2015 NTX-ISSA Cyber Security Conference (Spring) Kid Proofing the Internet of Things

Similar documents
VIA CONNECT PRO Deployment Guide

Additional details >>> HERE <<<

NEW! CLOUD APPS ReadyCLOUD & genie remote access

Wireless Presentation Gateway. User Guide

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Internet. User guide

Certified Secure Computer User

VIA COLLAGE Deployment Guide

Certified Secure Computer User

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Mobile Security: The good, the bad, the way forward

Developing Network Security Strategies

Mobile Printing for Business Made Easy

More information >>> HERE <<<

Course Descriptions November 2014

Information Security Engineering

Justin Kallhoff CISSP, C EH, GPCI, GCIH, GSEC, GISP, GCWN, GCFA. Tristan Lawson CISSP, C EH, E CSA, GISP, GSEC, MCSA, A+, Net+, Server+, Security+

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Deploying Firewalls Throughout Your Organization

Frequently Asked Questions

AVeS Cloud Security powered by SYMANTEC TM

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

IT Networking and Security

BYOD Security Challenges in Education: Protect the Network, Information, and Students

Level 2 Networking, telephony and VoIP for the digital home technology integrator ( ) December 2011

Full version is >>> HERE <<<

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Full version is >>> HERE <<<

Course # CPU 911! A Guide to Office Computer Security

N750 Wireless Dual Band Gigabit Router Premium Edition

Section 12 MUST BE COMPLETED BY: 4/22

Internet and video. User guide

Executive Brief on Enterprise Next-Generation Firewalls

Nighthawk X6 AC3200 Tri-Band WiFi Gigabit Router

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Quick Installation Guide

Did you know your security solution can help with PCI compliance too?

Chapter 4 Customizing Your Network Settings

IT Quick Reference Guides How to Find Your MAC Address

Chapter 15: Computer and Network Security

Quick Installation Guide

GIAC Program Overview 2015 Q4 Version

Firewall and UTM Solutions Guide

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Why you need. McAfee. Multi Acess PARTNER SERVICES

Nighthawk AC1900 WiFi Cable Modem Router

The Future of Business IT Support

SECURITY CONSIDERATIONS FOR LAW FIRMS

Information Security Policy

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

ResNet Guide. Information & Learning Services. Here to support your study and research

Quick Start Guide. Business Wireless Gateway. WiFi Devices. Model Number: DPC3939B. Business Wireless Gateway

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

High-Speed Internet Quick Start Guide

At dincloud, Cloud Security is Job #1

Cox High Speed InternetSM Connect to your online world faster than you can imagine. Plus, access a whole host of tools to make your Internet

What is Bitdefender BOX?

for businesses with more than 25 seats

Bring Your Own Device:

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Quick Installation Guide

Reliance Bank Fraud Prevention Best Practices

Systems Manager Cloud Based Mobile Device Management

AC1600 WiFi VDSL/ADSL Modem Router ac Dual Band Gigabit

AC1200 WiFi High-Speed DSL Modem Router Simultaneous Dual Band Gigabit

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

The Protection Mission a constant endeavor

Finding Your MAC (Ethernet) Address All Device Types

Hardware Requirements

AC1200 WiFi Modem Router Essentials Edition

AC1750 Smart WiFi Router ac Dual Band Gigabit

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Nighthawk X4 AC2350 Smart WiFi Dual Band Gigabit Router

Providing Secure IT Management & Partnering Solution for Bendigo South East College

PCI v2.0 Compliance for Wireless LAN

Network Virtualization Network Admission Control Deployment Guide

Locking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer

Introduction (Contd )

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

The Next Wave in WiFi. 5.3Gbps WiFi Speeds. Industry s First Active Antennas. Fastest Tri-Band WiFi Router. Dynamic Quality of Service (QoS)

For Businesses with more than 25 seats.

CMPT 471 Networking II

Chapter 1 The Principles of Auditing 1

WISE-4000 Series. WISE IoT Wireless I/O Modules

Business white paper. HP Business Helpdesk. System requirements and supported products

Do you know what makes NetSupport Manager so unique?

VPN Configuration Guide. Dealing with Identical Local and Remote Network Addresses

Nighthawk X6 AC3200 Tri-Band WiFi Gigabit Router

Junos Pulse: Securing Today s Mobile Life

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Manitoba Curriculum Framework of Outcomes. Networking & Cyber Security Grades 9 11

Discovering Computers

McAfee Security Architectures for the Public Sector

Cyber Defense Operations Graduate Certificate

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

RuggedCom Solutions for

Remote 2014 Monitoring & Control. Securing Mobile Devices November 7 th 2014

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

4 Steps to Effective Mobile Application Security

Transcription:

2015 NTX-ISSA Cyber Security Conference (Spring) Kid Proofing the Internet of Things April 24-25, 2015 Copyright 2015 NTX-ISSA 2015 Raytheon Cyber Security Company. Conference All rights (Spring) reserved. 1

Why We Want To Lock Down Our Home Networks As Information Security (IS) professionals (or students), we regularly defend enterprise networks General Internet threats - Malware, hackers, identity thieves Threats to and from our kids - The threats our kids bring in Malware, spyware, etc. - The threats against our kids Objectionable content, predators What is important in your Network Castle? April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 2

The Usual Solutions People Use To Do It (PCs) General Controls - Firewalls Perimeter firewall (wireless router) Host-based firewall - Anti-Virus - User Account Controls (UAC) Kid-Specific Controls - Parental controls / Google controls - Kid Safe browsers - Deep Freeze Securing a desktop is easier (but not easy) April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 3

