Protect Web Sites from Cyber Attacks

Similar documents

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Information Security Threat Trends

Protecting Your Organisation from Targeted Cyber Intrusion

PCI DSS v3.0 Vulnerability & Penetration Testing

Common Cyber Threats. Common cyber threats include:

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Security and Access Control Lists (ACLs)

How To Protect Your Data From Being Stolen

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Guide to Vulnerability Management for Small Companies

Cybersecurity: What CFO s Need to Know

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

PCI Data Security Standards (DSS)

Where every interaction matters.

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

Critical Controls for Cyber Security.

Global Partner Management Notice

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Hong Kong Information Security Outlook 2015 香港資訊保安展望

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

How To Manage A System Vulnerability Management Program

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cyber Security: Beginners Guide to Firewalls

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Defending Against Data Beaches: Internal Controls for Cybersecurity

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

ABB s approach concerning IS Security for Automation Systems

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

How To Secure Your System From Cyber Attacks

Cyber Self Assessment

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security Policy for External Customers

IT Security. Securing Your Business Investments

PCI DSS Requirements - Security Controls and Processes

Thoughts on PCI DSS 3.0. September, 2014

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Security Management. Keeping the IT Security Administrator Busy

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

CITY UNIVERSITY OF HONG KONG Network and Platform Security Standard

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

Introduction: 1. Daily 360 Website Scanning for Malware

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Network Security Policy

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Connecticut Justice Information System Security Compliance Assessment Form

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Computer and Network Security Policy

CITY OF BOULDER *** POLICIES AND PROCEDURES

Best Practices For Department Server and Enterprise System Checklist

93% of large organisations and 76% of small businesses

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Networking for Caribbean Development

A Decision Maker s Guide to Securing an IT Infrastructure

Security for NG9-1-1 SYSTEMS

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Network Instruments white paper

PEER-TO-PEER NETWORK

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Promoting Network Security (A Service Provider Perspective)

Cyber Security Awareness

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Payment Card Industry Self-Assessment Questionnaire

How To Protect A Web Application From Attack From A Trusted Environment

74% 96 Action Items. Compliance

Cloud Security:Threats & Mitgations

Norton Personal Firewall for Macintosh

SECURITY CONSIDERATIONS FOR LAW FIRMS

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

SCADA Security Example

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment.

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

InfoSec Academy Application & Secure Code Track

Did you know your security solution can help with PCI compliance too?

Transcription:

www.thales-esecurity.com Protect Web Sites from Cyber Attacks Henry Ng, CISSP-ISSAP CISA ISC2 Authorized Instructor Head of Consulting Services Thales e-security Jan 9, 2015

2

3 Lessons learnt The worst can happen A lot of the damaged areas weren t even within the earthquake regions Insufficient awareness People didn t understand the dangers behind retreating waves No warning? No alerts? Early warning system not was in place for Indian Ocean 3

4 Common IT security threats Virus and worm infection Web site defacement Denial of service attack Un-authorized access Data leakage and disclosure Advanced targeted attack

