NETWORK SECURITY. 3 Key Elements
|
|
- Bernadette Rich
- 8 years ago
- Views:
Transcription
1 NETWORK SECURITY 3 Key Elements
2 OVERVIEW Network is fast becoming critical and required infrastructure in organizations or even in our live nowadays. Human networking is important in many aspects especially on knowledge and information sharing, cooperations and yeah also important for your insurance and MLM business as well ;) Also do you notice that almost every important information, documents, data traverse in form of digital pulse from one connected devices to another? Based on this, it is very, very, very important for us to ensure that the confidentiality, integrity and the availability of these information remain intact
3 OVERVIEW In order to achieve these, it is important for any organization to have a good approach on their own network security practice Hence this presentation will touch on the 3 key elements that you need to take into consideration: Process, Technology and People. You will not become an hacker or become Schenier s or Bejtlich type of person once this presentation ends as this presentation is a high level approach and not a technical training as well (you can call me for training afterwards ;) ) Hopefully this presentation will give you an additional knowledge and maybe a new approach for your network security. So let s begin
4 Network Security : 1st Element PROCESS
5 PROCESS Security Definition Why process? Bruce Schneier stated that Security is a process, not a product in Cryptogram Magazine 2000 Dr. Mitch Kabay who is the CTO and Program Director for Master of Science in Information Assurance, Norwich University, Northfield, VT, USA in Risk Digest 1998 stated that Security is a process, not an end state Richard Bejtlich, the Director of Incident Response for General Electric defined security as a process of maintaining an acceptable level of perceived risk in his book titled The Tao of Network Security Monitoring Beyond Intrusion Detection. Hence it is appropriate for me to touch on the importance of process in network security.
6 Process The security process Generally we can safely define that the security process will have assessment, protection, detection and response process. Assessment is the precursor for other processes where we perform evaluation not only in sense of technology that we possessed but also caters other matter as well like budget, policies and plans like BCP or Incident Response Plan. Protection process can be defined as preparation or risk mitigation process based on the result of our assessment. Detection process is meant for detecting any possible intrusion or policy violation Response is a process of remediating any intrusion where the compromised assets functionality will be restored and the attacker will be pursuit legally or the victim decided just to move on.
7 PROCESS
8 PROCESS Assessment Basically assessment process will give you some indicators of your security posture. Ever heard about Security Posture Assessment? There are many types of assessment that can be done and these type of assessments will not cover only on technology aspect but other as well Security Audit, Penetration testing, vulnerability scanning, signal attacks are one of the assessment disciplines that can be done in this process So let us explore a bit on what are the area that usually will be assessed.
9 Process Type of assessment
10 Process Type of assessment Security Audit Evaluation of how closely a policy or procedure matches the specified action. Are Security Policies actually used or adhered to? Are they sufficient? Vulnerability Scanning A process of identifying vulnerable services and applications on the network Tools such as Nessus, nikto, wikto, can be used to automatically scan a single host or more.
11 Process Type of assessment Penetration Testing (Ethical Hacks) Simulates the types of attacks that can be launched across the internet. Will target any available services and applications or the ones reported by the vulnerability scanning. Stolen Equipment Attack Closely related to physical security and communication security. The objective is to see what information is stored on company laptops and other easily accessible systems Encryption is the number one defense for stolen equipment attacks.
12 Process Type of assessment Physical Entry Seek to test the organization s physical controls Systems such as doors, gates, locks, guards, CCTV, and alarm are tested to see whether they can be bypassed Signal Security Attack Tasked with looking for wireless access points and modem. The objective is to see whether these devices are secure or not or sufficient authorization control implemented.
13 Process Type of assessment Social Engineering Attack Target an organization s employees and seeks to manipulate them in order to gain privileged information Proper controls, policies and procedures and users awareness can overcome this type of attack
14 Process Type of assessment It is important for you to determine what kind of assessment required for your organization Also important to have internal and external party to perform this exercise. Internal and External assessment. The time gap between each assessment also important. If the gap is too wide then you may overlooked some of critical issues of your systems and if the gap is too short then it would be impractical (Like your administrator has something else to do ;)
15 Process - Protection Once you obtained the result of the assessment exercise, it is time to perform some preparation or protection activities. If your procedures and policies are inadequate to cover some issue, you need to work on it. If the vulnerabilities discovered can lead the system to be compromised, appropriate patching or work-around are required. Also this is the good time to fine tuning your detection or filtering mechanism. If you do not have resources to perform this, you can call any MSSP or the best thing is call us at SCAN ;) Also make sure that all systems have their own warning banners. This will limit the presumption of privacy of your users. It will save you a lot of trouble when handling insider threat. Trust me..
