Implementing Intrusion Detection System by Considering Insider Attacks
|
|
- Imogen Cain
- 8 years ago
- Views:
Transcription
1 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 4 호, 2008년 8월 Implementing Intrusion Detection System by Considering Insider Attacks Samir Kumar Bandyopadhyay 1) Abstract Insiders pose the top corporate security threat today. Recent reports indicate that insider breaches have risen from 80% to 86% of all incidents, with more than half occurring after employee termination. Not surprisingly, internal employees who are authorized to access company systems are most likely to be linked to fraud or a security breach and of all employees, IT staff members have the most resources to do so. In this paper the implementation of Intrusion Detection System against Insider Attacks is proposed. Also, the nature of insider attacks, problems are discussed. Keywords : IDS, Intrusion Detection System, Insider Attacks 1. Introduction Who are the insiders? Are they the malicious system administrator angry after not getting a raise? Are they the contractor being blackmailed into giving away intellectual property or the finance veteran padding retirement by selling employee compensation packages to a recruiter? Maybe they are a plant from a foreign government, competitor or even terrorist organization slowly extracting information? Or are they simply solid employees that were careless or negligent? The answer is: all of the above. They may not make up the majority of security incidents, but insider attacks have the most potential to cause the biggest losses within an enterprise. Think about it: trusted individuals know where the highest value information resides, they ve got legitimate access to mission-critical systems and in many cases management has no mechanism in place to track what these individuals are doing with the systems or the data. Information security experts are bracing for the law of unintended consequences to swing into action in 2009 as layoffs, downsizing and low morale bring the worst out of trusted insiders looking to profit off of proprietary intellectual property, customer contact lists, trade secrets and any other sensitive information. Many employees have admitted as much themselves in recent surveys on December (2008) 71 percent of participants in a survey reported that if they were fired tomorrow they would definitely take company data with Received(March 24, 2008), Review request(march 25, 2008), Review Result(1st:April 14, 2008, 2nd:May 03, 2008) Accepted(August 31, 2008) 1 Department of Computer Science and Engineering, University of Calcutta, Kolkata , India skb1@vsnl.com 295
2 Implementing Intrusion Detection System by Considering Insider Attacks them to their next employer [1]. 2. Related research Verizon's 2008 Data Breach Investigations Report, which looked at 500 breach incidents over the last four years, contradicts the growing orthodoxy that insiders, rather than external agents, represent the most serious threat to network security at most organizations. Seventy-three percent of the breaches involved outsiders, 18 percent resulted from the actions of insiders, with business partners blamed for 39 percent - the percentages exceed 100 percent due to the fact that some involve multiple breaches, with varying degrees of internal or external involvement. "The relative infrequency of data breaches attributed to insiders may be surprising to some. It is widely believed and commonly reported that insider incidents outnumber those caused by other sources," the report states. The whole insiders vs. outsiders debate has always been one of semantics more than anything else. If you count by attacks, there are a lot more outsider attacks, simply because there are orders of magnitude more outsider attackers. If you count incidents, the numbers tend to get closer: 75% vs. 18% in this case [2]. And if you count damages, insiders generally come out on top -mostly because they have a lot more detailed information and can target their attacks better. According to the Internet Threat Resource Center, 24 percent of all data breaches that hit financial institutions in 2008 were caused by insider threat. Similarly, 20 percent of government breaches and 16 percent of other business breaches were caused by internal attacks. Without a doubt, the most dangerous means to insider attacks in the last couple of years are the ubiquitous USB devices that have proliferated across the enterprise. Removable devices are incredibly prevalent - over 40,000,000 USB Keys sold last year and that does not count the ipods, iphones and other devices that have USB like capabilities [3]. An application developer, who lost his IT sector job as a result of company downsizing, expressed his displeasure at being laid off just prior to the Christmas holidays by launching a systematic attack on his former employer 's computer network. Three weeks following his termination, the insider used the username and password of one of his former coworkers to gain remote access to the network and modify several of the company's web pages, changing text and inserting pornographic images. He also sent each of the company 's customers an message advising that the website had been hacked. Each message also contained that customer 's usernames and passwords for the website. An investigation was initiated, but it failed to identify the insider as the perpetrator. A month and a half later, he again remotely accessed the network, executed a script to reset all network passwords and changed 4,000 pricing records to reflect bogus information. This former employee ultimately was identified as the perpetrator and prosecuted. He was sentenced to serve five months in 296
