ETPG6 Five Low-Cost Security Takeaways 8/21 3:30pm Governor s Ballroom CD. Presented by Jerry Askew, Eric Richards & Kevin Svec

Transcription

1 ETPG6 Five Low-Cost Security Takeaways 8/21 3:30pm Governor s Ballroom CD Presented by Jerry Askew, Eric Richards & Kevin Svec

2 Presenters: Jerry Askew, Eric Richards & Kevin Svec Five Low-Cost Security Takeaways Thank you for being here today August 21, :30pm 4:30pm Governer s Ballroom CD

3 Five Low-Cost Security Takeaways With security being such a fundamental aspect of businesses survival, it s often forgotten that there are solutions available for minimal cost, that can offer a great deal of benefit to your organization.

4 KeePass Password Management Database

5 KeePass Password Management Database

6 KeePass Password Management Database Why use a Password Management Database Keep track of site registrations / when registered Generate truly secure passwords Use different passwords for each site Store Answers to secret questions Store key material, certificates, etc.

7 KeePass Password Management Database Why use KeePass Open Source offers auditing opportunity Multiplatform Windows, Linux, Android High Quality Application

8 KeePass Password Management Database KeePass Features Local Storage with Synchronization capability Multiple Export Options Auto-type with window recognition and macros Full text search File Attachments for key material, certs, etc.

9 KeePass Password Management Database Usage Tips Choose a strong master password or passphrase Not used anywhere else Back up frequently Key file can be used to supplement password

10 KeePass Password Management Database

11

12 Splunk Log Correlation and Analysis

13 The Case for Log Correlation and Analysis Today s advanced attacks require more behavior-based analysis Detection abnormal user account activity Notification on escalation of privilege Detection of configuration changes on devices Unexplained process or file changes Forensics Quickly determining the extent of a compromise Lateral movement of attackers on the network Activity associated with compromised accounts Adhering to Security Frameworks or meeting compliance objectives HIPAA SOX GLBA Etc.

14 Log Management - Splunk Splunk allows you to aggregate, search, and visualize machine data Server runs on Windows, and most Linux distros Software installation is very simple Small deployments run easily on a single virtual machine Clients can send logs, text, or performance information using a variety of protocols and input methods Splunk offers a software Universal Forwarder agent that runs on Windows and Linux machines Splunk Apps and Add-ons extend the functionality of the base product The free version can index (collect) up to 500mb per day

15 Splunk Simple Free Form Search - SPL

16 Splunk Interesting Fields

17 Splunk Boolean Search

18 Splunk Data Statistics and Visualization

19 Splunk Data Statistics and Visualization

20 Splunk Security and Compliance Apps Over 180 security and compliance-related apps available for security Cisco, Microsoft, F5, Bluecoat, OSSEC, Juniper, Palo Alto, and many others. Free App for IP Reputation Leverages Project Honey Pot Threat Intelligence Database

21 Splunk Apps Splunk App for Enterprise Security Facilitate investigations Asset Investigator Threat Indicators Alerting

22 Splunk App for Windows Infrastructure

23 Splunk Online Sandbox

24

25 TrueCrypt Have reports of its death been exaggerated?

26 TrueCrypt Open Source Full Disk Encryption TrueCrypt On The Fly Full Disk Encryption (OTF FDE) Widely used and regarded as secure Original developers have stepped away as of May 28 th Despite the dramatic announcement: Independent audit is continuing Broad interest in continuing development Truecrypt.ch Watch Gibson Research

27

28 Lansweeper Asset Management

29 Asset Management Lansweeper Why Invest Resources In Asset Management? Most IT security-related efforts require a continuous inventory of what you are attempting to protect Ensure systems remain compliant with standard configurations Need a system of record with good intake and retirement process to reconcile other systems Detect theft and configuration changes

30 Asset Management Lansweeper What is Lansweeper Network Inventory? Runs on Windows XP SP3 to Windows Server 2012 Requires.NET Framework 4 SQL database is required 10 minute installation / configuration Price - $995 for one server and unlimited hosts Agentless scanning

31 Lansweeper Data Input via Discovery Automated Discovery of all types of network devices using Windows Credentials Active Directory Domains SSH Credentials SNMP Others

32 Lansweeper Manual Data Input Manual

33 Lansweeper Search

34 Lansweeper Asset Drill Down

35 Lansweeper Asset Drill Down

36 Asset Management Lansweeper Built In Reporting

37 Asset Management Lansweeper Custom Reports

38 Asset Management Lansweeper Sampling of Built-In Reports: New devices discovered All workstations/servers without anti-virus Automatic startup services currently stopped Shared folders (visible and hidden) Configuration changes Unauthorized administrators Custom Reports: Missing a software packages Computer uptime reports Uncategorized systems

39

40 Policies and Procedures Something Every Company Should Do Security isn t just about software: Application Policies Access Policies (Vendor Access) Social Engineering (Training the End-Users) Risk Assesments

41

42 Resources KeePass Password Database: Lansweeper Network Inventory Installer File: Lansweeper Documentation: Splunk Download: Splunk Documentation: Splunk Search Commands Cheat Sheet: Splunk Apps for Security and Compliance: TrueCrypt on Wikipedia: Partnering for Cyber Resilience - SANS Critical Security Controls -

43 Questions We ll now open it up for questions

44 Thank You

45