16 Process - Detection I did mention the needs of having your assessment to be performed within acceptable time gap. So what if an attack on a new vulnerability published in between of our assessment occurs? That is why my friend, detection process is very critical in order to reduce the risk of our network being compromised. Within the detection process, we will have collection, identification, validation and escalation process as well.
17 Process Detection process
18 Process Detection process For collection process, it is important to collect all the necessary information in order to assist analysts performing the identification more effectively Usually the type of data required are statistical data, session data, alerts data and if possible, full content data. Statistical data will provide an overview of the traffics captured like the percentage of protocols used within the captured communication traffics. Session data is about the summary of communication between hosts or devices. This includes source and destination IPs, ports, protocols and amount of data exchanged
19 Process - Detection Alerts data is the ones generated by your beloved IDS or perhaps IPS as well. This data will provide some useful indicators on possible breach (if properly tuned) Full content data will provide information beyond the session or transport layer. Every single bit will be recorded and presented. Resources issue like storage is the main obstacle to have this kind of data collected. With these kind of data made available to the analyst, it will make the identification process whether the traffics should fall into malicious or normal category more effective.
20 Process Detection Validation process involves on categorizing the security incidents that we have detected during the identification process. The severity level of the security incidents will depending on the type category they will be in. However it is important for you to determine the severity level of each category that suits your organization. The severity level will determine the acceptable response time of Incident Handling or Response within SOP for your own internal CSIRT team or within SLA with your MSSP.
21 Process Response This is the most overlooked process (from my experience) We have to remember, a process is something that is continuous and must have no full stop. What will happen IF one of your servers that contains critical information of your organization was compromised or brought down by DoS attack? Do you have the resources to: Perform Incident Handling Perform Incident Response If yes then good for you, if not, then you can start to find one or contact me ;)
22 Process Response First of all, you need to have your own Computer Security Incident Response Team (CSIRT) This team must consists NOT ONLY technical or security guys but must include all parties that expected to be affected if any security incident occurred. Security staff, system and network administrators, Human resource, legal counsel, public relation and do not ever forget to include one representative from executive management as well. You want a guide? Go here :
23 Process Response You have the team now and of cause you need to have Incident Response Plan as well. This will ensure that everything will be conducted in a proper and systematical way. This Incident Response Plan (IRP) is a product of negotiation between each CSIRT team member. Basically it is about each of the team members roles and responsibilities A good sample document on IRP can be found at Or you google it and look for Incident Response Plan. Choose the most suitable plan for your organization. Remember, the IRP that you ll download later just only for guidelines. You must formulate your own IRP suitable to your organization.
24 Process Response It is important for the CSIRT to have full support from the management This will cut (hopefully) the bureaucracy limitations especially on decision making regarding the security incident. Time is crucial when perform incident handling especially during the containment phase. CSIRT also must be able to advise the management whether to pursuit and prosecute or patch and proceed regarding on the incident. An response Noted and necessary actions taken to your MSSP Security Alerts notification is not a good example. Try to perform some drill perhaps once a year just to make sure that everybody involves will now what to do once the actual response required.
25 Network Security : 2nd Element TECHNOLOGY
26 Technology It is important for you to determine or identify what kind of technology required by your organization in order to reduce the risk of being compromised. But you also need to identify whether the current technology that you have can meet the requirement? For a big corporation or organization, purchasing new devices perhaps is not a big issue (maybe) Some organizations perhaps have their own limitation for this purpose. They have to make use whatever that they have. And some organizations simply do not care.
27 Technology Open Source VS Closed Source This is the hotly debated topic not only in digital security world. Some of you might favour the open source applications and some are not. For closed source advocates, they do believe in security by obscurity while open source guys said that they are more secure because the codes can be reviewed and fixed. However I do believe it does not matter whether your are using open source or closed source, as long as you know what you are doing
28 Technology Open Source There is not point if you adapt or implement any tools/equipment or devices without understanding its underlying technology What kind of benefits that you will get from using snort as your IDS when you failed to understand its decision making logic? It is a very grave mistake if you decided to use open source application solely because you do not have to pay a single cent. The beauty of open source application is the ability for you to do customization of that application to suits your need. By the way there is always communities who provide fixes, support or workaround for any flaws of bugs discovered Do you have the resources to maintain these applications?
