1 / 48

Security today

Security today. SECURITY BASICS EVERYONE NEEDS TO KNOW. Yes …. It CAN happen to you. Fact. Percentages of organizations that have suffered a data breach.. Source: 2012 Trend-Micro Sponsored Ponemon Institute Study. Cost of a Successfully Breach. Fact.

graceland
Download Presentation

Security today

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security today SECURITY BASICS EVERYONE NEEDS TO KNOW

  2. Yes…. It CAN happen to you Fact Percentages of organizations that have suffered a data breach.. Source: 2012 Trend-Micro Sponsored Ponemon Institute Study.

  3. Cost of a Successfully Breach Fact A successful breach WILL affect your bottom line. Avg. Cost of a Single Successful Data Breach Source: IBM Sponsored Ponemon 2014 Study $3.5 Million

  4. Additional Statistics • 25.54% of resources used to conduct attacks reside in the US, with another 19.44% residing in Russia. • Regarding Malware, the US has a local infection rate of 38.1% • Main vulnerability in 2013 was Oracle Java with 90.52% of attacks directed at it. • Mobile Security is a growing concern with AV manufacturers, such as Kaspersky, who now has 148,778 malware samples in collection. • 98.05% of mobile malware is targeted at Android. Source: Kaspersky Security Bulletin 2013: Overall Statistics for 2013.

  5. How do we keep this guy out?

  6. Agenda

  7. Password Best Practices

  8. Implement a password policy • Simple and lots of bang with no cost.

  9. What is in a Password Policy? • Defined length. • Defined Strength. (Special Char. Etc) • Account lockout policy • Reset time

  10. Password Rules • Length more important than complexity. • Less chance of brute force • Long phrase is easy to remember. • Special characters and/or numbers are encouraged. Example Bad: p@ss1 Good: ThisIsMyNetworkPassword788

  11. Brute Force Information Password Length Combinations • A 7 character password would take Approx. 20 years to crack. *Source: ZDNET article by GeryMenegaz. Link at end of Preso.

  12. Passwords longer than 7 Char.? Yes…. Why bother you ask? • Enhanced computing power continues to grow. • Bruce Force “farms” are becoming a reality. • Quantum computing isn’t that far off. • Outside of brute forcing, most people don’t think of entire phrases as passwords.

  13. Example of new tools available

  14. Reset Time How often should passwords be changed? • Standard users recommendation of 3 months. • Administrative and power users, more often.

  15. Account lockout policy • Helps during a brute force attack by locking an account after X failed attempts. • Prevents unlimited brute forcing by “Script Kiddies”

  16. Multifactor Authentication • Good way to harden security. • Required for some industry verticals. • Multiple mediums available such as RSA keys and Thumbprint scanners.

  17. Internal Password Access • Limit access to mission critical credentials. • Limit who is authorized to modify passwords • Train users to NEVER share their passwords. Even with Admins. • Configured workstations screen lock timeout.

  18. Most of all……. If it doesn’t seem like a good idea, it probably isn’t. Use Common Sense!!

  19. Patching and Updates

  20. Patches? They break things right? Yes Breakage occurs from time to time…… but, • Patching is the single most important thing you can do to secure your network.

  21. Windows Patching Servers and Workstations can be kept up to date with several tools • Windows Update on individual machines • WSUS for mass updates • System Center for Enterprise Level. • Managed Services Utilities

  22. Mac Patching • Mainly stuck with the software update utility built into the OS. • Apps can be updated en masse via the App Store.

  23. Third Party Patching Most vulnerabilities will occur in 3rd party applications. It’s just a fact of life. The Big Three Oracle Java Runtime* Adobe Flash Adobe Reader/Acrobat Critical that these add-ons are updated REGULARLY!

  24. Firewalls and Network Devices To insure security at the network entry point and route points, network devices must also be updated on a regular basis. • Firewalls will each have their own individual update methodologies. • Same goes for switches and routers depending on make/model. • Cisco and HP may have mass update features.

  25. Infrastructure Security

  26. What does “Infrastructure” mean? • Servers and Computing Nodes • Network Firewalls, Routers, and Switches • Storage (SAN, NAS, File Permissions) • Endpoints

  27. Server Security • Patching • User access limited depending on role. • Web facing servers should be located in a DMZ with only the needed ports. • Great care should be taken with your Directory Services infrastructure.

  28. Firewalls, Routers and Switches While less likely to be compromised, these devices do run OSs just like anything else. Thus they have their own vulnerabilities. • Firewall and routing rules should be short and sweet. Less room for error. • Routers are NOT firewalls!! • Security/Rule audits should be performed. • Advanced features are available such as IPS, Entrypoint AV scanning…etc…etc.

  29. Storage Security Data is of paramount importance. Data = Your organization • SANs and NASs should be updated on a regular basis just like any other network device. • If using iSCSI, IP traffic should be segmented from the production network. • Strict file permissions need to be in place on file shares. • Name-Based Enumeration should be used

  30. Laptops and mobile devices. • Data on mobile devices should be limited. • If data needs to be on the device, encryption tools such as Bitlocker should be enabled.

  31. Systems Use and Management

  32. Manage Securely How can we manage and use our infrastructure securely yet efficiently? • Administrative access needs to be limited to only those that NEED it. • Password policy is doubly important for administrative users. • Segment out roles as much as possible to allow for multiple eyes on most issues.

  33. Tools and Applications What apps are most secure to use for the task at hand? • Avoid 3rd party apps when possible. • Used certificate/identity signed tools whenever feasible • For web based utilities ALWAYS use HTTPS. • Platform specific tools are best From a security perspective.

  34. Change Control Process Simple, but so very important. • Track security changes made both at the user and the object level. • Some industry Regulations require this for paper-trail purposes. (PCI, HIPPA…etc..etc) • Increases accountability

  35. Social Media Security

  36. For use at home only right? Wrong! To the disdain of System Admins everywhere, social media is being used more and more for business and marketing. What can we do, to enable these services in a secure way for the users that need them?

  37. Protect your network • Services should filtered only to the people that have a business use for them. • All other users should not have access. • Can be done via IE policy filtering or at the firewall level. This step will also see a significant reduction in viruses/malware as many hackers use social services as the primary vector of attack.

  38. Protect your users In many cases, blocking access to these services could potentially save users from themselves. • Many online identity thefts occur as a result of the use of social media. • Younger users may not fully realize what they are doing. This is especially true in the K-12 Education sector.

  39. If they REALLY need to have it Damage can be mitigated via: • Strict firewall and Anti-Virus use. • User Education.

  40. Current Trends in the Industry

  41. Current Trends The basic concepts continue to remain the same, with hackers finding new workarounds to complete the same objective. • DDOS attacks continue to be prevalent. • Heartbleed • The Return of Ransomware • Beware the Fake-Antivirus virus • AV by itself just isn’t up to the task anymore

  42. DDOS Attacks Sadly, this type of attack is still quite difficult to protect against and easily executed by the attacker. • Websites are available to people in the right circles to easily commit a DDOS attack. • Expensive load balancers and/or services with your ISP may be the best route in combating this type of attack. • Some routers are better than others.

  43. Heartbleed OpenSSL vulnerability that affected 30% to 40% of the Internet. • Most major websites have already been patched. • Recommended to change passwords on all web accounts if your unsure which accounts were affected. • More information at Heartbleed.com

  44. The Return of Ransomware Not seen regularly for many years, Cryptolocker has brought back ransomware in a very malicious way. • Vector of attack tends to be e-mail. • The only foolproof protection is user training, and preventing the use of several file extensions and/or the execution of files from within the user profile. • Once infected you must restore from backup or pay the fee.

  45. Beware the Fake-Antivirus Virus One of the most common ways that Credit Card information is stolen.

  46. AV just isn’t enough anymore Finding in a lot of cases that supplementing AV protection with an anti-malware solution greatly enhances protection. • Workstations need to be beefy enough to deal with the extra load. • More time will be spent scanning and potentially affecting the end user. • Detection rates have been shown to drop however.

  47. Wrap Up Useful Links http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.html http://www.zdnet.com/brute-force-attacks-beyond-password-basics-7000001740/ http://technet.microsoft.com/en-us/library/cc766295(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc784710(v=WS.10).aspx http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/ http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-security-guide.pdf http://syrewiczeit.com

  48. Thank You! Contact: Andy Syrewicze Virtual Systems Administrator asyrewicze@trivalentgroup.com Twitter: @asyrewicze Blog: http://syrewiczeit.com 616-222-9200 616-222-9300 www.trivalentgroup.com

More Related