• No results found

Hack Proofing Your Organization

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Hack Proofing Your Organization"

Copied!
49
0
0

Loading.... (view fulltext now)

Download now ( 49 Page )

Full text

(1)

Hack Proofing Your

Organization

(2)
(3)

Who am I

•  Gary Bates

–  Director of Information Services for the City of

Harker Heights

–  Microsoft Certified System Engineer

•  Microsoft Certified Information Technology

Professional – Enterprise Administrator

–  Certified Ethical Hacker v8

•  EC-Council

–  Certified Hacking Forensic Investigator

–  Certified Cisco Network Professional

–  Master Degree in Information Security

(4)

Who am I

(5)

What do you mean Hack

Proof?

•  A more correct term would be Hack

Resistant

•  Utilizing best practices to make the

(6)

Layered Security – 6

Tenants

•  External Defense

•  Internal Defense

•  Monitoring and Validation

•  Policy and Procedures

•  User Training

(7)

External Defense

•  Hardware Devices (UTM, Firewalls,

IPS, etc..)

•  Offsite or Outsource Information

Hosting (Email, Web, Payment Gateways)

•  Hosted Defenses (Spam,

(8)

External Defense - Hardware

•  Firewalls

– Early days this was the defense •  IPS\IDS

•  Gateway Filtering Devices

•  Content Filtering and Protection

•  Outsource Hosting – Email, Web,

(9)

External Defense - Hardware

•  Today

–  Next Generation Firewall\Gateway Devices

•  What to look for:

–  Active Firewall

–  Gateway Antivirus

–  Intrusion Prevention

–  Content Filtering

–  Application Control

–  SSL Inspection

–  Adequate throughput for your Enterprise

(10)

External Defense -

Outsourcing

•  Geographically dislocates your

Network Signature.

•  Choose a Tier 1 provider such as:

– Microsoft Office 365

– Amazon Web Services

•  Or Choose a Provider that uses a

(11)

External Defenses – Hosted

Defense

•  Helps reduce the bandwidth impact.

•  Helps masks your end-point.

(12)

External Defense – Augment

Your Threat Information

•  Join the Multi-State Information

Sharing & Analysis Center

– http://msisac.cisecurity.org/

•  SANS.ORG is a wealth of security

(13)

Your Network

•  Use a good quality UTM

\Advanced Firewall

•  Offsite services when

possible.

•  Use hosted defense

partners as applicable.

•  Augment your rule set

with known threat information.

External Defense

(14)

Internal Defenses

•  System Anti-Virus

•  System Firewall

•  Automated Updates

•  User security levels

(15)

Internal Defense – AntiVirus

•  Avoid free versions or home versions

of antivirus software

–  No centralized control

–  Violates the licensing agreement

–  No reporting

•  Corporate Version

–  Centralized control allows for policy and

definitions to be pushed to all systems –  Reporting allow for the immediate

notification of a problem.

(16)

Internal Defense – System

Firewall

•  Is your system firewalls turned on?

– If not, why not?

•  Helps stops the localized spread of

viruses from one system to another. •  Helps prevents a compromised

system from accessing another system on the network.

(17)

Internal Defense –

Automated Updates

•  Utilize a system for deploying and

ensuring the deployment of Updates •  Look for a system that will push third

party updates – Adobe Flash, Java, etc.

•  Push the updates at night and

silently.

•  Reports progress of update

(18)

Internal Defense – User

Security Control

•  ALL users should be standard users

on their everyday system.

–  This includes IT professional.

–  IT professional are not exempt from

viruses.

•  Look for workarounds for applications

before giving out administrative rights.

•  Restrict users access rights only to the

network folders required to do their job.

•  Never map network administrators

(19)

Internal Defense – Proper

Hardware

•  Stay away from Home User

equipment

– WiFi Access Point\Gateway

•  Use equipment that can authenticate

personnel independently – Avoid Shared Keys

– Radius Server

(20)

Your Networ

k

•  Use a Corporate Version

for Antivirus

•  Enable Windows Firewall

•  Practice good user

controls.

•  Use Professional Grade

Equipment.

