A Systematic Method to Understand Security Risks in a Retail Environment
|
|
- Cassandra Phillips
- 7 years ago
- Views:
Transcription
1 A Systematic Method to Understand Security Risks in a Retail Environment Version 1.03 Final Prepared by Michael Howard, Senior Principal Cybersecurity Architect Mark Simos, Cybersecurity Architect Sean Finnegan, Cybersecurity Director Vic Miles, Retail Technology Strategy 1
2 Table of Contents 1 Introduction The Process A Logical Retail Model External Entities Processes Data Stores Data Flows Infrastructure Control Domains Administrative Configuration and Management Administrative Operations and Practices Next Steps Conclusion Appendix A A Brief Overview of Threat Modeling and STRIDE Streamlining STRIDE for Processes Further Threat Modeling Reading (c)2013 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. 2
3 1 Introduction All computer systems are subject to attack by malicious insiders and external entities. In some cases the damage caused by an attack might be insignificant, or in other cases incredibly high. The damage depends on the skills and motivations of the attackers and the value of the assets they compromise. Retail systems, like many other vertical industry systems, secure assets that are incredibly sensitive, and if breached can lead to loss of assets, loss of brand reputation, loss of customer trust, and potentially legal action. Many of our clients have asked the Microsoft Cybersecurity team to help them define a way to systematically assess the strength of their enterprise systems. Cybersecurity professionals agree that an effective review of the security posture of an enterprise must consider the entire operating environment, regardless of operating systems and deployment scenarios; and that is the goal of this whitepaper. In writing this paper, we used a combination of skills including enterprise systems security expertise and retail domain expertise. By combining the two domains, we have defined a process called Retail Threat Modeling that takes a logical view of a retail environment and maps that onto a security discipline referred to as threat modeling. This paper includes appendices that explain some topics in more detail. The goal of this paper is to help our retail clients understand how they can determine the inherent risk in their systems, and to make sure appropriate defenses are in place. Note The word systematically is important. Analysis of systems for security issues must be complete and structured. Unfortunately, much of the security analysis process performed today is ad-hoc and non-deterministic. The process proposed in this paper is systematic, deterministic and structured. Page 3
4 2 The Process The process involves taking a logical view of a retail system and then applying the threat modeling process to each of the elements in the logical diagram. The Microsoft Security Development Lifecycle 1 threat modeling process will systematically derive a list of threats to the system and from that exploration a list of appropriate mitigations and defenses can be determined. For each area of the logical model we will include known attacks and best practices. Additionally we will provide a perspective from the point of view of a cybersecurity professional who has performed the threat modeling process with many enterprise clients. If the reader is not familiar with the threat modeling process, we would recommend a review of Appendix A A Brief Overview of Threat Modeling and STRIDE. For best results evaluating a retail system, it is useful to have retail and cybersecurity subject matter experts working together on the analysis. 3 A Logical Retail Model Below is a logical model of a typical retail system, we want to caveat this with the recognition that the retail model is dynamic among retailers and their suppliers. If an environment differs widely from this model, then a new model would be built and the threat model would be built against the updated model. The logical model must contain entities for all information that is sensitive, such as any shopper personally identifiable information (PII). The process begins with an accurate system diagram. 1 Page 4
5 Figure A Logical Retail System model The threat modeling process requires that we take each of these elements in the diagram, and apply the STRIDE mnemonic, then we will consider the mitigations and industry best practices. First, we start with the external entities (rectangles) and determine the threats that apply to each. 3.1 External Entities External entities are subject to spoofing and repudiation; but generally speaking repudiating an external entities transactions are an issue with the rest of the system, most notably the processes that track ordering data and such, so we will focus on spoofing. Element STRIDE Questions to Consider Suppliers S How are suppliers authenticated? How is their privilege controlled and authorized. Where and how are their credentials issued, stored, protected and revoked? This applies to all suppliers beyond the core IT infrastructure. Corporate Employees S How are corporate employees authenticated by whatever processes they communicate with? How is their privilege controlled and authorized. Where and how are their credentials issued, stored, protected and revoked? Page 5
