Cyber Security Update Recent Events in the Wild and How Can We Prepare?

Similar documents
ACM Retreat - Today s Topics:

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

K12 Cybersecurity Roadmap

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

QuickBooks Online Security White Paper July 2017

AUTHORITY FOR ELECTRICITY REGULATION

Back to Basics: Basic CIS Controls

Cyber Security Program

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Healthcare HIPAA and Cybersecurity Update

Defense in Depth Security in the Enterprise

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Nebraska CERT Conference

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk

External Supplier Control Obligations. Cyber Security

Cyber Security. Our part of the journey

Computer Security: Cyber Essentials KAMI VANIEA 1

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

IT & DATA SECURITY BREACH PREVENTION

Security Standards for Electric Market Participants

CIRT: Requirements and implementation

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Heavy Vehicle Cyber Security Bulletin

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Effective Strategies for Managing Cybersecurity Risks

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Free antivirus software download

Seqrite Endpoint Security

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

A practical guide to IT security

Forecast to Industry Program Executive Office Mission Assurance/NetOps

ISE North America Leadership Summit and Awards

Juniper Vendor Security Requirements

How Breaches Really Happen

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Mapping BeyondTrust Solutions to

Mobile App Security and Malware in Mobile Platform

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Department of Management Services REQUEST FOR INFORMATION

align security instill confidence

2013 InterWorks, Page 1

W H IT E P A P E R. Salesforce Security for the IT Executive

10 FOCUS AREAS FOR BREACH PREVENTION

Cyber Essentials Questionnaire Guidance

Cyber security tips and self-assessment for business

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Internet infrastructure

Threat-Based Metrics for Continuous Enterprise Network Security

Transforming Security Part 2: From the Device to the Data Center

ANATOMY OF AN ATTACK!

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

GUIDE. MetaDefender Kiosk Deployment Guide

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Cyber Security Stress Test SUMMARY REPORT

G/On OS Security Model

: Administration of Symantec Endpoint Protection 14 Exam

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

Securing Industrial Control Systems

Kaspersky Security. The Power to Protect Your Organization

Designing and Building a Cybersecurity Program

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Security Readiness Assessment

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

Building Resilience in a Digital Enterprise

Putting the 20 Critical Controls into Action: Real World Use Cases. Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO

the SWIFT Customer Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

The GenCyber Program. By Chris Ralph

CYBER SECURITY POLICY REVISION: 12

Teradata and Protegrity High-Value Protection for High-Value Data

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Perspectives on Threat

Bill Parrish Scott Inscore Bob Worth

Managing IT & Election Systems. U.S. Election Assistance Commission 1

Automating the Top 20 CIS Critical Security Controls

Combating Today s Cyber Threats Inside Look at McAfee s Security

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Altitude Software. Data Protection Heading 2018

WHO AM I? Been working in IT Security since 1992

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Changing face of endpoint security

Transcription:

Cyber Security Update Recent Events in the Wild and How Can We Prepare? Bob Cowles August, 2011

DOE Labs Hacked! ORNL off the Internet for nearly 2 weeks extensive remediation efforts put into place JLab went off the Internet on June 30. Rebuilt infrastructure and desktops. Offline for two weeks. PNNL went off the Internet on July 1. Like Jlab, offline for two weeks. 2

What Happened? Attackers found vulnerabilities Phishing Unpatched web application Unpatched desktop application Used architectural feature to take control of the infrastructure The feature is common across operating systems in wide use at SLAC 3

What Were They After? Currently, lots of groups are looking for documents; many corporations and government entities are under attack Same group attacked PNNL and JLab ORNL attack might have been different Possible help that SLAC is not a.gov site Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies. DEPARTMENT OF DEFENSE STRATEGY FOR OPERATING IN CYBERSPACE 4

Could It Happen At SLAC? YES! Vulnerable web applications Widespread use of elevated privileges Unpatched systems and applications Even centrally managed systems have over 1000 unique applications that need to be kept up-to-date Differently managed systems Various flavors of Linux (Fedora, Ubuntu, Debian) Macs (600+ on-site with no official support) Major vulns in past 3 years Mac: 1,151; Win 1,325 Laptops (especially Linux and Macs) Smartphones and tablets Lab culture Cyber security is not my problem My system is too critical to be scanned / patched The border firewall protects my system I use antivirus or I have a Mac, so I m safe 5

What Would We Have To Do? Segregate computing resources (re-architect entire network) Infrastructure, Business, Controls, PPS Multiple scientific subnets (to control lateral movement of attackers) Rebuild all affected servers and desktops Recovery operations only after cleaning verified successful Safety systems Dependencies Mission importance Critical projects Review/remove privileges admin, root, sudo No one outside of infrastructure services has admin privileges Change ALL passwords (internal and external users) Redesign and lock down remote access 6

Protections (Current) Blocking bad sites using federated model Attacking IP addresses shared between DOE labs Vulnerability scanning (expanding to more systems) Extensive patching (systems and 3 rd party applications) AntiVirus alerts and additional AntiVirus scanning (about 50/month 200-300 hours of lost time) Training (new employee/manager, annual) Lots of time-consuming, manual processes 7

Protections (In process) Web proxy help to block bad sites and malware (hope to reduce AV time lost) Alerts from log analysis to give earl(ier) warning of attack in progress More training to heighten awareness of the ever-changing attack vectors Increased emphasis on patching to catch up and stay current in the future 8

Protections (To Do) Define recovery plan including data classification Policy (and implementation) on removing elevated rights Re-architecture of network with appropriate boundaries / levels of access Perform current web application assessment plus incorporate security into application design and test Develop and implement appropriate controls on noncentrally managed systems (incl. internal, visitor, home) Macintosh support Lifecycle budgeting and planning Mobile devices (policy and implementation) 9

What You Can Do Now No web browsing or email (or external devices) when logged in with admin rights Remote access Reconsider the balance between convenience and safety Unmanaged home computers Smartphones / tablets with unknown other applications Institute safeguards to limit potential damage Start thinking about the priority and steps for recovery and continuing operation when a cyber attack occurs What s critical/important/wait for later? What are the dependencies? 10

The New World of Risk Management DOE now describes a Risk Management Framework for cyber security incorporated into the Contractor Assurance System Cyber Security can provide suggestions and help management to understand threats Management (at all levels) must determine appropriate protections (balancing cost & benefit) and accept the residual risk 11

Information Security Prayer Grant me the serenity to accept people who will not secure their systems; The courage to face them when they blame me for their problems; and The wisdom to go out drinking afterwards. 12

We re Here To Help 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback