Hack Proofing Your Organization

Similar documents
FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Building A Secure Microsoft Exchange Continuity Appliance

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

SANS Top 20 Critical Controls for Effective Cyber Defense

Cisco Advanced Services for Network Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

DTR Business Systems, Inc. Rene Beltran

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Client Security Risk Assessment Questionnaire

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Cybersecurity Governance Update on New FFIEC Requirements

Jort Kollerie SonicWALL

Move over, TMG! Replacing TMG with Sophos UTM

INFORMATION SECURITY TRAINING CATALOG (2015)

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Networking: EC Council Network Security Administrator NSA

Our Cloud Offers You a Brighter Future

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

CMPT 471 Networking II

McAfee Network Security Platform Administration Course

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Altus UC Security Overview

Why The Security You Bought Yesterday, Won t Save You Today

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Are you prepared to be next? Invensys Cyber Security

Chapter 1 The Principles of Auditing 1

Print4 Solutions fully comply with all HIPAA regulations

Critical Controls for Cyber Security.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Passing PCI Compliance How to Address the Application Security Mandates

Stable and Secure Network Infrastructure Benchmarks

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Information Security for the Rest of Us

Security Features: Lettings & Property Management Software

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Load Balancing & High Availability

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department

Introduction: 1. Daily 360 Website Scanning for Malware

Remote Services. Managing Open Systems with Remote Services

Network Security Administrator

Security Policy JUNE 1, SalesNOW. Security Policy v v

Network Security Monitoring

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

U06 IT Infrastructure Policy

Secondary DMZ: DMZ (2)

DPS HOSTED SOLUTIONS

2016 TÜBİTAK BİLGEM Cyber Security Institute

Network Instruments white paper

INCIDENT RESPONSE CHECKLIST

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

INFORMATION SECURITY TRAINING CATALOG (2016)

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

Defending Against Data Beaches: Internal Controls for Cybersecurity

Sygate Secure Enterprise and Alcatel

MXSweep Hosted Protection

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

INFORMATION SECURITY FOR YOUR AGENCY

ABB s approach concerning IS Security for Automation Systems

Clean VPN Approach to Secure Remote Access for the SMB

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How are we keeping Hackers away from our UCD networks and computer systems?

Presented by Evan Sylvester, CISSP

Protecting Your Organisation from Targeted Cyber Intrusion

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Network Security. Intertech Associates, Inc.

Payment Card Industry Self-Assessment Questionnaire

Overview. Firewall Security. Perimeter Security Devices. Routers

H.I.P.A.A. Compliance Made Easy Products and Services

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Information Technology Solutions. Managed IT Services

Network Access Control ProCurve and Microsoft NAP Integration

Unified Threat Management, Managed Security, and the Cloud Services Model

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

A Decision Maker s Guide to Securing an IT Infrastructure

Simple security is better security Or: How complexity became the biggest security threat

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

The Protection Mission a constant endeavor

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

Compulink Advantage Online TM

Stronger than Firewalls And Cheaper Too

Information security controls. Briefing for clients on Experian information security controls

Transcription:

Hack Proofing Your Organization

Who am I Gary Bates Director of Information Services for the City of Harker Heights Microsoft Certified System Engineer Microsoft Certified Information Technology Professional Enterprise Administrator Certified Ethical Hacker v8 EC-Council Certified Hacking Forensic Investigator Certified Cisco Network Professional Master Degree in Information Security Finishing my dissertation.

Who am I Just made a lot of mistakes.

What do you mean Hack Proof? A more correct term would be Hack Resistant Utilizing best practices to make the City an unlikely target of opportunity

Layered Security 6 Tenants External Defense Internal Defense Monitoring and Validation Policy and Procedures User Training Disaster Mitigation and Recovery

External Defense Hardware Devices (UTM, Firewalls, IPS, etc..) Offsite or Outsource Information Hosting (Email, Web, Payment Gateways) Hosted Defenses (Anti-Spam, Anti- Virus, etc)

External Defense - Hardware Firewalls Early days this was the defense IPS\IDS Gateway Filtering Devices Content Filtering and Protection Outsource Hosting Email, Web, Payment Gateways

External Defense - Hardware Today Next Generation Firewall\Gateway Devices What to look for: Active Firewall Gateway Antivirus Intrusion Prevention Content Filtering Application Control SSL Inspection Adequate throughput for your Enterprise Reporting

External Defense - Outsourcing Geographically dislocates your Network Signature. Choose a Tier 1 provider such as: Microsoft Office 365 Amazon Web Services Or Choose a Provider that uses a Tier 1 backend.

External Defenses Hosted Defense Helps reduce the bandwidth impact. Helps masks your end-point. Reduces operational burden.

External Defense Augment Your Threat Information Join the Multi-State Information Sharing & Analysis Center http://msisac.cisecurity.org/ SANS.ORG is a wealth of security information.

Your Network External Defense Use a good quality UTM \Advanced Firewall Offsite services when possible. Use hosted defense partners as applicable. Augment your rule set with known threat information.

Internal Defenses System Anti-Virus System Firewall Automated Updates User security levels Proper Hardware

Internal Defense AntiVirus Avoid free versions or home versions of antivirus software No centralized control Violates the licensing agreement No reporting Corporate Version Centralized control allows for policy and definitions to be pushed to all systems Reporting allow for the immediate notification of a problem. It also allows for trending.

Internal Defense System Firewall Is your system firewalls turned on? If not, why not? Helps stops the localized spread of viruses from one system to another. Helps prevents a compromised system from accessing another system on the network. Same goes for servers.

Internal Defense Automated Updates Utilize a system for deploying and ensuring the deployment of Updates Look for a system that will push third party updates Adobe Flash, Java, etc. Push the updates at night and silently. Reports progress of update deployment

Internal Defense User Security Control ALL users should be standard users on their everyday system. This includes IT professional. IT professional are not exempt from viruses. Look for workarounds for applications before giving out administrative rights. Restrict users access rights only to the network folders required to do their job. Never map network administrators network drives.

Internal Defense Proper Hardware Stay away from Home User equipment WiFi Access Point\Gateway Use equipment that can authenticate personnel independently Avoid Shared Keys Radius Server Network Policy Server (NPS)

Your Networ k Internal Defense Use a Corporate Version for Antivirus Enable Windows Firewall Practice good user controls. Use Professional Grade Equipment.

Monitoring and Validation Centralized Log \ Management Server Internal Nodes \ Trigger Points Penetration Testing \ Red Team Exercises

Monitoring and Validation: Centralized Log \ Management It should be a one stop shop for isolating server \ network issues. Provide for rule based customization and event notification Examples: System Center Operation Manager Open NMS \ OSSIM SolarWinds Server and Application Monitor \ Orion

Monitoring and Validation: Centralized Log \ Management National Institute of Standards and Technology Computer Security Resource Center (csrc.nist.gov) Publication 800-123

Monitoring and Validation: Internal Nodes \ Trigger Points Monitoring switches \ network devices for abnormal network traffic Configure monitor ports on network uplinks. Utilize a IDS solution or Network Analyzer to evaluate traffic patterns Rule based notification and\or automated measure

Monitoring and Validation: Internal Nodes \ Trigger Points SNORT (www.snort.org) Open Source \ Yearly Subscription Excellent IPS that has been around since the late 90s Suricata (suricata-ips.org) Ran by Open Information Security Foundation Multiport Advanced Firewalls.

Monitoring and Validation: Internal Nodes \ Trigger Points Example of what to monitor for: IP Addresses that are listed as potential malware sites IP addresses that are listed as a CryptoLocker \ Variant site Network traffic on port 164, 6667, 6668, 6669 or 7000 SMTP traffic to IPs other than your email server or host. MS-ISAC sends out lists of known malware sites.