5 Example of web site defacement

6 Many schools had web site issues

7 Cyber attacks hit the headlines

8 Why would anyone attack us Your website is under attack 24 x 7

9 We are constantly under attack 2013/04/24 20:33:24 FIREWALL TCP connection denied from 124.237.78.181:6000 to 221.127.131.199:6676 (ppp0) 2013/04/24 20:33:24 FIREWALL TCP connection denied from 124.237.78.181:6000 to 221.127.131.199:6677 (ppp0) 2013/04/24 20:25:22 FIREWALL TCP connection denied from 222.186.13.12:6000 to 221.127.131.199:6675 (ppp0) 2013/04/24 20:22:43 FIREWALL TCP connection denied from 183.245.76.134:6000 to 221.127.131.199:8909 (ppp0) 2013/04/24 20:22:43 FIREWALL TCP connection denied from 183.245.76.134:6000 to 221.127.131.199:9415 (ppp0) 2013/04/24 20:22:43 FIREWALL TCP connection denied from 183.245.76.134:6000 to 221.127.131.199:6666 (ppp0) 2013/04/24 20:11:21 FIREWALL TCP connection denied from 221.214.14.253:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 20:10:42 FIREWALL TCP connection denied from 221.179.6.228:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 20:08:41 FIREWALL TCP connection denied from 183.245.168.81:6000 to 221.127.131.199:3389 (ppp0) 2013/04/24 20:07:46 FIREWALL TCP connection denied from 24.84.214.249:53369 to 221.127.131.199:6675 (ppp0) 2013/04/24 20:05:53 FIREWALL TCP connection denied from 61.147.103.79:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 20:03:18 FIREWALL TCP connection denied from 222.186.27.78:6000 to 221.127.131.199:6666 (ppp0) 2013/04/24 20:00:52 FIREWALL TCP connection denied from 221.179.6.228:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 19:59:50 FIREWALL TCP connection denied from 176.61.139.128:2998 to 221.127.131.199:3128 (ppp0) 2013/04/24 19:59:44 FIREWALL TCP connection denied from 176.61.139.128:2998 to 221.127.131.199:3128 (ppp0) 2013/04/24 19:59:42 FIREWALL TCP connection denied from 176.61.139.128:2998 to 221.127.131.199:3128 (ppp0) 2013/04/24 19:59:42 FIREWALL TCP connection denied from 176.61.139.128:2998 to 221.127.131.199:3128 (ppp0) 2013/04/24 19:58:41 FIREWALL TCP connection denied from 58.221.60.182:6000 to 221.127.131.199:6675 (ppp0) 2013/04/24 19:58:38 FIREWALL TCP connection denied from 192.198.82.21:6000 to 221.127.131.199:3389 (ppp0) 2013/04/24 19:53:51 FIREWALL TCP connection denied from 222.186.27.78:6000 to 221.127.131.199:6666 (ppp0) 2013/04/24 19:48:44 FIREWALL TCP connection denied from 112.101.64.233:6000 to 221.127.131.199:6666 (ppp0) 2013/04/24 19:42:16 FIREWALL TCP connection denied from 222.186.63.181:6000 to 221.127.131.199:6675 (ppp0) 2013/04/24 19:40:34 FIREWALL TCP connection denied from 222.76.218.81:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 19:39:28 FIREWALL TCP connection denied from 222.186.45.164:6000 to 221.127.131.199:6666 (ppp0) 2013/04/24 19:38:13 FIREWALL TCP connection denied from 218.22.2.68:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 19:36:23 FIREWALL TCP connection denied from 58.221.59.172:6000 to 221.127.131.199:6675 (ppp0) 2013/04/24 19:35:01 FIREWALL TCP connection denied from 222.186.45.139:6000 to 221.127.131.199:6675 (ppp0) 2013/04/24 19:34:35 FIREWALL TCP connection denied from 223.4.218.71:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 19:30:58 FIREWALL TCP connection denied from 142.4.38.49:6000 to 221.127.131.199:1433 (ppp0) 2013/04/24 19:30:45 FIREWALL TCP connection denied from 50.22.220.130:80 to 221.127.131.199:57694 (ppp0) 2013/04/24 19:29:48 FIREWALL TCP connection denied from 118.244.146.200:12200 to 221.127.131.199:6668 (ppp0) 2013/04/24 19:28:48 FIREWALL TCP connection denied from 218.92.244.234:6000 to 221.127.131.199:3389 (ppp0) 2013/04/24 19:27:25 FIREWALL TCP connection denied from 118.244.146.200:12200 to 221.127.131.199:6668 (ppp0) 2013/04/24 19:26:51 FIREWALL TCP connection denied from 221.169.207.102:3143 to 221.127.131.199:23 (ppp0)

10 Why would anyone attack us Your website is under attack 24 x 7 Unpatched vulnerabilities threaten your website

11

12 Why would anyone attack us Your website is under attack 24 x 7 Unpatched vulnerabilities threaten your website Hackers are more smart and efficient than ever

13

14 Why would anyone attack us Your website is under attack 24 x 7 Unpatched vulnerabilities threaten your website Hackers are more smart and efficient than ever No matter how small of your website

15 Thales e-security

16 Recommendations - 1 1. Implement basic security controls Firewalls System security hardening Anti-virus Wireless encryption Workstation lock-down

17 Recommendations - 2 2. Implementation segmentation Internet Firewall External Web Server Internal Server Workstation Workstation Workstation

18 Recommendations - 2 2. Implementation segmentation Internet Firewall External Web Server Internal Server Workstation Workstation Workstation

19 Recommendations - 3 3. Implement additional security best practices Installing Web Application Firewall (WAF) in front of web application to continually check all traffic to detect and prevent web-based attacks Update to the most current version and install all relevant security patches and vendor security recommendations Perform vulnerability assessment to assess web security issues Enforce security configuration standards according to industry-accepted system hardening standards Include security requirements as part of the procurement process

20 Recommendations - 4 4. Build Risk Awareness

21 Source for more information OWASP Open Web Application Security Project (www.owasp.org) CIS Center for Internet Security (www.cissecurity.org) NIST National Institute of Standards and Technology (csrc.nist.gov) HKCERT Hong Kong Computer Emergency Response Team (www.hkcert.org) Hong Kong Government - Infosec Web Site (www.infosec.gov.hk)

Thank You Henry Ng, CISSP-ISSAP CISA ISC2 Authorized Instructor Head of Consulting Services Thales e-security henry.ng@thales-esecurity.com +852 2534 6625 (O) +852 9317 6844 (M)