ETPG6 Five Low-Cost Security Takeaways 8/21 (Thursday) @ 3:30pm Governor s Ballroom CD Presented by Jerry Askew, Eric Richards & Kevin Svec
Presenters: Jerry Askew, Eric Richards & Kevin Svec Five Low-Cost Security Takeaways Thank you for being here today August 21, 2014-3:30pm 4:30pm Governer s Ballroom CD
Five Low-Cost Security Takeaways With security being such a fundamental aspect of businesses survival, it s often forgotten that there are solutions available for minimal cost, that can offer a great deal of benefit to your organization.
KeePass Password Management Database
KeePass Password Management Database
KeePass Password Management Database Why use a Password Management Database Keep track of site registrations / when registered Generate truly secure passwords Use different passwords for each site Store Answers to secret questions Store key material, certificates, etc.
KeePass Password Management Database Why use KeePass Open Source offers auditing opportunity Multiplatform Windows, Linux, Android High Quality Application
KeePass Password Management Database KeePass Features Local Storage with Synchronization capability Multiple Export Options Auto-type with window recognition and macros Full text search File Attachments for key material, certs, etc.
KeePass Password Management Database Usage Tips Choose a strong master password or passphrase Not used anywhere else Back up frequently Key file can be used to supplement password
KeePass Password Management Database www.keepass.info
Splunk Log Correlation and Analysis
The Case for Log Correlation and Analysis Today s advanced attacks require more behavior-based analysis Detection abnormal user account activity Notification on escalation of privilege Detection of configuration changes on devices Unexplained process or file changes Forensics Quickly determining the extent of a compromise Lateral movement of attackers on the network Activity associated with compromised accounts Adhering to Security Frameworks or meeting compliance objectives HIPAA SOX GLBA Etc.
Log Management - Splunk Splunk allows you to aggregate, search, and visualize machine data Server runs on Windows, and most Linux distros Software installation is very simple Small deployments run easily on a single virtual machine Clients can send logs, text, or performance information using a variety of protocols and input methods Splunk offers a software Universal Forwarder agent that runs on Windows and Linux machines Splunk Apps and Add-ons extend the functionality of the base product The free version can index (collect) up to 500mb per day
Splunk Simple Free Form Search - SPL
Splunk Interesting Fields
Splunk Boolean Search
Splunk Data Statistics and Visualization
Splunk Data Statistics and Visualization
Splunk Security and Compliance Apps Over 180 security and compliance-related apps available for security Cisco, Microsoft, F5, Bluecoat, OSSEC, Juniper, Palo Alto, and many others. Free App for IP Reputation Leverages Project Honey Pot Threat Intelligence Database
Splunk Apps Splunk App for Enterprise Security Facilitate investigations Asset Investigator Threat Indicators Alerting
Splunk App for Windows Infrastructure
Splunk Online Sandbox
TrueCrypt Have reports of its death been exaggerated?
TrueCrypt Open Source Full Disk Encryption TrueCrypt On The Fly Full Disk Encryption (OTF FDE) Widely used and regarded as secure Original developers have stepped away as of May 28 th Despite the dramatic announcement: Independent audit is continuing Broad interest in continuing development Truecrypt.ch Watch Gibson Research www.grc.com/misc/truecrypt/truecrypt.htm
Lansweeper Asset Management
Asset Management Lansweeper Why Invest Resources In Asset Management? Most IT security-related efforts require a continuous inventory of what you are attempting to protect Ensure systems remain compliant with standard configurations Need a system of record with good intake and retirement process to reconcile other systems Detect theft and configuration changes
Asset Management Lansweeper What is Lansweeper Network Inventory? Runs on Windows XP SP3 to Windows Server 2012 Requires.NET Framework 4 SQL database is required 10 minute installation / configuration Price - $995 for one server and unlimited hosts Agentless scanning
Lansweeper Data Input via Discovery Automated Discovery of all types of network devices using Windows Credentials Active Directory Domains SSH Credentials SNMP Others
Lansweeper Manual Data Input Manual
Lansweeper Search
Lansweeper Asset Drill Down
Lansweeper Asset Drill Down
Asset Management Lansweeper Built In Reporting
Asset Management Lansweeper Custom Reports
Asset Management Lansweeper Sampling of Built-In Reports: New devices discovered All workstations/servers without anti-virus Automatic startup services currently stopped Shared folders (visible and hidden) Configuration changes Unauthorized administrators Custom Reports: Missing a software packages Computer uptime reports Uncategorized systems
Policies and Procedures Something Every Company Should Do Security isn t just about software: Application Policies Access Policies (Vendor Access) Social Engineering (Training the End-Users) Risk Assesments
Resources KeePass Password Database: http://www.keepass.info/ Lansweeper Network Inventory Installer File: http://lansweeper.com/getfile50.aspx Lansweeper Documentation: http://www.lansweeper.com/documentation.pdf Splunk Download: http://www.splunk.com/download Splunk Documentation: http://docs.splunk.com/documentation/splunk Splunk Search Commands Cheat Sheet: http://docs.splunk.com/images/a/a3/splunk_4.x_cheatsheet.pdf Splunk Apps for Security and Compliance: http://apps.splunk.com/apps/#/category/security_compliance TrueCrypt on Wikipedia: http://www.keepass.info/ Partnering for Cyber Resilience - http://www3.weforum.org/docs/wef_it_partneringcyberresilience_guidelines_2012.pdf SANS Critical Security Controls - http://www.sans.org/critical-security-controls
Questions We ll now open it up for questions
Thank You