3 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 4 호, 2008년 8월 prison and two years on supervised probation, and ordered to pay $48,600 restitution to his former employer [6]. So it can be said that insider attacks are more dangerous then any other cyber attacks, because usually we don't fight against them even we may not suspect about it. Here is list of the rates of insider threats in organizations in the following critical infrastructure sectors [6]: banking and finance (8%) continuity of government (16%) defense industrial base (2%) food (4%) information and telecommunications (63%) postal and shipping (2%) public health (4%) In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally. And this is the insiders' common characteristics: The majority of the insiders were former employees. At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors. The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization. Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor. Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives. Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status. 297
4 Implementing Intrusion Detection System by Considering Insider Attacks The insiders ranged in age from 17 to 60 years (mean age 32 years) 17 and represented a variety of racial and ethnic backgrounds. Ninety-six percent of the insiders were male. Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced. Just under one-third of the insiders had an arrest history. Thirty percent of the insiders had been arrested previously, including arrests for violent offenses (18%), alcohol or drug related offenses (11%), and nonfinancial/fraud related theft offenses (11%). Whether an insider steals information for financial gain or simply leaves the organization open to a breach due to sloppy practices, the risks are costly to an organization. According to analysts with Forrester Research, the typical data breach can cost a company between $90 and $305 per lost record. Organizations stand to lose money in legal fees, the cost to report the breach to customers and fees from compliance organizations. What s more, they will lose even more in reputation damage, brand damage and customer departures. According to Ponemon Research [1], 20 percent of customers leave immediately upon finding out an organization suffered a breach. Clearly, this is a risk that cannot be ignored. In August 2008 news reports surfaced of a Countrywide employee who had been downloading up to 20,000 customer records to a USB device every weekend over the course of two years. The mortgage company had a policy against USB devices and disabled USB ports. Lending Tree sent letters out to customers in 2008 informing them that their information was compromised by a breach caused by unscrupulous former employees. These enterprising souls decided to steal company passwords in order to take them to several lenders with no affiliation to Lending Tree [4]. The resulting access to detailed customer data would allow them to target Lending Tree customers with their own mortgage offers. 3. Implementing security precautions against insider threats 298 In order to neutralize the threats posed by insiders with ample motivation, IT departments must take away the means and the opportunities to commit crimes. By creating strategic policies and by automating the monitoring, enforcement and reporting of those policies, organizations can understand how employees and partners are engaging with IT assets and intellectual property. Employee fraud is built on a triangle opportunity, motive, and rationalization. Effective controls require attention to all three angles. Below described are some ways [3] to implement these controls and reduce the opportunities of the staff has to defraud: 1. IT security policies 2. "Super user" accounts and access 3. Account and password configuration standards
5 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 4 호, 2008년 8월 4. Controlled access to passwords 5. Service accounts, aka "machine" accounts 6. High risk users and roles 7. Security awareness program 8. Background screening 9. Event logging 10. Evidence But keeping authorized users from manipulating their access to the system to exploit sensitive information makes the administrator s job that much harder. Not only must security personnel combat the inside attackers privileged knowledge of a specific network, but they have few attack prevention and detection products with which to do so. This is particularly true of intrusion detection systems (IDS), most of which are designed and implemented to detect external threats. However, this does not have to be the case. As security admins are starting to realize, IDSs can be a valuable tool in the effort to prevent and detect insider attacks. 