290 likes | 398 Views
Cyber Criminal Methods & Prevention Techniques. By Larry.Boettger@Berbee.com Matt.Jach@Berbee.com. Meeting Agenda. Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation Costs. FBI / CSI Statistics.
E N D
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Matt.Jach@Berbee.com
Meeting Agenda • Trends • Attacker Motives and Methods • Areas of Concern • Typical Assessment Findings • ISO-17799 & NIST • Typical Remediation Costs
FBI / CSI Statistics • Every Year Dollars are Lost due to Cyber Criminal Activity • Greatest Loss = Proprietary Information • Second Greatest Loss = Denial of Service
Confidentiality Integrity Availability Elements to Protect Security Availability
Cyber Criminals Motives • Financial Rewards • Politics • Show Off • Personal Gratification • They know they can
Intruder Methods • Web Site Research • User Groups • Email Staff • Call Modems • Read Trash • Impersonated Someone You Trust • Scan Your Systems • War Drive Your Wireless
Intruder Methods Cont. • Use Known and Unknown Exploits • Viruses, Trojans & Worms • Phishing • Attack Partner Networks to Gain Access to Yours • Sniff Your Traffic • Brute Force Passwords • Spam You • Denial of Service
Most Common Items to Protect • Intellectual Property • Customer’s And Staff’s Privacy • Confidential Data • System Availability • Reputation • Regulatory Challenges
Assessment Benefits • Roadmap • Establishes Baseline • Strengthens Security • Provides Due Diligence • Efficient Formal Audits • Finds the Weak Areas
How To Identify and Prioritize Risk • Holistic Approach • Comprehensive reviews (infrastructure, server, application, etc.) • Based on Organizational Security Policy, and taking full life cycle into account • Consider people and processes, as well as technology • Sensible, accessible documentation • Helpful to executive decision-makers: explanation of risk in business terms • Helpful to managers: project plans, prioritization of tasks • Helpful to technical staff: clear standards, specific recommendations • Threat Modeling • Identifying assets • Identifying threats • Making qualitative (or quantitative) assessments of risk
Top Ten Security Risks • Policies & Procedures • Security Awareness • Access and Authorization • Patch Management • Mis-Configured Systems & Applications • Encryption & Digital Signatures • Incident Handling Processes • Disaster Recovery & Business Continuity • Physical Safeguards • Intentional Bypassing of Security Controls
Security Policies • Communicate Your Organizations Commitment to Security • Provide a Baseline and Roadmap for Security Controls • Demonstrate Due Diligence • All Pertinent Security Control Information Communicated • Realistic – Manageable • Enforceable
Security Awareness • A well trained user will assist your security efforts • Time needs to be invested in user training • A well trained user usually requires less help desk support
Access & Authorization • Weak Passwords • Sharing Accounts • Not Enforced • Easy to Exploit • Prevention • Strong Security Policies • Utilize OS Complex Password Configuration • Implement Technical Authorization, Authentication and Accounting Mechanisms (AAA) • Implement Two-Factor Authentication
Patch Management • Hard to Manage • Less Window of Opportunity • Exploits are coming too fast • Can Break System • Require Resources • Prevention • Strong Patch Management Mechanisms – Automate • Add Intrusion Prevention Mechanisms
Mis-Configured Systems • Assure only needed or updated Services • Strengthen SNMP Strings • Secure Wireless Networks • Remove Default Settings • Filter Outgoing Access at Firewall
Encryption / Digital Signatures Protects Against: • Forging • Impersonation/ Spoofing • Eavesdropping • Intercepting • Denial of Receipt or Send (Non-Repudiation)
Incident Handling Process • Intrusion Prevention/Detection • Anti-virus Mechanisms • Logging/Auditing • Strong Policies and Documentation
Disaster Recovery & Business Continuity • Formal Plan • Prioritized Systems • Standard Backup Process • Tested Backups • Redundant Systems
Physical Safeguards • Visitor Badges • Building & Data Center Access/Monitoring • Fire Prevention/Suppression & Detection • UPS Testing and Load
Intentional By-Passing of Security Controls • Installing • Modems • Wireless Networks • Gotomypc or other remote access items • Unauthorized Software – Games, Screensavers, etc • Prevention • Strong Security Policies • Centralized and Managed Intrusion Prevention Mechanisms • Implement Network Admission Control
Importance of NIST & ISO-17799 • National Institute of Standards & Technology Referenced Throughout Most Regulations • Policies and Procedures Are Critical to NIST Best Practices • ISO-17799 is Industry Recognized Standard for Security • ISO-17799 Covers 10 Areas of Security • Each ISO-17799 Area Has Individual Security Items • If You Follow NIST and ISO-17799 You Would Have a Strong Security Posture and Should Pass Almost Every Audit • Combine NIST 800-26 Levels and ISO-17799
ISO-17799 Covered Areas • Security Policies • Organizational Security • Asset Classification & Control • Personnel Security • Physical and Environmental Security • Communications & Operations Management • Access Control • System Development & Maintenance • Business Continuity Management • Compliance
NIST Legend • Level 1 – control objective documented in a security policy • Level 2 – security controls documented as procedures • Level 3 – procedures have been implemented • Level 4 – procedures and security controls are tested and reviewed • Level 5 – procedures and security controls are fully integrated into a comprehensive program.
Remediation Costs • It is important to budget for remediation • A security assessment without remediation efforts is a waste of time and money • Remediation usually involves resource time and product cost • It is important to budget for one time and reoccurring costs
Remediation – First Steps • Prioritize Risks and Remediation Steps • Align Business and IT Strategies • Establish Resources – Internal, External, Products • Establish Internal SLAs between IT and Business Units
Internet Links & Question/Answers Thank You • www.berbee.com • www.cisco.com • www.ibm.com • www.microsoft.com • www.rsa.com • www.gocsi.com • www.sans.org • www.nist.gov