29 Technology Closed source If you have the financial means then closed source applications are suitable for you. By the way some of these products have the upper hands over their open source counterpart. You do not need to allocate large resources to manage those as bulk of the work will be done by the provider. But the downside is you will depend on how quick the response from the vendor to fix or to produce any flaws that may exist or discovered. Compared to open source, only selected group of people will have access to the codes thus sometimes the patches or fixes will have long period of delay before released.
30 Technology The best way During the assessment phase, identify what kind of technology currently that you have and the one that you need. Identify the resources whether in sense of financial or manpower to acquire that technology. Implement what you need but not what you want. Remember, latest is not always the best. Identify the optimization level of your current technology. You may want the latest firewall but if the features are similar, why you need to get a new one? A blend of open and closed source applications is the best approach (like your pool servers or back up servers)
31 Technology The best way Do you aware that all these security devices are meant to prevent or detect known attacks OR to prevent or detect any repetition of 0 dayz attacks? So the best thing is to forget the VS thing (Linux VS Windows, IDS VS IPS) Our goal is to reduce the risk. It is a good thing to have IDS AND IPS implemented in your network. You may have commercial product as your IPS and open source application like snort as you IDS. Try to make your network watchable, offers minimized services, can be controlled and always kept current Defensible Network
32 Technology Not the only one Bear in mind that technology ONLY to assist human on performing their task more efficient and productive, not the other way around. It doesn t matter how advance your technology is, in my opinion nothing could replace human judgement and intuition. In other words, human intervention is required especially when dealing with your network security posture.
33 Network Security : 3 rd Element HUMAN
34 HUMAN Why? Tools or devices can only function based on the instructions given to them. The output of their functions will provide some information for human to perform their tasks or job. In security perspective, the security devices will produce indicators for any anomaly or sign of intrusions on the network. However these indicators mostly lacking of one thing: context Context is the ability to understand the nature of an event with respect to all other aspects of an organization's environment
35 Human Why? Example : If a server was compromised during a penetration testing exercise, IDS will produce indicators telling that intrusion occurs. Only human can make the call whether the indicators really indicating real intrusion or not. As for the case above, it will not be declared as incident as it was performed by authorized party. Human will scrutinize the indicators and correlate those with other useful information. Once the analysis concluded, then he or she will generate appropriate warning and escalate it to related personnel or decision maker. Those warnings my friends are the security alerts notifications that you received from your MSSP
36 Human Skills and Knowledge It is important for the people who performing their job to have adequate knowledge and skills on what he suppose to do. A network administrator should have knowledge on what he has within his network such as the devices, hosts, segments and in fact he also need to know his normal network behavior. Same thing goes for the system administrators, security personnel or even the IT manager as well. Without skilled personnel managing your network, it will make compromising your network much easier. I am not talking about managing your security yet ;)
37 Human Skills and Knowledge Why would I say that? Just imagine if one of your hosts was compromised and start communicating with the attacker through DNS traffic? IF the administrator did not know his network traffic behavior, I can bet he will dismiss these via DNS backdoor traffic as normal. Same goes to the analyst, if he or she failed to provide appropriate context for the indicators, then the possibility to generate false positive warning is high What scares me more is for false negative attacks.
38 Human User Awareness Some people said, it is useless to educate users as the tendency to forget whatever they have learned is high Other people said, it is really, really, really useless to educate the users I used to agree on this and in fact I did believe that we should educate the management instead the users Why? Because they are the decision and policy maker. The users will have to follow whatever decision or policy decided by the management. I wish
39 Human User Awareness Now I believe users are the ones that need the awareness We can see that the attackers now shifting their targets towards users. The obvious proof on this is the rise of the Botnets. Why you need to crack your head 0wning a server when you can 0wn and control thousands of hosts? More and more advisories on browsers flaws and vulnerability published on the web. Every single day we will receive spam s which can lead to phising sites How many users who just execute the updates attached in the from microsoft?