6 Store Employees S How are store employees authenticated by whatever processes they communicate with? How is their privilege controlled and authorized. Where and how are their credentials issued, stored, protected and revoked? Sales & Mktg S How are sales and marketing people authenticated? How is their privilege controlled and authorized. Customers S How are customers authenticated in-store and on the web? Admins S How are admins authenticated? How is their privilege controlled and authorized. Payment Processor S How do the internal systems know they are communicating with the correct payment processor? What authentication scheme is used and how is it enforced? Issuing Bank S How does the payment processor know it is communicating with the correct issuing bank? What authentication scheme is used and enforced? Threat Modeler s Perspective: Least Privilege The single most important defense in any system, including Windows, is to operate the system with the lowest possible privilege. For example, staff at the point of sale should never run their system with administrative privileges. In Windows, there are some privileges that can be granted to accounts that are a small step away from being a full-fledged administrator. The following privileges should be granted only to highly trusted users: Allow log on as a service, Access this computer from the network, Allow logon through Remote Desktop Services, Act as part of the operating system, Backup files and directories, Restore files and directories. Similarly in Active Directory, membership in groups such as Domain Admins and Enterprise Admins should be restricted to a very small number of accounts requiring that privilege. We cannot stress enough how important it is to operate a least privilege environment. If an attacker can gain administrative rights on a system, he can access highly sensitive data such as passwords and account information and use that as a beachhead into the rest of the organization. This is especially true if accounts are shared across multiple devices through account traversal attacks (explained later.) 3.2 Processes Next we look at processes, these are quite complex as they have all the STRIDE threats; however, in practice, it is possible to group the threats as S, TRID and E, because many of the mitigations for all the TRID threats are similar (access control.) Element STRIDE Questions to Consider Page 6
7 POS S How does a user of the system know it s a valid system? What authentication scheme is used? If any. TRID E How does a user of the system know the system has not been tampered with? For example, a rogue set of software or a card skimmer? How do admins verify the system is correct? Same applies to the POS underlying operating system. What kind of malware detection is in use? Does the system execute with the least amount of privilege to perform its routine tasks? Also, is the account used on the POS used elsewhere in the system? See sidebar below about shared accounts. Web Site S How does a user know the site is the correct site and not a rogue? DNS cannot be relied upon, SSL/TLS is usually the correct response. Where are the SSL/TLS keys stored? Sales & Inventory system ERP/Internal Systems TRI D E S TRID E S TRID E How do admins know the site is correct and has not been tampered with? See the Data Store: Web pages and logic for further detail. How are denial of service attacks addressed? Does the web server code run with lowest privilege and is all access to all database assets performed at lowest privilege also? Also, is the account used on the POS used elsewhere in the system? How do users authenticate the sales & inventory system is the correct host? How does a user of the system know the system has not been tampered with? How do admins verify the system is correct and the operating system is correct? What kind of malware detection is in use? Does the system execute with the lowest possible privilege? Also, is the account used on the POS used elsewhere in the system? How do systems that depend on this process know they are communicating the correct system? What authentication schemes are used? How does a user of the system know the system has not been tampered with? How do admins verify the system is correct and the operating system is correct? What kind of malware detection is in use? Does the system execute with the lowest possible privilege? Also, is the account used on the POS used elsewhere in the system? Page 7
8 Card Reader S Is there a mechanism to verify the authenticity of the card reader? When the POS talks to said reader, what authentication mechanism is used? TRID E How is the card reader protected from tampering? Is there a way to determine if the reader is running the correct operating code? Does the code on the reader execute with lowest possible privilege? Also, is the account used on the POS used elsewhere in the system? Threat Modeler s Perspective: Malware The fact that malware can exist on a system is a tampering threat to the underlying system, and the way tampering threats are mitigated is with integrity controls: once a system s integrity is about to be compromised, then some system, for example anti-malware or application whitelisting comes into play. There are multiple 3rd party whitelisting solutions as