170 likes | 322 Views
Three Tier Approach to Security. Chuck Dettlaff Engineer, Salesmen, Scoutmaster Jan 29, 2009. Why do we care about security?. Jan 2007 - TJ Maxx, wireless breach Sept 2008 – Country Wide employee theft Jan 2009 - Heartland Payment Systems, database hack.
E N D
Three Tier Approach to Security Chuck Dettlaff Engineer, Salesmen, Scoutmaster Jan 29, 2009
Why do we care about security? Jan 2007 - TJ Maxx, wireless breach Sept 2008 – Country Wide employee theft Jan 2009 - Heartland Payment Systems, database hack
Who should care about security in an IT environment? IT Staff CEO, CFO Janitor Everyone!
A Three Tiered Approach Edge (Network) Server (Application) Desktop (User)
What do I gain? Known (Base-line) behavior Control and Insight Ease of trouble shooting
What is the cost of being Proactive vs. Reactive? A 36 hour outage results in $1million loss for a $5 million dollar company Lost Opportunity Costs Loss Of Reputation Upset customers & staff A complete security overhaul costs less than $150,000
Edge (Network) IDS/IPS Firewall Access Control List Radius Server
What am I looking for? Equipment - Easy to mange, full application support Training – SANS, Manufacturer, Cyber Security Class Forensics – source IP address large data transfers black list slow network
Server (Application) Access Control List Default db password Unload unnecessary modules Stop unused services
What am I looking for? Equipment - You and OS Maker Training – Microsoft or Linux, Black Hat Forensics – foreign service slow CPU trusted.org
Desktop (User) Personal Firewall Antivirus Backups
What am I looking for? Equipment - McAfee, Symantec, Trend ANYONE! Training – Internet news groups Forensics – slow response lots of windows open magically weird services running Applications will not start
Careers in The Security Security Analyst Network Manager System Admin Desktop Jockey Stress & Salary
Careers in The Security OSBI, OBN Larger State Agencies Equipment Manufacturer Commercial Enterprises
Where do I get Training? Computer Forensics, Investigation, and Response Monday, January 26, 2009 - Saturday, January 31, 2009 NSF awards Oklahoma $3 million cyber security grant
Thank you! Let’s Eat Pizza! Chuck.Dettlaff@peakuptime.com