Monitoring and Validation: Penetration Testing \ Red Team Exercise Penetration Testing Black Hat \ White Hat \ Gray Hat External Testing by an experienced Security Firm is the Best Practice

Monitoring and Validation: Penetration Testing \ Red Team Exercise Network Validation Kali Linux (https://www.kali.org/) Wireless Validation and Sniffing Network Sniffing Password Cracking Wireshark(https://www.wireshark.org/) Monitor Network Traffic Cain & Abel \ Net Stumbler

Monitoring and Validation: Penetration Testing \ Red Team Exercise Red Team Exercise Simple or Complex Social Engineering Exercise to Validate User Training Examples: Sending users spoofed emails asking for network credentials Setting up a spoofed website and requesting user information Third party security provider can provide this service, too.

Your Network Monitoring & Validation Make use of a Centralized Log Management System Setup Internal Nodes \ Trigger Points Make use of Penetration Testing or Network Validation

Policy and Procedures Policy and Procedures are the law of the land. Govern acceptable use and protocols. Examples: Network\System Use Policy Remote Access Server\Network Change Policy Disaster Mitigation Recovery

Policy and Procedures: Network\System Use Should cover: Standard user accounts Network Access Acceptable Use Password Policy Signed by incoming employees during HR inprocessing.

Policy and Procedures: Remote Use This policy governs remote access of City\County\Etc resources Outlines the criteria for access Include only using government equipment Resources required during remote sessions. Outline third party remote access Includes only having monitored access, etc

Policy and Procedures: Server\Network Change Policy Includes the criteria for making a change to a server\network node. Log sheet for each server or network device. -- Ensures proper accountability. New software should be vetted in a test environment first, before being approved for production.

Policy and Procedures: Disaster Mitigation and Recovery Policy should cover: Natural Disasters (Tornado, Fire) Internal Compromises (Virus, Hacking, Data Theft) External Compromises (Physical Theft) Policy should be specific as far as who to contact, who should make the contact. What information needs to be collected.

Policy & Procedures Your Networ k Policy are the law of the land. A well written policy is your CYB Vet your policies through legal, etc.

User Training Users are your weakest link. The best security systems is of little value if the user lets the bad guys in. User Training should be an annual hands on event. Coupled with monthly security reminders and updates.

User Training Annual Event Included with our City s Annual Sexual Harassment\Safety Training Do not have to make them security experts. Just cover the current trends. Such as HTML credit card phishing. Resources: Cissecurity.org Staysafeonline.org SANS.ORG (Securing the Human paid resource.)

User Training Your Networ k Should be an instructor led class Should be an annual event Send out tips and awareness information throughout the year.

Disaster Mitigation & Recovery Backup \ Recovery Natural Disaster Malware Outbreak Theft of a Device

Disaster Mitigation & Recovery: Backup \ Recovery Backup Plan Determine data loss acceptable levels Validate data loss levels against financial resources. Implement a backup solution Utilize a enterprise solution with reporting. Validate solution routinely. Includes both local backups and remotely stored backups.

Disaster Mitigation & Recovery: Natural Disaster Natural Disaster Recovery Plan: Determine what is the acceptable data loss in a natural disaster. Determine acceptable downtime Determine critical workers Determine critical applications\servers Validate plan against financial resources.

Disaster Mitigation & Recovery: Natural Disaster Pre-stage equipment Amount equipment is determined by maximum amount of critical users. Server\Switches\Desktops should all be plug and play configurable if applicable. Application should be preinstalled if licensing allows it. If not, make sure your backup software is performing a barebones backup.

Disaster Mitigation & Recovery: Natural Disaster Test, Evaluate and Update Test your recovery deployment plan. During this time, evaluate for weakness Update system software to current patch levels, if applicable. More information can be found in NIST publication: 800-34 and 800-84

Disaster Mitigation & Recovery: Malware Outbreak \ Compromised System Notification is the key to mitigating a malware outbreak. If one system alerts; then we shut the one system down. We verify the audit logs to see what our next step should be. If more than one system alerts; we shutdown the network subnet.

Disaster Mitigation & Recovery: Malware Outbreak \ Compromised System www.cert.org has an excellent first responder book for security incidence. It specifically talks about how to forensically secure a system. MS-ISAC and CERT\CC are excellent resources to reach out to in the event of a large event.

Disaster Mitigation & Recovery Your Networ k Determine your backup plan Practice Your Disaster Recovery Plan. Know Federal Agencies that can help out.

Questions? Your Networ k

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information