Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK FACILITATORS Carl Brooks System Manager - Detroit, MI Chapter 13 Standing Trustee – Tammy L. Terry William Drake System Manager – Ruskin, FL Chapter 13 Standing Trustee – Kelly Remick Scot Turner System Manager – Las Vegas, NV Chapter 13 Standing Trustee – Rick Yarnall Tom O’Hern Program Manager, ICF International, Baltimore, MD STACS - Standing Trustee Alliance for Computer Security STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 1 Information Systems Managers Endpoint Management Carl W. Brooks Manager of Information Systems Regional Staff Symposium - IT Track April 14and 15, 2016 Atlanta, GA STAFF SYMPOSIUM - IT TRACK STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 – ENDPOINT MANAGEMENT 3 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 4 ENIAC was designed and built for the United States Army to calculate artillery firing tables. However, it was ENIAC’s power and general-purpose programmability that excited the public’s imagination. When it was announced in 1946, ENIAC was referred to in the media as a “giant brain.” ENIAC weighed 30 tons and covered an area of about 1,800 square feet. In contrast, a current smartphone weighs a few ounces and is small enough to slip into a pocket. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 5 Endpoint Devices Internet-capable, TCP/IP networkcapable Hardware Server Tablets Desktop Thin clients Laptops Virtual Machines Smart phones STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 6 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 7 Endpoint Security In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats. webopedia.com STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 8 Endpoint Management Asset Control Security Software Updates Document Communicate Redundancy STAFF SYMPOSIUM - IT TRACK 4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 9 Asset Control Eliminate “ghost” assets Conduct physical asset inventories Tag assets appropriately Use the right labels for the job Select the right asset inventory software STAFF SYMPOSIUM - IT TRACK 4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 10 Inventory Software Snipe-IT ◦ www.snipeitapp.com PDQ Inventory ◦ www.adminarsenal.com Open AudIT ◦ www.open-audit.org Spiceworks ◦ www.spiceworks.com STAFF SYMPOSIUM - IT TRACK 4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 11 Asset Disposal Repurpose or Dispose Wipe Data Removing Tags Removing from Inventory Removing from Premises ◦ ◦ ◦ ◦ Charity Organization Recycle Destroy \ Shred Buy Back STAFF SYMPOSIUM - IT TRACK 4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 12 Endpoint Security • • • • Physical Security Patch management Anti-virus, SPAM, Malware Browser Plugins • • • • Window/Desktop firewall Risk/vulnerability assessment Security policy management Endpoint Loss and Recovery STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 13 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 14 Support Strategies Trustee and staff ◦ In Office ◦ At Court ◦ At Home ◦ On the Road 3rd Party Support\vendors Debtors\Trainees Visitors and Auditors STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 15 Strategies for supporting auditors and visitors ◦ Access to network for Internet, printing, Case data ◦ File transfer electronic files ◦ Credentialed access to network computer, case management software, ECF/PACER, Wi-Fi/Internet STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 16 Security Considerations Using Computers (Dos and the Don’ts) Personal device uses Access to email USB charging, connections to Trustee Equipment Access to Wi-Fi, LAN, VPN, Internet Two-Factor authentication STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 17 The Weakest Link: People A leakage can be avoided if the person involved can have better knowledge in data protection. Users are recommended to develop information security mindset, build and reinforce good practice through regular updates of information security awareness. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 18 Computer/Data Usage: Risk Loss of data Compromise security policies Misuse of data STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 19 Computer/Data Usage: Dos Be accountable for IT assets and data Adhere to Policy on Use of IT Resources Use good judgment to protect data Protect your laptop during trip Ensure sensitive information is not visible to others Protect your user ID and password STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 20 Computer/Data Usage: Don’ts Don’t store sensitive information in portable device without strong encryption Don’t leave your computer / sensitive documents unlocked Don’t discuss something sensitive in public place. People around you may be listening to your conversation STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 21 Surfing the Web: Risk Virus Worms Trojan Spyware Malware Ramsonware Remote Control Fake “Official Looking” Popups STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 22 Surfing the Web: Dos Validate the website you are accessing Install personal Firewall Be cautious if you are asked for personal information Use encryption to protect sensitive data transmitted over public networks and the Internet Install anti-virus, perform scheduled virus