120 likes | 273 Views
IT Security Assurance. Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT budi@indocisc.com - budi@cert.or.id http://budi.insan.co.id. Holistic approach. PEOPLE. awareness, skill. PROCESS. security as part of business process. implementation. TECHNOLOGY.
E N D
IT Security Assurance Management of Network and User Behavior Budi RahardjoINDOCISC - ID-CERTbudi@indocisc.com - budi@cert.or.idhttp://budi.insan.co.id
Holistic approach PEOPLE • awareness, skill • ... PROCESS • security as part of business process • ... • implementation • ... TECHNOLOGY
Topology of Security Holes ISP Sniffedfloodspoof Security Holes • Network • OS • Apps. / database Internet Sniffedfloodspoof Sniffedfloodspoof user Web Site Virus,Trojan horse • Applications (database,Web server) attacked • OS attacked Userid, Password,PIN, credit card # www.bank.co.id
Why Network Security? • More companies are connected to the Internet • More attacks are peformed over network. No physical boundary • Question: • how to manage network security? • Can it detect anomalous behaviors?
Rule of thumb: layered protectionan example IDSdetectintrusions Customer(with authentication device) corebankingapplications Internet Internetbankinggateway Web server(s) Firewalprotect accessto web server Firewallprotect accessto SQL
Management Tools • There are plethora of security management tools, but are • not integrated • still difficult to use • still at their infancy stage • But it’s better than nothing, so use the tools!
People • Threats are coming from • Outside • Inside 1999 CSI/FBI Computer Crime Survey Disgruntled workers 86%Independent hackers 74%US Competitors 53%Foreign corp 30%Forign gov. 21%
People • There must be a “security culture” from top to bottom • CEO, C* • … • even janitor! • Awareness is important oops, I accidently unplugged the server
Everybody must know the DOs and the DON’Ts • DO • Change password regularly • … • DON’T • Share password • … • This is part of policy and procedures
Incident Response Team • There should be an IRT in the company • Handles incidents • Users know that they are responsible for their behaviors • Provides security trends in the company to executives • Q: Where should IRT report to?
Still missing in this slides ... • Process • Company’s business process? • Policy & procedures?
Security is a continuous process Manageyour networkand users Concluding Remarks SECURITYLIFECYCLE