40 Human User Awareness Thus, it is critical to ensure that the user awareness program will be conducted continuously. Policy, procedures, regulation can only be followed by the users when they understands the impact that they may caused if not followed. (Disciplinary actions will provide immediate result though) Let the users know when and where to report if they can see any indicators of possible breached occurs. Users are the likely source of detecting any skilled attacker. Their reports or complaints on their machines behavior may indicate something illegitimate may occurs.
41 Human Improvement As we know now, security is an ongoing process. We usually ensure that our technology will always be updated to keep with the current trend (or because our competitor is using it ;) ) Of cause we also need competent personnel to managed these new technologies. New technologies comes with new vulnerabilities and attack vectors, meaning we need to upgrade our security team to enable them defending the new technology. These will only be achieved via trainings, seminars and workshops And yes, they need to be assessed and evaluated once they attended any trainings
42 CONCLUSION Security is not defined by any tools, brands, or applications and also security can never guarantee that your network is 100% secure. We have to be prepared as eventually our network WILL BE compromised. Why? Because we have to remember that some of the attackers are smarter than we and some of their methodology or techniques are unpredictable. What we can do is to minimize the risk of being compromised Follow the security process diligently, use appropriate technology and competent people to use it for defending our assets from being compromised from either externally or internally. Manage your security by fact, not by belief.
43 Any Questions?
44 CONTACT
45 THANK YOU
How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationHow To Test For Security On A Network Without Being Hacked
A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few
More informationFirewalls for small business
By James Thomas DTEC 6823 Summer 2004 What is a firewall? Firewalls for small business A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationPenetration testing & Ethical Hacking. Security Week 2014
Penetration testing & Ethical Hacking Security Week 2014 Agenda Penetration Testing Vulnerability Scanning Social engineering Security Services offered by Endava 2 3 Who I am Catanoi Maxim Information
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationPCI-DSS Penetration Testing
PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationToday s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationThe principle of Network Security Monitoring[NSM] C.S.Lee[geek00L@gmail.com] http://geek00l.blogspot.com
The principle of Network Security Monitoring[NSM] C.S.Lee[geek00L@gmail.com] http://geek00l.blogspot.com Claim: Before I proceed, I would like to make it clear about the topic I gonna deliver, I'm not
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationOvercoming Five Critical Cybersecurity Gaps
Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationData Loss Prevention in the Enterprise
Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there
More informationINTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationINTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationMetasploit The Elixir of Network Security
Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More informationAdaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland
Adaptive IPS Security in a changing world Dave Venman Security Engineer, UK & Ireland 2 Who Is Sourcefire? Mission: To help customers manage increasing risks and regulations by providing the most effective,
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More information8 Steps For Network Security Protection
8 Steps For Network Security Protection 8 Steps For Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because of their
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationSecurity Threat Risk Assessment: the final key piece of the PIA puzzle
Security Threat Risk Assessment: the final key piece of the PIA puzzle Curtis Kore, Information Security Analyst Angela Swan, Director, Information Security Agenda Introduction Current issues The value
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationSECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our
ENDNOTE ONLINE SECURITY OVERVIEW FOR MY.ENDNOTE.COM In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our servers from attacks and other attempts
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationUser Security Education and System Hardening
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationPenetration Testing //Vulnerability Assessment //Remedy
A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationAgenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007
Security Testing: The Easiest Part of PCI Certification Core Security Technologies September 6, 2007 Agenda Agenda The PCI Standard: Security Basics and Compliance Challenges Compliance + Validation =
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationPCI DSS 3.1 and the Impact on Wi-Fi Security
PCI DSS 3.1 and the Impact on Wi-Fi Security 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved. Table of Contents PCI
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationFootprinting and Reconnaissance Tools
Footprinting and Reconnaissance Tools Topic 1: Common Port Scanning Techniques Do some research on computer ports that are most often scanned by hackers. Identify a port scanning exploit that is interesting
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationNeed for Database Security. Whitepaper
Whitepaper 2 Introduction The common factor in today s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional
More informationFight the Noise with SIEM
Fight the Noise with SIEM An Incident Response System Classified: Public An Indiana Bankers Association Preferred Service Provider! elmdemo.infotex.com Managed Security Services by infotex! Page 2 Incident
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationFirewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08
Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia
More informationIDS or IPS? Pocket E-Guide
Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More information