scanning and keep virus signature up-to-date Apply security patching timely Backup your system and data, and store it securely STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 23 Surfing the Web: Don’ts Don't download data from doubtful sources Don't visit untrustworthy sites out of curiosity, or access the URLs provided in those websites Don't use illegal software and programs Don't download programs without permission of the copyright owner or licensee (e.g. Torrent software) STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 24 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 25 Email: Dos Do scan all email attachments for viruses before opening them Use email filtering software Only give your email address to people you know Use PGP or digital certificate to encrypt emails which contain confidential information; staff can use confidential email Use digital signature to send emails for proving who you are STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 26 Email: Don’ts Don't open email attachments from unknown sources Don't send mail bomb, forward or reply to junk email or hoax messages Don’t click on links embedded in spam mails Don’t click on links in mails when not expecting a link from known parties Don’t buy things or login from links STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 27 Training your Users https://securityiq.infosecinstitute.com STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 28 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 29 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 30 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 31 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 32 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 33 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 34 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 35 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 36 Phishing your Users STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 37 What are the Threats? Plain Old Deception: Phishing Brute-Force: Password Guessing Web Browser Vulnerabilities USB Drive Attack Vector Outdated Software\Drivers Outdated Firmware STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 38 How to Secure Endpoints BIOS or Pins at bootup Encryption – Disk, Device, Data Disclaimers, Right to Use, Login consent to use/monitoring/no rights Patch the system regularly Install security software (e.g. web filtering, anti-Virus, anti-Spam, antiSpyware, personal firewall etc.) Beware of P2P software STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 39 Endpoint Security: Malware Protection Hardest to Destroy Well Known Infections Firmware-based Malware Persistent Malware Ransomware Rootkit Malware Storm Worm Leap-A/Oompa-A Sasser and Netsky MyDoom I LOVE YOU Nimda Code Red and Code Red II The Klez Virus Melissa STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 40 Malware Solutions Kaspersky Endpoint Security for Biz http://usa.kaspersky.com Malwarebytes for Business www.malwarebytes.org/business Symantec Endpoint Protection www.symantec.com Fortinet Endpoint Protection www.fortinet.com STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 41 Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 42 Disk Encryption Device deployment Product management Compatibility Authentication service integration Key recovery Brute force mitigation Cryptography STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 43 Disk Encryption Symantec Endpoint Encryption Check Point Full Disk Encryption Dell Data Protection Encryption McAfee Complete Data Protection Sophos SafeGuard DiskCryptor Apple FileVault 2 Microsoft BitLocker STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 44 Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management. Kevin Mitnick STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 45 If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for malware to come in. Malware exploits flaws in a system in order to do its work. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 46 Patch Management Operating System Patches Office Software Browsers (I.E., Chrome, Firefox, etc.) 3rd Party Software ◦ Adobe Acrobat (PDF) ◦ Adobe Flash ◦ Oracle Java STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 47 Patch Management Know your network Scan and assess Reply on a single source for patches Have an “undo button” for patches Support a good user and administrator experience Stay organized Right-size STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 48 Patch Management GFI LanGuard www.gfi.com Shavlik Patch www.shavlik.com Solarwinds Patch www.solarwinds.com ManageEngine www.manageengine.com STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 49 Risk Assessment A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 50 Risk Assessment The Microsoft Baseline Security Analyzer OpenVas.org (Linux) Tripwire SecureCheq www.tripwire.com Retina CS Community www.beyondtrust.com NexPose www.rapid7.com STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 51 Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 52 Network Monitoring Network Mapping Device Health Monitoring Network Traffic Analysis Flexible Alerting Wireless Network Monitoring Automatic Device Discovery Reporting STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 