well as the Microsoft AppLocker or Software Restriction Policies that are built in to Windows. While it will likely require some testing to verify it does not impact the operations of the POS device a whitelisting solution should restrict the device to just running the desired Point of Sale application. Account Lateral Traversal Attackers may choose to attack one or more devices (including POS) over the network using exploits or even using a physical attack on a device in a store 2. However, it is difficult to compromise hundreds or thousands of devices using these methods and in many attacks it is common that attackers leverage some sort of lateral traversal using stolen (information disclosure threat) but legitimate privileged credentials to compromise a large number of devices. Microsoft has extensive experience in countering these types of attacks as they are often used by Determined Adversaries 3 to quickly gain access to information from across the enterprise after compromising a small number of systems. Microsoft has previously published general guidance on countering these threats in the white paper Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. 4 Shared Accounts It is common in enterprise systems to use accounts that are shared between multiple endpoints. This can make the system easier to manage, but it also can create a potential risk to the system that administrators must be aware of. The three common types of shared accounts are: (a) Shared Service Accounts, (b) Shared Administrator Accounts and (c) Shared User Accounts. Organizations must audit their environments and list all accounts that are used and where the accounts are used. 2 The discussion of protection against physical attacks on POS devices is out of scope for this paper Page 8
9 3.3 Data Stores Next we look at the where the data is stored; as a general rule, the two most important threats are information disclosure (i.e.; getting a customer list or credit card list) and tampering (i.e.; changing a web site s pages.) Element STRIDE Questions to Consider Web pages & logic T I When developers push new web application changes, how do you know they are correct and always correct until the next update is performed? What are the permissions on the assets? Is there any sensitive data in the web site assets (pages and application logic) such as encryption keys and passwords? What are the permissions on the assets? Customer data T How do you know the data is correct and has only been updated by valid personnel or systems? What are the auditing policies and technologies used? Sales & Inventory Data I T I Is there any personal or sensitive data? If yes, then this raises the risk substantially. How is the data protected from disclosure? How do you know the data is correct and has only been updated by valid personnel or systems? What are the auditing policies and technologies used? Is there any personal or sensitive data? If yes, then this raises the risk substantially. How is the data protected from disclosure? Loyalty T How do you know the data is correct and has only been updated by valid personnel or systems? Account Received I T I Is there any personal or sensitive data? If yes, then this raises the risk substantially. How is the data protected from disclosure How do you know the data is correct and has only been updated by valid personnel or systems? What are the auditing policies and technologies used? Is there any personal or sensitive data? If yes, then this raises the risk substantially. How is the data protected from disclosure Credit Card Info T How do you know the data is correct and has only been updated by valid personnel or systems? Page 9
10 I Clearly, this is personal or sensitive data and must be protected at all costs. The minimum bar should comply with PCI requirements. Threat Modeler s Perspective: Protecting Sensitive Data It is difficult to protect sensitive data on a device where the attacker has complete control of the operating system. However, dedicated hardware devices that never expose unencrypted data to the terminal can provide a safeguard provided that the encryption key is never shared with the terminal. Through the use of encrypting card reader hardware or cards that have a built in cryptographic processor the card data can be encrypted so that it is inaccessible to attacker malware running on the POS device. This assumes that no customer PII is visible to the terminal either in the initial card swipe, or in the authorization data returned to the POS terminal from the payment system. In addition, many retailers have separate loyalty programs that may contain customer PII although typically not credit card data. While this may be of less interest to an attacker this data still could be stolen by malware on the POS device and as a result just encrypting the credit card data at the swipe is not a panacea to preventing the theft of customer PII. 3.4 Data Flows Data flows are how data moves throughout a system, often over networking interfaces. Most non-trivial systems have an explosion of data flows, and each one must be evaluated. Like datastores, the core threats are tampering and information disclosure, but in the interests of brevity, we will treat both together as most mitigations will be available from the networking protocol in use. Also in the interests of brevity, we will only describe a subset of the data flows. One security best practice is to require SSL/TLS or IPsec throughout the system. SSL/TLS would require that all communication end-points understand SSL/TLS, but IPsec could be deployed as networking policy. Not only do these protocols provide channel encryption and tamper detection, but they can also provide end-point authentication. Element STRIDE Questions to Consider Credit Card Reads POS Admin Web site TI TI Is the credit card information protected from disclosure or tampering as it moves to/from the POS and reader? In some cases, the card reader might perform the encryption and tamper detection so the channel need not necessarily be encrypted. What networking protocol is used when admins communicate with the web site? Does it provide T & I defenses? Is there any sensitive data that might go across the wire? Page 10
11 Customers Web site Web site web pages & logic TI TI What networking protocol is used when users communicate with the web site? Does it provide T & I defenses? Is there any sensitive data that might go across the wire? This is file I/O and low risk. If the attacker has inserted themselves into this data flow, they are already on the box. Admin POS TI What networking protocol is used when admins communicate with the POS? Does it provide T & I defenses? Is there any sensitive data that might go across the wire? Credit Card Info Sales & Inventory System Other data flows TI What networking protocol is used between the credit card database and the sales and inventory system? As this data is sensitive, there must be viable mitigations against disclosure and tampering in place. 4 Infrastructure Control Domains In addition to the architecture of the system itself assessed by the threat model, retail organizations must also consider the configuration, operation, and management of the infrastructure hosting the system. Attackers have exploited these configurations actively in many industries, including retail. Attackers exploiting these underlying management layer of a system can typically span all forms of the STRIDE model by controlling the data stores, processes, and entities on these hosts. 4.1 Administrative Configuration and Management Management systems have control over hosts and the applications running on them, enabling them to alter the function of the systems under their control. This allows an attacker in control of the management tools to circumvent or disable security architecture and controls. For example configuration management agents on hosts can run arbitrary code, with SYSTEM level access. This is required on all types of operating systems to provide centralized management. As such any host joined to a domain is subject to scripts, configuration changes, and policies that could result in full control of the host. This is why it is important to consider the entire system during the threat modeling process. The typical span of control can be very large. From a security perspective it is necessary to limit the scope of this control by segmenting the operating environment from highly sensitive areas. Because adding segmentation can cause a level of Page 11
12 additional systems management overhead, a balance must be found between administrative effectiveness and efficiency vs. the security benefits from the containment effect. In a retail organization, this may resemble a diagram similar to the following: Figure Management of a Logical Retail System model Page 12
13 4.2 Administrative Operations and Practices In addition to the static architecture and static configuration of management tools, the use of credentials in control of the retail systems as well as the management tools controlling them can create a vector for controlling the system through credential theft. Attackers that steal administrative credentials from a host where they are used (such as an administrator s desktop computer) can abuse the privileges associated with that account, throughout the scope of that accounts control. The diagram below illustrates this and indicates the need to limit the scope of control for a single credential. Figure Credential theft vectors for attacking a Logical Retail System Page 13
14 5 Next Steps Microsoft recommends, as an initial action, that all retail enterprises build a threat model to fully understand the risks across the entire infrastructure. This full system view will involve engineers and administrators of all systems, not just Microsoft based systems. To do this, use Figure 1 as a starting point and create a model for the specific retail environment. Next, apply the STRIDE mnemonic to all the elements in the diagram as described in Appendix A A Brief Overview of Threat Modeling and STRIDE on page 15. For each of the STRIDE threat types, determine what is used to mitigate the threat. For example, if there s an Information Disclosure threat against credit card information held in a database, how is that data protected? Generally, the protections are access control and permissions, and encryption. Are any of these employed? If no, why not? And if yes, are the defenses correct or at the very least, adequate? Finally, Microsoft recommends that all retail organizations evaluate the configuration and operation of Active Directory and endpoint management tools used to manage and monitor the production environment. Admittedly, if the company is new to the threat modelling process or security analysis of infrastructure management, some help will be required from people familiar with these processes. 6 Conclusion The process of threat modeling is a valuable tool to help businesses in the retail sector holistically understand the security and privacy implications of their systems. Threat modeling uses a high-level solution diagram with various threat categories (STRIDE) applied to it to determine how an attacker can attack a system, and from there, mitigations can be determined. If there is a missing mitigation, then the risk can be determined, or a mitigation sought. The core point of threat modeling is to understand which threats are mitigated, and which are not to help understand what further action, if any, is needed to make the system secure from todays sophisticated attackers. Page 14
15 Appendix A A Brief Overview of Threat Modeling and STRIDE Threat modeling helps systems designers uncover potential insecure design issues in a system. The process of building a threat model is straightforward, and involves identifying the core elements of the system such as the processes, the data storage systems, how the data flows through the system and the external entities that interact with the system. Once this is known, the list of potential threats is automatically determined using the STRIDE mnemonic. The elements of STRIDE are: S Spoofing. The ability to pose as someone or something else. T Tampering. The unauthorized ability to change something. R Repudiation. The ability to disavow a transaction. I Information Disclosure. The unauthorized ability to view something. D Denial of service. The ability to degrade service. E Elevation of privilege. The ability to elevate capabilities. Think of STRIDE as CIA (Confidentiality, Integrity and Availability) but more fine-grained, and from an attacker s viewpoint. Elements in the system diagram are subject to various STRIDE categories. For example a data flow between two processes (think: web browser to web server, or web server to database server) is subject to T, I & D. The next step is to determine which of these threats are a real risk. For example, do you care if an attacker can view (Information Disclosure) the data on the wire that flows from the web server to the web browser? If the answer is Yes then that threat must be mitigated, and the way I threats are mitigated is with confidentiality techniques such as access control policies or encryption. At this point, the appropriate mitigation is selected. This often requires using defenses and mitigations specified in the enterprise architecture. Element Type Data at Rest Data on the Wire Process External Entities (items that influence your system, but you do not control) STRIDE Applicability TID (potentially R if data is an audit log) TID STRIDE SRD Page 15
16 This process continues until all STRIDE elements for each application diagram element are addressed. Addressing the threats depends on the threat type. For example, Spoofing threats are mitigated with the logical process of authentication. The type of authentication varies by the element being authenticated. For example, users and computers could be authenticated using: IPSec SSH Kerberos SSL/TLS Basic authentication Digest authentication NTLM authentication Forms-based authentication OAuth But code and data would be authenticated using: Message authentication codes Digital signatures The following table is a list of threat types mapped to mitigation techniques and some examples technologies. STRIDE Element Mitigation Technique(s) Sample Technologies Spoofing Authentication SSL/TLS, Kerberos, Shared secret Tampering Integrity Permissions (operating system and firewall), cryptographic techniques (hashing, digital signatures and message authentication codes) Repudiation (most are T threats) Information Disclosure Non-Repudiation Confidentiality Strong authentication, authorization and tamper detection. Trusted third-parties. Permissions (operating system and firewall), encryption. Denial of Service Availability Load balancing, throttling, firewall ACLs Elevation of Privilege Least Privilege and Authorization Permissions and running systems with non-admin accounts. Page 16
17 Streamlining STRIDE for Processes When evaluating all threats that relate to processes all STRIDE it s possible to compress the amount of work required by focusing on S, TRID and E as three distinct groups, asking the following questions: Spoofing how is the process authenticated? Elevation does the process run with the least possible privilege? TRID what are the permissions on the process while on disc and how do you know the process is the correct process and not a rogue (ie; malware)? Further Threat Modeling Reading Howard, M. & Lipner, S., The Microsoft Security Development Lifecycle, Microsoft Press 2006 Shostack, A. Threat Modeling: Designing for Security, Wiley 2014 Page 17
Understanding and evaluating risk to information assets in your software projects
Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationThreat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Threats, vulnerabilities, and enemies Goal Learn the cloud computing threat model
More informationIntroduction to Microsoft Security Development Lifecycle (SDL) Threat Modeling
Introduction to Microsoft Security Development Lifecycle (SDL) Threat Modeling Secure software made easier Presenter Name Date Course Overview Introduction and Goals How to Threat Model The STRIDE per
More informationHybrid for SharePoint Server 2013. Search Reference Architecture
Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationPass-the-Hash. Solution Brief
Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationSOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013
SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationMobile Application Threat Analysis
The OWASP Foundation http://www.owasp.org Mobile Application Threat Analysis Ari Kesäniemi Nixu Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under
More informationV ISA SECURITY ALERT 13 November 2015
V ISA SECURITY ALERT 13 November 2015 U P DATE - CYBERCRIMINALS TARGE TING POINT OF SALE INTEGRATORS Distribution: Value-Added POS Resellers, Merchant Service Providers, Point of Sale Providers, Acquirers,
More informationSecure Shell User Keys and Access Control in PCI-DSS Compliance Environments
A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments
More informationAn Approach to Threat Modeling in Web Application Security Analysis
Volume-5, Issue EICA2012-5, February 10, 2012 An Approach to Threat Modeling in Web Application Security Analysis Sreenivasa Rao B Dept. of Computer Science & Engineering CMJ University, Shillong, India
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationDriveLock and Windows 8
Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationTHE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW
THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW By Stephen Cobb, ESET senior security researcher. If your business accepts credit or debit cards, then you know that PCI DSS stands for Payment Card Industry
More informationWhite Paper Secure Reverse Proxy Server and Web Application Firewall
White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationEmbracing Microsoft Vista for Enhanced Network Security
Embracing Microsoft Vista for Enhanced Network Security Effective Implementation of Server & Domain Isolation Requires Complete Network Visibility throughout the OS Migration Process For questions on this
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationPCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker
PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationAddressing PCI Compliance
WHITE PAPER DECEMBER 2015 Addressing PCI Compliance Through Privileged Access Management 2 WHITE PAPER: ADDRESSING PCI COMPLIANCE Executive Summary Challenge Organizations handling transactions involving
More informationChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL Server www.securityfirstcorp.com 29811 Santa Margarita Pkwy Rancho Santa Margarita, CA 92688 888-884-7152 CONTENTS Database Security Issues 3 Balancing Database Security
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationLeast Privilege in the Data Center
Least Privilege in the Data Center avecto.com avecto.com 1 Introduction Removing excess administrator privileges is considered to be one of the most essential risk mitigation strategies for organizations
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationLeveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP
P a g e 1 Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP December 24, 2015 Coalfire Systems, Inc. www.coalfire.com 206-352- 6028 w w w. c o
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationPCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics
PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics About Us Matt Halbleib CISSP, QSA, PA-QSA Manager PCI-DSS assessments With SecurityMetrics for 6+ years SecurityMetrics Security
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationA Guide to MAM and Planning for BYOD Security in the Enterprise
A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationPCI DSS: An Evolving Standard
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationImplementing HIPAA Compliance with ScriptLogic
Implementing HIPAA Compliance with ScriptLogic A ScriptLogic Product Positioning Paper By Nick Cavalancia 1.800.424.9411 www.scriptlogic.com Table of Contents INTRODUCTION... 3 HIPAA BACKGROUND... 3 ADMINISTRATIVE
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationFundamentals of a Windows Server Infrastructure MOC 10967
Fundamentals of a Windows Server Infrastructure MOC 10967 Course Outline Module 1: Installing and Configuring Windows Server 2012 This module explains how the Windows Server 2012 editions, installation
More informationWindows Least Privilege Management and Beyond
CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has
More informationFine Tuning Desktop Security Presented by J Abernethy & Josh Quinn
Fine Tuning Desktop Security Presented by J Abernethy & Josh Quinn Presenter: J Abernethy Practice Manager of Legal Applications mindshift, a Ricoh Company Presenter: Josh Quinn Manager, Desktop & Application
More informationOWASP AND APPLICATION SECURITY
SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More information