210 likes | 352 Views
The Information Security Jigsaw The Technical perspective. John Carr Senior Manager Information Security Cap Gemini Ernst & Young. Technical Security. Procedural Security. Security Operations. Physical & Personnel Security. Risk Management. What kind of jigsaw?. Content. Introduction
E N D
The Information Security JigsawThe Technical perspective John Carr Senior Manager Information Security Cap Gemini Ernst & Young
Technical Security Procedural Security Security Operations Physical & Personnel Security Risk Management What kind of jigsaw?
Content • Introduction • Why its so important • The risks • Is it for real? • What happens if it goes wrong • The Solutions on offer • Conclusions
Introduction • Security is now in the forefront of corporate planning and management • No sectors can exclude themselves now • Need to communicate means proliferation of external connectivity on a global scale • Greater need to establish the risks • Need for a mix of solutions - this is the technical component!
Why Security is so important • Security is a key business enabler, particularly in e-space • All enterprises are at risk to and this is increasing • Business change can be a dangerous venture without considering security risks • Public facing organisations require evidence of due diligence • If there are problems people will find out • Management accountability is high, so is peace of mind • Preventing problems is cheaper than fixing them or recovering from them
The Risks (1) • Risks to the network • Threats - Hacking, Leakage, DOS, Malicious Code, Misuse of Resources, Abuse • Vulnerabilities (weaknesses in O/S protocols, degree of resistance to attack) • Impacts (frauds, modification) • Privacy issues (browsing, cookies, logs) • Use of Wireless LANs
The Risks (2) • Risks of connecting with other peoples networks • You have no Control; Back doors to hostile environments; Different architectures; Difficulties in securing the links. • Other Risks • Human errors • Other theft • Sabotage • Environmental failure
In the News The White House Marks & Spencer Barclays On-line Amazon (Privacy) Consumers Association (Which) Yahoo Norwich Union Case Studies City Financial Institution The virus attack from hell ! Global Media Corporation All comms traffic through a single multiplexor without access control ! Global Automotive Co. What do you mean this technical architecture won’t work - its costing us ££ ! Is it for Real?
Is it for Real? An infection occurred despite tight anti-virus controls, multiple products & platforms, strong management and a strict culture Yet a virus still got in and infected 30 odd PCs internally before clean up Thankfully, one of their exiting gateways picked it up and stripped it out of approximately 100 mails bound for clients, business associates etc etc. Phew!!!!!! But it put a note to that effect in the message! ARRGGH!! • The cause of the problem?
Real Events do Happen! • Use of Web based mail hosts • Use of Web based mail hosts which don’t scan for viruses either coming in or going out • Use of Web based mail hosts that use SSL to encrypt the session! • So the incoming checker couldn’t identify the virus!
What Happens if it goes wrong? • If your information is corrupted, you can’t do billing or other financial work • If bill presentment was compromised then key customers could be lost • If your information is out of date or inaccurate you may injure individuals or mislead clients • If your information is disclosed without authority you could face legal or regulatory penalties • If you contract a network virus, you may have to close your entire network and be almost unable to operate • If your systems fail then you can’t do business transactions • IF YOU DON’T PROTECT YOURSELF YOU MAY NOT HAVE ANYTHING LEFT TO PROTECT
Solutions! • Anti Virus Regimes • Intrusion Detection Systems • Artificial intelligence • Use of trusted products & services • Audit collection, analysis and interpretation • Firewalls & routers • PKI??? • Wireless LANs…………...
Anti-Virus regimes • Scanners are not enough on their own • Function specific and different • Culture need • Update capabilities • Holistic software • AI??
Intrusion Detection Systems • Perimeter monitoring • System tools • Interception • Intrusion alert • Configuration critical • Overheads
Artificial intelligence! • Is here now! • Systems to detect irregular patterns in system activity • Machine created profile/footprint • Alert capability • Not able yet to detect right and wrong
Trusted Products • Old Orange book from US • UK ITSEC for government • Common Criteria now for EU, US Canada, Australia etc. • Kite Mark equivalent for anti-virus s/w • Commercial schemes?
Audit • Collection capabilities long standing • Real time monitoring and alert possible • Analysis tools available • Tight regimes are labour or machine intensive • Need for interpretation (AI??)
Firewalls & Routers • Network protection • Filtering capabilities • Intelligent routers • Positioning • Configuration • Degree of trust
PKI • The great saviour? • Digital Certificates - authentication OK but alternatives exist • Digital Signatures - trust, assurance OK • Encryption - confidentiality - not really! • Too costly to implement and manage • Uncertain future
Wireless LAN’s • The great issue at the moment. • How to secure something that does not lend itself to security? • Short range repeaters • Screening - Ugh!!! • Back door bolted • MAC Address filtering
Conclusions • There are many technical risks and they are increasing and evolving. • There are solutions but not panaceas • You can only defend against that which you know • Technical security is not enough on its own • The future is uncertain - we can only do our best but it must be the best!