Internal Defense

(21)

Monitoring and Validation

•  Centralized Log \ Management

Server

•  Internal Nodes \ Trigger Points

•  Penetration Testing \ Red Team

(22)

Monitoring and Validation:

Centralized Log \ Management

•  It should be a one stop shop for

isolating server \ network issues.

•  Provide for rule based customization

and event notification •  Examples:

– System Center Operation Manager

– Open NMS \ OSSIM

– SolarWinds Server and Application

(23)

Monitoring and Validation:

Centralized Log \ Management

•  National Institute of Standards and

Technology – Computer Security Resource Center (csrc.nist.gov) •  Publication 800-123

(24)

Monitoring and Validation:

Internal Nodes \ Trigger Points

•  Monitoring switches \ network

devices for abnormal network traffic •  Configure monitor ports on network

uplinks.

•  Utilize a IDS solution or Network

Analyzer to evaluate traffic patterns •  Rule based notification and\or

(25)

Monitoring and Validation:

Internal Nodes \ Trigger Points

•  SNORT (www.snort.org)

– Open Source \ Yearly Subscription

– Excellent IPS that has been around

since the late 90s

•  Suricata (suricata-ips.org)

– Ran by Open Information Security

Foundation

(26)

Monitoring and Validation:

Internal Nodes \ Trigger Points

•  Example of what to monitor for:

–  IP Addresses that are listed as potential

malware sites

–  IP addresses that are listed as a

CryptoLocker \ Variant site

–  Network traffic on port 164, 6667, 6668,

6669 or 7000

–  SMTP traffic to IPs other than your email

server or host.

•  MS-ISAC sends out lists of known

(27)

Monitoring and Validation: Penetration Testing \ Red Team Exercise

•  Penetration Testing

– Black Hat \ White Hat \ Gray Hat

– External Testing by an experienced

(28)

Monitoring and Validation: Penetration Testing \ Red Team Exercise

•  Network Validation

– Kali Linux (https://www.kali.org/)

•  Wireless Validation and Sniffing

•  Network Sniffing

•  Password Cracking

– Wireshark(https://www.wireshark.org/)

•  Monitor Network Traffic

(29)

Monitoring and Validation: Penetration Testing \ Red Team Exercise

•  Red Team Exercise

– Simple or Complex Social Engineering

Exercise to Validate User Training – Examples:

•  Sending users spoofed emails asking for

network credentials

•  Setting up a spoofed website and

requesting user information

– Third party security provider can

(30)

Your Network

•  Make use of a

Centralized Log

Management System

•  Setup Internal Nodes \

Trigger Points

•  Make use of Penetration

Testing or Network Validation

Monitoring & Validation

(31)

Policy and Procedures

•  Policy and Procedures are the law of

the land.

•  Govern acceptable use and

protocols. •  Examples:

•  Network\System Use Policy

•  Remote Access

•  Server\Network Change Policy

(32)

Policy and Procedures:

Network\System Use

•  Should cover:

– Standard user accounts

– Network Access

– Acceptable Use

– Password Policy

•  Signed by incoming employees

(33)

Policy and Procedures:

Remote Use

•  This policy governs remote access

of City\County\Etc resources •  Outlines the criteria for access

– Include only using government

equipment

– Resources required during remote

sessions.

•  Outline third party remote access

– Includes only having monitored access,

(34)

Policy and Procedures:

Server\Network Change Policy

•  Includes the criteria for making a

change to a server\network node.

•  Log sheet for each server or network

device. -- Ensures proper accountability.

•  New software should be vetted in a

test environment first, before being approved for production.

(35)

Policy and Procedures:

Disaster Mitigation and Recovery

•  Policy should cover:

– Natural Disasters (Tornado, Fire)

– Internal Compromises (Virus, Hacking,

Data Theft)

– External Compromises (Physical Theft) •  Policy should be specific as far as

who to contact, who should make

the contact. What information needs to be collected.

(36)

Your Networ

k

•  Policy are the law of the

land.

•  A well written policy is

your CYB

•  Vet your policies through

legal, etc.

(37)

User Training

•  Users are your weakest link.

•  The best security systems is of little

value if the user lets the bad guys in. •  User Training should be an annual

hands on event. Coupled with monthly security reminders and updates.