All The Other Devices On Your Network The real problem is all the other devices on your network - With the Internet of Things have you really thought about how these affect the security of your home network? - Were these devices built with security in mind? Devices you or your kids likely have on the network - Tablets (IOS, Android, Chrome, other Linux variants) - Game Systems (Playstation, Wii, Nintendo DS, etc.) - TVs (Linux, Windows, Netflix, Hulu, YouTube, etc.) - Phones (IOS, Android) The Internet of Things is a different matter April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 4

Device Lockdowns Hard lesson learned about these devices - They don t care about your security concerns - At best they have VERY limited content controls - All connected, but no control over Internet content Game systems / TVs - Ratings Controls Android / Linux / IOS - Limited Parental Controls can control purchases - Apple s Restriction Controls (slightly better) - Kid Safe Apps and Browsers April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 5

Locking Down The IOS Apple has some decent controls via their Restrictions settings to make the IOS kid safe on any network Some strategies I use / have used - Don t let the kids install / delete Apps (they hate this) - Disable icloud and Messages (they hate this more) - Disable Safari / YouTube / remove problem apps - Install a kid safe browser - Configure Google parental controls Hacking IOS opens additional opportunities / risks Making IOS kid safe is reasonably doable April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 6

So What Does That Leave Us? What do all these devices have in common? - The home network and Internet Gateway Conventional Router Controls - Basics Encrypt What do wireless all these traffic devices (devices have may in common? limit strength) - MAC The home address network restrictions and Internet Gateway Guest Conventional network Router (if available) Controls - Basics Good ingress screening - Encrypt May have wireless limited traffic egress (devices screening may limit strength) MAC Limit sites address and restrictions times for some / all users Guest network (if available) April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 7

Advanced Strategies For More Security Segment your LAN into security zones - Move high risk / value devices to their own zone - Allows you to apply different access policies Some security zones to consider - Adult Household Member Zone - Hardwired Zone / Finance Zone Consider moving Finance into a VM Segment your LAN into security zones - Move high risk / value devices to their own zone - Allows you to apply different access policies Adult, Visitor, and Kid Zones are my minimums April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 8

How To Implement Security Zones One Router to rule them all - There are MANY possible variants of this Use the existing router as a master device - Leave the DNS the same or use unfiltered OpenDNS - With a dual wireless router this can be Adult + Visitor Add a new wireless router per zone - Connect Wireless APs via wire to master device - If this is to be a filtered network (Kids) then reconfigure the DNS to use filtered OpenDNS Shared network devices like printers are issues April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 9

Advanced Internet Controls At The Network Layer Advanced Internet Access Control is a difficult problem - Devices have very limited controls - Wireless routers are marginally better - Is there another way to provide this filtering? OpenDNS to the rescue (almost) - If you control DNS, you control the Internet* - Devices OpenDNS Wireless Advanced have routers is Internet a very free are limited Access (and marginally paid) controls Control service better is a that difficult provides problem a - filtered Is there / controlled another way Internet to provide experience this filtering? via DNS Free has a bunch of stock settings OpenDNS to the rescue (almost) April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 10

OpenDNS - Living With An Imperfect Solution (1) OpenDNS does not protect mobile devices when they leave your network (tablets, phones, laptops, etc.) - Sorry but I do not think there is a good solution for this - Auditing the device is probably the best work around OpenDNS (paid) can only be used on one Zone unless - It OpenDNS keys off the source IP to decide how things resolve leave - Sorry your but network I does not not (tablets, think protect there phones, mobile is a good laptops, devices solution etc.) when for they this - Auditing the device is probably the best work around Controlling devices off your network is very hard April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 11

OpenDNS - Living With An Imperfect Solution (2) OpenDNS does not stop direct access via an IP - Kids that understand what an IP can be a problem - Kids that know what a hosts file is can still have DNS OpenDNS does not stop direct access via an IP - Kids that understand what an IP can be a problem - Kids that know what a hosts file is can still have DNS OpenDNS works great for devices using DHCP - But if the device lets you change the DNS settings Its not a perfect solution, but works for me April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 12

Questions? April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 13

Presenter Bio <mug shot> Monty D. McDougal is a Raytheon Intelligence, Information and Services (IIS) Cyber Engineering Fellow. He has worked for Raytheon for the last 16+ years performing tasks ranging from programming to system administration and has an extensive web development / programming background spanning 18+ years. His work has included development/integration / architecture / accreditation work on numerous security projects for multiple government programs, internal and external security / wireless assessments, DCID 6/3 compliant web-based single sign-on solutions, PL-4 Controlled Interfaces (guards), reliable human review processes, audit log reduction tools, mail bannering solutions, and several advanced anti-malware IRADs / products / patents. Monty holds the following major degrees and certifications: BBA in Computer Science / Management (double major) from Angelo State University, MS in Network Security from Capitol College, CISSP, ISSEP, ISSAP, GCFE, GAWN-C, GSEC, and serves on the SANS Advisory Board. Monty has previously held the GCIH, GCFA, GREM, GCUX, and GCWN certifications. Monty is also the author of the Windows Forensic Toolchest (WFT). E-mail: Monty_D_McDougal@raytheon.com April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 14

Abstract Kid Proofing the Internet of Things This presentation is intended to address the unique challenges parents face in securing their home networks both against their kids and in order to protect their kids from the evils of the Internet. It is particularly focused on the problems the Internet of Things brings to us as parents. - Why we want to lock down our networks - The usual tools we would attempt to do it with (PC Solutions) - What about all those other devices on your network the real issue - Device lockdowns - Wireless Router / security zoning - OpenDNS and why it may be your best friend in this fight - Living with an imperfect solution April 24-25, 2015 2015 NTX-ISSA Cyber Security Conference (Spring) 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information