groups Email Staff Call Modems Read Trash Impersonated Someone You Trust Scan Your Systems War Drive Your Wireless
Intruder Methods Cont. Use Known and Unknown Exploits Viruses, Trojans & Worms Phishing Attack Partner Networks to Gain Access to Yours Sniff Your Traffic Brute Force Passwords Spam You Denial of Service
Most Common Items to Protect Intellectual Property Customer s s And Staff s s Privacy Confidential Data System Availability Reputation Regulatory Challenges
Assessment Benefits Roadmap Establishes Baseline Strengthens Security Provides Due Diligence Efficient Formal Audits Finds the Weak Areas
How To Identify and Prioritize Risk Holistic Approach Comprehensive reviews (infrastructure, server, application, etc.) Based on Organizational Security Policy, and taking full life cycle into account Consider people and processes, as well as technology Sensible, accessible documentation Helpful to executive decision-makers: explanation of risk in business terms Helpful to managers: project plans, prioritization of tasks Helpful to technical staff: clear standards, specific recommendations Threat Modeling Identifying assets Identifying threats Making qualitative (or quantitative) assessments of risk
Top Ten Security Risks 1. Policies & Procedures 2. Security Awareness 3. Access and Authorization 4. Patch Management 5. Mis-Configured Systems & Applications 6. Encryption & Digital Signatures 7. Incident Handling Processes 8. Disaster Recovery & Business Continuity 9. Physical Safeguards 10.Intentional Bypassing of Security Controls 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Security Policies Communicate Your Organizations Commitment to Security Provide a Baseline and Roadmap for Security Controls Demonstrate Due Diligence All Pertinent Security Control Information Communicated Realistic Manageable Enforceable
Security Awareness A well trained user will assist your security efforts Time needs to be invested in user training A well trained user usually requires less help desk support
Access & Authorization Weak Passwords Sharing Accounts Not Enforced Easy to Exploit Prevention Strong Security Policies Utilize OS Complex Password Configuration Implement Technical Authorization, Authentication and Accounting Mechanisms (AAA) Implement Two-Factor Authentication
Patch Management Hard to Manage Less Window of Opportunity Exploits are coming too fast Can Break System Require Resources Prevention Strong Patch Management Mechanisms Automate Add Intrusion Prevention Mechanisms
Mis-Configured Systems Assure only needed or updated Services Strengthen SNMP Strings Secure Wireless Networks Remove Default Settings Filter Outgoing Access at Firewall
Encryption / Digital Signatures Protects Against: Forging Impersonation/ Spoofing Eavesdropping Intercepting Denial of Receipt or Send (Non-Repudiation)
Incident Handling Process Intrusion Prevention/Detection Anti-virus Mechanisms Logging/Auditing Strong Policies and Documentation
Disaster Recovery & Business Continuity Formal Plan Prioritized Systems Standard Backup Process Tested Backups Redundant Systems
Physical Safeguards Visitor Badges Building & Data Center Access/Monitoring Fire Prevention/Suppression & Detection UPS Testing and Load
Intentional By-Passing of Security Controls Installing Modems Wireless Networks Gotomypc or other remote access items Unauthorized Software Games, Screensavers, etc Prevention Strong Security Policies Centralized and Managed Intrusion Prevention Mechanisms Implement Network Admission Control
Importance of NIST & ISO-17799 National Institute of Standards & Technology Referenced Throughout Most Regulations Policies and Procedures Are Critical to NIST Best Practices ISO-17799 is Industry Recognized Standard for Security ISO-17799 Covers 10 Areas of Security Each ISO-17799 Area Has Individual Security Items If You Follow NIST and ISO-17799 You Would Have a Strong Security Posture and Should Pass Almost Every Audit Combine NIST 800-26 Levels and ISO-17799
ISO-17799 Covered Areas Security Policies Organizational Security Asset Classification & Control Personnel Security Physical and Environmental Security Communications & Operations Management Access Control System Development & Maintenance Business Continuity Management Compliance
NIST Legend Level 1 control objective documented in a security policy Level 2 security controls documented as procedures Level 3 procedures have been implemented Level 4 procedures and security controls are tested and reviewed Level 5 procedures and security controls are fully integrated into a comprehensive program.
ISO-17799 Graph Sample 6 Actual Practice Peer Comparison NIST Level Business Continuity 5 4 3 2 1 0 Business Continuity Management Process Business Continuity & Impact Analysis Writing & Implementing Continuity Plan Business Continuity Planning Framework Testing Maintaining & Reassessing BC Plan
Remediation Costs It is important to budget for remediation A security assessment without remediation efforts is a waste of time and money Remediation usually involves resource time and product cost It is important to budget for one time and reoccurring costs
Remediation First Steps Prioritize Risks and Remediation Steps Align Business and IT Strategies Establish Resources Internal, External, Products Establish Internal SLAs between IT and Business Units
Internet Links & Question/Answers www.gocsi.com www.sans.org www.nist.gov www.nessus.org www.insecure.org/tools.html www.berbee.com www.cisco.com www.microsoft.com www.rsa.com Thank You