(38)

User Training

•  Annual Event

–  Included with our City’s Annual Sexual

Harassment\Safety Training

•  Do not have to make them security

experts. Just cover the current trends.

–  Such as HTML credit card phishing.

•  Resources:

–  Cissecurity.org

–  Staysafeonline.org

–  SANS.ORG (Securing the Human – paid

(39)

Your Networ

k

•  Should be an instructor

led class

•  Should be an annual

event

•  Send out tips and

awareness information throughout the year.

(40)

Disaster Mitigation &

Recovery

•  Backup \ Recovery

•  Natural Disaster

•  Malware Outbreak

(41)

Disaster Mitigation & Recovery:

Backup \ Recovery

•  Backup Plan

– Determine data loss acceptable levels

– Validate data loss levels against

financial resources.

•  Implement a backup solution

– Utilize a enterprise solution with

reporting.

•  Validate solution routinely.

– Includes both local backups and

(42)

Disaster Mitigation &

Recovery: Natural Disaster

•  Natural Disaster Recovery Plan:

– Determine what is the acceptable data

loss in a natural disaster.

– Determine acceptable downtime

– Determine critical workers

– Determine critical applications\servers

– Validate plan against financial

(43)

Disaster Mitigation &

Recovery: Natural Disaster

•  Pre-stage equipment

– Amount equipment is determined by

maximum amount of critical users. – Server\Switches\Desktops should all

be plug and play configurable if applicable.

– Application should be preinstalled if

licensing allows it. If not, make sure your backup software is performing a barebones backup.

(44)

Disaster Mitigation &

Recovery: Natural Disaster

•  Test, Evaluate and Update

– Test your recovery deployment plan.

– During this time, evaluate for weakness

– Update system software to current

patch levels, if applicable.

•  More information can be found in

(45)

Disaster Mitigation & Recovery:

Malware Outbreak \ Compromised System

•  Notification is the key to mitigating a

malware outbreak.

•  If one system alerts; then we shut

the one system down. We verify the audit logs to see what our next step should be.

•  If more than one system alerts; we

(46)

Disaster Mitigation & Recovery: Malware Outbreak \ Compromised System

•  www.cert.org has an excellent first

responder book for security incidence.

•  It specifically talks about how to

forensically secure a system. •  MS-ISAC and CERT\CC are

excellent resources to reach out to in the event of a large event.

(47)
(48)

Your Networ

k

•  Determine your backup

plan

•  Practice Your Disaster

Recovery Plan.

•  Know Federal Agencies

that can help out.

Disaster Mitigation & Recovery

(49)

Your Networ

k

References

Download now ( PDF - 49 Page - 15.32 MB )

Related documents

Traditional Backups Vs. Backup and Disaster Recovery and Continuity (BDR-c)

Having a Backup and Disaster Recovery devices on the network that can backup all your critical data on all your computers and server, replicate a downed server and synchronize

Towards Feature Selection In Actor-Critic Algorithms

We demonstrate that two popular representations for value methods - the barycentric interpolators and the graph Laplacian proto-value functions - can be used to repre- sent the actor

IDERA WHITEPAPER. The paper will cover the following ten areas: Monitoring Management. WRITTEN BY Greg Robidoux

The backup plan you have for your file servers probably won’t work for your database servers, so make sure you don’t take the DBA out of the backup and restore process.

Backup and Recovery in Laserfiche 8. White Paper

To help make sure no extra copies are left, create a formal procedure for destruction of backup data, and coordinate your backup schedule with your document retention periods.. If

Make sure your builder is registered.

protections provided by your contract and by state law, including the protection of the Home Builder Guaranty Fund (see page 11).. A home builder registers by simply filling out

BACKUP & DISASTER RECOVERY as a SERVICE

The following is a guide and overall strategy for planning your organization's Backup & Disaster Recovery Plan:.. Backup

Agentless Backup is Not a Myth.

The Asigra solution requires no agents, which inherently makes it easier to install and support than other backup and recovery solutions.. Backup and recovery software

DO NOT ASSUME THAT THE BACKUP IS CORRECT. MAKE SURE IT IS.

This is a small Incisive tool that can copy Microsoft Access databases, and associated data or image files, from a server location to a laptop, or secondary workstation.. The file