Data Loss Prevention in the Enterprise



Similar documents
Top tips for improved network security

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Internet threats: steps to security for your small business

Stable and Secure Network Infrastructure Benchmarks

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Small and Midsize Business Protection Guide

Computer Viruses: How to Avoid Infection

Cyber Security: Beginners Guide to Firewalls

Part 14: USB Port Security 2015

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

What Do You Mean My Cloud Data Isn t Secure?

Verve Security Center

Cybersecurity Health Check At A Glance

Driving Company Security is Challenging. Centralized Management Makes it Simple.

AVeS Cloud Security powered by SYMANTEC TM

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

ITAR Compliance Best Practices Guide

10 Quick Tips to Mobile Security

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

How are we keeping Hackers away from our UCD networks and computer systems?

Secure Your Mobile Workplace

74% 96 Action Items. Compliance

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

AB 1149 Compliance: Data Security Best Practices

How to Practice Safely in an era of Cybercrime and Privacy Fears

TMCEC CYBER SECURITY TRAINING

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

How to Leverage IPsonar

Cisco IPS Tuning Overview

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Computer Security Maintenance Information and Self-Check Activities

October Is National Cyber Security Awareness Month!

How To Protect A Network From Attack From A Hacker (Hbss)

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Chapter 9 Firewalls and Intrusion Prevention Systems

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

How to Secure Your Environment

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Is your data secure?

Your security is our priority

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Malware & Botnets. Botnets

Common Cyber Threats. Common cyber threats include:

10 best practice suggestions for common smartphone threats

Network/Cyber Security

Symantec Endpoint Protection Analyzer Report

Managed Security Services

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

SANS Top 20 Critical Controls for Effective Cyber Defense

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Jumpstarting Your Security Awareness Program

Paul Nguyen CSG Interna0onal

Did you know your security solution can help with PCI compliance too?

How To Secure A Remote Worker Network

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Incident Response. Six Best Practices for Managing Cyber Breaches.

Cyber Security Awareness

Network Security in Building Networks

2012 Endpoint Security Best Practices Survey

Presentation Objectives

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Industrial Security for Process Automation

Perspectives on Cybersecurity in Healthcare June 2015

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

Check Point and Security Best Practices. December 2013 Presented by David Rawle

BSHSI Security Awareness Training

Endpoint Security Management

Securing Endpoints without a Security Expert

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Business continuity. Protecting your systems in today s world

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

Student Tech Security Training. ITS Security Office

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Networking for Caribbean Development

Business Identity Fraud Prevention Checklist

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

In-House Vs. Hosted Security. 10 Reasons Why Your is More Secure in a Hosted Environment

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Trust the Innovator to Simplify Cloud Security

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Transcription:

Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09

In today s world data loss happens multiple times a day. Statistics show that there is tremendous amount of data that is either stolen or lost everyday. A good source of this information is available on the following website http://www.voltage.com/ Voltage security is a company that specializes in point to point encryption technology solutions. On the home page is a running ticker of data loss events from around the world for the last month. They also have an interactive map that shows events over the last three years. Statistically the percentages of data still remains low but this is due to the massive amounts of data that exist today. A large portion of lost data is not targeted data; most thefts are thefts of convenience. A laptop left on the car seat, or one that is not watched in an Airport, or cell phones that are picked up in restaurants. Then to complicate matters human error can also result in significance data loss if steps are not taken to prevent or at a minimum recover lost or damaged data. The main thing to remember is that all data is important. Simple put if it is collected it is important to you, this could be for litigation, documentation, or marketing purposes. So if it is important to you then it is important to others such as competitors, cyber criminals and so on. You will never know who may want your data but you can be sure someone wants your data. There is no such thing as useless data; Google has proven that fact, every byte of data means something to someone. In the book, Data Leaks for Dummies, (2009) here are the top two choices of criminals accounting for more than 1/3 of data stolen or sold. (Source Symantec Corporation, 2007) Rank Goods/Service Percentage Range of price 1 Bank Accounts 22% $10 - $1000 2 Credit Cards 13% $0.40 - $20.00 2