4. Implementing Intrusion Detection System against Insider Threats [Fig. 1] Intrusion detection system against insider attacks We offer to use IDS to prevent or at least to reduce insider attacks and threats. However, configuring an IDS to detect internal attacks can be difficult. Part of the challenge lies in creating a good rule set for the internal IDS. The reason the rule set needs to be different is due to the fact that different network users require a different amount of access to different services, servers, and systems for their work. The rule set of the internal IDS system should be created so that all the static of employees day-to-day work activities, such as accessing various services and servers, does not trigger attack warnings, and only the important information is reported. 299
6 Implementing Intrusion Detection System by Considering Insider Attacks The logging and reporting of attacks by the internal IDS systems can be used to do much more than detect specific, isolated, and unrelated attacks. By combining the data from all internal IDS systems, system administrators can identify attack trends and patterns. Once attack trends and patterns are identified, the admins will be more able to identify any network users who pose a threat to network security, have been exhibiting any malicious network behaviour, or who are doing anything that is against company policy in general. Once these users have been identified, the proper action can be taken to prevent any successful intrusions or the continuance of the activity. A combination of IDS systems should be used to detect insider attacks. The systems that can be deployed to assist in combating against insider attacks include network intrusion detection systems (NIDS), network node intrusion detection systems (NNIDS), host-based intrusion detection systems (HIDS), anomaly-based intrusion detection systems, and the analytical powers of the distributed intrusion detection system (dids) [5]. These systems each have their uses within the network, along with certain advantages and disadvantages, all of which shall be discussed. The use of network taps to allow some of these systems to operate will also be covered, as well as general security guidelines to follow with regards to deploying the various IDS systems. A combination of IDS systems should be used to detect insider attacks. The systems that can be deployed to assist in combating against insider attacks include network intrusion detection systems (NIDS), network node intrusion detection systems (NNIDS), host-based intrusion detection systems (HIDS), anomaly-based intrusion detection systems, and the analytical powers of the distributed intrusion detection system (dids). These systems each have their uses within the network, along with certain advantages and disadvantages, all of which shall be discussed. The use of network taps to allow some of these systems to operate will also be covered, as well as general security guidelines to follow with regards to deploying the various IDS systems. NIDS systems can be used as a broader detection tool, to detect attacks against a number of networked systems within its particular network segment. This type of system provides the greatest scope of monitoring, and would be best suited for a general IDS system that covers non-critical systems or as a secondary IDS for critical systems. A good example of where a NIDS might be deployed(when protecting against internal threats) is right between a division router, and that division s actual systems. By doing this, any attacks against any system in that division would be detected and reported to network administration. NIDSs may also be deployed on switches, hubs, or any other point where multiple systems are networked together, usually through the use of a network tap. NNIDS systems are ideally suited to be on critical systems, such as database servers and backup servers. This IDS system detects attacks only against the network node on which it is installed; it does not worry about any other attacks that may be occurring on other parts of the network. This limits the scope of the NNIDS, but allows extra detection abilities for mission critical systems. HIDS systems are less concerned with actuallydetecting attacks from a network/protocol perspective; instead, 300
7 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 4 호, 2008년 8월 theycontinually look at system logs, critical system files, and otherresources that may be monitored for any suspicious activity such ascritical file modifications, or suspicious patterns of activity. Some of the specific things a HIDS can monitor include event logs, IDS logs, system files, and the windows registry. When it monitors the system files and windows registry, it creates and stores a snapshot of the last known clean system. It then compares this clean snapshot against the current state of the system to detect any modified files, etc. If it detects any modifications, or suspicious activity in the logs, it simply alerts the administrators to thechanges, and appropriate action can then be taken. While the HIDS doesn t differentiate between internal and external attacks, it will notify the system administrator of an unauthorized file change that, if conducted by