250 likes | 276 Views
Cybersecurity Strategy. Andrew H Holden. Sixteen years in IT Network/Systems Administration & Engineering Information Systems Security Virtualization & Cloud Implementation On-site, cloud, and hybrid infrastructure Associates degree - Information Systems Security
E N D
Andrew H Holden • Sixteen years in IT • Network/Systems Administration & Engineering • Information Systems Security • Virtualization & Cloud Implementation • On-site, cloud, and hybrid infrastructure • Associates degree - Information Systems Security https://www.linkedin.com/in/andrewhholden
Agenda • Objectives of security • Typical risk-based security strategy • Threats • Awareness • Endpoints • Servers • Network • Various Tools
Typical Risk-Based Security Strategy Single Loss Expectancy * Annualized Rate of Occurrence = Annual Loss Expectancy • What assets exist and what is their value? • What threats exist? • What vulnerabilities exist? • What is the cost of a threat exploiting a vulnerability? (SLE – Single Loss Expectancy) • What is the frequency that a threat will exploit a vulnerability? (ARO – Annual Rate of Occurrence)
Threats Social Engineering Malicious Insiders Mistakes Physical Threats Botnets DDoS Spam & Malware Email Attachments Viruses Ransomware Script Kiddies
Threats Hacktivists APTs
Educate Users • https://www.wombatsecurity.com/ • https://www.knowbe4.com/ • http://www.securitymentor.com/
Endpoints • Endpoint antivirus, spyware, malware protection • Trend, Symantec, etc. • Malwarebytes • Cylance (next-generation AV uses AI) • OpenDNS Umbrella (now Cisco Umbrella) • MS Enhanced Mitigation Experience Toolkit (EMET) • No local admin rights for users • Enforce updates for Windows and third party • Disable flash in non flash-integrated browsers • Disable autorun for DVDs and flash drives
Servers • Rename and disable domain and local administrator accounts • Disable unused user accounts • Don’t store LAN Manager hashes • Use shadow password files • Disable weak encryption protocols and hashes • Enable host-based firewalls • Install patches • Perform vulnerability assessments
Vulnerability AssessmentInternal and internet-facing servers • https://www.ssllabs.com (check for weak encryption protocols) • https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project (OWASP ZAP Vulnerability scanner) • https://app.upguard.com/webscan (complete web server analysis)
Network • Firewalls aren’t just firewalls anymore • Gateway antivirus • Anti-malware and anti-spyware • Intrusion detection and prevention • Block all outbound ports except needed • Filter out countries where you don’t do business • Centralized logging all firewall traffic between zones Security Appliances
Network • Two-factor authentication • VPNs • Web applications • Office 365 & Azure • Strong passwords and encrypted authentication • Unique for each device • Firewalls, switches, routers • Controllers, APs, management portals • Enforce password and lockout policies
Network Network segmentation • DMZs and VLANs
Wireless • Use a guest wireless LAN • Isolate clients • Internet access only • Don’t use weak authentication and encryption • WPA2 (PSK) and AES if you must • Better to use WPA2 Enterprise, RADIUS & EAP • Avoid vulnerable technology like WEP and TKIP • Centralized logging
Email Filtering • http://www.appriver.com • Block SMTP from computers that aren’t supposed to be sending mail
Privileged User Accounts • Don’t use privileged accounts for everyday use • Change service account passwords regularly • http://www.cyberark.com/solutions/by-project/privileged-password-management-control/ • https://thycotic.com/ • https://www.beyondtrust.com/products/powerbroker-password-safe/
Backups • Don’t get caught without it when you need it • Physical servers • Virtual machines • SANs • Network attached storage • Server file shares • Desktop and laptop computers • Single purpose computers • Cell phones & tablets
Links • http://www.social-engineer.org/ • https://blog.knowbe4.com/ • https://www.nomoreransom.org/ • https://www.virtru.com/get-secure-email/ • http://mxtoolbox.com/NetworkTools.aspx • https://www.kali.org/ • http://passwordsgenerator.net/ • https://zeltser.com/suck-at-security-cheat-sheet/ • http://www.darkreading.com/ • https://zeltser.com/suck-at-security-cheat-sheet/