The ability to recognize your vulnerabilities will greatly enhance the company's ability to defend and protect the valuable data within the organization. Some of the more common points of attack in a company are; Email, USB Devices, wireless networks, laptops, and unencrypted data. The first I mentioned was email, email attacks can be in many forms, Spam and other malware loaded Phishing emails can get in and a link that is clicked by an unsuspecting user can easily begin transfer data from your network to another company's network server. Another such attack could be more specific and that would be in the capturing of email messages being sent to remote users. Any email that leaves your domain and is addressed to a mailbox outside of the domain is susceptible to an attack. Wireless networks are another area in which your data may be extremely vulnerable because the technology is still developing in the corporate areas not all potential vulnerabilities have been secured. Care must be taken in respect to transferring data over a wireless network. USB Devices are another great threat that many companies do not even consider, or if considerations were made they feel that convenience and speed outweighs the risks of data loss. Unencrypted data is another area that is vulnerable because it is like saying here is the information in ready to read form. Many businesses did not encrypted data in the databases because of the time required to recall the information so that changes can be made. The same goes for Removable storage and backup devices. The time needed to encrypt and store the unencrypted and restore was so great that many said it was not worth the time or effort that the data needs to be available quickly. Luckily this is less of 3

an issue today due to the increase of processing speeds larger storage capacity and development of better encryption techniques. Laptops are another major point of vulnerability since they are removable device they can not be protected by your network security or the physical security that you have control. The end user may just be careless and leave the laptop unprotected, left in plain view such as on the front seat of his car. This is where the company is at a loss when it comes to control and monitoring of the device. When you talk about the remote user you must consider the whole, not just when the user is in the office and connected to your network, but you must also consider the vulnerability of a portable device when the user is out of the area. Some locations that should be considered are Airports, Vacation Resorts, Internet Café s, and public transportation. Airports seem to be a common place where laptops and cell phones have been lost or stolen. In today s world one must think of a cell phone in the same context as a laptop. Large amounts of data can be stored on handheld devices. The airport is one if the prime areas that theft is high because of the constant traffic and long waits, one may tend to lose track of time and place a device down for just a few minutes without looking and the device is gone. The same would go for the other forms of public transportation such as buses, shuttles and taxi cabs. Remote user vulnerability occurs when a remote user is on vacation, this is a dual threat because the user is not only susceptible to theft from the room or even pool side but also vulnerable to attach because the end user is utilizing a public access network to the internet. This is the same vulnerability that one faces in any internet café or other such internet hot spot. It is very easy for a hacker to just sit and wait for a business user to 4

enter an establishment turn on his computer and then access the information on the machine. This is particularly true if the user is alone. Consider this a single user enters an establishment with just their laptop and themselves. They order a meal and coffee and begin to work, how many users would not get up and leave the machine unintended while they go and pick up their order. It would take less than a minute to plug a USB device into a laptop to download a program that would start transferring data to a remote host. The corporate entity should be fully aware of all technologies available whether or not the company chooses to utilize those products or to abide by those practice's. These can take on many forms from many different manufacturers. Your first defense in almost every network is at the outer boundaries of your domain. There different appliances that can be placed at this out boundary but a good firewall and router are a definite. Your firewall is the first line of defense against data loss, but the firewall is just one line of defense not a solution to data loss. Your firewall will only protect you against a provable attack packet, this is determined by different factors such as known attack routines and user programmable functions. The downside to a firewall is that it is susceptible to traffic overload in which the firewall will drop packets that may be legitimate if the amount of data exceeds the capacity of the firewalls limit. In conjunction with a firewall one should also have a Anti-Virus Server to process the data one step further by looking for known virus definitions stored within the memory of the server and reject anything that is known to be a threat. Your Antivirus server today should utilize software that is considered zero day virus protection. The server should automatically update the moment a new threat is detected and a known definition is 5

written by the company. You should not have to wait for the next scheduled update before your network is protected. Access control is another major concern for the enterprise, these needs to be considered from all aspects where the control is on the physical access or the access to different hardware or software products with your organization. The physical access to your building should be your first concern. If you can not control that comes and goes your data will surly go. Competitors could easily pose a delivery person, potential customer or even a company employee. It is possible to infect a network with a virus that could transfer all your valuable data to a remote location in a matter of seconds by a rouge imposture who plugs a USB drive into the nearest computer terminal. Hardware and software access control is controlled through the ACL (Access Control Lists). An access control list is a table of rules that set the requirements for access to data on the network. The main thing to remember when creating an ACL is to start with the specific access needed, the general access needed and block all other access. As an example the District manger in the Chicago office has access to all financial records on Database A, the office manager and accounting personnel have access to only the Chicago financial data, all other employees do not have any access to financial database. Since an ACL will stop at the first rule that applies and will not drill down further it is assumed that, if no rules apply, access is granted. So it is very important to include the exclude rule in all ACL rule sets. Many of the subjects that have been touched on are just the outskirts of what should be considered when developing prevention techniques additional considerations are in the policy area. This is the area where the company can start to take a proactive 6