an inside attacker, will be detected more rapidly than without the HIDS. HIDS are usually installed on critical workstations, and servers that require the extra layer of protection that is on top of the regular IDS system installed. Anomaly-based intrusion detection systems are a relatively new idea. In combating an internal threat, the idea behind an anomaly-based IDS is to establish a baseline of normal activity by what types of traffic are going across the network destined to specific systems, or originating from specific systems and in what amounts innormal working conditions. Any deviance from that baseline in either traffic type, or amount could then be detected and considered a potential incident. Anomaly-based intrusion detection systems are becoming more and more important in protecting networks from insider attacks. This is largely because they solve the difficulty of allowing certain users access to certain systems but not others. The anomaly-based IDS solves this by only detecting things out of the normal base line for that user, thus circumventing this problem without a lot of analytical time that would normally be used to filter out the static, or normal traffic from the attack logs of other IDS systems. Anomaly based IDS are usually deployed in the same locations that a NIDS would be, which is to say, switches, hubs, or anyother point where multiple systems are networked together Many system administrators find it difficult to review the data from all of the networks IDS systems. On a large network with an understaffed IT department and a large number of IDS logs, there are not enough hours in the day to review all the information that may be generated. This problem, however, can be taken care of by implementing a dids system. dids systems, in their mostbasic form, collect and aggregate attack logs from multiple IDS and firewall devices. This allows system administrators to view attack information in an aggregated form at a centralized location. This reduces the time needed to review the log files and allows the administrators to have a broader view of attack trends and patterns across the network, thus achieving the goal of identifying attack trends and patterns as described earlier, in a simple manner. The dids system helps prevent and detect insider attacks by considerably shortening the amount of time system administrator srequire to review logs files, and identify attack trends and patterns. By reducing the amount of time required to review log files and identify attack trends and patterns, insider attacks will be 301
8 Implementing Intrusion Detection System by Considering Insider Attacks discovered quicker than most conventional methods, as well as allow the system administrators to identify possible future attacks before they happen. 5. Conclusion In our paper we offered a network model using IDS to identify Insider threats. No matter how much an organization prepares for today s security threats, the risks continue to evolve. Employees come and go. IT infrastructures grow and incorporate new technologies that can introduce unforeseen vulnerabilities. To keep sensitive data protected, organizations must work continuously to remain a step ahead of potential attacks. Security systems should play a significant role in these ongoing efforts. References [1] New Insider Threat Emerges in the New Economy, January 2009; [2] Schneier on Security, June 2008; [3] [4] [5] [6] Michelle Keeney, Dawn Cappelli, Eileen Kowalski "Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors" Carnegie Melon Institute, May Authors Samir Kumar Bandyopadhyay B.E., M.Tech., Ph. D (Computer Science & Engineering), C.Engg., D.Engg., FIE, FIETE, currently, Professor of Computer Science & Engineering and Registrar, University of Calcutta, visiting Faculty Dept. of Comp. Sc., Southern Illinois University, USA, MIT, California Institute of Technology, etc. His research interests include Bio-medical Engg, Mobile Computing, Pattern Recognition, Graph Theory, Software Engg.,etc. He has 25 Years of experience at the Post-graduate and under-graduate Teaching & Research experience in the University of Calcutta. He has already got several Academic Distinctions in Degree level/recognition/awards from various prestigious Institutes and Organizations. He has published 300 Research papers in International & Indian Journals and 5 leading text books for Computer Science and Engineering. He has visited USA, Finland, Sri Lanka. 302
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203
More informationInsider Threat Study:
Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors Michelle Keeney, J.D., Ph.D. Eileen Kowalski National Threat Assessment Center United States Secret Service Washington,
More informationGovernment Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials
Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials 1 Introduction Data privacy is a growing concern for the US government as employees conduct business
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationThe Key to Successful Monitoring for Detection of Insider Attacks
The Key to Successful Monitoring for Detection of Insider Attacks Dawn M. Cappelli Randall F. Trzeciak Robert Floodeen Software Engineering Institute CERT Program Session ID: GRC-302 Session Classification:
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationFile Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions
File Integrity Monitoring Challenges and Solutions Introduction (TOC page) A key component to any information security program is awareness of data breaches, and yet every day, hackers are using malware
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationManaged Security Monitoring: Network Security for the 21st Century
Managed Security Monitoring: Network Security for the 21st Century Introduction The importance of Security The Internet is critical to business. Companies have no choice but to connect their internal networks
More informationDisaster Recovery Planning Save Your Business
Disaster Recovery Planning Save Your Business Your business at risk! Your company is at risk for failure in the event of disaster Your data is at risk for costly loss Your revenue is at risk with lack
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationInsider Threats in the Real World Eavesdropping and Unauthorized Access
Insider Threats in the Real World Eavesdropping and Unauthorized Access A Visual Data Security Whitepaper Prepared by: OptioLabs Camden Yards 323 West Camden Street, Suite 801 Baltimore, Maryland 21201
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationSpectorSoft 2014 Insider Threat Survey
SpectorSoft 2014 Insider Threat Survey An overview of the insider threat landscape and key strategies for mitigating the threat challenge Executive Summary SpectorSoft recently surveyed 355 IT professionals,
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationAN INFORMATION GOVERNANCE BEST
SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationHIPAA Compliance with LT Auditor+
HIPAA Compliance with LT Auditor+ An Executive White Paper By BLUE LANCE, Inc. BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com On February 20, 2003, the Department of Health and Human
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationCOUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA
COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA 09/1 8/2009 version UNCLASSIFIED//FOR OFFICIAL USE ONLY Cl VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA DEFINING COUNTERINTELLIGENCE
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationCyber Security for Start-ups: An Affordable 10-Step Plan
SESSION ID: ECO-W03 Cyber Security for Start-ups: An Affordable 10-Step Plan David Cowan Partner Bessemer Venture Partners @davidcowan Acknowledgements Startups don't like friction to get their job done.
More informationHow to Secure Your SharePoint Deployment
WHITE PAPER How to Secure Your SharePoint Deployment Some of the sites in your enterprise probably contain content that should not be available to all users [some] information should be accessible only
More informationWHITE PAPER WHAT HAPPENED?
WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more
More informationState of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:
State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationFederal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad
Federal Bureau of Investigation Los Angeles Field Office Computer Crime Squad Overview FBI and Infrastructure Protection Cyber Crime Cases Cyber Law What to do Infrastructure Protection: Traditional Threat
More informationELECTRONIC INFORMATION SECURITY A.R.
A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationHunting for Indicators of Compromise
Hunting for Indicators of Compromise Lucas Zaichkowsky Mandiant Session ID: END-R31 Session Classification: Intermediate Agenda Threat brief Defensive strategy overview Hunting for Indicators of Compromise
More informationRecognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions
Building a Smarter Planet with Advanced Cyber Security Solutions Recognize Nefarious Cyber Activity and Catch Those Responsible with Highlights g Cyber Security Solutions from IBM InfoSphere Entity Analytic
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationC. Universal Threat Management C.4. Defenses
UTM I&C School Prof. P. Janson September 2014 C. Universal Threat Management C.4. Defenses 1 of 20 Over 80 000 vulnerabilities have been found in existing software These vulnerabilities are under constant
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationProtecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi XXVIII Convegno Annuale del CMG-Italia Milano - 28 Maggio 2014 Roma
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationPension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing 2001 - An Update
Pension Benefit Guaranty Corporation Office of Inspector General Evaluation Report Penetration Testing 2001 - An Update August 28, 2001 2001-18/23148-2 Penetration Testing 2001 An Update Evaluation Report
More informationRecession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change
Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI Final Draft for March 2009 CSI Alert I
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More information5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment Contents IT S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More information