Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

Similar documents

Networking for Caribbean Development

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Building A Secure Microsoft Exchange Continuity Appliance

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Anti-exploit tools: The next wave of enterprise security

Virtualization Journey Stages

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

NetDefend Firewall UTM Services

Windows Remote Access

NetDefend Firewall UTM Services

Why The Security You Bought Yesterday, Won t Save You Today

Industrial Security for Process Automation

Computer Viruses: How to Avoid Infection

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Justin Kallhoff CISSP, C EH, GPCI, GCIH, GSEC, GISP, GCWN, GCFA. Tristan Lawson CISSP, C EH, E CSA, GISP, GSEC, MCSA, A+, Net+, Server+, Security+

Cisco Advanced Services for Network Security

Firewalls and Software Updates

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Accelerate Patching. the Enterprise. Wolfgang Kandek Qualys, Inc. Session ID: STAR-301 Session Classification: Intermediate

A Decision Maker s Guide to Securing an IT Infrastructure

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Simple Steps to Securing Your SSL VPN

Technical Note. CounterACT: Powerful, Automated Network Protection Inside and Out

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Devising a Server Protection Strategy with Trend Micro

Section 12 MUST BE COMPLETED BY: 4/22

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Medical Device Security Health Group Digital Output

Did you know your security solution can help with PCI compliance too?

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Critical Security Controls

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Common Cyber Threats. Common cyber threats include:

Chapter 11 Cloud Application Development

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Chapter 9 Firewalls and Intrusion Prevention Systems

Total Defense Endpoint Premium r12

Priority One: Client-side software that remains unpatched. Priority Two: Internet-facing web sites that are vulnerable.

Deep Security Vulnerability Protection Summary

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support

TEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.

Endpoint protection for physical and virtual desktops

Protecting Your Organisation from Targeted Cyber Intrusion

Locking down a Hitachi ID Suite server

Best Practices For Department Server and Enterprise System Checklist

What Do You Mean My Cloud Data Isn t Secure?

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Cyber Security: Beginners Guide to Firewalls

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Advantages of Managed Security Services

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Symantec Endpoint Protection Analyzer Report

Devising a Server Protection Strategy with Trend Micro

Security Consultant Scenario INFO Term Project. Brad S. Brady. Drexel University

Information Security Attack Tree Modeling for Enhancing Student Learning

Chapter 4 Application, Data and Host Security

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Preparing Your Personal Computer to Connect to the VPN

IQware's Approach to Software and IT security Issues

Tracking Anti-Malware Protection 2015

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

DATA CENTER IPS COMPARATIVE ANALYSIS

TIME TO LIVE ON THE NETWORK

CISCO IOS NETWORK SECURITY (IINS)

BM482E Introduction to Computer Security

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Transcription:

Desktop Security Overview and Technology Guidance Michael Ramsey Network Specialist, NC DPI

Desktop Security Best practices for both the technical type and the typical user Defensive Layering Top Vulnerabilities Frequent Mistakes Tools That Work Questions and Answers

Who am I? US Navy Data Systems Technician (DS2SW) Network Technician MCNC Network Operations Interpath Co-author of Internet RFC 2196 Site Security Handbook Lab Manager Cisco IT Manager, Project Manager, Network Specialist NC DPI

Defensive Layering Four layers 1. Network 2. Desktop Network Access 3. Desktop OS / Application 4. Desktop Users

Defensive Layering - Network Monitoring and Blocking traffic as it goes in and out of the network Traditional firewalls Weakness: they don t check the content Intrusion Protection / Detection Systems Checks content Traffic modeling analysis to detect compromise Sonic Wall, Fortinet, Cisco IDS, etc.

Defensive Layering Desktop Network Access Blocking Attacks at the Desktop - Symantec AV & IPS, Spybot TeaTimer - Blocks un-authorized application loading - Uses behavior patterns - Personal Firewalls - Comodo Firewall, ZoneAlarm - Only allows traffic types - Can hide computer from hacker scans - Egress filtering to prevent Trojan use

Defensive Layering Desktop Network Access Windows Firewall Nearly useless pre-vista Features in Vista / Windows 7 Hardened Services User Account Control (less annoying in 7) Windows Defender Drive encryption Can block outgoing traffic

Defensive Layering - Desktop OS / Application Personal Anti-Malware Spybot Search and Destroy, Symantec, MalwareBytes, Windows Defender Looks for known signatures Network Access Control Host based Verify system, configuration, patch level Enforce network policy, quarantine Bradford Networks, Cisco Clean Access, ISS products

Defensive Layers Desktop Users Help them help you. Can t spell Update without U. 1. Keep up with your updates, OS and applications 2. Don t download the latest aquarium screen saver, widget, or other FREE software 3. Use a strong password that isn t written down and/or shared with others.

Top Vulnerabilities Source: www.sans.org/top-cyber-security-risks/#trends

Top Vulnerabilities Web Application Attacks (MS SQL, FTP, SSH, PHP) Windows Conficker / Downadup worms Apple - QuickTime

Top Vulnerabilities Network United State is the target, and the source. Typically, its your web server that has been compromised If it isn t your web server, it could be the web site your surfing.

Top Vulnerabilities - Application

Top Vulnerabilities Zero Day A zero-day vulnerability occurs when a flaw in software code is discovered and code exploiting the flaw appears before a fix or patch is available. Once a working exploit of the vulnerability has been released into the wild, users of the affected software will continue to be compromised until a software patch is available or some form of mitigation is taken by the user.

Top Vulnerabilities The notable zero-day vulnerabilities during past 6 months were: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Microsoft Office Web Components ActiveX Control Code Execution Microsoft Active Template Library Header Data Remote Code Execution Vulnerability Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability Adobe Reader Remote Code Execution Vulnerability Microsoft PowerPoint Remote Code Execution Vulnerability The ease of finding zero-day vulnerabilities is a direct result of an overall increase in the number of people having skills to discover vulnerabilities world-wide.

Frequent Mistakes Too busy to update and back up Use weak passwords, never changed Not having a risk assessment Using default passwords in network gear Forgetting that our desktops have student data that is protected by law, and the press loves that story

Tools that Work Microsoft Updates / Apple Updates Microsoft Baseline Security Analyzer Avast! (free anti-virus) Tune-Up 2010 (www.tune-up.com) Malwarebytes Anti-Malware

Questions? Comments? Michael Ramsey mramsey@dpi.state.nc.us (919) 946-6622 School Connectivity / E-Rate Division NC Department of Public Instruction