effort to protect data. Policy is the written rules and legal protection for the corporation. Written policy is very important and can be the basis for and legal proceedings in the future. A well written policy is protection against data loss, or at least the basis for prosecuting an individual for the unauthorized release of data. There are a few policies that are extremely important for a company to have in place and they include but are not limited to the following: Email policy Wireless email policy Enterprise and Operating System patching policy Information Security policy Email hosting policy Desktop Management policies Testing policy Application deployment Application upgrade policy Data center policies Data center access policy File backup policy Files restore policy Data Center environment policies Password changing policy Windows Server Environment Functional testing 7

Computer naming convention Backup procedures Desktop Management testing procedures Patch deployment Account Management Application access Data review policies Termination and exception policies Audit and review policies Consultants Employee transfers Other specific policies could include an encryption policy that covers many areas of the company such as encryption of databases, backup media, email, and even endpoint devices. Such encryption is critical to the protection of data loss. Unencrypted data is unsecure data. Likewise a sound and tested recovery policy is just as important for the database structure backup media and also the decryption, restoration and encryption of the endpoint. Additional prevention techniques include Data monitoring and data blocking. This is a newer technology that actually monitors the outgoing traffic just as much as the incoming traffic. Some internet providers will provide a limited aspect of this service by notifying the administrator of excessive upstream data transfers, the downside here is that notification my be to late to save data, this form of monitoring is more for protecting you bandwidth and data transfer consistency. Special appliances 8

need to be added to the network to protect and enterprise from such attacks. McAfee is one manufacture of such a product the McAfee Network DLP Monitor some of the key features mentioned on the web site found at http://www.mcafee.com/us/enterprise/products/data_protection/data_loss_prevention/net work_data_loss_prevention_monitor.html are: Benefits: Identify and protect sensitive information Find sensitive information then conduct forensic analysis and create rules to prevent future behavior Capture and index all network traffic Filter and control sensitive information then index, query and mine all content, and monitor file share access Create and tune sophisticated rules Identify more than 300 content types over any port or application, classify network traffic independent of port, and support hundreds of thousands of concurrent connections Features: Real-time information scanning and analysis match entire and partial documents with rules to detect anomalies in network traffic Classification, indexing, and storage of all network traffic Leverage all information, not just that flagged by rules, to identify sensitive data Complex data classification Scan all sensitive data, filter information and search it to identify hidden or unknown risks. Comprehensive network traffic reports View comprehensive reports about information-which sent it, where did it go, and how it was sent. Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS) are features that should be strongly discussed and deployed within the enterprise, a solid 9

network structure contains many different devices you need a solid combination of products so that your enterprise can be function 24/7/365. There are many different types of IDS devices, Misuse Detection, analyzes data and compares to large databases of know attack signatures similar to many anti virus programs, so it is only as good as the information held in the database. Anomaly Detection, requires user intervention to set baseline information and the system will notify if any events are outside of the preset parameters. This system looks for data transfers that are out of the ordinary. Network based IDS and Host based IDS systems, analyze data either through the network or through the endpoint or host. There are also Passive and Reactive IDS systems. The main difference between an IDS and a firewall is placement within the enterprise network. As stated earlier the firewall is placed at the border of you network where as an IDS will be placed inside the network. An IPS or Intrusion Prevention System is an IDS that can also take preventive measures and drop packets that are suspect, where an IDS only notifies. To summarize the needs of an enterprise will require a good deal of research and planning, not to mention a large financial obligations. The total cost will vary depending on the sensitivity of the data you are protecting. The size of the data and the storage location of the data. This cost will be compared to what it would cost if data was lost. There are now federal laws that require certain things to be done in a specific time period if certain types of data are lost. This can be financial taxing to a corporation on top of the negative publicity and loss of loyal customers. The former seems to be the better choice from my point of view. 10

References (2009) Guy Bunker, Garth Fraser-King, Data Leaks for Dummies Wiley Publishing, Inc (2009) Gregory Lucidi, ISYM 525- Information Security Course Holy Family Univeristy Web site used for refence material and general knowledge. www.wikipedia.com www.voltage.com www.mcafee.com www.symantec.com www.websence.com 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information