53 Network Monitoring PRTG SolarWinds® NPM Nagios Core Wireshark Cacti ntopng Zabbix NMAP STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 54 Endpoint Solution Types Standalone Clients vs Centralized Console Internal Product vs External Cloud Product Server Based vs Appliance Based STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 55 Backup Strategies Data on endpoints OS/firmware Settings and configuration STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 56 Backup Strategies Policy and Procedures (Where and How?) • Trustee Smartphone, Tablet, Laptop • Court tablets and laptops STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 57 Backup Strategies • Local sync vs Cloud Sync • To use or not to use: • iCloud, • iTunes, • One Drive • Google Drive • Dropbox STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 58 Backup Strategies and Products • Deep Freeze – Tool to reset back to default state after reboot • Macrium Reflect (freeware) – system imaging • Acronis (freeware) – system imaging STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 59 Faronics Deep Freeze STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 60 Macrium Reflect Free Disk cloning and imaging solution for free. Backup to local, network and USB drives as well as burning to all DVD formats. This version is for non-commercial home use. STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 61 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 62 Lost Recovery Resources • • • • Find my iPhone (Apple) Android Device manager Google Play (Android) MaaS360 by IBM Lo-jack for laptops (Windows) STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 63 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 64 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 65 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 66 http://www.spiceworks.com/free-mobile-device-management-mdm-software MaaS360 by IBM STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 67 Remote Management Issues • Intrusive vs non-intrusive remote access • Cloud/Agent based remote access (maybe bad) • Backdoor into network • Excessive access through agent features and capabilities • Access control of remote vendor (enable, disable, terminate) • Who has access? (Local IT person, Cloud vendor, Case Management Vendor) • Using two factor authentication STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 68 Remote Management STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 69 Remote Management STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 70 Remote Management STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 71 Document IT Essentials Hardware Vitals ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ Software ◦ Keys ◦ Maintenance Terms ◦ Device Installed On Brand Model Serial # Warranty Asset Tags Maintenance Terms Location Assigned User Important IT Contact Information Passwords for sites, hardware, etc. Device Settings Disaster Plan Policies Procedures Training Material STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 72 Communicate Important Item Provide Policies and Procedures Announce Policies and Procedures Changes Announce Training Objectives\Results Provide Encrypted IT Essentials and Password to Trustee Quick Report of Problems\Resolutions Update Cycles\Reboot Inventory Changes STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 73 IT Redundancy Multiple Backup Methods Multiple Security Points (Firewall, network, devices) Multiple IT Reporting\monitoring Documents: Hardcopy & Digital Live Training, Webinar, Email Tips Guard against inbound & outbound threats Two Factor / Multiple Password for access STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 74 STAFF SYMPOSIUM - IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 75 Dell Expert Assist (Desktop Authority) Remote Control File Transfer Help Desk Chat Computer Settings Environment Variables Virtual Memory User Account Control Time Automatic Logon Shared Resources Automatic Priorities Computer Management File Manager User Manager Event Viewer Services Processes Drivers Registry Editor Command Prompt Reboot Monitor Host Screen Update GPO STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 76 Dell ExpertAssist Server Functions FTP Configuration FTP Status FTP Statistics Port Forwarding Config Port Forwarding Status Active Directory Scheduling & Alerts System Monitoring Email Alerts Task Scheduler Scripts Performance Monitoring CPU Load Memory Load Disk Space Drive & Partition Info Open TCP/IP Ports Network PCI Information Open Files Registry Keys In Use DLLs In Use EA Connections Telnet Connections Installed Applications STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 77 Dell ExpertAssist Security ◦ ◦ ◦ ◦ ◦ ◦ ◦ Access Control IP Address Lockout IP Filtering EA Logs User Management Log SSL Setup Windows Password Preferences ◦ ◦ ◦ ◦ ◦ ◦ ◦ Appearance Network Colors Log Settings ODBC messages Remote Control Telnet Server STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 78 Some of the Security Tools I use Spiceworks Desktop Authority Malwarebytes for Business Symantec Endpoint Protect Barracuda Web Filter 310 Barracuda - Spam & Virus Firewall 300 STAFF SYMPOSIUM IT TRACK 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 79